KR102210894B1 - Method for Exchanging Transaction Information - Google Patents

Abstract

The present invention relates to a method of exchanging transaction information, wherein in the method executed through a server that processes a non-face-to-face financial transaction to transfer funds by receiving N (N≥2) transaction information from a user's terminal, N (1) including at least one transaction information related to the deposit side of the money transfer among N transaction information for non-face-to-face financial transactions for transferring funds, but excluding at least one transaction information corresponding to the means of authenticating the transfer of funds. Receives ≤n<N) specified information first, generates and transmits the acknowledgment information for user confirmation for the n pieces of previously received specified information to the terminal, and performs user verification by receiving the acknowledgment information Receives (Nn) transaction information for the non-face-to-face financial transaction from the terminal according to a specified procedure, and the acknowledgment information includes partial information of at least one piece of information selected from n pieces of specified information received and confirmed by the server, By using at least one information (or partial information) of the n pieces of specified information confirmed by the server to be modified according to a specified rule, and at least one of n pieces of specified information (or partial information) that the server has acknowledged It includes at least one piece of information obtained from the server, and the (Nn) pieces of transaction information include transaction information corresponding to the authentication means excluded from the n pieces of designated information.

Description

How to exchange transaction information{Method for Exchanging Transaction Information}

The present invention is a method executed through a server that processes a non-face-to-face financial transaction to transfer funds by receiving N (N≥2) transaction information from a user's terminal, wherein the non-face-to-face financial transaction transfers funds from the terminal. N (1≤n<N) pieces of designated information including at least one transaction information related to the deposit side of the money transfer among N transaction information for, but excluding at least one transaction information corresponding to the authentication means of the money transfer The non-face-to-face finance from the terminal that receives first, generates acknowledgment information for user verification for the n pieces of specified information received first, and transmits it to the terminal, and receives the acknowledgment information and performs user verification. Receives (Nn) transaction information for a transaction according to a specified procedure, and the acknowledgment information includes partial information of at least one information selected from among n specified information confirmed by the server, and n designations confirmed by the server. At least one of information obtained by modifying at least one information (or partial information) of the information according to a specified rule, and information obtained from the server using at least one information (or partial information) of n pieces of designated information that has been acknowledged by the server And the (Nn) number of transaction information includes transaction information corresponding to authentication means excluded from the n number of designated information.

Financial security threats are increasing day by day as non-face-to-face financial transactions such as Internet banking are increasing. Conventional communication security threats were mostly caused by technical defects of communication protocols and network equipment. Meanwhile, financial security threats have a strong aspect caused by transaction characteristics that consider user convenience and transaction conditions defined in laws related to electronic finance in a state that the conventional communication security threats are not completely resolved.

Recently, financial security threats that fraudulently manipulate normal transactions using memory hacking are increasing. Such a memory hacking-based financial security threat has a strong aspect due to a transaction procedure that maintains user convenience and transaction continuity while the technical flaws in communication security are not completely resolved. And such transaction procedures are binding under the laws related to electronic finance. For example, even if an authentication error such as a password or OTP occurs during a non-face-to-face financial transaction, a procedure for requiring the same password or OTP input within 5 times is provided to maintain user convenience and transaction continuity. In addition, such transaction procedures are binding according to related laws (eg, Article 13 (12), 32 (3), 33 (3), etc. of the Electronic Financial Supervision Regulations).

Memory hacking manipulates normal transactions by digging into the characteristics of transaction procedures to maintain transaction continuity. In the conventional transaction procedure of transfer transaction among non-face-to-face financial transactions, various transaction information required for the transfer transaction is input and transmitted on one page (or user interface), and when the transaction information is transmitted, authentication such as OTP It is supposed to enter a number. At this time, the hacker (or malicious code) copies and stores the transaction information at the time when various transaction information is input, and transmits the wrong OTP after copying it at the time when the dynamically generated OTP is input and transmitted through the designated OTP token. This leads to an authentication error. Then, the system is initialized to re-enter transaction information. At this time, the hacker (or malicious code) manipulates the copied transaction information (e.g., manipulates it to transfer to the hacker's illegal account) and repeats the transaction procedure with the manipulated transaction information using the copied OTP, so that the user can perform normal transactions. Manipulate it as an illegal transaction. Of course, in order to prevent such memory hacking, if an OTP authentication error occurs, a new OTP can be re-generated and entered through the OTP token. At this time, even if a hacker (or malicious code) attempts an illegal transaction through memory hacking. Since the OTP has already been changed, the illegal transaction may be blocked. However, this type of solution is irrelevant to transaction continuity and causes another problem that hinders user convenience. In addition, examples of memory hacking are not limited to the above method, but can be changed in various ways by copying or replacing transaction information or OTP on the memory.

An object of the present invention for solving the above problems is a method executed through a server that processes non-face-to-face financial transactions to transfer funds by receiving N (N≥2) transaction information from a user's terminal, Includes at least one transaction information related to the deposit side of the money transfer among N transaction information for a non-face-to-face financial transaction for transferring funds from the terminal, excluding at least one transaction information corresponding to the authentication means of the money transfer. n (1≤n<N) pieces of designated information are first received, and receipt confirmation information for user confirmation of the first received n pieces of designated information is generated and transmitted to the terminal, and the user receives the reception confirmation information (Nn) transaction information for the non-face-to-face financial transaction is received from the terminal that has performed the verification according to a specified procedure, and the acknowledgment information is at least one of at least one information selected from the n number of specified information received and confirmed by the server. Some information, information obtained by modifying at least one information (or partial information) of the n pieces of specified information confirmed by the server according to a specified rule, and at least one piece of information (or partial information) of the n pieces of specified information that the server has acknowledged A transaction comprising at least one of the information obtained from the server using the (Nn) transaction information, including transaction information corresponding to the authentication means excluded from the n specified information It is to provide a method of information exchange.

In the method of exchanging transaction information according to the present invention, in the method executed through a server that processes non-face-to-face financial transactions by receiving N (N≥2) transaction information from a user's terminal and transferring funds, funds from the terminal N (1≤) including at least one transaction information related to the deposit side of the money transfer among N transaction information for non-face-to-face financial transactions to transfer, but excluding at least one transaction information corresponding to the authentication means of the money transfer. A first step of first receiving n<N) pieces of designation information, a second step of generating and transmitting acknowledgment information for user confirmation of the n pieces of previously received designated information to the terminal, and receiving the acknowledgment information And a third step of receiving (Nn) transaction information for the non-face-to-face financial transaction from the terminal that has performed user confirmation according to a specified procedure, wherein the acknowledgment information is designated n number of receipts confirmed by the server. At least one of some information of at least one piece of information selected from among the information, information obtained by modifying at least one of the n pieces of designated information (or some information) received by the server according to a designated rule, and at least of the n pieces of designated information that the server has acknowledged It includes at least one of the information obtained from the server using one piece of information (or some information), and the (Nn) transaction information includes transaction information corresponding to the authentication means excluded from the n pieces of designated information. Transaction information exchange method comprising a.
In the transaction information exchange method according to the present invention, the n pieces of specified information are n (1 ≤ n ≤ n") previously specified among n" (1 ≤ n"<N) transaction information that are input differently for each transaction. It is characterized by including information.
In the transaction information exchange method according to the present invention, the n pieces of designation information are characterized in that it comprises at least one or two or more of deposit bank information, deposit account number information, and amount information inputted differently for each transaction. .
In the transaction information exchange method according to the present invention, further comprising the step of storing the first n pieces of designated information received in a designated storage medium to be associated with (Nn) pieces of transaction information to be received after transmission of the acknowledgment information. It features.
In the transaction information exchange method according to the present invention, it is characterized in that it further comprises the step of performing a procedure of confirming the validity of the n pieces of designated information received first.
In the transaction information exchange method according to the present invention, a non-face-to-face financial transaction is performed using N transaction information including (Nn) transaction information received after transmission of the first n pieces of designated information and the acknowledgment information. It characterized in that it further comprises a fourth step of performing one or more procedures designated for the purpose.
In the transaction information exchange method according to the present invention, when (Nn) transaction information received after transmission of the acknowledgment information includes transaction information used as an authentication means, the (Nn) transaction information is used as an authentication means. It characterized in that it further comprises the step of performing the authentication process using the transaction information used.
In the transaction information exchange method according to the present invention, when the n pieces of designation information received first and (Nn) pieces of transaction information received after transmission of the acknowledgment information include transaction information used as an authentication means, the n It characterized in that it further comprises the step of performing the authentication procedure using the transaction information used as an authentication means among the N transaction information that combines the number of designated information and the (Nn) number of transaction information.
In the transaction information exchange method according to the present invention, when the authentication procedure is successful, T(1) excluding transaction information used as an authentication means among N transaction information that combines the n specified information and (Nn) transaction information It characterized in that it further comprises the step of performing a transaction procedure for a non-face-to-face financial transaction using ≤T<N) transaction information.
In the transaction information exchange method according to the present invention, when authentication failure in the authentication procedure occurs, failure confirmation information including t (1 ≤ t ≤ T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction It characterized in that it further comprises the step of transmitting to the terminal.
In the transaction information exchange method according to the present invention, when authentication failure in the authentication procedure occurs, determining whether the authentication failure is due to n pieces of designated information or (Nn) pieces of transaction information, and the (Nn) When authentication failure occurs due to two transaction information, failure confirmation information including t (1≤t≤T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction is transmitted to the terminal, and the n Initializing the failed non-face-to-face financial transaction when authentication failure occurs due to the designated information, or discarding the stored n pieces of designated information, and transmitting failure confirmation information including the t pieces of transaction information to the terminal. It characterized in that it is made.
In the transaction information exchange method according to the present invention, when authentication failure occurs due to the n pieces of designated information, t (1 ≤ t ≤ T) pieces of transaction information used in the transaction procedure of the failed non-face-to-face financial transaction and the terminal It characterized by further comprising the step of transmitting to the terminal failure confirmation information including a flag or indicator for initializing the transaction procedure performed in the process to be performed again from the specified procedure.
In the transaction information exchange method according to the present invention, when an authentication procedure using transaction information used as an authentication means among the n specified information or (Nn) transaction information is successful, the n specified information and (Nn) transactions A step of performing a transaction procedure for a non-face-to-face financial transaction using T (1 ≤ T <N) transaction information excluding the transaction information used as an authentication means among the N transaction information combining the information. To do.
In the transaction information exchange method according to the present invention, when a transaction failure occurs in the transaction procedure, failure confirmation information including t (1 ≤ t ≤ T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction It characterized in that it further comprises the step of transmitting to the terminal.
In the transaction information exchange method according to the present invention, when a transaction failure in the transaction procedure occurs, determining whether the transaction failure is due to n pieces of designated information or (Nn) pieces of transaction information, and the (Nn) When a transaction failure occurs due to transaction information, failure confirmation information including t (1 ≤ t ≤ T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction is transmitted to the terminal, and the n Initializing the failed non-face-to-face financial transaction when a transaction failure occurs due to the specified information, or discarding the stored n pieces of specified information and transmitting failure confirmation information including the t pieces of transaction information to the terminal; It characterized in that it is made by doing.
In the transaction information exchange method according to the present invention, when a transaction failure occurs due to the n pieces of designated information, t (1 ≤ t ≤ T) pieces of transaction information used in the transaction procedure of the failed non-face-to-face financial transaction and the terminal It characterized by further comprising the step of transmitting to the terminal failure confirmation information including a flag or indicator for initializing the transaction procedure performed in the process to be performed again from the specified procedure.
In the transaction information exchange method according to the present invention, in the transaction information exchange method executed in a server that processes non-face-to-face financial transactions by receiving N (N≥2) transaction information from a user's terminal, funds are transferred from the terminal. A first step of first receiving n (1≦n<N) pieces of designated information including at least one transaction information related to the deposit side of the funds among N pieces of transaction information for non-face-to-face financial transactions, and the first A second step of transmitting acknowledgment information for n pieces of received designated information to the terminal, and receiving (Nn) transaction information for the non-face-to-face financial transaction from the terminal receiving the acknowledgment information according to a specified procedure And a third step.

According to the present invention, the n pieces of designation information may include n (1≦n≦n") pieces of information previously designated among n"(1≦n”<N) pieces of transaction information inputted differently for each transaction.

According to the present invention, the n pieces of designation information may include at least one or two or more of deposit bank information, deposit account number information, and amount information inputted differently for each transaction.

According to the present invention, the n pieces of designation information may further include at least one of a received passbook memo and an internal passbook memo that are input differently for each transaction.

According to the present invention, the method of exchanging transaction information may further include storing the first n pieces of designation information received in a designated storage medium to be linked with the (Nn) pieces of transaction information to be received later.

According to the present invention, the method of exchanging transaction information may further include performing a procedure of confirming the validity of the n pieces of designated information received first.

According to the present invention, the procedure for verifying the validity of the n pieces of designated information may include a deposit bank included in the n pieces of designated information and a payee inquiry using a deposit account number.

According to the present invention, the acknowledgment information may include n pieces of designation information that has been acknowledged by the server.

According to the present invention, the acknowledgment information may include generation information generated by using n pieces of designation information confirmed by the server.

According to the present invention, the acknowledgment information may include generation information generated by using at least one of n pieces of designated information that has been acknowledged by the server.

According to the present invention, the acknowledgment information may include generation information generated by using at least one partial information of n pieces of designation information that has been acknowledged by the server.

According to the present invention, the acknowledgment information may include generated information generated by using at least one piece of information and at least one portion of n pieces of designated information that has been acknowledged by the server.

According to the present invention, the acknowledgment information may include generation information dynamically generated by the server.

According to the present invention, the acknowledgment information may include storage information stored in the server.

According to the present invention, the acknowledgment information may include acquisition information obtained from the server.

According to the present invention, the acknowledgment information may include session information for identifying a session allocated to the terminal in the server.

According to the present invention, the acknowledgment information may include image information processed in an image form.

