KR102092381B1 - Method for scrapping user information of account-running-institue and application system thereof - Google Patents

Abstract

A user information scraping method and a system thereof are disclosed.
The user information scraping method comprises the steps of: receiving an application set that further includes additional information from the user, the application system installed on the user's terminal, to the basic information set including the user's account number, account password, name and date of birth; Resetting authentication information necessary for login to system authentication information using the information set received by the application system, logging into the account of the user using the system authentication information in which the application system is reset, and the And an application system logging in to the account and performing a scraping process for scraping user information of the account operator.

Description

A method for scraping user information of an account operating institution and an application system therefor {Method for scrapping user information of account-running-institue and application system thereof}

The present invention relates to scraping, and more particularly, to a method and system for easily scraping user information required by an application that provides a predetermined service to a user.

Scraping techniques have been widely known.

1 is a view for explaining a conventional scraping method.

Referring to FIG. 1, in the conventional scraping method, a predetermined service server 20 can log in from the client 10 in order to scrape user information that can be verified only by logging into the system 30 of a predetermined target institution. Information (eg, ID / PWD or public certificate and certificate password, etc.) is received. In addition, the service server 20 may access the system 30 of the target institution using the received information, and scrape necessary user information. Of course, for such scraping, the service server 20 may generate an event for pretending to be a user with respect to the target institution system 30.

This scraping method is not only a problem that the service server 20 generates a relatively large load on the target organ system 30, but also the target organ system due to various reasons, such as the target organ system 30 having an unwanted login form. At 30, an abusing issue may occur. Due to this, the connection of the service server 20 may be blocked.

In addition, even if there is no or little abusing issue for the service server 20 in the target institution system, if the service server 20 needs to obtain the public certificate and the public certificate password as login information, the procedure for obtaining the public certificate or the user's There is a problem that the psychological burden is relatively large. Therefore, it is quite difficult to obtain a public certificate and a public certificate password from users.

In addition, if the information to be scrapped does not require a relatively enhanced authentication method such as a public certificate and can be checked by simply logging in with ID / PWD, even if the ID / PWD is not remembered by users depending on the type of target organization When there is a considerable number of requests for ID / PWD to the user at the time when scraping is required, there is a problem that the user takes a very long time to check the ID / PWD, which is caused by the service server 20 or the corresponding client 10 It may cause a problem of failing to provide the necessary service in a timely manner.

Korea Registered Patent 10-0460712 "Credit evaluation system and method through interface with Internet financial related sites and related organizations"

Therefore, the present invention is to provide an efficient method and system capable of easily scraping user information required for a service from a target organization at any time on the service side.

According to an aspect of the present invention, a user information scraping method for scraping user information of an account operating institution that can be verified by logging into an account of an account operating institution for solving the technical problem of the present invention is an application system installed in a user's terminal. Receiving an information set from the user, which additionally includes additional information to the basic information set including the user's account number, account password, name, and date of birth, and logging in using the information set received by the application system Resetting necessary authentication information to system authentication information, logging into the account of the user using the system authentication information in which the application system is reset, and the application system logging in to the account, and Scratching user information And performing a scraping process to ping.

The additional information may include some of the user's OTP or security card information.

When the application system installed in the user's terminal receives the information set from the user, which further includes additional information, to the basic information set including the user's account number, account password, name, and date of birth, the application system is the The method may include obtaining a basic information set from a user first and subsequently obtaining the additional information.

The user information scraping method further comprises the steps of the application system confirming the authentication information setting conditions of the account operating institution, and generating the system authentication information corresponding to the authentication information setting conditions by the application system based on the confirmed result. It can contain.

The user information scraping method includes the steps of the application system storing part of the system authentication information in the terminal and the remaining part in a service server corresponding to the application system, and attempting to scrape the user information of the account operator again. In this case, the application system may further include the step of re-logging into the account by checking a part of the system authentication information stored in the terminal and a part of the rest stored in the service server.

The user information scraping method comprises the steps of redirecting the terminal to a page for signing up for membership in the system of the account operating institution when the user is not registered as a member of the system of the account operating institution. In order to do so, the method may further include automatically inputting at least a part of the information set received from the user into a user interface to input at least a part of the information set.

The user information scraping method includes: when the account operating institution user information is to be re-scraped, the application system attempts to re-login to the account using the system authentication information; if re-login fails, the application system The method may further include setting new system authentication information, and re-logging into the account using the set new system authentication information.

The user information scraping method further includes re-inputting the information set from a user when the re-login fails, and setting the new system authentication information using the re-inputted information set.

