KR100448345B1 - Payment Management Method in Internet Banking using Mobile Communication Device - Google Patents

Abstract

The present invention relates to a method for managing withdrawal in Internet banking using a mobile communication terminal, in which a bank server receives a withdrawal (transfer) request from a teller, and registers a short message (SM) including the contents thereof in advance. It is sent to the manager's mobile communication terminal and receives approval information from each fund manager, so that funds can be transferred or paid only if all the fund managers have approved it. In addition, an authorization code generated by the money manager or the bank may be transmitted to the mobile communication terminal of the registered cashier, and the withdrawal may be allowed only when the withdrawal is authenticated with the authorization code.

By using this method, it is possible not only to restrict the unauthorized withdrawal of the cashier, but also to prevent the withdrawal of an unauthorized person who has stolen the ID and password.

Description

Withdrawal management method in internet banking using mobile communication terminal {Payment Management Method in Internet Banking using Mobile Communication Device}

The present invention relates to a method for managing a withdrawal in Internet banking using a mobile communication terminal, and more particularly, a short message (SM; Short Message) including the contents of a withdrawal request of a teller at a bank server. The present invention relates to a withdrawal management method for transferring or paying funds only when it is approved by being transmitted to a mobile communication terminal of an authorized person).

Recently, home banking or internet banking using the Internet has been widely used. Internet banking is a service that allows the user to apply for a service subscription through identity verification, after the user connects to the financial company's web server and authenticates, checks the amount and withdrawal details, transfers funds, and the like.

In the case of using such internet banking by individual business owners or corporations rather than individuals, after applying for the home banking service based on the bank account in the name of the individual business owner or corporation and receiving a certificate, the fund manager or cashier can log in by logging in to the bank server. Use In such a case, since the cashier knows the ID and password at the time of joining, he can log in to the bank server legitimately, and can make an account transfer arbitrarily. Therefore, there are many cases in which cashiers with unpleasant purposes randomly leak funds, and therefore, it is necessary to monitor cashiers of the money managers (representatives, money management officers, etc.). However, under the current Internet banking service environment, as long as the cashier knows the ID and password, the cashier can not be completely monitored, for example, there is no countermeasure for changing the password after leaking funds randomly. .

On the other hand, short message transmission and reception services (hereinafter referred to as "SMS") using mobile communication terminals are widely used. This service is performed by the SM server, which not only transmits a text message sent by the sender through a key input to the other party's mobile terminal, but also recently, a message to be transmitted on an Internet web page providing SMS and the other party's phone. In some cases, the SM is transmitted by entering a number.

The present invention is conceived to solve the above-mentioned problems in cashier account management in Internet banking by using SMS.

An object of the present invention is to provide a withdrawal management method in Internet banking using a short message service (SMS) of a mobile communication terminal.

Another object of the present invention is to send a real-time short message to the mobile communication terminal of the fund manager who approves financial activities such as withdrawal or transfer of funds to receive approval, thereby monitoring the arbitrary behavior of the cashier in Internet banking. To provide a way.

Figure 1 shows the overall configuration of a system for performing the withdrawal management method according to the present invention.

FIG. 2 is an internal block diagram of functions of the bank server illustrated in FIG. 1.

3A to 3C are diagrams showing the overall flow of the withdrawal management method according to the first to third embodiments of the present invention.

4 is a view showing a user interface screen (UI) in the present invention, FIG. 4A is a screen for inputting a withdrawal history (reason) and other messages along with a withdrawal request, and FIG. 4B is a fund with a short message transmitted. 4A is a screen for confirming an approval result, and FIG. 4D is a screen for inputting an approval code.

In order to achieve the above object, withdrawal management method in the Internet banking according to the present invention can be performed by using the following system.

A bank server linked to internal and external SM servers, a cashier computer system operated by a cashier and connected to the bank server via an internet network, a mobile communication terminal of at least one fund manager for approving the withdrawal of funds; It uses a system consisting of internet network and mobile communication network. The detailed configuration of such a system will be described in more detail in the following embodiments.

The withdrawal management method according to the present invention uses the above-described system and consists of the following steps.

Member registration step of the bank server registers as a member by receiving and storing information that can use the Internet banking;

The bank server receives a withdrawal request receiving step of receiving a withdrawal request from a logged in user computer system;

The bank server, if the amount of the corresponding account is greater than the requested withdrawal amount, the SM transmission step of generating a short message containing the withdrawal request information and transmitting to the mobile communication terminal of one or more funds manager of the registered account;

The bank server receives the approval information from the mobile communication terminal of the money manager, and the approval and withdrawal step of performing the withdrawal of the corresponding funds only when approved by all the money managers.