According to the present invention, all or at least part of the acknowledgment information may be processed into an image form.

According to the present invention, the transaction information exchange method includes at least one designated for non-face-to-face financial transaction by using N pieces of transaction information including n pieces of designated information received first and (Nn) pieces of transaction information received later. It may further include a fourth step of performing the procedure.

According to the present invention, the transaction information exchange method includes transaction information used as an authentication means among the (Nn) transaction information when (Nn) transaction information received after the above includes transaction information used as an authentication means. It may further include performing an authentication procedure using.

According to the present invention, the transaction information exchange method includes the n pieces of designation information received first and the (Nn) pieces of transaction information received after the transaction information used as an authentication means. It may further include the step of performing the authentication process using the transaction information used as an authentication means among the N transaction information combining (Nn) transaction information.

According to the present invention, the transaction information used as the authentication means may include a security card random number or OTP.

According to the present invention, the transaction information used as the authentication means may include at least one password of an account password or a transfer password.

According to the present invention, the transaction information exchange method includes, when the authentication process is successful, T (excluding transaction information used as an authentication means) among N transaction information that is a combination of the n specified information and (Nn) transaction information. It may further include performing a transaction procedure of a non-face-to-face financial transaction using 1≤T<N) transaction information.

According to the present invention, the transaction information exchange method includes t (1 ≤ t ≤ T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction when authentication failure of the authentication procedure occurs. It may further include transmitting information to the terminal.

According to the present invention, the transaction information exchange method includes the steps of determining whether the authentication failure is due to n pieces of designated information or (Nn) pieces of transaction information, when authentication failure in the authentication procedure occurs, and the ( When authentication failure occurs due to Nn) transaction information, failure confirmation information including t (1 ≤ t ≤ T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction is transmitted to the terminal, and the Initializing the failed non-face-to-face financial transaction when authentication failure occurs due to n pieces of designated information, or discarding the stored n pieces of designated information, and transmitting failure confirmation information including the t pieces of transaction information to the terminal. Can include.

According to the present invention, the transaction information exchange method includes t (1≤t≤T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction when authentication failure occurs due to the n pieces of designated information and the The method may further include transmitting, to the terminal, failure confirmation information including a flag or indicator that initializes the transaction procedure performed in the terminal and processes the specified procedure to be performed again.

According to the present invention, the method for exchanging transaction information comprises: when an authentication procedure using transaction information used as an authentication means among the n pieces of specified information or (Nn) pieces of transaction information is successful, the n pieces of specified information and (Nn) pieces of It may further include performing a transaction procedure for a non-face-to-face financial transaction using T (1 ≤ T <N) transaction information excluding transaction information used as an authentication means among the N transaction information combined with the transaction information. .

According to the present invention, the transaction information exchange method includes t (1 ≤ t ≤ T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction when a transaction failure occurs in the transaction procedure. It may further include transmitting information to the terminal.

According to the present invention, the transaction information exchange method comprises the steps of determining whether the transaction failure is due to n pieces of designated information or (Nn) pieces of transaction information, when a transaction failure in the transaction procedure occurs, and the ( When a transaction failure occurs due to Nn) transaction information, failure confirmation information including t (1 ≤ t ≤ T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction is transmitted to the terminal, and the Initializing the failed non-face-to-face financial transaction when a transaction failure occurs due to n pieces of designated information, or discarding the stored n pieces of designated information, and transmitting failure confirmation information including the t pieces of transaction information to the terminal. Can include.

According to the present invention, the transaction information exchange method includes t (1≤t≤T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction, and the transaction information when a transaction failure occurs due to the n pieces of designated information. The method may further include transmitting, to the terminal, failure confirmation information including a flag or indicator that initializes the transaction procedure performed in the terminal and processes the specified procedure to be performed again.

According to the present invention, at least one transaction information related to the deposit side of funds among N (N≥2) transaction information for non-face-to-face financial transactions in which funds are moved from a server communicating with a user's terminal for non-face-to-face financial transactions By first receiving n (1≤n<N) specified information including, and then receiving (Nn) transaction information for the non-face-to-face financial transaction according to a specified procedure, without compromising user convenience. It has the advantage of maintaining transaction continuity and preventing memory hacking.

1 is a diagram showing a system configuration for processing non-face-to-face financial transactions by transmitting and receiving transaction information according to an exemplary method of the present invention.
2 is a diagram showing the configuration of a server side processing non-face-to-face financial transactions by transmitting and receiving transaction information according to an exemplary method of the present invention.
3 is a diagram showing a functional configuration of a program on a user terminal side according to an exemplary method of the present invention.
4 is a diagram illustrating a process of first transmitting n pieces of designation information according to an exemplary method of the present invention.
5 is a diagram illustrating a process of transmitting and receiving designation information according to an exemplary method of the present invention.
6 is a diagram illustrating a process of confirming receipt of n pieces of designated information and transmitting (Nn) pieces of transaction information according to an exemplary method of the present invention.
7 is a diagram illustrating a process of performing authentication and/or transaction using n pieces of designated information transmitted and received first and (Nn) pieces of transaction information transmitted and received later according to an exemplary method of the present invention.
8 is a diagram illustrating a process of processing authentication failure or transaction failure according to an implementation method of the present invention.
9 is a diagram illustrating a process of confirming failure of (Nn) transaction information and retransmitting m transaction information according to an exemplary method of the present invention.
10 is a diagram illustrating a process of performing authentication and/or transaction using transaction information transmitted and received again according to an exemplary method of the present invention.

Hereinafter, the operating principle of a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. However, the drawings and the description to be described below are for a preferred implementation method among various methods for effectively describing the features of the present invention, and the present invention is not limited only to the following drawings and description. For example, the configuration unit provided on the server side may be implemented on the terminal side, or conversely, the configuration unit provided on the terminal side may be implemented on the server side.

In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, a detailed description thereof will be omitted. In addition, terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to the intention or custom of users or operators. Therefore, the definition should be made based on the overall contents of the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following examples are a means for efficiently describing the technical idea of the present invention to a person skilled in the art to which the present invention belongs. Only.

FIG. 1 is a diagram illustrating a system configuration for processing non-face-to-face financial transactions by transmitting and receiving transaction information according to an exemplary method of the present invention.

In more detail, this figure 1 shows the funds among the N transaction information when N (N≥2) transaction information is received from the user terminal 100 used by the user and needs to process a non-face-to-face financial transaction. The user terminal 100 attempts by first receiving n (1≤n<N) specified information including at least one transaction information related to the deposit side of the user and then receiving the remaining (Nn) transaction information. It shows the configuration of a system for blocking memory hacking, and those of ordinary skill in the art to which the present invention pertains can infer various implementation methods for the configuration of the system by referring and/or modifying this Figure 1 Although it may be possible, the present invention includes all of the above inferred implementation methods, and the technical features are not limited only by the implementation method shown in FIG. 1.

The system of the present invention first selects n (1≤n<N) designated information including at least one transaction information related to the deposit side of the funds among N transaction information for non-face-to-face financial transactions in which funds are moved. User terminal 100 that performs a procedure of transmitting and then transmitting the remaining (Nn) transaction information, and at least one transaction information related to the deposit side of the funds among the N transaction information from the user terminal 100 Including n (1≤n<N) designated information is first received and stored, and the remaining (Nn) transaction information is received and then received, and the first n pieces of designated information and then received (Nn) It includes a server 200 that performs one or more procedures designated for non-face-to-face financial transactions by using N number of transaction information including two transaction information, and the server 200 is a non-face-to-face financial transaction (e.g., Internet banking , A banking server 105 that processes mobile banking, phone banking, etc.), a separate server linked to the banking server 105, an electronic financial server 110 that links non-face-to-face financial transactions to the financial system 115, the It may include at least one server or a combination of two or more servers among separate servers linked to the electronic financial server 110.

The user terminal 100 used by the user is a generic term for a terminal used by a user for non-face-to-face financial transactions, and communicates with a server through a designated communication network, and is preferably a wired terminal (e.g., a computer) connected to a wired network and used for internet banking. , Laptop, etc.), a wireless terminal connected to a wireless network and used for mobile banking (e.g., a smartphone, mobile phone, tablet PC, etc.), a calling terminal connected to a telephone network and used for phone banking (e.g., landline phone, mobile phone, etc.) ) May include at least one of.

The server 200 side is designated by including at least one transaction information related to the deposit side of the funds among N transaction information for non-face-to-face financial transactions in which funds are transferred from the user terminal 100 (1 ≤ n < Server that receives N) designated information first and then receives the remaining (Nn) transaction information, or transmits acknowledgment information to the user terminal 100 when the n designated information is received first As a generic term for the configuration, a banking server 105 equipped with a function for transmitting and receiving transaction information according to the above procedure (e.g., an Internet banking server 105 for Internet banking, a mobile banking server 105 for mobile banking, and phone banking) A phone banking server 105 for communication), a separate server (not shown) that transmits and receives transaction information according to the above procedure in connection with the banking server 105, and transmits and receives transaction information according to the above procedure to the financial system 115 It may include at least one of an interlocking electronic financial server 110 and a separate server for transmitting and receiving transaction information according to the above procedure in connection with the electronic financial server 110.

FIG. 2 is a diagram showing the configuration of the server 200 for processing non-face-to-face financial transactions by transmitting and receiving transaction information according to an exemplary method of the present invention.

In more detail, FIG. 2 shows the fund among the N transaction information when N (N≥2) transaction information is received from the user terminal 100 used by the user and needs to process a non-face-to-face financial transaction. The user terminal 100 attempts by first receiving n (1≤n<N) specified information including at least one transaction information related to the deposit side of the user and then receiving the remaining (Nn) transaction information. It shows the configuration of the server 200 to block memory hacking, and if a person of ordinary skill in the art to which the present invention belongs, the configuration of the server 200 is referred to and/or modified with reference to FIG. 2 It will be possible to infer various implementation methods (for example, some components are omitted, or subdivided, or combined implementation methods), but the present invention includes all the inferred implementation methods, and is shown in FIG. The technical features are not limited only by the method of implementation.

Referring to Fig. 2, the server includes at least one transaction information related to the deposit side of the funds among N transaction information for non-face-to-face financial transactions in which funds are transferred from the terminal, n (1 ≤ n < A designation information receiving unit 210 for receiving N) designation information first, and a non-face-to-face procedure execution unit 205 for performing a non-face-to-face procedure for first receiving the n designation information, and It includes a transaction procedure control unit 215 that controls to first receive n pieces of designation information designated among transaction information.

When a non-face-to-face financial transaction is initiated in the user terminal 100, the user terminal 100 performs a designated user authentication (eg, ID/PW authentication or accredited certificate authentication) procedure, and/or the program 300 Select one of the types of transactions that can be provided through (e.g., account inquiry, account transfer, product subscription/cancellation, fund, loan, foreign exchange, asset management, etc.), and for non-face-to-face financial transactions corresponding to the transaction type. Display the interface. The non-face-to-face procedure execution unit 205 performs at least one non-face-to-face procedure for user authentication, selection of a transaction type, and display of an interface designated by the user terminal 100. The non-face-to-face procedure execution unit 205 provides a web page for performing the non-face-to-face procedure to the user terminal 100 and/or receives information input through the web page and authenticates according to a specified procedure. A procedure may be performed, or an operation of the server 200 corresponding to the non-face-to-face procedure may be performed in conjunction with the program 300 provided in the user terminal 100. During or after the non-face-to-face procedure is being performed, the transaction procedure control unit 215 controls to first receive n pieces of designated information among N pieces of transaction information for non-face-to-face financial transactions corresponding to the transaction type. Those of ordinary skill in the art to which the present invention pertains will be familiar with various non-face-to-face procedures performed for non-face-to-face financial transactions, and a detailed description thereof will be omitted.

According to the first interface display method of the present invention, the user terminal 100 is selected from among N (N≥2) transaction information for a non-face-to-face financial transaction in which funds are moved corresponding to the transaction type. An interface for inputting n (1≦n<N) pieces of designation information, including at least one transaction information related to, may be displayed.

According to the second interface display method of the present invention, the user terminal 100 includes n'(1≤n'≤) of N (N≥2) transaction information to be input for a non-face-to-face financial transaction corresponding to the transaction type. An interface for inputting N) transaction information can be displayed. Here, n'may have a set relationship of (n⊆n') or {n⊂n'}.

At least one transaction information related to the deposit side of the funds among N transaction information for non-face-to-face financial transactions in which funds are moved in response to the transaction type under the control of the transaction procedure controller 215 in the user terminal 100 If n (1≤n<N) pieces of designated information are transmitted first, the designation information receiving unit 210 includes the n pieces of designated information from the user terminal 100 under the control of the transaction procedure control unit 215 Receive. Meanwhile, in the case of the second interface display method, the designation information receiving unit 210 may receive n'pieces of transaction information. However, for convenience, the characteristics of the present invention will be described based on an embodiment in which n pieces of designation information are transmitted/received. The n pieces of designated information are safely transmitted and received according to an encryption/decryption procedure of a secure communication channel formed between the user terminal 100 and the server.

Referring to Fig. 2, the server includes a designated information storage unit 220 that stores n designated information received first in a designated storage medium so as to be linked with (Nn) transaction information to be received later. It includes a designation information confirmation unit 225 to check the validity of the n pieces of designation information.

According to the first designation information exchange method of the present invention, the designation information receiver 210 may mutually identify the other party between the user terminal 100 and the server at a designated time point before, during, and after the n pieces of designation information are exchanged. Existing identification tokens are exchanged, and the designation information storage unit 220 may map the received n pieces of designation information and the identification tokens and store them in a designated storage medium.

According to the second designation information exchange method of the present invention, the designation information receiving unit 210 manages the communication channel formed with the user terminal 100 at a time when a communication channel is formed between the user terminal 100 and the server. Allocates (or confirms) a session for and confirms session information for identifying it, and the designation information storage unit 220 may map the received n pieces of designation information and session information and store them in a designated storage medium.