In order to solve the above technical problem, a user information scraping method for scraping user information of an account operating institution that can be verified only by logging into an account of the account operating institution is a service stored in the terminal or the application system by an application system installed in the user's terminal. Checking system authentication information stored in at least one of the servers, the application system attempting to log in to the account using the system authentication information, and if login fails, the application system accounts for the user's account number, account Obtaining an information set that further includes additional information selectively on a basic information set including a password, a name, and a date of birth, resetting to new system authentication information using the information set received by the application system, the Logging into the account of the user using the new system authentication information in which an application system is reset, and performing a scraping process for the application system to log in to the account and scraping user information of the account operating institution. It includes.

In order to solve the above technical problem, a user information scraping method for scraping user information of an account operating institution that can be verified only by logging in to an account of an account operating institution includes the method in which an application system installed in a user's terminal is already generated by the application system. The step of checking whether the parasitic system authentication information of the account exists, and if the parasitic system authentication information exists as a result of verification, the application system attempts to log in to the account using the system authentication information, and confirms If the parasitic system authentication information does not exist, the application system acquires an information set that further includes additional information selectively on the basic information set including the user's account number, account password, name, and date of birth, and the obtained Login using the information set Resetting the authentication information to the authentication system information, and by using the system to reset the login credentials to the account of the user includes the step of performing a scraping process for scraping the user information of the operator of the account.

The application system installed on the user's terminal for scraping user information of the account operating institution that can be verified only by logging into the account of the account operating institution for solving the above technical problem is the user's account number, account password, name from the user , Acquisition module for acquiring an information set optionally further including additional information in the basic information set including the date of birth, a control module for resetting the authentication information necessary for login to the system authentication information using the obtained information set, reset It includes a login processing module for logging into the user's account using the system authentication information, and a scraping module for scraping user information of the account operator from the logged in account.

The application system installed in the user's terminal for scraping user information of the account operating institution that can be verified by logging into the account of the account operating institution for solving the technical problem is at least one of the terminal or a service server stored in the application system Login processing module that checks the authentication information stored in the login and attempts to log into the account using the verified system authentication information. If login fails, the application system displays the user's account number, account password, name, and date of birth. Acquisition module for acquiring an information set that optionally further includes additional information in the basic information set, a control module for resetting authentication information of a login to system authentication information using the obtained information set, and the login processing module By, reset Once logged in to the account of the user using the system authentication information, and includes modules for scraping scraping the user information of the account operating institution.

According to an embodiment of the present invention, even if the user does not directly provide the authentication means or login information required for logging in to the service side for scraping, the service side takes care of logging in and performs scraping to increase user convenience.

In addition, from the service side, important personal information, that is, information or means to log in, must be received in advance, or when scraping is required, it is possible to solve a problem that may occur when attempting to receive login information from a user. That is, rather than receiving the login information itself, it is possible to quickly and efficiently scrape by receiving the information capable of resetting the login information in advance and resetting the login information relatively quickly at the required time to log in.

In addition, according to the present invention, since scraping is performed in each of the terminals of the users, there is an effect that an abusing issue from the target organization can be reduced.

BRIEF DESCRIPTION OF THE DRAWINGS In order to better understand the drawings cited in the detailed description of the present invention, a brief description of each drawing is provided.
1 is a view for explaining a conventional scraping method.
2 is a view for explaining the concept of a user information scraping method according to the technical idea of the present invention.
3 is a view for explaining a schematic configuration of an application system according to an embodiment of the present invention.
4 is a diagram schematically illustrating a data flow of a user information scraping method according to an embodiment of the present invention.
5 is a view for explaining a concept of setting system authentication information based on authentication information setting conditions according to an embodiment of the present invention.
FIG. 6 is a diagram for explaining a concept in which system authentication information is divided and stored in a client and a server according to an embodiment of the present invention.
7 is a view for explaining a concept that can effectively induce membership subscription to a target organization according to an embodiment of the present invention.
8 is a view for explaining activity information according to an embodiment of the present invention.

The present invention can be applied to various transformations and can have various embodiments, and specific embodiments will be illustrated in the drawings and described in detail in the detailed description. However, this is not intended to limit the present invention to specific embodiments, and should be understood to include all conversions, equivalents, and substitutes included in the spirit and scope of the present invention. In the description of the present invention, when it is determined that a detailed description of known technologies related to the present invention may obscure the subject matter of the present invention, the detailed description will be omitted.

Terms such as first and second may be used to describe various components, but the components should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from other components.

Terms used in the present application are only used to describe specific embodiments, and are not intended to limit the present invention. Singular expressions include plural expressions unless the context clearly indicates otherwise.

In this specification, the terms “include” or “have” are intended to indicate that there are features, numbers, steps, operations, components, parts, or combinations thereof described in the specification, one or more other. It should be understood that features or numbers, steps, operations, components, parts, or combinations thereof are not excluded in advance.

In addition, in the present specification, when one component 'transmits' data to another component, the component may directly transmit the data to the other component, or through at least one other component It means that the data may be transmitted to the other components. Conversely, when one component 'directly transmits' data to another component, it means that the data is transmitted from the component to the other component without passing through the other component.