In addition, as a countermeasure for a case where an unauthorized person, not a cashier, logs in and requests a withdrawal, in the case of the approval and withdrawal approval of all the money managers in the withdrawal stage, a random approval code is generated to generate a cashier's mobile communication terminal. The withdrawal process can be made only when the cashier enters the approval code on the web page.

In addition to the information required for normal internet banking (passbook, seal identity, ID, password, certificate, etc.), the information to be entered at the time of membership registration requires additional funds manager information including the mobile phone number of one or more fund managers. If necessary, personal information about cashiers is also required.

In the withdrawal request reception step, it is preferable to input the withdrawal details (reason reasons) to be sent in a message when the fund manager receives approval in addition to the withdrawal or transfer amount.

In addition, in order to prevent a person who steals ID and password from among those who are not just cashiers, an authorization code generated by a bank server or a fund manager may be used.

For this purpose, if there is a withdrawal approval of all the money manager in the approval and withdrawal step, the bank server generates a random approval code and transmits it to the teller's mobile terminal, and the teller sends the corresponding authorization code on the web page. Only with input, you can finally withdraw the money.

In addition, in the approval and withdrawal stage, the approval information transmitted from the fund manager's mobile communication terminal further includes an approval code designated by the corresponding fund manager, and when there is a withdrawal approval of all the money managers, the bank server checks each of the fund managers. The approval code of the transfer may be transmitted to the cashier's mobile communication terminal, and the withdrawal processing may be finally performed only when the cashier enters the approval code on the web page.

In addition, in the approval and withdrawal stage, the approval information transmitted from the fund manager's mobile terminal additionally includes an authorization code designated by the relevant fund manager, and if there is a withdrawal approval of all the fund managers. The bank server generates a random bank authorization code, transmits the generated bank authorization code and the authorization code of each fund manager to the teller's mobile terminal, and the teller enters the corresponding authorization code on the web page. Only withdrawal processing can be made.

Hereinafter, with reference to the accompanying drawings will be described in detail an embodiment of the present invention.

Figure 1 shows the overall configuration of a system for performing the withdrawal management method according to the present invention.

The system includes a bank server 100 interworking with an internal and external SM server 110, a mobile communication terminal 200 of at least one fund manager, an internet network 300, a mobile communication network 400, and an internet bank server. It consists of a cashier computer system 500 connected with.

The bank server 100 is a kind of web server, and has a function of a general internet web server that allows an internet session connection with a client and retransmits the processing result of the client's request to the client system by TCP / IP. Such a bank server can be implemented using a web server program that is variously provided according to operating systems such as DOS, WINDOWS ^TM , Linux ^TM , UNIX and Macintosh. Typical examples include the website used in the Windows environment, CERN, NCSA, and APACHE used in the TTPS and Unix environments.

In addition to the above-described general web server program, the bank server according to the present invention includes an internal and external short message transmission server (SMSC). The Short Message Service Center (SMSC) is a communication service center that delivers a limited text message (short message) between a mobile station (MS) and a mobile terminal, or between a mobile terminal and a short message entity (SME). It has a forwarding function that stores messages and delivers them in real time and until the receiver can receive them. The SMSC is a node having a unique signaling point code (SPC) in a signaling system 7 (SS7) network, which is connected to a home location register (HLR) and a mobile service center (MSC) to determine the location of a receiver, and a PLMN ( Public Land Mobile Network) has a function of delivering a short message to mobile subscribers. SMSC is a system that can be transmitted in both directions by numbers, letters, etc. between other subscribers through various text delivery systems such as PC communication system, Internet server system, and mobile phone using mobile communication network. Omit.

Fund manager's mobile communication terminal 200 is a cellular phone using GSM or CDMA. It is a broad concept including PCS (Personal Communication System), IMT-2000, and PDA (Personal Digital Assistant). Any type of mobile communication device will be possible as long as it can receive short message from SM server and resend the response. .

The Internet network 300 includes various services existing in the TCP / IP protocol and its upper layers, namely, HyperText Transfer Protocol (HTTP), Telnet, File Transfer Protocol (FTP), Domain Name System (DNS), and Simple Mail Transfer Protocol (SMTP). ), A global open computer network architecture that provides Simple Network Management Protocol (SNMP), Network File Service (NFS), and Network Information Service (NIS).