According to the third designation information exchange method of the present invention, the user terminal 100 allows the server to identify the user terminal 100 and/or the program 300 or identify a user together with n pieces of designation information. The identification information may be included in a communication protocol and transmitted, and the designation information storage unit 220 may map the received n pieces of designation information and the identification information and store them in a designated storage medium.

According to an embodiment of the present invention, it is preferable that n pieces of designation information stored in the storage medium are stored until at least (Nn) pieces of transaction information are received under the control of the transaction procedure control unit 215.

When the n pieces of designation information are first received, the designation information verification unit 225 can perform a procedure of verifying and authenticating the validity of the received n pieces of designation information under the control of the transaction procedure control unit 215. have. For example, when the n pieces of designated information include a deposit bank and a deposit account number, the designated information verification unit 225 may determine whether the account corresponding to the deposit account number at the deposit bank is actually a valid account number opened. You can perform the authentication process by searching for. On the other hand, if the depositing bank is a bank other than the bank in which the withdrawal account was opened, the other party does not provide a prior inquiry for the transfer transaction or does not accept it on the financial network supporting transactions between the bank and the bank. For the validity of the n pieces of designated information, the procedure for inquiring a recipient may be omitted. Alternatively, when the n pieces of designated information include information used as an authentication means, the designation information verification unit 225 may perform an authentication procedure for the information used as the authentication means.

According to an implementation method of the present invention, when the validity of n pieces of designated information is checked by the designated information checking unit 225, the designated information storage unit 220 is In this case, n pieces of designated information may be stored in a designated storage medium to be linked with (Nn) pieces of transaction information to be received later.

Referring to Fig. 2, the server includes an acknowledgment transmission unit 230 for transmitting acknowledgment information for n pieces of specified information received first to the terminal, and acknowledgment information corresponding to the n pieces of specified information And a transaction procedure control unit 215 for controlling to be transmitted to the user terminal 100.

When the received n pieces of designation information are stored in a designated storage medium, the acknowledgment transmission unit 230 generates formula confirmation information for the n pieces of designated information under the control of the transaction procedure control unit 215, and the The generated acknowledgment information is transmitted to the user terminal 100.

On the other hand, when a validity check procedure for the n pieces of designated information is performed by the designated information check unit 225, the acknowledgment transmission unit 230 performs the validity check procedure under the control of the transaction procedure control unit 215 Acknowledgment information can be transmitted based on the result of.

When the validity of the n designated information is not verified as a result of validity of the n designated information through the designated information verification unit 225 (e.g., a deposit bank as a result of a payee inquiry using a deposit bank and deposit account number) In the case that an account corresponding to the deposit account number is not opened or valid account holder information cannot be obtained as a result of a recipient inquiry), the acknowledgment transmission unit 230 transmits validity authentication failure information for the n pieces of designated information. The included acknowledgment information may be generated, and the generated acknowledgment information may be transmitted to the user terminal 100. The acknowledgment information may further include n pieces of designation information for which authentication has failed. If validation of the n pieces of designated information fails, the transaction continuity for the n pieces of designated information may not be maintained, and the n pieces of designated information need not be stored in a storage medium.

If validation of the n pieces of designated information fails, the user terminal 100 performs the procedure for the non-face-to-face financial transaction again from the beginning (eg, authentication certificate), or enters the n pieces of designated information again. It is desirable to do. To this end, the acknowledgment information includes all or part of the n pieces of designated information received through the designated information receiving unit 210, and the user terminal 100 initiates a non-face-to-face financial transaction currently being performed and a designated procedure It may further include a flag or indicator corresponding to the validity authentication failure information for controlling to be performed again (eg, a procedure for authenticating an accredited certificate or a procedure for inputting n pieces of designated information). By the flag or indicator, the user terminal 100 may be controlled to initialize a non-face-to-face financial transaction currently being performed and to perform a specified procedure again (eg, a procedure for authenticating a certificate or a procedure for inputting n pieces of designated information, etc.).

On the other hand, the validation of the validity of the n pieces of designated information was successful (e.g., as a result of a payee inquiry using the deposit bank and deposit account number, a valid account corresponding to the deposit account number was opened at the deposit bank, or valid account holder information as a result of the payee inquiry If obtained), or the validation of the n pieces of designated information is omitted (however, even if it is omitted at the time when n pieces of designated information are first received, it is performed in the process of performing a transaction procedure using N pieces of transaction information) In this case, the acknowledgment transmission unit 230 generates formula verification information for the n pieces of designation information, and transmits the generated acknowledgment information to the user terminal 100. Preferably, the acknowledgment information preferably includes the n pieces of designation information. When the n pieces of designation information included in the acknowledgment information are output, the user can determine whether the n pieces of designation information are actually inputted by the user without being manipulated by memory hacking.

According to an exemplary method of the present invention, the acknowledgment information is generated information generated by using the n pieces of designation information, generation information generated by using at least one of the n pieces of designated information confirmed to be received, and the acknowledgment n Generation information generated by using partial information of at least one of the specified information, generation information generated by using at least one of the n pieces of specified information and at least one partial information that has been confirmed to be received, from the server 200 At least one or two or more of the dynamically generated generation information may be further included.

For example, the acknowledgment information may further include generation information generated by using the n pieces of designation information (eg, deposit bank information, deposit account number information, amount information, etc.). For example, the acknowledgment information is a value generated by hashing n pieces of designated information through a designated hash algorithm, a value generated by substituting the n pieces of designated information into a designated code generation algorithm, and the structure of the n pieces of designated information. Generation information including at least one of the values generated by modifying according to a specified rule may be further included.

Alternatively, the acknowledgment information may further include generation information generated using at least one of the n pieces of designated information (eg, deposit bank information, deposit account number information, and deposit account number information among amount information). For example, the acknowledgment information is a value generated by hashing at least one of n pieces of designated information through a designated hash algorithm, a value generated by substituting the at least one information into a designated code generation algorithm, and the at least one The generation information including at least one of the values generated by modifying the information of s according to a specified rule may be further included.

Alternatively, the acknowledgment information is further generated by using at least one part of information (e.g., deposit bank information, deposit account number information, and an 8-digit number after the deposit account number among amount information) among the n pieces of designated information. Can include. For example, the acknowledgment information is a value generated by hashing at least one partial information of n pieces of specified information through a specified hash algorithm, a value generated by substituting the at least one partial information into a specified code generation algorithm, and the Generation information including at least one of the values generated by transforming at least one piece of information according to a specified rule may be further included.

Alternatively, the acknowledgment information includes at least one information (e.g., deposit bank information, deposit account number information, amount information among amount information) and at least one partial information (e.g., deposit bank information, deposit account number) among the n pieces of designated information. Generation information generated by using the last 8 digit number of the deposit account number among information and amount information may be further included. For example, the acknowledgment information is a value generated by hashing at least one piece of information and at least one piece of information out of n pieces of designated information through a designated hash algorithm, and the at least one piece of information and some information into a designated code generation algorithm. It may further include generation information including at least one of a value generated by substitution and a value generated by transforming the at least one piece of information and some information according to a specified rule.

Alternatively, the acknowledgment information may further include generation information dynamically generated by the server 200 (eg, a random number value generated through a random number algorithm).

According to an exemplary method of the present invention, the acknowledgment information may further include storage information stored in the server. For example, the acknowledgment information may include unique information or content (eg, image, character string, etc.) registered by the user on the server. For example, if a user has registered a certain image or character string on the server, it is known only to the user himself, so it is possible to determine whether the acknowledgment information has been manipulated or transmitted from the server.

According to an embodiment of the present invention, the acknowledgment information may further include acquisition information obtained by the designation information verification unit 225. For example, the acknowledgment information may further include a payee inquiry result (eg, account holder information of a deposit account) using the n pieces of designation information.

According to an embodiment of the present invention, the acknowledgment information may further include session information for identifying a session allocated to the terminal in the server. For example, the acknowledgment information may further include session information identifying a session assigned (or confirmed) at a time when the user terminal 100 accesses the server.

According to an exemplary method of the present invention, the acknowledgment information may include image information processed in an image form. For example, the acknowledgment information may include a code image (eg, a 2D barcode, etc.) according to at least one of a QR code, a data matrix, a maxi code, and a PDF-417 standard. Preferably, the code image may be generated by encoding at least one or two or more of the n pieces of designation information, generation information, storage information, acquisition information, and session information.

According to an exemplary method of the present invention, all or at least part of the acknowledgment information may be processed into an image form. For example, the acknowledgment information is an image in which at least one or more of the n pieces of designation information, generation information, storage information, acquisition information, and session information are displayed in a designated font on a gradient-processed color and/or wave pattern background. Can be processed into shape. In this case, even if a partial area of the image is manipulated or copied through memory hacking, the user can immediately recognize that the image has been manipulated.

According to the implementation method of the present invention, the acknowledgment information may be used as information for generating dynamically determined transaction information among (Nn) transaction information. For example, a code image generated by encoding at least one or more of the n pieces of designation information, generation information, storage information, acquisition information, and session information is photographed through a user's wireless terminal and encoded in the code image. The obtained information may be used as a seed value or an authentication value for generating an OTP according to a designated procedure of the wireless terminal.

The user terminal 100 receives acknowledgment information for the n pieces of previously transmitted designation information from the server. The acknowledgment information is safely transmitted/received according to an encryption/decryption procedure of a secure communication channel formed between the user terminal 100 and the server. The user terminal 100 may output n pieces of designated information included in the received acknowledgment information, and further perform a validity authentication procedure for the received and/or output acknowledgment information.

Referring to Fig. 2, the server includes a transaction information receiving unit 235 for receiving (Nn) transaction information for the non-face-to-face financial transaction from the user terminal 100 receiving the acknowledgment information according to a specified procedure. And a transaction procedure control unit 215 for controlling the (Nn) transaction information to be received after the n pieces of designation information are first received.

When the user terminal 100 receives and/or outputs valid acknowledgment information for the n pieces of previously transmitted specified information, the first transmitted transaction information including the n pieces of specified information among the N pieces of transaction information The remaining (Nn) transaction information is checked, and the confirmed (Nn) transaction information is transmitted to the server.

The (Nn) transaction information is a generic term for the remaining transaction information excluding the n specified information transmitted first among the N transaction information, and is preferably the amount of the funds among N transaction information for a non-face-to-face financial transaction. It may include transaction information related to the withdrawal side and one or more transaction information to be used as an authentication means.

According to the implementation method of the present invention, the (Nn) number of transaction information is not designated as the n number of designated information among transaction information related to the deposit side of the N number of transaction information for a non-face-to-face financial transaction in which funds are moved. It may further include transaction information.

According to the implementation method of the present invention, the (Nn) number of transaction information is at least one of password information (e.g., account password and/or transfer password), security card random number information, and OTP information used as authentication means for non-face-to-face financial transactions. Or it may contain more than one piece of information.

According to an exemplary method of the present invention, some of the (Nn) transaction information may include a null value. In this case, the transaction information of the null value may be replaced with information previously designated by the server, or the null value may be maintained as it is when it is not used for non-face-to-face financial transactions. For example, among the (Nn) transaction information, the “my bank note” may contain a null value. In this case, the “my bank book note” is information previously specified by the server (eg, deposit account number or deposit account Can be replaced with the account holder information of Alternatively, the "CMS code" among the (Nn) transaction information may maintain a null value as it is, unless it is a CMS transaction.

The transaction procedure control unit 215 controls the n pieces of designated information to be received first, and the (Nn) pieces of transaction information after the reception confirmation information is transmitted, and the transaction information receiving unit 235 Under the control of the procedure control unit 215, (Nn) transaction information is received from the user terminal 100 that has received the acknowledgment information. The (Nn) transaction information is safely transmitted/received according to an encryption/decryption procedure of a secure communication channel formed between the user terminal 100 and the server.

According to the first transaction information exchange method of the present invention, an identification token to mutually identify the other party is exchanged between the user terminal 100 and the server at a designated time point before, during, and after the (Nn) transaction information is exchanged. And, the transaction information receiving unit 235 receives the (Nn) number of transaction information, and checks the n pieces of designated information first received through the identification token.

According to the second transaction information exchange method of the present invention, the transaction information receiver 235 manages the communication channel formed with the user terminal 100 at a time when a communication channel is formed between the user terminal 100 and the server. Allocates (or confirms) a session for and confirms session information for identifying it, and the transaction information receiving unit 235 receives the (Nn) transaction information, and n pieces of designation information received first through the session information Check.

According to the third transaction information exchange method of the present invention, the transaction information receiving unit 235 allows the server to identify the user terminal 100 and/or the program 300 with (Nn) transaction information or The identification information for identifying the can be included on the communication protocol and transmitted, and the transaction information receiving unit 235 receives the (Nn) transaction information, and checks the n pieces of designation information received first through the identification information. .

Referring to Fig. 2, the server includes a transaction information receiving unit 235 for receiving (Nn) transaction information for the non-face-to-face financial transaction from the user terminal 100 receiving the acknowledgment information according to a specified procedure. And a transaction procedure control unit 215 for controlling the (Nn) transaction information to be received after the n pieces of designation information are first received.

Referring to Fig. 2, the server includes an authentication procedure execution unit 240 for performing an authentication procedure using one or more transaction information designated to be used as an authentication means among the (Nn) transaction information or N transaction information. . Depending on the implementation method, the authentication procedure may be performed through a separate authentication server (not shown). In this case, the authentication procedure execution unit 240 requests the authentication procedure from the authentication server.

According to the first transaction authentication method of the present invention, transaction information used as an authentication means for the non-face-to-face financial transaction in the received (Nn) number of transaction information (e.g., account password, transfer password, security card random number, OTP authentication When one or more transaction information designated as a means) is included, the authentication procedure execution unit 240 includes one or more transaction information designated to be used as an authentication means for the non-face-to-face financial transaction among the (Nn) transaction information. After deriving one or more transaction information designated as an authentication means among passwords, transfer passwords, security card random numbers, and OTP), a validity authentication procedure for the derived information may be performed.