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. The same reference numerals in each drawing denote the same members.

2 is a view for explaining the concept of a user information scraping method according to the technical idea of the present invention.

delete

Referring to FIG. 2, in order to implement a user information scraping method according to the technical idea of the present invention, the application system 100 may be implemented. The application system 100 may be installed in a predetermined terminal 1 to implement the technical idea of the present invention.

The terminal 1 may be implemented as a mobile phone used by a user, but can communicate with the target institution systems 200 and 210 to implement the technical idea of the present invention, and the application system 100 is installed. If it is a data processing device capable of implementing the technical idea of the present invention, the implementation form may be various.

The application system 100 implements a system in which software (application) installed in the terminal 1 and hardware of the terminal 1 driving the application are organically combined to implement the technical idea of the present invention. Can mean

The application defining the application system 100 may be a technical idea of the present invention, that is, a separate independent application for scraping user information, but an application that provides a predetermined service to a user. In this case, the functions defined in this specification, that is, a function for scraping user information may be a function additionally included in a function for a service provided by the application to a user. Of course, the service provided by the application may be a service using information scraped according to the technical idea of the present invention.

Services provided by the application may vary. According to an example, the service may be a financial service such as a money transfer service, a payment (brokering) service, a loan service, etc. In this case, the user information to be scraped is a user's card usage history, payment history, and account balance required for the financial service. As such, it may be information of a user who is closely related to financial services. In this case, the target institution corresponding to the target institution systems 200 and 210 may be a financial institution that maintains / manages user information such as a card company or a bank. However, the implementation of the service, user information, and target organization can be very diverse, and the average expert in the technical field of the present invention can easily infer that the scope of the present invention is not limited to these embodiments. .

The application system 100 may provide a service provided by the application system 100 to a user by performing communication with the service server 300. In addition, the service server 300 may perform some functions to implement a scraping method of user information according to the technical idea of the present invention. This will be described later.

The application system 100 may access the target institution systems 200 and 210 and log in to a user's account to be scrapped. In addition, after logging in, a predetermined request may be output to the target institution systems 200 and 210 to obtain necessary user information. It is well known and utilized that such a series of scraping processes can be performed by outputting a signal simulating a user's action to the target organ systems 200 and 210 by the application system 100, and thus detailed description thereof is omitted. Do it.

However, the user information scraping method according to the technical concept of the present invention is unlike the conventional method in which the server 20 described in FIG. 1 performs scraping, the application system 100, that is, the user's terminal (eg, mobile phone, 1) It is characterized by performing scraping.

Through this, the risk of blocking scraping in the target institution systems 200 and 210 is canceled, and since the scraped information is primarily stored in the user's terminal, there is an advantageous security effect.

Of course, the scraping of the application system 100 may be performed based on the consent of the corresponding users and proper authorization.

On the other hand, the user information scraping method according to the technical idea of the present invention has a feature of obtaining login changeable information, unlike the conventional method of obtaining login information for logging in to the user's account.

In other words, depending on the type of service or target organization, it is often the case that acquiring login information (for example, ID / PWD or public certificate and certificate password) is a burden to the user or the user does not recognize the login information. You can.

In this case, it may be more effective to obtain login changeable information, that is, information that can be given permission to change all or part of the login information from the user, rather than the user's login information.

Of course, for some users who already know the login information (for example, ID / PWD), the login information (for example, ID / PWD) may be used for login, but the login changeable information can be used for the other users. have.

Moreover, the login information is dependent on the target institution system (200, 210), so its type may be different depending on the target institution system (200, 210), and at least it can be defined only by registering as a member in the target institution system (200, 210) , The login changeable information may be information that is less dependent on the target institution systems 200 and 210 and can be specified even if a member is not registered.

For example, when the target institution is a financial institution such as a card company or a bank, the login information may be ID / PWD. Alternatively, there are cases where a public certificate and a certificate password are required as login information depending on the type of user information to be scrapped. In addition, such log-in information may be information that can be specified only when a user who has a transaction with the financial institution registers for membership in the system of the financial institution, that is, the target institution systems 200 and 210.

However, the login changeable information does not depend on the target institution system (200, 210), such as card number, card password, CVC number, etc., even if a member is not registered on the target institution system (200, 210). It can be information.

Therefore, compared to acquiring login information from the user, acquiring login changeable information is not a burden to the user, but may be effective on the service side. In particular, considering that it is a reality that most users use the same or very similar login information not only to the target institution systems 200 and 210 but also to other systems, login changeable information is obtained compared to obtaining login information to the user. Therefore, it may be more secure to allow the application system 100 to set new login information (eg, password) and log in without knowing the login information (eg, password) set by the user.