The mobile communication network 400 is a conventional network for voice communication between terminals, that is, a base station (BS), a mobile telephone switching office (MTSO), a home location register (HLR), and network management. System (Network Management System; NMS). The mobile communication network is linked with the aforementioned SM server to transmit a short message to a terminal of a mobile subscriber (fund manager) and resend the response to the SM server and / or the bank server.

The cashier's user computer system 500 connected to the bank server via the Internet network may be a personal computer (PC), a notebook computer, and the like. A general modem, a public switched telephone network (PSTN) network, a cable modem, and a wired cable may be used. It can be connected to an external Internet network through a broadcasting network, a LAN card and a LAN network, a LAN card and an intranet within an enterprise.

2 is an internal block diagram of functions of a bank server.

The bank server 100 may be implemented by installing the following function-specific programs in the server computer system. The bank server is implemented as a general web server program including a daemon, and includes an interface 120 for connecting to the Internet, a controller 130, a short message generator 140, and a database 150.

The Internet connection interface 120 may be generally implemented as a LAN card interworking with a hub or a router that connects an intranet network and an external internet network inside a bank.

The web server program section is a generic web server daemon program that opens a port, listens for it, and sets up a connection session when a user requests a connection.

The control unit 130 properly authenticates the user by inputting an ID, password, and / or a certificate when the user uses the Internet banking request, searches the database according to the user's request, and informs the user's account information. When there is a request for action such as withdrawal or bank transfer, the short message generating unit is driven to generate a short message. The control unit searches the database to extract the fund manager's identification number of the fund manager of the corresponding account and transmits the generated short message by driving an internal / external SM server. In addition, it receives the approval information of the fund manager who received the short message to determine whether or not to withdraw the final withdrawal, and if the withdrawal or account transfer is updated based on the account information in the database.

The short message generating unit 140 combines the withdrawal (account transfer) details, amount, and other messages input by the accessor (accountant) through a web page screen to generate a single short message. It can be executed by an application program (CGI program, PHP program, etc.). Such short message generation will be described in more detail below with reference to FIG. 4.

The database 150 refers to a data structure implemented in a storage space (hard disk or memory) of a computer system using a predetermined database management program. The database according to the present invention includes, for example, an account number, an amount, and a registrant. ID, password, cashier's information (name, phone number, etc.), fund manager's information (name, job title, terminal phone number, etc.), including information about each account. It may be stored separately.

These databases can be relational database management systems (RDBMS) such as Oracle, Infomix, Sybase, DB2, or object-oriented databases such as Gemston, Orion, O2, etc. It can be implemented for the purposes of the present invention using a management system (OODBMS) and has the appropriate fields to achieve its function.

Since the construction and management of the database using the above-described information field required for the present invention can be sufficiently performed by those skilled in the art, detailed description thereof will be omitted.

3A is a diagram showing the overall flow of a withdrawal management method using a mobile communication terminal and the Internet according to the first embodiment of the present invention.

The user (cashier's office) accesses the bank server via the Internet (S310), enters an ID, password and / or a certificate, and the bank server searches the database to log in only when authenticated (S311). Thereafter, the bank server receives the user's request (S312), and if the request is account verification, outputs the amount of the corresponding account or displays the entrance / exit details at the selected time (S315). If the user's request is withdrawal or bank transfer, the user outputs a screen as shown in FIG. 4A and inputs a withdrawal history (reason) and other messages (S314). The bank server generates a short message based on the input contents and transmits the short message to the mobile communication terminal of the registered fund manager of the corresponding account through the internal and external SM servers (S316).

The bank server receives the approval information for the withdrawal from the money manager's mobile communication terminal (S317), and permits the withdrawal or transfer of funds only when all the money managers approve it, and the fact is the computer system of the user (cashier). Display and transmit (S318, S319).

However, in this method, if the person who is not a proper cashier is using the ID and password to log in to the bank server and requests the withdrawal, the money manager who trusts the cashier will allow the withdrawal to an unauthorized person. It may also result.

Therefore, in order to prevent such a situation, the second and third embodiments of the present invention as shown in Figs. 3B and 3C are proposed.

Figure 3b is a flow chart of a withdrawal management method according to a second embodiment of the present invention, since the same procedure from login of the user to accepting the approval information of the fund manager proceeds in the same procedure, detailed description thereof will be omitted.