According to the second transaction authentication method of the present invention, transaction information (e.g., account password) used as an authentication means for the non-face-to-face financial transaction is included in the n pieces of designated information received first, and then received (Nn) transactions If the information also includes transaction information used as an authentication means for the non-face-to-face financial transaction (e.g., a transfer password, a security card random number, one or more transaction information designated as an authentication method among OTP), the authentication procedure execution unit 240 One or more transaction information designated to be used as an authentication means for the non-face-to-face financial transaction among the n specified information received first and (Nn) transaction information received later (e.g., account password, transfer password, security card random number, OTP authentication After deriving one or more transaction information designated as a means), a validity certification procedure for the derived information may be performed.

Referring to Figure 2, the server uses N pieces of transaction information including n pieces of specified information received first and (Nn) pieces of transaction information received later, or one used as an authentication means among the N pieces of transaction information. A transaction procedure execution unit 245 is provided to perform the transaction procedure of the non-face-to-face financial transaction using T (1 ≤ T <N) transaction information excluding the above transaction information. Preferably, the transaction procedure is performed in connection with the electronic financial server 110 or the financial system 115.

If the authentication procedure is successful, the transaction procedure execution unit 245 includes T (excluding one or more transaction information used as an authentication means from among the N transaction information that combines the n pieces of designated information and (N) pieces of transaction information). The transaction procedure of the non-face-to-face financial transaction is performed using 1≤T<N) transaction information.

If authentication success and transaction success occur while performing a specified procedure using the N transaction information, the transaction procedure execution unit 245 generates success confirmation information for the successful authentication and/or transaction to the user. It is transmitted to the terminal 100. Preferably, the success confirmation information may include t (1≦t≦T) pieces of transaction information used in the transaction procedure of the successful non-face-to-face financial transaction. Here, the t transaction information may include T transaction information used for the non-face-to-face financial transaction, or may include information excluding some information (e.g., received bankbook memo, CMS code, etc.) among the T transaction information. I can.

According to an implementation method of the present invention, the success confirmation information may include s (1≦s) pieces of acquisition information in the t pieces of transaction information. The s obtained information is a generic term for information obtained from a ledger in which a user's withdrawal account was opened during the transaction procedure or information received from another financial company participating in the non-face-to-face financial transaction. Preferably, the s pieces of acquisition information may include account holder information, transaction date and time information of a deposit account.

The user terminal 100 receives success confirmation information for a procedure performed using the N transaction information from the server. The success confirmation information is safely transmitted and received according to an encryption/decryption procedure of a secure communication channel formed between the user terminal 100 and the server.

According to an implementation method of the present invention, the user terminal 100 authenticates the validity of the received success confirmation information. For example, when the success confirmation information is digitally signed through a certificate of the server 200, the user terminal 100 may authenticate the validity of the success confirmation information through a designated electronic signature verification procedure. Or, when the received success confirmation information includes t transaction information, the user terminal 100 compares t transaction information included in the N transaction information with t transaction information included in the success confirmation information. So you can verify that they match.

The user terminal 100 outputs all or part of the received success confirmation information through the screen of the user terminal 100. Depending on the implementation method, the output of the success confirmation information may be omitted. Meanwhile, when the success confirmation information is output, it is preferable that the output success confirmation information includes the t number of transaction information. Preferably, the output success confirmation information may further include s pieces of acquisition information along with the t pieces of transaction information.

According to the implementation method of the present invention, the user terminal 100 may authenticate the validity of the output success confirmation information. That is, the received success confirmation information and the output success confirmation information can be manipulated by memory hacking. To determine this, the user terminal 100 authenticates the validity of the output success confirmation information. For example, when the success confirmation information is processed in the form of an image, the user terminal 100 may have a singular point of the image (e.g., a part in which the level change of the gradation is different from the surrounding level, a part where the wave pattern is broken, etc.) It is possible to verify the validity of the output success confirmation information by checking. Alternatively, the user terminal 100 may compare t pieces of transaction information included in the output success confirmation information with t pieces of transaction information included in the N pieces of transaction information to verify whether they match.

When the success confirmation information is received and/or output, the user terminal 100 displays the user's electronic signature using a public certificate in the transaction details including t transaction information and s acquisition information included in the success confirmation information. Perform the process of creating and attaching. The non-face-to-face financial transaction may be completed by the electronic signature procedure for the transaction details.

On the other hand, if authentication failure or transaction failure occurs while performing a specified procedure using the N transaction information, this means that at least one of the N transaction information has been incorrectly entered, or the memory in the user terminal 100 It can be suspected that hacking has been attempted. Accordingly, the transaction procedure execution unit 245 generates and transmits the failed authentication or transaction confirmation information to the user terminal 100. Preferably, the failure confirmation information may include t (1≦t≦T) pieces of transaction information used in the transaction procedure of the failed non-face-to-face financial transaction. Here, the t transaction information may include T transaction information used for the non-face-to-face financial transaction, or may include information excluding some information (e.g., received bankbook memo, CMS code, etc.) among the T transaction information. I can.

When authentication failure or transaction failure occurs using the N transaction information, the transaction procedure execution unit 245 determines whether the authentication failure or transaction failure has failed due to the n number of designated information or (Nn) transaction information. It can be determined what has failed. However, if it is already authenticated by performing a validity authentication procedure for the n pieces of specified information at the time when the n pieces of specified information are received, the authentication failure or transaction failure is due to the (Nn) pieces of transaction information. It is not necessary to determine whether the transaction failure has failed based on the n pieces of designated information.

If the authentication failure or transaction failure is caused by the n number of designated information, the transaction continuity of the non-face-to-face financial transaction using the N number of transaction information does not necessarily need to be maintained, and is preferably initialized to prevent possible memory hacking. Do. To this end, it is preferable that the transaction procedure execution unit 245 discards the n pieces of designated information even if it is stored. When the transaction continuity of the non-face-to-face financial transaction is discarded and the non-face-to-face financial transaction is initialized, the user terminal 100 performs the procedure for the non-face-to-face financial transaction from the beginning (eg, accredited certificate authentication) again, or n It is preferable that the transaction information (eg, security card random number or OTP) used as an authentication means among at least (Nn) transaction information is initialized and set to use the determined transaction information again. To this end, the failure confirmation information is a flag that can identify whether the authentication failure or transaction failure is due to n designated information or (Nn) transaction information, or the authentication failure or transaction failure is based on n designated information. When generated by the user terminal 100 may further include an indicator for initializing the transaction procedure. By the flag or indicator, the user terminal 100 initializes the currently being performed non-face-to-face financial transaction and performs it again from a specified procedure (e.g., an accredited certificate authentication procedure or n specified information input procedure), or at least (Nn) It is possible to perform a procedure of initializing transaction information used as an authentication means among the two transaction information and inputting the determined transaction information again.

If the authentication failure or transaction failure is not due to the n designated information or (Nn) transaction information, the transaction procedure execution unit 245 performs transaction continuity with respect to the authentication failure or transaction failure. The maintenance failure confirmation information is generated and transmitted to the program 300 of the user terminal 100. Preferably, the failure confirmation information may include t (1≦t≦T) pieces of transaction information used in the transaction procedure of the failed non-face-to-face financial transaction. Here, the t transaction information may include T transaction information used in the non-face-to-face financial transaction, or may include information excluding some of the T transaction information.

According to the implementation method of the present invention, the failure confirmation information is at least one of generated information generated by using the n pieces of designation information and (Nn) pieces of transaction information, and the n pieces of designation information and (Nn) pieces of transaction information. Generated information generated by using, generated information generated using at least one partial information of the n pieces of designated information and (Nn) pieces of transaction information, at least one of the n pieces of designated information and (Nn) pieces of transaction information At least one or two or more of generation information generated by using the information and at least one piece of information and generation information dynamically generated by the server 200 may be further included.

According to an embodiment of the present invention, the failure confirmation information may further include storage information stored in the server.

According to an exemplary method of the present invention, the failure confirmation information may further include session information for identifying a session allocated to the terminal in the server.

According to an exemplary method of the present invention, the failure confirmation information may include image information processed in an image form. For example, the failure confirmation information may include a code image (eg, a 2D barcode) according to at least one of a QR code, a data matrix, a maxi code, and a PDF-417 standard. Preferably, the code image may be generated by encoding at least one or two or more of the n pieces of designation information, generation information, storage information, and session information.

According to an exemplary method of the present invention, all or at least a part of the failure confirmation information may be processed in the form of an image. For example, the failure confirmation information is processed in the form of an image displayed in a specified font in which at least one or more of the n pieces of designated information, generation information, storage information, and session information are displayed on a gradient-treated color and/or wave pattern. Can be. In this case, even if a partial area of the image is manipulated or copied through memory hacking, the user can immediately recognize that the image has been manipulated.

The user terminal 100 receives failure confirmation information for a procedure performed using the N transaction information from the server. The failure confirmation information is safely transmitted/received according to an encryption/decryption procedure of a secure communication channel formed between the user terminal 100 and the server.

According to an exemplary method of the present invention, the user terminal 100 authenticates the validity of the received failure confirmation information. For example, when the failure confirmation information is digitally signed through a certificate of the server 200, the user terminal 100 may authenticate the validity of the failure confirmation information through a designated digital signature verification procedure. Alternatively, when the received failure confirmation information includes t transaction information, the user terminal 100 compares t transaction information included in the N transaction information with t transaction information included in the failure confirmation information. So you can verify that they match.

The user terminal 100 outputs all or part of the received failure confirmation information through the screen of the user terminal 100. Depending on the implementation method, the output of the failure confirmation information may be omitted. Meanwhile, when the failure confirmation information is output, the output failure confirmation information preferably includes the t number of transaction information.

According to an exemplary method of the present invention, the user terminal 100 may authenticate the validity of the output failure confirmation information. That is, the received failure confirmation information and the output failure confirmation information may be manipulated by memory hacking. In order to determine this, the user terminal 100 authenticates the validity of the output failure confirmation information. For example, when the failure confirmation information is processed in the form of an image, the user terminal 100 may have a singular point of the image (e.g., a part in which the level change of the gradation is different from the surrounding level, a part where the wave pattern is cut off, etc.) It is possible to verify the validity of the output failure confirmation information by checking. Alternatively, the user terminal 100 may compare t transaction information included in the output failure confirmation information and t transaction information included in the N transaction information to verify whether they match.

When failure confirmation information maintaining transaction continuity is received, and/or failure confirmation information maintaining transaction continuity is output, the user terminal 100 excludes the n pieces of specified information transmitted first and then transmits (Nn) pieces of information. Among the transaction information, m (1≤m≤(Nn)) transaction information is re-entered. Here, the m transaction information may include a security card random number or OTP that maintains transaction continuity.

On the other hand, in the case of controlling to re-enter and transmit the m transaction information, the transaction information receiving unit 235 receives the m transaction information again for the failed non-face-to-face financial transaction. Therefore, the user terminal 100 attempts to transmit n pieces of designated information excluding the m pieces of transaction information back to the server for the failed authentication or transaction (e.g., a malicious code for memory hacking provided in the user terminal 100). If the program 300 delays (or interrupts) the operation to be transmitted by re-entering m transaction information, and then attempts to retransmit n pieces of designated information manipulated for illegal transactions), this means that the user terminal It can be a basis for confirming that a memory hack is being attempted within (100).

The authentication procedure execution unit 240 is one or more transaction information designated to be used as an authentication means for the non-face-to-face financial transaction among the m transaction information (e.g., account password, transfer password, security card random number, and OTP). After deriving one or more transaction information), a validity authentication procedure for the derived information may be performed.

If the authentication process is successful, the transaction procedure execution unit 245 performs at least one transaction used as an authentication means among the N transaction information combining the n specified information, (Nnm) transaction information, and m transaction information. The transaction procedure of the non-face-to-face financial transaction is performed using T (1≤T<N) transaction information excluding information.

If authentication or transaction success occurs while performing a specified procedure using the N transaction information, or whether authentication failure or transaction failure occurs while performing the specified procedure, the success within a specified number of times. A procedure of transmitting confirmation information or failure confirmation information to the user terminal 100 is performed.

3 is a diagram showing a functional configuration of the program 300 on the side of the user terminal 100 according to the embodiment of the present invention.

In more detail, this figure 3 shows the deposit side of the funds among the N transaction information from the user terminal 100 requesting a non-face-to-face financial transaction in which funds are transferred by transmitting N (N≥2) transaction information to a designated server. Memory hacking attempted in the user terminal 100 is prevented by first transmitting n (1≤n<N) designated information including at least one transaction information related to the relevant information, and then transmitting the remaining (Nn) transaction information. It shows the functional configuration of the blocking program 300, and for those of ordinary skill in the art to which the present invention belongs, the user terminal 100 and the program 300 are referred to and/or modified with reference to FIG. 3 Various implementation methods (e.g., some components are omitted, subdivided, or combined implementation methods) for the functional configuration of the present invention may be inferred, but the present invention includes all the inferred implementation methods, and this drawing The technical features are not limited only by the implementation method shown in FIG. 3.

The program 300 of the present invention includes an application type installed in the user terminal 100, a browser type provided in the user terminal 100, a plug-in type interlocking with the browser of the user terminal 100, and provided in the user terminal 100. A generic term for program code (and/or tag string) that is implemented and operated in a form of at least one or a combination of two or more among web documents and/or scripts interpreted through a browser, hereinafter, the operation procedure of the program 300 Among them, the operation procedure corresponding to the present invention is named by the name of the functional configuration unit and the technical characteristics thereof will be described.