As a result, according to the technical idea of the present invention, the application system 100 may acquire login changeable information from a user, and obtain acquired login changeable information to access the predetermined target institution systems 200 and 210.

Examples of login changeable information may vary, and may vary depending on the type of target organization and / or the type of user information to be scrapped.

For example, the login changeable information may be a card number, a card password, and a CVC number. Alternatively, the login changeable information may be information used for so-called 'mobile phone identity authentication', that is, name, gender, phone number, carrier, date of birth, and the like. If the information necessary for the authentication of the mobile phone is the login changeable information, the control module 110 may perform an action of re-entering the authentication number received by the terminal 1 after inputting the login changeable information. Yes, of course. This may be the case, for example, if the target institution is a card company, but is not limited thereto.

In addition, the login changeable information may be an account number, account password, name, date of birth, and the like. Such a case may be, for example, an account operating institution (for example, a bank or a securities company) in which the target institution operates an account, but is not limited thereto.

In addition, according to an embodiment, the login changeable information may include authentication information obtained through a separate physical authentication means (eg, OTP, security card, etc.). In this case, the login changeable information may further include additional information such as OTP authentication information (one-time authentication information) or security card authentication information in the basic information set including the account number, account password, name, and date of birth. When the login changeable information includes authentication information obtained from a physical authentication means, the application system 100 may request login changeable information in real time from a user and obtain the login changeable information in response to a request. have. In addition, when requesting the login changeable information, it is possible to inform the user what additional information is required (eg, OTP, or what information is desired from the security card, etc.).

Also, according to an embodiment, that the application system 100 acquires the login changeable information does not necessarily mean that all of the login changeable information must be acquired at the same time, and some of the login changeable information (for example, a set of basic information) May be acquired first, and the remaining portions (eg, additional information) may be acquired later. The information acquired later may be time-dependent information (eg, time synchronization otp, etc.), which has the effect of not requiring the user to re-enter or request information.

In any case, the application system 100 may reset authentication information (eg, a password, a secret pattern, etc.) among login information using login changeable information. Normally, even if the target organization systems 200 and 210 know the login changeable information, the login information set by the user is not leaked because it does not inform the already set authentication information. Then, using the reset authentication information, the application system 100 may log in to the user's account provided by the target institution systems 200 and 210. And the scraping process can be performed.

According to an embodiment, the login changeable information may include information on the ID of the account, but according to an embodiment, the application system 100 may check the ID of the account through the login changeable information. Then, after checking the ID of the account, authentication information may be reset through the login changeable information.

Then, the application system 100 may log in to the user's account of the target institution systems 200 and 210 through the reset authentication information, and request the required user information to perform scraping in a predetermined manner.

The application system 100 according to the technical idea of the present invention for implementing the technical idea may have a configuration as shown in FIG. 3.

3 is a view for explaining a schematic configuration of an application system according to an embodiment of the present invention.

Referring to FIG. 3, the application system 100 includes a control module 110, an acquisition module 120, a login processing module 130, and a scraping module 140.

According to an embodiment of the present invention, some of the above-described components may not necessarily correspond to components essential to the implementation of the present invention, and according to an embodiment, the application system 100 may be Of course, it may include more components.

The application system 100 may include hardware resources and / or software necessary to implement the technical spirit of the present invention, and does not necessarily mean one physical component or one device. . That is, the application system 100 may mean a logical combination of hardware and / or software provided to implement the technical idea of the present invention, and if necessary, are installed in devices spaced apart from each other to perform each function. By doing so, it may be implemented as a set of logical components for realizing the technical idea of the present invention.

In addition, in this specification, a module may mean a functional and structural combination of hardware for performing the technical idea of the present invention and software for driving the hardware. For example, the module may mean a logical unit of a predetermined code and a hardware resource for performing the predetermined code, and does not necessarily mean a physically connected code or a type of hardware. It can be easily deduced from the average expert in the technical field of the present invention.

The control module 110 includes functions and / or functions of other components included in the application system 100, for example, the acquisition module 120, the login processing module 130, and / or the scraping module 140. You can control resources.

The acquisition module 120 may acquire the user's login changeable information for a predetermined first target institution system 210.

For example, the acquisition module 120 may be obtained by providing the user with a predetermined interface for requesting the login changeable information to the user and receiving the login changeable information from the user through the corresponding interface. Depending on the implementation example, an employee of the service side may receive the log-in changeable information through a telephone or e-mail, etc. In this case, the acquisition module 120 may receive the log-in changeable information from a predetermined storage device storing It is also possible to obtain login changeable information. The acquisition module 120 may acquire login changeable information notified by the user in any path.

Then, the control module 110 may reset authentication information, that is, authentication information (for example, a password, a secret pattern, etc.) required for login using the obtained login changeable information. The reset authentication information will be defined as system authentication information in this specification.