When the bank server receives the approval information from all the money manager generates a random approval code that is the approval password (S411), and transmits to the mobile communication terminal of the teller account registered in the form of a short message (S412). In addition, the final withdrawal confirmation web page to enter the approval code sent (S413), and only if the approval code is matched to allow withdrawal (account transfer) (S414, S415).

3C is a flowchart of the withdrawal management method according to the third embodiment of the present invention, which is similar to FIG. 3B but differs in that an authorization code is determined by a fund manager rather than a bank server. In this case, as a response to the short message received by the bank manager from the bank server, in addition to the information on whether to approve, the funds manager includes the approval code selected by the user (S510). If the money manager is 1 or more, there is more than one approval code, and only when the cashier who receives the transfer correctly inputs all the approval codes to allow withdrawal (transfer) (S512 to S515). Of course, depending on the degree of security, in addition to the approval code set by one or more fund managers, you may input the approval code arbitrarily generated by the bank (S511).

4 shows a user interface screen in the present invention.

4A shows a screen for inputting a withdrawal history (reason) and other messages together with a withdrawal request. Examples of items to be input for short message transmission include, but are not limited to, a transmission message, (withdrawal) contents, scope (target) of the fund manager to be transmitted, transmission time setting, and questions, but are not necessarily limited to this. If you can.

When the teller clicks the "Transfer" button after inputting such information, the short message as shown in FIG. 4B is transmitted to the fund manager's mobile communication terminal. The fund manager sends the withdrawal approval information to the bank server by selecting either "1. Yes" or "2. No". In addition, in the case of using the above-described third embodiment, if the item of " 1. YES " of FIG. 4B is selected, an authorization code is input next, and the terminal sends the authorization code to the bank server together with the authorization information. To transmit.

Figure 4c is a screen for confirming the approval result, for each withdrawal request (message number) is displayed the name, mobile phone number, date of receipt, time, receiving location, approval status, etc. of the money manager.

4D is a screen for inputting an approval code generated by a fund manager and / or a bank and transmitted to a cashier's mobile terminal for final withdrawal approval when using the third embodiment of the present invention. In addition to the message code (withdrawal request) and the withdrawal request details, three authorization codes specified by two fund managers and the bank are entered, and final withdrawal (transfer) is allowed only when the authorization codes match.

The above description is exemplarily described for the practice of the present invention, and does not limit or limit the scope of the present invention.

As described above, withdrawal management in Internet banking can be properly performed by using a mobile communication terminal and the Internet.

That is, by allowing the fund manager to approve the withdrawal request of the teller by using a mobile terminal, it is possible not only to restrict unauthorized withdrawal of the teller, but also to prevent the withdrawal of an unauthorized person who steals the ID and password. .

Therefore, by improving the security of Internet banking, it will be possible to activate various financial transactions on the Internet.

Claims (6)

A method using a system consisting of a bank server linked to an internal and external SM server, a mobile communication terminal of one or more fund managers, an internet network, a mobile communication network, and a computer terminal of a teller machine connected to a bank server through the Internet, The bank server receives and stores information that can be used for Internet banking, including the funds manager information including the mobile phone terminal number of the at least one fund manager and the teller information including the phone number of the teller account. Member registration step of registering as a member; A withdrawal request receiving step of receiving a withdrawal request from a user computer terminal with which the bank server is logged in; The bank server, when the amount of the corresponding account is greater than the requested withdrawal amount, a short message transmission step of generating a short message including the withdrawal request information and transmitting the generated short message to the mobile communication terminal of at least one fund manager of the registered account; The bank server receives the approval information from the mobile communication terminal of the fund manager, and transmits the approval code to the mobile communication terminal of the teller only when approved by all the money manager; The bank server performs the withdrawal of the funds when the cashier enters the authorization code on the web page. Withdrawal management method in the Internet banking using a mobile communication terminal, characterized in that consisting of. The method of claim 1, In the withdrawal request reception step, the withdrawal management in the Internet banking using a mobile communication terminal, characterized in that in addition to the amount to withdraw or transfer money, the withdrawal details (reason for withdrawal) to be transmitted in a message when the fund manager receives approval Way. delete The method according to claim 1 or 2, The withdrawal management method on the Internet banking using a mobile communication terminal, characterized in that the authorization code is generated by the bank server arbitrarily. The method according to claim 1 or 2, The authorization code is a withdrawal management method on the Internet banking using a mobile communication terminal, characterized in that specified by the corresponding fund manager. delete