Referring to Fig. 3, the program 300 of the user terminal 100 includes a transaction type confirmation unit 305 for checking a transaction type corresponding to a non-face-to-face financial transaction selected by a user, and a transaction type confirmation unit 305 corresponding to the transaction type. An interface display unit 310 displaying one or more interfaces for receiving transaction information of items designated for non-face-to-face financial transactions, and N transaction information for non-face-to-face financial transactions through which funds are transferred, related to the deposit side of the funds. A designation information verification unit 315 that checks n (1 ≤ n <N) designated information including at least one transaction information, and a designation information transmission unit that first transmits the identified n pieces of designation information to a designated server (320), an acknowledgment determination unit (325) for receiving acknowledgment information for n pieces of specified information transmitted from the server first, and an acknowledgment output unit to output all or part of the acknowledgment information in a specified manner It includes 330, and includes a transaction procedure control unit 335 for controlling the n pieces of designated information to be transmitted first.

When the program 300 is executed and a non-face-to-face financial transaction is initiated, the program 300 performs a designated user authentication (eg, ID/PW authentication or accredited certificate authentication) procedure, and/or the program 300 A transaction type that can be provided through (e.g., account inquiry, account transfer, product subscription/cancellation, fund, loan, foreign exchange, asset management, etc.) is selected, and the transaction type confirmation unit 305 includes the program ( Check the transaction type selected by the user among the transaction types that can be provided through 300). Meanwhile, when the non-face-to-face financial transaction of the present invention is implemented through a web page, the transaction type confirmation unit 305 may be provided on the side of the server 200 providing the web page.

According to the implementation method of the present invention, by confirming any one specific transaction type through the transaction type confirmation unit 305, N (to be input from the user for a non-face-to-face financial transaction corresponding to the confirmed transaction type) N≥2) items of transaction information are confirmed (or determined). For example, if the confirmed transaction type is an account transfer transaction, the N transaction information to be inputted from the user for the account transfer transaction is the withdrawal account number (however, the withdrawal account number is not entered and selected (or designated default Automatically selected as withdrawal account), account password, deposit bank, deposit account number, transfer amount, received bankbook memo, my bankbook memo, CMS code, transfer password, security card random number, OTP (One Time Password) And the like. Among these, some transaction information is an essential input item, and some other transaction information may be an optional input item. For example, the received bankbook memo, my bankbook memo, and the CMS code may correspond to optional input items that are automatically input (or omitted) when not input. Alternatively, the security card random number and OTP may be optional input items in which only one of the two is input.

The interface display unit 310 displays one or more interfaces for receiving transaction information corresponding to a specified number of transaction information items for non-face-to-face financial transactions corresponding to the identified transaction type. Meanwhile, when the non-face-to-face financial transaction of the present invention is implemented through a web page, the interface display unit 310 may be implemented through the web page.

According to the first interface display method of the present invention, the interface display unit 310 includes the deposit side of the funds among N (N≥2) pieces of transaction information for non-face-to-face financial transactions in which funds are moved corresponding to the transaction type. An interface for inputting (or selecting) n (1≦n<N) preset information including at least one related transaction information may be displayed.

Here, the n pieces of designation information include at least one or more predetermined transaction information including at least one transaction information related to the deposit side of the funds among N transaction information for non-face-to-face financial transactions in which funds are moved. It is desirable. Preferably, the n pieces of designation information are n (1 ≤ n"<N) predetermined transaction information related to the deposit side of the funds among N transaction information for non-face-to-face financial transactions in which funds are moved. It is preferable to include ?n?n") pieces of information.

According to the implementation method of the present invention, the n pieces of designation information include transaction information corresponding to essential input items among transaction information related to the deposit side of the funds among N transaction information for non-face-to-face financial transactions in which funds are moved. It is desirable. For example, in the case of an account transfer transaction, among the N transaction information, transaction information related to a deposit side of a fund may include a deposit bank, a deposit account number, a transfer amount, and a received account note. In this case, it is preferable that the n pieces of designation information include at least one or a combination of two or more of deposit bank information, deposit account number information, and amount information corresponding to the transfer amount corresponding to essential input items related to the deposit side of funds.

According to the implementation method of the present invention, the n pieces of designation information further include transaction information corresponding to an optional input item among transaction information related to the deposit side of the funds among N transaction information for non-face-to-face financial transactions in which funds are transferred. can do. For example, the n pieces of designation information include at least one or a combination of two or more of deposit bank information corresponding to essential input items related to the deposit side of the funds, deposit account number information, and amount information corresponding to the transfer amount, It may further include a received passbook memo corresponding to the optional input item.

Meanwhile, according to another implementation method of the present invention, the n pieces of designation information include at least one transaction information related to the deposit side of the funds among N pieces of transaction information for non-face-to-face financial transactions in which funds are moved, and the non-face-to-face It may further include one or more transaction information designated by a financial institution that processes financial transactions. For example, the n pieces of designation information include at least one or a combination of two or more of deposit bank information related to the deposit side of funds, deposit account number information, amount information corresponding to the transfer amount, and received account memo, Although it is not directly related to the depositing party, it may further include transaction information of at least one of the withdrawal account number, account password, my account memo, and CMS code designated by the financial institution. That is, the designated information of the present invention is determined according to which transaction information is first transmitted and maintained on the server in response to each transaction type in order to prevent illegal transactions due to memory hacking. It is not limited to the transaction information related to the deposit side of the funds. However, in a non-face-to-face financial transaction in which funds are transferred, transaction information related to the depositing side of funds is one of the main targets of memory hacking, so it includes at least one. For example, in a non-face-to-face financial transaction in which funds are transferred, if the user has two withdrawal accounts, it is possible to first select any one withdrawal account number and include it in n pieces of designated information. Alternatively, when the withdrawal account is included in n pieces of designated information, it is also possible to include the account password for this in n pieces of designated information and transmit it first.

When an interface for inputting the n pieces of designation information is displayed through the interface display unit 310, the designation information confirmation unit 315 checks whether the n pieces of designated information are inputted through the interface. Preferably, the designation information confirmation unit 315 checks whether the n pieces of designation information are input by clicking a button (or icon) on the interface while the interface for inputting the n pieces of designation information is displayed, and When at least one of the n pieces of designation information is not input, it is possible to induce to click a button (or icon) after inputting all of the n pieces of designation information.

The transaction procedure control unit 335 controls the n pieces of designation information to be transmitted first, and the designation information transmission unit 320 first transmits n pieces of designation information to a designated server under the control of the transaction procedure control unit 335 do.

When n pieces of designation information are input through the interface, the designation information transmission unit 320 first transmits the inputted n pieces of designation information to a designated server. The n pieces of designation information are safely transmitted and received according to an encryption/decryption procedure of a secure communication channel formed between the program 300 and the server.

According to the first designation information exchange method of the present invention, an identification capable of mutually identifying the other party between the program 300 of the user terminal 100 and the server at a designated time point before, during, and after the n pieces of designated information are exchanged. Tokens are exchanged, and the server may receive the n pieces of designation information, map the n pieces of designation information and identification tokens, and store them in a designated storage medium.

According to the second designation information exchange method of the present invention, when a communication channel is formed between the program 300 and the server, the server manages the communication channel formed with the program 300 of the user terminal 100. Sessions are allocated (or confirmed) and session information for identifying them is checked, and the server may receive the n pieces of designation information, map the n pieces of designation information and session information, and store them in a designated storage medium.

According to the third designation information exchange method of the present invention, the designation information transmission unit 320 allows the server to identify the user terminal 100 and/or the program 300 or identify the user with n pieces of designation information. The identification information to be identified may be included in a communication protocol and transmitted, and the server may receive the n pieces of designation information, map the n pieces of designation information to the identification information, and store them in a designated storage medium.

According to an exemplary method of the present invention, it is preferable that n pieces of designated information stored in the storage medium are stored until at least (Nn) pieces of transaction information are received.

According to the second interface display method of the present invention, the interface display unit 310 includes n'(1≤n) of N (N≥2) transaction information for non-face-to-face financial transactions in which funds are moved corresponding to the transaction type. An interface for inputting (or selecting)'≤N) transaction information may be displayed.

Here, the n'number of transaction information means transaction information including the n number of designated information, and preferably (n⊆n') or {n⊂n'} may be established. It may be (n'==N) depending on the implementation method. For example, if an interface for further inputting at least one transaction information in addition to n pieces of designated information designated to be transmitted first is displayed, this corresponds to the second interface display method.

When the interface for inputting the n'number of transaction information is displayed through the interface display unit 310, the designation information confirmation unit 315 checks whether the n number of designated information is inputted through the interface. Preferably, the designation information checking unit 315 checks whether the n pieces of designation information are input by clicking a button (or icon) on the interface while the interface for inputting the n'designation information is displayed, and When at least one of the n pieces of designation information is not input, it is possible to induce to click a button (or icon) after inputting all of the n pieces of designation information.

According to the first designated information transmission method of the present invention, when n pieces of designated information are input through at least one of an interface for inputting n pieces of transaction information or an interface for inputting n’ pieces of transaction information, the designated information is transmitted. The unit 320 first transmits the inputted n pieces of designation information to a designated server.

According to the second designation information transmission method of the present invention, even if n'transaction information is input through the interface for inputting the n'transaction information, the designation information transmission unit 320 Designated information can be transmitted to the designated server first.

According to the third designation information transmission method of the present invention, when n'transaction information is input through the interface for inputting n'transaction information, the designation information transmission unit 320 designates n'transaction information. Can be sent to the server. In this case, the n'number of transaction information may include transaction information not related to the deposit side of the N number of transaction information for non-face-to-face financial transactions in which funds are transferred.

The n pieces of designated information (or n'pieces of transaction information) transmitted according to the first to third designated information transmission methods are received to a designated server according to the first to third designated information transmission and reception methods, and stored in a designated storage medium. do. Meanwhile, when n'pieces of transaction information are received, the server may store the n'pieces of transaction information in a designated designated medium according to the first to third designated information transmission/reception methods. Hereinafter, for convenience, it is assumed that n pieces of designation information are transmitted to the server, and the characteristics of the present invention will be described.

According to the implementation method of the present invention, the server may perform a procedure of verifying and authenticating the validity of the received n pieces of designated information. For example, if the n pieces of designated information include a deposit bank and a deposit account number, the server performs a procedure of inquiring and authenticating the payee whether the account corresponding to the deposit account number is actually a valid account number opened at the deposit bank. Can be done. On the other hand, if the depositing bank is a bank other than the bank in which the withdrawal account was opened, the other party does not provide a prior inquiry for the transfer transaction or does not accept it on the financial network supporting transactions between the bank and the bank. For the validity of the n pieces of designated information, the procedure for inquiring a recipient may be omitted.

When the validity of the n designated information is not confirmed as a result of validity check of the n designated information (e.g., an account corresponding to the deposit account number is opened at the depositing bank as a result of a payee inquiry using the deposit bank and deposit account number) Or when valid account holder information cannot be obtained as a result of the recipient inquiry), the server generates acknowledgment information including validity authentication failure information for the n pieces of designated information, and stores the generated acknowledgment information. It can be transmitted to the program 300 of the user terminal 100. If validation of the n pieces of designated information fails, the transaction continuity for the n pieces of designated information may not be maintained, and the n pieces of designated information need not be stored in a storage medium.

If the validation of the n pieces of designated information fails, the program 300 performs the procedure for the non-face-to-face financial transaction from the beginning (eg, authentication certificate), or re-enters the n pieces of designated information. It is desirable. To this end, the acknowledgment information includes all or part of the n pieces of designated information that the server has acknowledged, and causes the program 300 to initialize a non-face-to-face financial transaction currently being performed, and a designated procedure (e.g., an accredited certificate authentication procedure). Alternatively, a flag or indicator corresponding to the validity authentication failure information for controlling to be performed again from n number of designated information input procedures, etc. may be further included. By the flag or indicator, the transaction procedure control unit 335 may control to initialize a non-face-to-face financial transaction currently being performed and to perform a specified procedure again (e.g., a public certificate authentication procedure or a procedure for inputting n pieces of designated information, etc.). . Under the control of the transaction procedure control unit 335, the interface display unit 310 displays an interface that is performed again from a designated previous procedure. Preferably, the interface display unit 310 may re-perform from the procedure of displaying an interface for re-entering the n pieces of designation information.

On the other hand, the validation of the validity of the n pieces of designated information was successful (e.g., as a result of a payee inquiry using the deposit bank and deposit account number, a valid account corresponding to the deposit account number was opened at the deposit bank, or valid account holder information as a result of the payee inquiry If obtained), or the validation of the n pieces of designated information is omitted (however, even if it is omitted at the time when n pieces of designated information are first received, it is performed in the process of performing a transaction procedure using N pieces of transaction information) In this case, the server stores the received n pieces of designation information in a designated storage medium, generates formula confirmation information for the n pieces of designation information, and stores the generated acknowledgment information in a program of the user terminal 100 ( 300). Preferably, the acknowledgment information preferably includes n pieces of designation information confirmed by the server. When the n pieces of specified information included in the acknowledgment information are output through the program 300, the user determines whether the n pieces of specified information confirmed to be received in the server are not manipulated by memory hacking and are actually inputted information. You can do it.

According to an implementation method of the present invention, the acknowledgment information is generated information generated using at least one of the n pieces of designation information confirmed by the server, and generated information generated using at least one of the n pieces of designated information that has been acknowledged, Generation information generated by using at least one partial information of the n pieces of designated information that has been acknowledged, generation information generated by using at least one piece of information and at least one of the n pieces of designated information that has been acknowledged, the server ( 200) may further include at least one or two or more of the generated information dynamically generated by the side.

For example, the acknowledgment information may further include generation information generated by using n pieces of designation information (eg, deposit bank information, deposit account number information, amount information, etc.) confirmed by the server. For example, the acknowledgment information is a value generated by hashing n pieces of designated information through a designated hash algorithm, a value generated by substituting the n pieces of designated information into a designated code generation algorithm, and the structure of the n pieces of designated information. Generation information including at least one of the values generated by modifying according to a specified rule may be further included.