Then, the login processing module 130 may log in to the account of the user's first target institution system 200 using the system authentication information. If necessary, the login processing module 130 may perform a predetermined process for checking the account ID of the first target institution system 200 of the user.

For example, when the login ID is included in the login changeable information, the login processing module 130 may check the account ID from the login changeable information. If necessary, the account ID may be checked from the first target institution system 200 using the login changeable information. To this end, it is needless to say that the login processing module 130 may perform an action for performing a series of processes scheduled by the first target institution system 200.

When the login is performed, the scraping module 140 may scrap desired user information from the first target institution system 200 through a series of processes corresponding to types of user information.

On the other hand, in order for the control module 110 to set system authentication information using the login changeable information, check the predefined authentication information setting conditions for each target organization to log in and correspond to the verified authentication information setting conditions. You may need to set system authentication information.

An example of this will be described with reference to FIG. 5.

5 is a view for explaining a concept of setting system authentication information based on authentication information setting conditions according to an embodiment of the present invention.

Referring to FIG. 5, the application system 100 connected to a predetermined first target institution system 200 displays an interface (eg, a web page) for resetting authentication information (eg, a password) in FIG. 5 As can be provided from the first target institution system 200.

In addition, the authentication information setting conditions as illustrated in FIG. 5 may be guided to such an interface. The authentication information setting condition may refer to a condition that can be set as authentication information previously set in the first target institution system 200.

For example, various authentication information setting conditions such as a condition in which a continuous number or alphabet should not be present, a condition in which at least one number must be included, and a condition in which at least one symbol must be included are included in the first target institution system 200. Can be defined.

The control module 110 sets the authentication information setting condition of the first target institution system 200 in advance through the first target institution system 200 or in a predetermined storage device (for example, text recognition or service side). The authentication information setting conditions can be confirmed from a method such as inputting a predetermined storage device.

Then, the control module 110 may generate the system authentication information to correspond to the checked authentication information setting condition. The generated system authentication information may be set as authentication information of the first target institution system 200.

As a result, the control module 110 may generate system authentication information to correspond to authentication information setting conditions that can be set differently for each target organization according to which target organization to scrape.

The generated system authentication information is used only for one time. In this case, the application system 100 may generate new system authentication information every time it is performed even when scraping in the same target institution system, and reset it to the authentication information of the corresponding user account. have.

According to an embodiment, the system authentication information may be stored. And the stored system authentication information may be reused. The system authentication information may be simply stored in the terminal 1. However, according to the technical idea of the present invention, the system authentication information may be divided and stored in the terminal 1 and the service server 300. Of course, in the latter case, security is increased.

That is, the control module 110 is to reduce the risk of fatal damage to the user when the system authentication information that can access the user's account of the first target institution system 200 is exposed, the user The generated system authentication information can be divided and stored.

Accordingly, even if only one of the terminal 1 or the service server 300 is attacked, the system authentication information may not be exposed to the attacker.

An example of this will be described with reference to FIG. 6.

FIG. 6 is a diagram for explaining a concept in which system authentication information is divided and stored in a client and a server according to an embodiment of the present invention.

Referring to FIG. 6, system authentication information (eg, “ACE! #% 086”) generated by the control module 110 may be as illustrated in FIG. 6. The system authentication information (eg, “ACE! #% 086”) may be information generated by the control module 110 to correspond to the authentication information setting conditions of the target organization systems 200 and 210.

The control module 110 generates the system authentication information (eg, “ACE! #% 086”), and then transmits the system authentication information (eg, “ACE! #% 086”) to the terminal 1 and the It can be divided and stored in the service server 300. The system authentication information (eg, “ACE! #% 086”) may be divided in various ways. For convenience of description, the control module 110 simply assists the process of sequentially storing system authentication information (eg, “ACE! #% 086”) in the terminal 1 and the service server 300. 6, the system authentication information (eg, “ACE! #% 086”) may be divided in various ways according to an embodiment. For example, up to the first few characters may be stored in the terminal 1, and the remaining characters may be stored in the service server 300.

The control module 110 stores the first part system authentication information (eg, “AE # 06”) in the terminal 1 as shown in FIG. 6, and the second part system in the service server 300. Authentication information (eg, "C!% 8") may be stored.

Then, when the application system 100 wants to log in to the account corresponding to the system authentication information (for example, “ACE! #% 086”), information stored in the terminal 1 and the service server 300 is divided and stored. Can be used.

For example, the login processing module 130, if the user wants to scrape user information again from the target institution system (eg, 200) using the system authentication information (eg, “ACE! #% 086”), the terminal 1 ), The first partial system authentication information (eg, “AE # 06”) and the second server system authentication information (eg, “C!% 8”) are checked in the service server 300 and based on the verified information. The system authentication information (eg, “ACE! #% 086”) can be reused by checking the system authentication information (eg, “ACE! #% 086”). That is, the system authentication information (eg, “ACE! #% 086”) may be used to re-login to the account of the target institution system 200.