Alternatively, the acknowledgment information further includes generation information generated by using at least one of n pieces of designated information (e.g., deposit bank information, deposit account number information, and deposit account number information among amount information) received and confirmed by the server. can do. For example, the acknowledgment information is a value generated by hashing at least one of n pieces of designated information through a designated hash algorithm, a value generated by substituting the at least one information into a designated code generation algorithm, and the at least one The generation information including at least one of the values generated by modifying the information of s according to a specified rule may be further included.

Alternatively, the acknowledgment information is generated using at least one part of information (e.g., deposit bank information, deposit account number information, and the last 8 digit number of the deposit account number among the amount information) received and confirmed by the server. It may further include generation information. For example, the acknowledgment information is a value generated by hashing at least one partial information of n pieces of specified information through a specified hash algorithm, a value generated by substituting the at least one partial information into a specified code generation algorithm, and the Generation information including at least one of the values generated by transforming at least one piece of information according to a specified rule may be further included.

Alternatively, the acknowledgment information is at least one of n pieces of designated information that the server has received confirmation from (e.g., deposit bank information, deposit account number information, amount information among amount information) and at least one partial information (eg, deposit bank information). , The deposit account number information, the amount information, the last 8 digit number of the deposit account number) may further include the generated information. For example, the acknowledgment information is a value generated by hashing at least one piece of information and at least one piece of information out of n pieces of designated information through a designated hash algorithm, and the at least one piece of information and some information into a designated code generation algorithm. It may further include generation information including at least one of a value generated by substitution and a value generated by transforming the at least one piece of information and some information according to a specified rule.

Alternatively, the acknowledgment information may further include generation information dynamically generated by the server 200 (eg, a random number value generated through a random number algorithm).

According to an exemplary method of the present invention, the acknowledgment information may further include storage information stored in the server. For example, the acknowledgment information may include unique information or content (eg, image, character string, etc.) registered by the user on the server. For example, if a user has registered a certain image or character string on the server, it is known only to the user himself, so it is possible to determine whether the acknowledgment information has been manipulated or transmitted from the server.

According to an embodiment of the present invention, the acknowledgment information may further include acquisition information obtained from the server. For example, the acknowledgment information may further include a payee inquiry result (eg, account holder information of a deposit account) using the n pieces of designation information.

According to an embodiment of the present invention, the acknowledgment information may further include session information for identifying a session allocated to the terminal in the server. For example, the acknowledgment information may further include session information identifying a session assigned (or confirmed) at a time when the program 300 of the user terminal 100 accesses the server.

According to an exemplary method of the present invention, the acknowledgment information may include image information processed in an image form. For example, the acknowledgment information may include a code image (eg, a 2D barcode, etc.) according to at least one of a QR code, a data matrix, a maxi code, and a PDF-417 standard. Preferably, the code image may be generated by encoding at least one or two or more of the n pieces of designation information, generation information, storage information, acquisition information, and session information.

According to an exemplary method of the present invention, all or at least part of the acknowledgment information may be processed into an image form. For example, the acknowledgment information is an image in which at least one or more of the n pieces of designation information, generation information, storage information, acquisition information, and session information are displayed in a designated font on a gradient-processed color and/or wave pattern background. Can be processed into shape. In this case, even if a partial area of the image is manipulated or copied through memory hacking, the user can immediately recognize that the image has been manipulated.

According to the implementation method of the present invention, the acknowledgment information may be used as information for generating dynamically determined transaction information among (Nn) transaction information. For example, a code image generated by encoding at least one or more of the n pieces of designation information, generation information, storage information, acquisition information, and session information is photographed through a user's wireless terminal and encoded in the code image. The obtained information may be used as a seed value or an authentication value for generating an OTP according to a designated procedure of the wireless terminal.

The acknowledgment determining unit 325 receives acknowledgment information for n pieces of designation information first transmitted by the designation information transmission unit 320 from the server. The acknowledgment information is safely transmitted/received according to an encryption/decryption procedure of a secure communication channel formed between the program 300 and the server.

According to an embodiment of the present invention, the acknowledgment determining unit 325 authenticates the validity of the received acknowledgment information. For example, when the acknowledgment information is digitally signed through a certificate of the server 200, the acknowledgment determination unit 325 may verify the validity of the acknowledgment information through a designated digital signature verification procedure. . Alternatively, the acknowledgment determination unit 325 may compare n pieces of specified information included in the received acknowledgment information with n pieces of specified information transmitted to the server by the specified information transmission unit 320 to verify whether they match. have.

The acknowledgment output unit 330 outputs all or part of the received acknowledgment information through the screen of the user terminal 100. Depending on the implementation method, the output of the acknowledgment information may be omitted. Meanwhile, when the acknowledgment information is output, it is preferable that the output acknowledgment information includes the n pieces of designation information.

According to an exemplary method of the present invention, the acknowledgment output unit 330 authenticates the validity of the output acknowledgment information. That is, the received acknowledgment information and the output acknowledgment information can be manipulated by memory hacking. To determine this, the acknowledgment output unit 330 verifies the validity of the output acknowledgment information. For example, when the acknowledgment information is processed in the form of an image, the acknowledgment output unit 330 provides a singular point of the image (e.g., a portion in which the level change of the gradation is different from the surrounding level, the portion where the wavy pattern is broken Etc.), the validity of the outputted acknowledgment information can be verified. Alternatively, the acknowledgment output unit 330 may compare n pieces of specified information included in the output acknowledgment information with n pieces of specified information transmitted to the server by the specified information transmission unit 320 to verify whether they match. have.

The transaction procedure control unit 335 checks whether the acknowledgment information is received and/or output, and after n pieces of designated information are transmitted to the server by the designated information transmission unit 320, the acknowledgment information is received and/or Alternatively, in the process of outputting, the'z-order' of the user terminal 100 is managed so that it is not transferred to another process. If the'z-order' is forcibly transferred to another process, the transaction procedure control unit 335 may suspect that a memory hack is attempting and output a warning message.

Referring to Figure 3, the program 300 of the user terminal 100, a transaction information verification unit 340 that checks (Nn) number of transaction information input through at least one interface in response to the acknowledgment information. And, a transaction information transmission unit 345 that transmits the confirmed (Nn) transaction information to the server, and for authentication or transaction using the n specified information transmitted first and (Nn) transaction information transmitted later. A transaction that includes a transaction success or failure determination unit 350 for receiving success confirmation information or authentication or failure confirmation information for the transaction, and outputting all or part of the success confirmation information or failure confirmation information in a designated manner A success or failure output unit 355 is provided, and a transaction procedure control unit 335 for controlling the (Nn) number of transaction information to be transmitted after the n number of designated information is first transmitted.

The transaction procedure control unit 335 checks whether the reception confirmation information is received and/or output from the server after n pieces of designated information are transmitted to the server, and when the reception confirmation information is received and/or output, the transaction The procedure control unit 335 may control an interface for inputting Nn) transaction information to be displayed. The interface display unit 310 displays an interface for inputting (Nn) transaction information under the control of the transaction procedure control unit 335. Depending on the implementation method, the transaction procedure control unit 335 may control the interface for inputting the (Nn) transaction information and the acknowledgment information to be displayed on one screen area, and the interface display unit 310 The interface is displayed under the control of the procedure controller 335.

The transaction information confirmation unit 340 confirms whether (Nn) transaction information is input through an interface displayed through the interface display unit 310 in response to the reception and/or output of the reception confirmation information, and/or (Nn) transaction information input through the interface is checked.

The (Nn) transaction information is a generic term for the remaining transaction information excluding the n specified information transmitted first among the N transaction information, and is preferably the amount of the funds among N transaction information for a non-face-to-face financial transaction. It may include transaction information related to the withdrawal side and one or more transaction information to be used as an authentication means.

According to the implementation method of the present invention, the (Nn) number of transaction information is not designated as the n number of designated information among transaction information related to the deposit side of the N number of transaction information for a non-face-to-face financial transaction in which funds are moved. It may further include transaction information.

According to the implementation method of the present invention, the (Nn) number of transaction information is at least one of password information (e.g., account password and/or transfer password), security card random number information, and OTP information used as authentication means for non-face-to-face financial transactions. Or it may contain more than one piece of information.

According to an exemplary method of the present invention, some of the (Nn) transaction information may include a null value. In this case, the transaction information of the null value may be replaced with information previously designated by the server, or the null value may be maintained as it is when it is not used for non-face-to-face financial transactions. For example, among the (Nn) transaction information, the “my bank note” may contain a null value. In this case, the “my bank book note” is information previously specified by the server (eg, deposit account number or deposit account Can be replaced with the account holder information of Alternatively, the "CMS code" among the (Nn) transaction information may maintain a null value as it is, unless it is a CMS transaction.

The transaction procedure control unit 335 controls the (Nn) transaction information to be transmitted after the n pieces of designated information are first transmitted, and after receiving and/or outputting acknowledgment information therefor, the transaction information transmission unit ( 345) transmits (Nn) number of transaction information to the server under the control of the transaction procedure controller 335. The (Nn) transaction information is securely transmitted and received according to the encryption/decryption procedure of the secure communication channel formed between the program 300 and the server.

According to the first transaction information exchange method of the present invention, the other party can be mutually identified between the program 300 of the user terminal 100 and the server at a designated time point before, during, and after the (Nn) transaction information is exchanged. An identification token is exchanged, and the server receives the (Nn) transaction information, and checks the n pieces of designated information received first through the identification token.

According to the second transaction information exchange method of the present invention, when a communication channel is formed between the program 300 and the server, the server manages the communication channel formed with the program 300 of the user terminal 100. A session is allocated (or confirmed) and session information for identifying it is checked, and the server receives the (Nn) transaction information, and checks the n pieces of designation information received first through the session information.

According to the third transaction information exchange method of the present invention, the transaction information transmission unit 345 allows the server to identify the user terminal 100 and/or the program 300 together with (Nn) transaction information, or Identification information identifying a user may be included on a communication protocol and transmitted, and the server receives the (Nn) transaction information, and checks the n pieces of designation information received first through the identification information.

According to the first transaction authentication method of the present invention, transaction information used as an authentication means for the non-face-to-face financial transaction in the received (Nn) number of transaction information (e.g., account password, transfer password, security card random number, OTP authentication When one or more transaction information designated as a means) is included, the server includes one or more transaction information (e.g., account password, transfer password, security information) designated to be used as an authentication means for the non-face-to-face financial transaction among the (Nn) transaction information. After deriving one or more transaction information designated as an authentication means among the random number of cards and OTP), a validity authentication procedure for the derived information may be performed.

According to the second transaction authentication method of the present invention, transaction information (e.g., account password) used as an authentication means for the non-face-to-face financial transaction is included in the n pieces of designated information received first, and then received (Nn) transactions If the information also includes transaction information used as an authentication means for the non-face-to-face financial transaction (e.g., transfer password, random number of security cards, one or more transaction information designated as an authentication method among OTP), the server specifies n items received first. One or more transaction information designated to be used as an authentication method for the non-face-to-face financial transaction among (Nn) transaction information received after the information (e.g., account password, transfer password, security card random number, one or more transactions designated as authentication methods among OTP) Information), a validity authentication procedure for the derived information may be performed.

If the authentication process is successful, the server is T (1≤T<N) excluding one or more transaction information used as an authentication means among the N transaction information combined with the n number of specified information and (Nn) number of transaction information. The transaction procedure of the non-face-to-face financial transaction is performed using the transaction information.

If authentication success and transaction success occur while performing a specified procedure using the N transaction information, the server generates success confirmation information for the successful authentication and/or transaction to program the user terminal 100. Send to 300. Preferably, the success confirmation information may include t (1≦t≦T) pieces of transaction information used in the transaction procedure of the successful non-face-to-face financial transaction. Here, the t transaction information may include T transaction information used for the non-face-to-face financial transaction, or may include information excluding some information (e.g., received bankbook memo, CMS code, etc.) among the T transaction information. I can.

According to an implementation method of the present invention, the success confirmation information may include s (1≦s) pieces of acquisition information in the t pieces of transaction information. The s obtained information is a generic term for information obtained from a ledger in which a user's withdrawal account was opened during the transaction procedure or information received from another financial company participating in the non-face-to-face financial transaction. Preferably, the s pieces of acquisition information may include account holder information, transaction date and time information of a deposit account.

The transaction success or failure determination unit 350 receives success confirmation information for a procedure performed using the N transaction information from the server. The success confirmation information is safely transmitted/received according to an encryption/decryption procedure of a secure communication channel formed between the program 300 and the server.

According to an implementation method of the present invention, the transaction success or failure determination unit 350 authenticates the validity of the received success confirmation information. For example, when the success confirmation information is digitally signed through a certificate of the server 200, the transaction success or failure determination unit 350 may verify the validity of the success confirmation information through a designated digital signature verification procedure. . Alternatively, when the received success confirmation information includes t transactions, the transaction success or failure determination unit 350 includes t transaction information included in the N transaction information transmitted to the server and the success confirmation information. By comparing t transaction information, it is possible to verify whether they match.

The transaction success or failure output unit 355 outputs all or part of the received success confirmation information through the screen of the user terminal 100. Depending on the implementation method, the output of the success confirmation information may be omitted. Meanwhile, when the success confirmation information is output, it is preferable that the output success confirmation information includes the t number of transaction information. Preferably, the output success confirmation information may further include s pieces of acquisition information along with the t pieces of transaction information.

According to the implementation method of the present invention, the transaction success or failure output unit 355 may verify the validity of the output success confirmation information. That is, the received success confirmation information and the output success confirmation information can be manipulated by memory hacking. To determine this, the transaction success or failure output unit 355 verifies the validity of the output success confirmation information. For example, when the success confirmation information is processed in the form of an image, the transaction success or failure output unit 355 may provide a singular point of the image (e.g., a portion in which the level change of the gradation is different from the surrounding level, the portion where the wave pattern is cut off) Etc.), the validity of the output success confirmation information can be verified. Alternatively, the transaction success or failure output unit 355 may compare t transaction information included in the output success confirmation information with t transaction information included in the N transaction information transmitted to the server to verify whether they match.