Depending on the embodiment, the user's permission may be required to reuse the system authentication information (eg, “ACE! #% 086”). Such an allowable action may be performed by requesting the application authentication information to a user and confirming the application authentication information. That is, the application system 100 may be implemented so that the user is authenticated using the authentication information unique to the application system 100 so as to check authentication information of the first target institution system 200 generated by the application system 100. It might be.

When the application authentication information is confirmed, the control module 110 may transmit a part of the system authentication information stored in the terminal to the login processing module 130. Of course, the system authentication information (eg, “ACE! #% 086”) stored by the control module 110 and / or each part of these may be protected through a predetermined encryption method.

Meanwhile, as described above, after authentication information of a user's account is changed to system authentication information by the application system 100, it may be necessary to directly access the account by the user, not the application system 100. have.

To this end, the control module 110 may authenticate the user with the authentication information of the application system 100, and when the user is authenticated, may provide the (partitioned) stored system authentication information to the user. In this case, the user may log in to the account using the provided system authentication information. Of course, depending on the implementation, the user can also reset the authentication information by himself / herself using login changeable information. And through the reset of the authentication information, the user can log in to his or her account.

In any case, the user can change the authentication information reset by the application system 100 again in a manner desired by the user. In this case, when the application system 100 tries to log in to the account again, it may attempt to log in using the existing authentication information, so that the login may fail.

In this case, the login changeable information may be reacquired from the user.

That is, after the application system 100 obtains login changeable information and uses it to generate system authentication information, the login changeable information may be discarded and not stored anywhere. In addition, the login changeable information can be secured by re-obtaining it from the user when it is needed again, and the user has the effect of lowering the possibility of unintentionally using the login changeable information indefinitely.

According to an example, the method of scraping user information according to the present invention through the use of the system authentication information and the use of the login changeable information may be performed as illustrated in FIG. 4.

4 is a diagram schematically illustrating a data flow of a user information scraping method according to an embodiment of the present invention. In addition, Figure 8 is a view for explaining the activity information according to an embodiment of the present invention.

4 and 8, the application system 100 may determine that it is necessary to acquire user information of a specific user from a specific target institution system at a predetermined point in time (S100).

In this case, the application system 100 may check whether system authentication information for the specific target institution system of the specific user has already been generated. Such confirmation may be made using activity information as shown in FIG. 8.

The activity information may mean a history of information related to scraping of user information activated by the application system 100.

For example, as shown in FIG. 8, the activity information includes system authentication information (eg, pwd1, pwd2), setting time (eg, t1, t2) of the system authentication information, and target organization (eg, first target organization, agent). 2 target organizations), and scraping information (eg, card usage history, account balance, etc.).

Also, although not clearly shown in FIG. 8, it is as described above that the system authentication information may be divided and stored in the terminal 1 and the service server 300, respectively.

Using this activity information, the application system 100 may check whether system authentication information to be used for the account of the specific user has already been generated for the specific target institution systems 200 and 210 (S110).

If it has never been generated, the application system 100 may obtain login changeable information of the specific user corresponding to the specific target institution system (eg, 210) (S130). Then, the application system 100 may generate system authentication information using the acquired login changeable information and reset it to authentication information of the account for the specific target institution system (eg, 210) of the specific user ( S140).

Meanwhile, if system authentication information for a specific user account has already been generated for the specific target institution system (eg, 210), the application system 100 may check the system authentication information that has already been generated (S120). Confirmation of such system authentication information may be performed as described above in FIG. 6.

Then, the application system 100 may attempt to log in to the account of the specific user with the verified system authentication information (S150). If the result of the login attempt is successful (S155), it may mean that the system authentication information has not been changed by the user yet. In addition, since the application system 100 has successfully logged in, the user system may scrape user information if desired.

If an attempt is made to log in with the verified system authentication information and the login has failed (S155), it may mean that the system authentication information has been changed. In this case, the application system 100 may reacquire login changeable information from the user (S170).

In addition, new system authentication information may be set using the re-acquired login changeable information (S180).

In addition, an attempt is made to log in with the new system authentication information, and upon successful login, the user information may be scraped (S150, S155, S160).

On the other hand, as described above, since the present invention acquires login changeable information from a user, the user may not be registered as a member to a predetermined target institution system (eg, 200) for obtaining user information.

For example, the application system 100 may include an application that performs a money transfer service. The user may be subscribed to the application system 100 and may be using a service (eg, a money transfer service) provided by the application system 100. In addition, the target institution system (eg, 200) may be a card company system. The application system 100 may attempt to adaptively determine the user's creditworthiness or one-time transfer limit for each user by scraping the user's card usage history. However, the user is only using a card, and may not be registered as a member of the card company system corresponding to the card.

As such, the application system 100 may obtain login changeable information from a user and attempt to log in to the target institution system (eg, 200) using the user, and may confirm that the user is not registered as a member.

In this case, it may be necessary to induce the user to join a member to the target institution system (eg, 200) for service consistency or stability for each user of the application system 100.

To this end, the application system 100 may increase the convenience of the user's membership registration by using the login changeable information obtained in advance.

An example of this will be described with reference to FIG. 7.

7 is a view for explaining a concept that can effectively induce membership subscription to a target organization according to an embodiment of the present invention.

Referring to FIG. 7, the login processing module 130 included in the application system 100 is a target institution system capable of acquiring user information to be scrapped by the user based on the login changeable information already obtained (for example, , 200). For example, by checking the ID based on the login changeable information and determining whether such an ID exists, it is possible to determine whether or not the member is registered, and other information included in the login changeable information (eg, name, resident number, etc.). You can also check the membership status through.

And when it is determined that membership is not registered, the login processing module 130 may redirect the terminal to a page for membership registration of the target institution system (eg, 200).

Then, the pages may be provided with interfaces as shown in FIG. 7.

For membership registration, as shown in FIG. 7, it may be necessary to enter the member's name, card number, card password, and CVC number. Then, the login processing module 130 may automatically input all or part of the information included in the login changeable information among the input required information. For example, when the target institution system (eg, 200) is a card company system, the login changeable information may be a set of information including a card number, a card password, and a CVC number. Alternatively, the login changeable information may be a second information set including the phone number, gender, nationality, date of birth, and carrier information of the terminal 1. The second information set may be a case of performing so-called mobile phone authentication. .

Then, the login processing module 130 may automatically input information (eg, a card number, a card password, and a CVC number) included in the login changeable information in the member registration page shown in FIG. 7.

In addition, some of the information required for membership may be known in advance in the application system 100. For example, the user's name may not be included in the login changeable information, but the application system 100 may know in advance.

In this case, the application system 100 may automatically input known information into the interface included in the member registration page.

In any case, the technical idea of the present invention is that the login changeable information is information that can be specified even before signing up for membership, so that users can be easily registered as members of a predetermined target institution system (eg, 200) while attempting scraping. Can be induced.

The application system 100 may scrape user information from a first target institution system (eg, a card company, 200) through the technical idea as described above. Thereafter, the application system 100 may need to scrape user information from the second target institution system (eg, bank 210).

In this case, as described above, the acquisition module 120 may acquire the second login changeable information of the user for the second target institution system (eg, 210). For example, in the case of a bank, the second login changeable information may be a third information set including a user's account number, account password, name, and date of birth, but is not limited thereto.

Then, the control module 110 may reset the second system authentication information using the second login changeable information. Then, the login processing module 130 performs login using the second system authentication information, and the scraping module 140 can scrap desired user information from the logged-in second account.

Depending on the implementation example, the application system 100 or the terminal 1 including the same may include a processor and a memory storing a program executed by the processor. The processor may include a single-core CPU or a multi-core CPU. The memory may include high-speed random access memory and may also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid-state memory devices. Access to memory by the processor and other components can be controlled by a memory controller. Here, when the program is executed by a processor, the application system 100 according to the present embodiment can perform the above-described method for providing a software use restriction system.

On the other hand, the user information scraping method according to an embodiment of the present invention may be implemented in the form of a computer-readable program command and stored in a computer-readable recording medium, and a control program and a target program according to an embodiment of the present invention It can also be stored on a computer readable recording medium. The computer-readable recording medium includes any kind of recording device in which data readable by a computer system is stored.

The program instructions recorded on the recording medium may be specially designed and constructed for the present invention or may be known and usable by those skilled in the software art.

Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs, DVDs, and floptical disks. Hardware devices specifically configured to store and execute program instructions, such as magneto-optical media and ROM, RAM, flash memory, and the like, are included. The computer-readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.

Examples of program instructions include machine language codes such as those produced by a compiler, as well as high-level language codes that can be executed by a device that processes information electronically using an interpreter or the like, for example, a computer.

The hardware device described above may be configured to operate as one or more software modules to perform the operation of the present invention, and vice versa.

The above description of the present invention is for illustration only, and those of ordinary skill in the art to which the present invention pertains can understand that it can be easily modified into other specific forms without changing the technical spirit or essential features of the present invention. will be. Therefore, it should be understood that the embodiments described above are illustrative in all respects and not restrictive. For example, each component described as a single type may be implemented in a distributed manner, and components described as distributed may be implemented in a combined form.

The scope of the present invention is indicated by the following claims rather than the above detailed description, and all changes or modifications derived from the meaning and scope of the claims and their equivalent concepts should be interpreted to be included in the scope of the present invention. .