The transaction procedure control unit 335 checks whether success confirmation information is received by the transaction success or failure determination unit 350, or success confirmation information is output by the transaction success or failure output unit 355, and the success When confirmation information is received and/or output, the procedure of creating and attaching a user's digital signature using a public certificate to the transaction details including t transaction information and s acquisition information included in the success confirmation information is controlled to be performed. do. The non-face-to-face financial transaction may be completed by the electronic signature procedure for the transaction details.

On the other hand, if authentication failure or transaction failure occurs while performing a specified procedure using the N transaction information, this means that at least one of the N transaction information has been incorrectly entered, or the memory in the user terminal 100 It can be suspected that hacking has been attempted. Accordingly, the server generates failure confirmation information for the failed authentication or transaction and transmits it to the program 300 of the user terminal 100. Preferably, the failure confirmation information may include t (1≦t≦T) pieces of transaction information used in the transaction procedure of the failed non-face-to-face financial transaction. Here, the t transaction information may include T transaction information used for the non-face-to-face financial transaction, or may include information excluding some information (e.g., received bankbook memo, CMS code, etc.) among the T transaction information. I can.

When authentication failure or transaction failure occurs using the N number of transaction information, the server can determine whether the authentication failure or transaction failure has failed due to the n number of designated information or (Nn) number of transaction information. . However, if it is already authenticated by performing a validity authentication procedure for the n pieces of specified information at the time when the n pieces of specified information are received, the authentication failure or transaction failure is due to the (Nn) pieces of transaction information. It is not necessary to determine whether the transaction failure has failed based on the n pieces of designated information.

If the authentication failure or transaction failure is caused by the n number of designated information, the transaction continuity of the non-face-to-face financial transaction using the N number of transaction information does not necessarily need to be maintained, and is preferably initialized to prevent possible memory hacking. Do. To this end, it is preferable that the server discards n pieces of designation information even if it is stored. When the transaction continuity of the non-face-to-face financial transaction is discarded and the non-face-to-face financial transaction is initialized, the program 300 performs the procedure for the non-face-to-face financial transaction from the beginning (eg, accredited certificate authentication), or n It is preferable that the designated information is input again, or the transaction information (eg, security card random number or OTP) used as an authentication means among at least (Nn) transaction information is initialized and set to use the determined transaction information again. To this end, the failure confirmation information is a flag that can identify whether the authentication failure or transaction failure is due to n designated information or (Nn) transaction information, or the authentication failure or transaction failure is based on n designated information. When caused by the result, it may further include an indicator for initializing the transaction procedure of the program 300. According to the flag or indicator, the transaction procedure control unit 335 controls to initialize the non-face-to-face financial transaction currently being performed and perform it again from a specified procedure (e.g., an accredited certificate authentication procedure or n specified information input procedure), or at least It is possible to control to perform a procedure of initializing transaction information used as an authentication means among (Nn) transaction information and inputting the determined transaction information again. Under the control of the transaction procedure control unit 335, the interface display unit 310 displays an interface to be performed again from a designated previous procedure, or at least displays an interface for inputting determined transaction information. Preferably, the interface display unit 310 may re-perform from the procedure of displaying an interface for re-entering the n pieces of designation information.

If the authentication failure or transaction failure is not due to the n specified information or (Nn) transaction information, the server provides failure confirmation information to maintain transaction continuity with respect to the authentication failure or transaction failure. It is generated and transmitted to the program 300 of the user terminal 100. Preferably, the failure confirmation information may include t (1≦t≦T) pieces of transaction information used in the transaction procedure of the failed non-face-to-face financial transaction. Here, the t transaction information may include T transaction information used in the non-face-to-face financial transaction, or may include information excluding some of the T transaction information.

According to the implementation method of the present invention, the failure confirmation information is at least one of generated information generated by the server using the n pieces of designation information and (Nn) pieces of transaction information, and the n pieces of designation information and (Nn) pieces of transaction information. Among the generated information generated using one piece of information, the generated information generated using at least one part of the n pieces of designated information and (Nn) pieces of transaction information, the n pieces of designated information and (Nn) pieces of transaction information At least one or two or more of generation information generated by using at least one piece of information and at least one piece of information and generation information dynamically generated by the server 200 may be further included.

According to an embodiment of the present invention, the failure confirmation information may further include storage information stored in the server.

According to an exemplary method of the present invention, the failure confirmation information may further include session information for identifying a session allocated to the terminal in the server.

According to an exemplary method of the present invention, the failure confirmation information may include image information processed in an image form. For example, the failure confirmation information may include a code image (eg, a 2D barcode) according to at least one of a QR code, a data matrix, a maxi code, and a PDF-417 standard. Preferably, the code image may be generated by encoding at least one or two or more of the n pieces of designation information, generation information, storage information, and session information.

According to an exemplary method of the present invention, all or at least a part of the failure confirmation information may be processed in the form of an image. For example, the failure confirmation information is processed in the form of an image displayed in a specified font in which at least one or more of the n pieces of designated information, generation information, storage information, and session information are displayed on a gradient-treated color and/or wave pattern. Can be. In this case, even if a partial area of the image is manipulated or copied through memory hacking, the user can immediately recognize that the image has been manipulated.

The transaction success or failure determination unit 350 receives failure confirmation information for a procedure performed using the N transaction information from the server. The failure confirmation information is safely transmitted/received according to an encryption/decryption procedure of a secure communication channel formed between the program 300 and the server.

According to an implementation method of the present invention, the transaction success or failure determination unit 350 authenticates the validity of the received failure confirmation information. For example, when the failure confirmation information is digitally signed through a certificate of the server 200, the transaction success or failure determination unit 350 may verify the validity of the failure confirmation information through a designated digital signature verification procedure. . Alternatively, when the received failure confirmation information includes t transaction information, the transaction success or failure determination unit 350 includes t transaction information included in the N transaction information transmitted to the server and the failure confirmation information. By comparing t transaction information, it is possible to verify whether they match.

The transaction success or failure output unit 355 outputs all or part of the received failure confirmation information through the screen of the user terminal 100. Depending on the implementation method, the output of the failure confirmation information may be omitted. Meanwhile, when the failure confirmation information is output, the output failure confirmation information preferably includes the t number of transaction information.

According to an implementation method of the present invention, the transaction success or failure output unit 355 may authenticate the validity of the output failure confirmation information. That is, the received failure confirmation information and the output failure confirmation information may be manipulated by memory hacking. To determine this, the transaction success or failure output unit 355 verifies the validity of the output failure confirmation information. For example, when the failure confirmation information is processed in the form of an image, the transaction success or failure output unit 355 may perform a singularity of the image (e.g., a part in which the level change of the gradation is different from the surrounding level, the part where the wave pattern is cut off) Etc.), the validity of the output failure confirmation information can be verified. Alternatively, the transaction success or failure output unit 355 may compare t transaction information included in the output failure confirmation information with t transaction information included in the N transaction information transmitted to the server to verify whether they match.

Referring to Figure 3, the program 300 of the user terminal 100, when the failure confirmation information for maintaining the transaction continuity is received, m (1 ≤ m ≤ (Nn) of the (Nn) transaction information )) and a transaction procedure control unit 335 that controls a procedure of re-inputting transaction information.

The transaction procedure control unit 335 receives failure confirmation information for maintaining transaction continuity through the transaction success or failure determination unit 350, and/or failure confirmation to maintain transaction continuity through the transaction success or failure output unit 355 Determine whether information is output. If the failure confirmation information that maintains the transaction continuity is received and/or output, the transaction procedure control unit 335 excludes the n specified information transmitted first, and then m (1 ≤ m) of the transmitted (Nn) transaction information. A procedure of re-entering ?(Nn)) transaction information is performed, and under the control of the transaction procedure controller 335, the interface unit may display an interface for inputting the m transaction information. Here, the m transaction information may include a security card random number or OTP that maintains transaction continuity.

Meanwhile, when the transaction procedure control unit 335 controls to re-enter and transmit m transaction information, the server also receives the m transaction information again for the failed non-face-to-face financial transaction. Therefore, the user terminal 100 attempts to transmit n pieces of designated information excluding the m pieces of transaction information back to the server for the failed authentication or transaction (e.g., a malicious code for memory hacking provided in the user terminal 100). If the program 300 delays (or interrupts) the operation to be transmitted by re-entering m transaction information, and then attempts to retransmit n pieces of designated information manipulated for illegal transactions), this means that the user terminal It can be a basis for confirming that a memory hack is being attempted within (100).

4 is a diagram illustrating a process of first transmitting n pieces of designation information according to an exemplary method of the present invention.

In more detail, Figure 4 shows n (1≤n<N) designated information including at least one transaction information related to the deposit side of the funds among N transaction information for non-face-to-face financial transactions in which funds are transferred. It shows a process of first transmitting to a designated server, and for those of ordinary skill in the art to which the present invention belongs, various implementation methods for the designated information transmission process by referring and/or modifying this Figure 4 (e.g., Some steps may be omitted, or the implementation method in which the order has been changed) may be inferred, but the present invention includes all of the inferred implementation methods, and the technical features are not limited only by the implementation method shown in FIG. No.

Referring to FIG. 4, when a non-face-to-face financial transaction is initiated, the user terminal 100 performs a specified non-face-to-face procedure for a non-face-to-face financial transaction in connection with a designated server (400). The user terminal 100 checks the type of non-face-to-face financial transaction during or after the non-face-to-face procedure (405). If the transaction type is a transaction irrelevant to the movement of funds, the user terminal 100 In conjunction with, a designated non-face-to-face financial transaction procedure is performed (410).

On the other hand, if the identified transaction type is a non-face-to-face financial transaction (e.g., an account transfer transaction, etc.) in which funds are transferred, the user terminal 100 includes N (N≥2) transactions for non-face-to-face financial transactions in which funds are transferred. An interface for inputting (or selecting) n (1≦n<N) preset information including at least one transaction information related to the deposit side of the information is displayed (415). The interface may include at least one of an interface for inputting (or selecting) n pieces of designation information or an interface for inputting (or selecting) n'(1≦n'≦N) pieces of transaction information.

The user terminal 100 checks whether n pieces of preset information including at least one transaction information related to a fund deposit side are input (or selected) through the interface (420). If the n pieces of designation information are input (or selected), the user terminal 100 first transmits the input (or selected) n pieces of designation information to a designated server (425).

5 is a diagram showing a process of transmitting and receiving designation information according to an exemplary method of the present invention.

In more detail, FIG. 5 shows a process of first receiving the n pieces of designation information from the server when the user terminal 100 first transmits n pieces of designated information related to the fund depositing side among the N pieces of transaction information to a designated server. As such, if a person of ordinary skill in the art to which the present invention belongs, various implementation methods for the designated information transmission/reception process (e.g., some steps are omitted, or the order is changed) by referring and/or modifying this drawing 5 Implementation method) may be inferred, but the present invention includes all the inferred implementation methods, and the technical features are not limited only by the implementation method shown in FIG. 5.

Referring to Fig. 5, when n pieces of designation information are first transmitted from the user terminal 100 through the process shown in Fig. 4, the server first receives n pieces of designation information from the user terminal 100 (500), The n pieces of designated information are stored in a designated storage medium to be linked with (Nn) pieces of transaction information to be received in the future (505).

The server performs a procedure for checking the validity of the n pieces of designated information (510), and preferably performs a procedure for inquiring the recipient information corresponding to the fund deposit side (510).

If the validity of the n pieces of designation information is not confirmed, the server discards the stored n pieces of designation information, and acknowledgment information including validity authentication failure information for the n pieces of designated information to the user terminal 100 And transmits (515), the user terminal 100 receives the acknowledgment information including the validity authentication failure information (520), outputs the acknowledgment information, and at the same time, performs a non-face-to-face financial transaction. Initialization (525), and repeats the process shown in Figure 4 from the designated procedure.

On the other hand, when the validity of the n pieces of designated information is confirmed (eg, success in retrieving recipient information, etc.), the server transmits the acknowledgment information for the n pieces of designated information confirmed to be received to the user terminal 100 (530).

FIG. 6 is a diagram illustrating a process of confirming receipt of n pieces of designated information and transmitting (Nn) pieces of transaction information according to an embodiment of the present invention.

In more detail, FIG. 6 shows that n pieces of designated information are first transmitted to a designated server by the user terminal 100, and then received and determined by receiving confirmation information for the n pieces of designated information, and (Nn) transaction information is input ( Alternatively, it is shown a process of receiving and transmitting after receiving it to the server, and if a person of ordinary skill in the art to which the present invention belongs, see and/or modify this Figure 6 to confirm receipt of the n pieces of designated information and/ Alternatively, various implementation methods for the post-transmission process of (Nn) transaction information (e.g., some steps are omitted or the order has been changed) may be inferred, but the present invention includes all the inferred implementation methods. It is made, and the technical features are not limited only by the implementation method shown in FIG. 6.

Referring to FIG. 6, when acknowledgment information for the n pieces of specified information is transmitted from a server that has confirmed receipt of n pieces of specified information through the process shown in FIG. 5, the user terminal 100 is sent from the server to FIG. 4 Receiving confirmation information for the n pieces of designation information transmitted first through the process shown in (600), and authenticating the validity of the n pieces of designation information included in the acknowledgment information (605). If the validity of the n pieces of designated information included in the acknowledgment information is not authenticated, the user terminal 100 processes the currently executing non-face-to-face financial transaction (610), and the process shown in Fig. 4 from the designated procedure. Repeat.

On the other hand, when the validity of the n pieces of designated information included in the acknowledgment information is authenticated, the user terminal 100 displays the n pieces of designated information included in the acknowledgment information on a screen to allow the user to input (or select) At the same time as a request to check whether the information is identical (615), the validity of the output n pieces of designated information is authenticated (620).