Claims (13)

In the user information scraping method for scraping the user information of the account operating institution that can be verified only by logging into the account of the user having the account in the account operating institution,
An application system installed on the user's terminal further includes additional information from the user to the basic information set including the user's account number, account password, name, and date of birth-the information set includes authentication information required for login. Receiving a set of login changeable information that can be reset;
Resetting, by the application system, authentication information necessary for login using the received information set to the system authentication information in order to scrap the user information;
Logging in to the account of the user using the system authentication information in which the application system is reset; And
And the application system logging into the account and performing a scraping process for scraping the user information of the account operator.
The method of claim 1, wherein the additional information,
A method of scraping user information including some of the user's OTP or security card information.
The method of claim 1, wherein the application system installed in the user's terminal receives the information set further including additional information from the user, the user's account number, account password, name, date of birth, and optionally further information. Is,
The application system first obtaining the basic information set from a user; And
A method of scraping user information, comprising obtaining the additional information later.
According to claim 1, The user information scraping method,
Confirming, by the application system, authentication information setting conditions of the account operating institution;
A method of scraping user information, further comprising generating, by the application system, the system authentication information corresponding to the authentication information setting condition based on the checked result.
According to claim 1, The user information scraping method,
Storing, by the application system, a part of the system authentication information in the terminal and a remaining part in a service server corresponding to the application system;
When the user information of the account operating institution is to be scrapped again, the application system further includes the step of re-logging into the account by checking a part of the system authentication information stored in the terminal and the remaining part stored in the service server. User information scraping method.
delete According to claim 1, The user information scraping method,
If the account operating institution user information is to be re-scraped, the application system attempts to re-login the account using the system authentication information;
When re-login fails, the application system sets new system authentication information; And
And re-logging into the account using the set new system authentication information.
The method of claim 7, wherein the user information scraping method,
If the re-login fails, further comprising the step of re-entering the information set from the user,
A user information scraping method for setting the new system authentication information using the re-entered information set.
In the user information scraping method for scraping the user information of the account operating institution that can be verified only by logging into the account of the user having the account in the account operating institution,
Checking, by the application system installed in the user's terminal, system authentication information stored in at least one of the terminal or a service server corresponding to the application system;
The application system attempting to log into the account using the system authentication information;
If login fails, the application system may further include additional information in the basic information set including the user's account number, account password, name, and date of birth-the information set resets authentication information required for login. Obtaining a set of log-in changeable information that can be;
The application system resetting authentication information from the existing authentication information to new system authentication information by using the received information set for scraping the user information;
Logging in to the account of the user using the new system authentication information in which the application system is reset; And
And the application system logging into the account and performing a scraping process for scraping the user information of the account operator.
In the user information scraping method for scraping the user information of the account operating institution that can be verified only by logging into the account of the user having the account in the account operating institution,
Checking whether the parasitic system authentication information of the account already generated by the application system exists in the application system installed in the user's terminal;
As a result of the verification, if the parasitic system authentication information exists, the application system attempts to log in to the account using the parasitic system authentication information,
As a result of the verification, when the parasitic system authentication information does not exist, the application system further includes additional information in the basic information set including the user's account number, account password, name, and date of birth-the information set Acquires the set of login changeable information that can reset the authentication information required for login, and uses the information set obtained for scraping the user information to log in the authentication information from the existing authentication information to the system authentication information. And resetting to and logging in to the account of the user using the reset system authentication information to perform a scraping process for scraping the user information of the account operating institution.
A computer program installed in a data processing apparatus and stored in a medium for performing the method according to any one of claims 1 to 5 and 7 to 10.
In the application system installed on the user's terminal for scraping the user information of the account operating institution that can be verified only by logging into the account of the user having the account in the account operating institution,
An information set that additionally includes additional information from the user to the basic information set including the user's account number, account password, name, and date of birth-the information set is login changeable information capable of resetting authentication information required for login Acquisition module for acquiring a set of-;
A control module for resetting authentication information necessary for login from the existing authentication information to system authentication information using the information set obtained to scrape the user information;
A login processing module for logging into the user's account using the reset system authentication information; And
Application system including a scraping module for scraping user information of the account operating institution in the logged in account.
In the application system installed in the user's terminal for scraping user information of the account operating institution that can be verified only by logging in to the account of the user having an account with the account operating institution,
A login processing module that checks authentication information of a login stored in at least one of the terminal or a service server corresponding to the application system, and attempts to log into the account using the verified authentication information;
If the login fails, the application system may further include additional information in the basic information set including the user's account number, account password, name, and date of birth-the information set resets authentication information required for login. An acquiring module for acquiring a set of logable changeable information;
A control module for resetting the authentication information of the login from the existing authentication information to the system authentication information by using the information set obtained for scraping of the private user information; And
An application system including a scraping module for scraping user information of the account operating institution when logged into the account of the user using the reset system authentication information by the login processing module.

Images