If the validity of the output n pieces of specified information is not authenticated, or if the user does not confirm the output n pieces of specified information as information entered (or selected) by himself, the user terminal 100 is currently executed. The non-face-to-face financial transaction is processed (610), and the process shown in Fig. 4 is repeated from the designated procedure.

On the other hand, when the validity of the output n pieces of specified information is authenticated, and the user confirms the output n pieces of specified information as information entered (or selected) by the user, the user terminal 100 follows the specified procedure ( An interface for inputting (or selecting) Nn) transaction information is displayed (625), and when transaction information is input (or selected) through the interface, the transaction information is input (or selected) through the interface according to a specified procedure. It is transmitted to the server (630), and the process is performed at least once or more until (Nn) transaction information is transmitted.

7 is a diagram illustrating a process of performing authentication and/or transaction using n pieces of designation information transmitted and received first and (Nn) pieces of transaction information transmitted and received later according to an exemplary method of the present invention.

In more detail, FIG. 7 shows n pieces of designation information first transmitted from the user terminal 100 to the server through the process shown in FIGS. 4 and 5 and (Nn) transmitted after the process shown in FIG. It shows the process of performing the authentication procedure and the transaction procedure using at least one or two of the transaction information, and if a person of ordinary skill in the technical field to which the present invention belongs, refer to and/or modify this Figure 7 Various implementation methods for the authentication and/or transaction process (e.g., some steps are omitted or the order is changed) may be inferred, but the present invention includes all the inferred implementation methods, The technical features are not limited only to the implementation method illustrated in FIG. 7.

Referring to FIG. 7, when transaction information is transmitted from the user terminal 100 according to a specified procedure through the process shown in FIG. 6, the server receives the transaction information from the user terminal 100 according to the specified procedure. (700). When (Nn) transaction information is received from the user terminal 100, the server checks the received (Nn) transaction information and the mapped and stored n designation information (705), and the (Nn) transaction information Alternatively, one or more transaction information used as an authentication means is derived from among N transaction information including the n number of designated information and (Nn) number of transaction information, and an authentication procedure is performed (710).

If the authentication process using one or more transaction information used as the authentication means is successful, the server makes a non-face-to-face financial transaction transaction using T transaction information excluding the transaction information used as the authentication means among the N transaction information. The procedure is performed (715).

If both the authentication procedure and the transaction procedure are successful, the server transmits the successful authentication and transaction success confirmation information to the user terminal 100 (720), and the user terminal 100 transmits the success confirmation information. It receives and outputs (725), and performs an electronic signature procedure for the transaction details included in the success confirmation information (730). The server completes the non-face-to-face financial transaction by receiving and/or authenticating (735) the electronic signature for the transaction details.

FIG. 8 is a diagram illustrating a process of processing authentication failure or transaction failure according to an implementation method of the present invention.

In more detail, FIG. 8 shows a process of transmitting failure confirmation information for the failed authentication or transaction to the user terminal 100 when authentication failure or transaction failure occurs while performing the process shown in FIG. 7. As such, if a person of ordinary skill in the art to which the present invention belongs, various implementation methods for the failure processing process by referring to and/or modifying this Figure 8 (e.g., some steps are omitted or the order is changed) Method) may be inferred, but the present invention includes all the inferred implementation methods, and the technical features are not limited only by the implementation method shown in FIG. 8.

Referring to FIG. 8, when an authentication failure occurs while performing the authentication procedure shown in FIG. 7, the user server can check whether the authentication failure is caused by n pieces of designated information (800). If the authentication failure is caused by n pieces of designated information, the server discards the n pieces of designated information stored in the storage medium, and includes a flag or indicator for initializing the non-face-to-face financial transaction currently being performed by the user terminal 100. The failure confirmation information is transmitted (805). The user terminal 100 receives the failure confirmation information including the flag or indicator (810), outputs the failure confirmation information, and initializes a non-face-to-face financial transaction currently being performed (815), and a specified procedure The process shown in Fig. 4 is repeated.

On the other hand, when the authentication failure is not caused by n pieces of designated information, but one or more of the (Nn) pieces of transaction information is generated, or a transaction failure occurs while performing the transaction procedure shown in Fig. 7, the server Transmits failure confirmation information including t pieces of transaction information used in the failed non-face-to-face financial transaction to the user terminal 100 (820).

FIG. 9 is a diagram illustrating a process of confirming failure of (Nn) transaction information and retransmitting m transaction information according to an exemplary method of the present invention.

In more detail, FIG. 9 shows that the user terminal 100 receives and determines the failure confirmation information transmitted from the server through the process shown in FIG. 8, and receives (or selects) m transaction information again and transmits it to the server. As an illustration of the process, if a person of ordinary skill in the art to which the present invention belongs, see and/or modify this Figure 9 to confirm failure of the (Nn) transaction information and/or retransmit m transaction information Various implementation methods for the process (e.g., some steps are omitted or the order is changed) may be inferred, but the present invention includes all the inferred implementation methods, and is shown in FIG. The technical features are not limited only by the implementation method.

Referring to Fig. 9, when failure confirmation information for a failed non-face-to-face financial transaction is transmitted from the server shown in Fig. 8, the user terminal 100 receives failure confirmation information on the failed non-face-to-face financial transaction from the server, and (900), validity of t pieces of transaction information included in the failure confirmation information is verified (905). If the validity of the t transaction information included in the failure confirmation information is not authenticated, the user terminal 100 processes the non-face-to-face financial transaction currently being performed (910), and the process shown in Fig. 4 from the specified procedure. Repeat.

On the other hand, when the validity of the t transaction information included in the failure confirmation information is authenticated, the user terminal 100 displays the t transaction information included in the failure confirmation information on a screen to allow the user to input (or select) it. At the same time as a request to check whether the information is identical (915), the validity of the output t transaction information is authenticated (920).

If the validity of the output t transaction information is not authenticated, or the user does not confirm the output t transaction information as the information entered (or selected), the user terminal 100 is currently executed. A non-face-to-face financial transaction is processed (910), and the process shown in Fig. 4 is repeated from the designated procedure.

Meanwhile, when the validity of the output t transaction information is authenticated, and the user confirms the output t transaction information as the information input (or selected), the user terminal 100 is Display (925) an interface for re-entering (or selecting) transaction information, and when transaction information is input (or selected) through the interface, the transaction information is input (or selected) through the interface according to a specified procedure. It is transmitted to (930), and the process is performed at least once or more until m pieces of transaction information are transmitted.

10 is a diagram illustrating a process of performing authentication and/or transaction using transaction information transmitted and received again according to an exemplary method of the present invention.

In more detail, FIG. 10 shows a process of performing an authentication procedure and a transaction procedure by using m pieces of transaction information transmitted from the user terminal 100 back to the server through the process shown in FIG. 9. For those of ordinary skill in the relevant technical field, various implementation methods for the authentication and/or transaction process (e.g., some steps are omitted or the order is changed) by referring and/or modifying this drawing 10 ) May be inferred, but the present invention includes all the inferred implementation methods, and the technical features are not limited only by the implementation method shown in FIG. 10.

Referring to FIG. 10, when transaction information is transmitted from the user terminal 100 according to a specified procedure through the process shown in FIG. 9, the server receives the transaction information from the user terminal 100 according to the specified procedure. (1000). When m pieces of transaction information are received from the user terminal 100, the server checks n pieces of designated information and (Nnm) pieces of transaction information mapped with the received m pieces of transaction information (1005), and the m transactions The authentication process is performed by deriving one or more transaction information used as an authentication means from among the information or N transaction information (1010).

If the authentication process using one or more transaction information used as the authentication means is successful, the server makes a non-face-to-face financial transaction transaction using T transaction information excluding the transaction information used as the authentication means among the N transaction information. Perform the procedure (1015).

If both the authentication procedure and the transaction procedure are successful, the server transmits the successful authentication and transaction confirmation information to the user terminal 100 (1020), and the user terminal 100 transmits the success confirmation information. It receives and outputs (1025), and performs an electronic signature procedure for the transaction details included in the success confirmation information (1030). The server completes the non-face-to-face financial transaction by receiving and/or authenticating (1035) the electronic signature for the transaction details.

100: user terminal 200: server
205: non-face-to-face procedure execution unit 210: designated information receiving unit
215: transaction procedure control unit 200: designated information storage unit
225: designated information verification unit 230: acknowledgment transmission unit
235: transaction information receiving unit 240: authentication procedure execution unit
245: transaction procedure execution unit 300: program

Claims (31)

In the method executed through a server that processes non-face-to-face financial transactions to transfer funds by receiving N (N≥2) transaction information from a user's terminal,
Includes at least one transaction information related to the deposit side of the money transfer among N transaction information for a non-face-to-face financial transaction for transferring funds from the terminal, excluding at least one transaction information corresponding to the authentication means of the money transfer a first step of first receiving n (1≦n<N) pieces of designation information;
A second step of generating and transmitting acknowledgment information for user verification of the n pieces of previously received designation information to the terminal; And
A third step of receiving (Nn) transaction information for the non-face-to-face financial transaction from the terminal that has performed user confirmation by receiving the acknowledgment information according to a specified procedure; and
The acknowledgment information,
Partial information of at least one piece of information selected from the n pieces of designated information confirmed to be received by the server,
Information obtained by modifying at least one information (or partial information) of n pieces of designated information confirmed by the server according to a specified rule,
Including at least one of the information obtained from the server using at least one information (or partial information) of the n pieces of designated information received and confirmed by the server,
The (Nn) transaction information,
Transaction information exchange method comprising the transaction information corresponding to the authentication means excluded from the n pieces of designated information.
The method of claim 1, wherein the n pieces of designation information,
A method of exchanging transaction information, characterized in that it comprises n (1≤n≤n") information specified in advance among n"(1≤n"<N) transaction information inputted differently for each transaction.
The method of claim 1, wherein the n pieces of designation information,
Transaction information exchange method comprising at least one or two or more of deposit bank information, deposit account number information, and amount information input differently for each transaction.
delete The method of claim 1,
And storing the previously received n pieces of designation information in a designated storage medium to be associated with (Nn) pieces of transaction information to be received after transmission of the acknowledgment information.
The method of claim 1,
And performing a procedure for confirming the validity of the n pieces of designated information received first.
delete delete delete delete delete delete delete delete delete delete delete delete The method of claim 1,
A fourth step of performing one or more procedures designated for non-face-to-face financial transactions by using the first n pieces of designation information received and the N pieces of transaction information including (Nn) pieces of transaction information received after transmission of the acknowledgment information Transaction information exchange method, characterized in that comprising a further.
The method of claim 1,
When the (Nn) transaction information received after transmission of the acknowledgment information includes transaction information used as an authentication means,
And performing an authentication procedure using the transaction information used as an authentication means among the (Nn) transaction information.
The method of claim 1,
When the first n pieces of designated information and (Nn) pieces of transaction information received after transmission of the acknowledgment information includes transaction information used as an authentication means,
And performing an authentication procedure using transaction information used as an authentication means among N transaction information obtained by combining the n pieces of designated information and (Nn) pieces of transaction information.
delete delete The method of claim 20 or 21,
If the above authentication procedure is successful,
Transaction procedure for non-face-to-face financial transactions using T (1≤T<N) transaction information excluding transaction information used as an authentication means among N transaction information combining the n specified information and (Nn) transaction information The method of exchanging transaction information, characterized in that it further comprises the step of performing.
The method of claim 20,
In the event of authentication failure in the above authentication procedure,
And transmitting, to the terminal, failure confirmation information including t (1≤t≤T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction.
The method of claim 21,
In the event of authentication failure in the above authentication procedure,
Determining whether the authentication failure is due to n pieces of designated information or (Nn) pieces of transaction information; And
When authentication failure occurs due to the (Nn) transaction information, failure confirmation information including t (1 ≤ t ≤ T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction is transmitted to the terminal, and ,
Initializing the failed non-face-to-face financial transaction when authentication failure occurs due to the n pieces of designated information, or discarding the stored n pieces of designated information, and transmitting failure confirmation information including the t pieces of transaction information to the terminal; Transaction information exchange method, characterized in that comprising a further.
The method of claim 21,
If authentication failure occurs due to the n pieces of designated information,
Failure confirmation including t (1≤t≤T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction and a flag or indicator that initializes the transaction procedure performed in the terminal and processes it to be performed again from the specified procedure The method of exchanging transaction information, further comprising the step of transmitting information to the terminal.
The method of claim 1,
If the authentication procedure using transaction information used as an authentication means among the n specified information or (Nn) transaction information is successful,
Transaction procedure for non-face-to-face financial transactions using T (1≤T<N) transaction information excluding transaction information used as an authentication means among N transaction information combining the n specified information and (Nn) transaction information The method of exchanging transaction information, characterized in that it further comprises the step of performing.
The method of claim 28,
In the event of a transaction failure in the above transaction procedure,
And transmitting, to the terminal, failure confirmation information including t (1≤t≤T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction.
The method of claim 28,
In the event of a transaction failure in the above transaction procedure,
Determining whether the transaction failure is due to n pieces of designated information or (Nn) pieces of transaction information; And
When a transaction failure occurs due to the (Nn) transaction information, failure confirmation information including t (1 ≤ t ≤ T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction is transmitted to the terminal, and ,
Initializing the failed non-face-to-face financial transaction when a transaction failure occurs due to the n pieces of specified information, or discarding the stored n pieces of specified information, and transmitting failure confirmation information including the t pieces of transaction information to the terminal; Transaction information exchange method, characterized in that comprising a further.
The method of claim 30,
When a transaction fails due to the n pieces of designated information,
Failure confirmation including t (1≤t≤T) transaction information used in the transaction procedure of the failed non-face-to-face financial transaction and a flag or indicator that initializes the transaction procedure performed in the terminal and processes it to be performed again from the specified procedure The method of exchanging transaction information, further comprising the step of transmitting information to the terminal.

Images