KR20010091101A - User evidence method for commercial transaction in internet - Google Patents

Abstract

PURPOSE: The method for the user authentication in electronic commerce is provided to prevent others from using an own credit card illegally through a fingerprint recognition system for the certification of payment, and to activate EC(Electronic Commerce). CONSTITUTION: A consumer accesses an operator computer of an EC site via the internet by using a PC and orders a goods purchase. If the consumer pays the costs of purchase by a credit card, the operator computer asks the consumer to input the own fingerprint through a fingerprint recognizer. When the authentication of the consumer's fingerprint is completed through a server for fingerprint recognition and certification, the operator computer asks the consumer to input a credit card number and personal information, again. A card server transfers the credit card number, personal information, and amount of the consumer to a credit card company through VAN(Value-Added Network), and requests the authentication. Finally, when the credit card company generates an authentication signal, the operator computer notifies a successful transaction to the consumer, performs and ends the EC.

Description

User evidence method for commercial transaction in internet}

The present invention relates to a user authentication method in electronic commerce, and more particularly, user authentication in electronic commerce to improve the reliability by including a user authentication step using a fingerprint recognition in the payment process of the product after purchase. It is about a method.

Recently, with the development of Internet technology, Internet communication is being performed through mobile communication terminals such as mobile phones, as well as computers and televisions, and the number of Internet accessors is continuously increasing.

As of 1999, the number of Internet users is estimated at around 150 million to 200 million globally. According to statistics, more than half of the users are high school graduates or higher, and about 35% of those with household income of more than $ 60,000. It has been shown to have significant purchasing power.

As such, as the number of Internet users increases rapidly, various economic activities using the Internet communication network are activated. The most common of these is commerce through the Internet communication network, that is, electronic commerce.

Moreover, remote banking services, such as home trading, phone banking, and personal computer banking, are the time and space constraints that exist between financial firms and customers to provide financial services. Due to the convenience of solving the problem, it is showing high preference among various financial services, and at the same time, the increase in the population is accelerating.

In addition, payment by credit card or bank transfer is commonly used in electronic commerce in connection with home banking, and the methods proposed to ring the user's anxiety or financial accidents by the payment method are commonly referred to as authentication methods. First, a representative method for accessing an authentication server that drives the authentication process of a remote financial service is introduced. One method is a telephone answering system based on an answering system.

When a connection with the authentication server is established by using such a communication system, an authentication process for verifying the authenticity of the user is performed by the authentication server. An authentication password (or, The most common way is to remember the unique password, password) in each user's head, and then authenticate the user's authenticity by entering it when authentication for financial services is required.

However, as is well known, this method has a high risk of exposing each person's authentication password to others, and detects a fingerprint or inputs an authentication password by using a fixed password. There is a possibility of easily leaking to others by the mobilization of a certain fraudulent method of recording, in particular, because it can be easily read by the employees of the financial institution, etc. There are a number of financial incidents involved, and much effort is required to understand where they are responsible.

A more advanced form of authentication that has emerged as an alternative to solve this problem is the authentication of a remote financial service system using a randomly generated random number (or random number plastic), often referred to as a random number. There is a way.

Prior art proposed to solve the above problems in each authentication scheme is Korean Patent Application No. 97-56548, 'Authentication System of Remote Financial Services', Korean Patent Application No. 97-57621,' Remote using computer communication network Financial services certification system.

Among the conventional authentication methods described above, briefly look at the elements of the gist of the Korean Patent Application No. 97-56548, 'Authentication system of remote financial services'.

As shown in FIG. 1, Korean Patent Application No. 97-56548 is a system for authenticating a remote financial service based on a challenge / response protocol to receive an input of a user who requires authentication for a remote financial service. Telephone 110; An answering machine 120 that forms a call path by dialing the phone 110 and receives a preset user identifier and provides a user interface for performing an authentication procedure of a remote financial service; Recognizes the user identifier input from the answering machine 120, generates a challenge value and passes it to the user through the answering machine 120, and then responds to its own response determined by the output value of the one-way function for the challenge value. A value is generated to authenticate the challenge value applied through the phone 110 and the answering machine 120.

In addition, Korea Patent Application No. 97-56548, 'Authentication System for Remote Financial Services', may be subject to eavesdropping by others even without advanced technology as it is supported by voice service of an automated answering system. In particular, this type of remote financial service is to recognize and solve the problem that it is more likely to be a financial service of useless to the hearing impaired or people who are less able to hear than normal people, Korean Patent Application No. 97-57621, 'Computer communication network As shown in FIG. 2, an authentication system for a remote financial service using a challenge / response protocol, which requires authentication for a remote financial service, is illustrated in FIG. 2. A computer terminal 100 for providing input / output means to a user; The communication server 310 forms a communication connection by dialing the computer terminal 100 connected to the computer communication network 200 and receives a predetermined user identifier and provides bidirectional communication connectivity for performing an authentication procedure of a remote financial service. communication server and the user identifier input from the communication server 310, generate a challenge value, and transmit the challenge value to the user through the communication server 310, and then perform a unidirectional function on the challenge value. It generates a response value of the user side corresponding to the output value of and displays it externally so that the user can provide it to the authentication determination system through a computer terminal or a telephone.

Korean Patent Application No. 97-56548 and Korean Patent Application No. 97-57621 mentioned above both employ a portable authentication token card designed to generate a variable authentication password through communication with an authentication server. By fundamentally blocking the leakage of the authentication password, the security and reliability of the authentication of the user's authenticity is maximized. The built-in one-way function generates a user-side response value corresponding to this challenge value and displays it externally so that the user can provide it to the authentication judgment system through a computer terminal or a telephone. And check the user reference value accordingly There are some operational inconveniences that must be provided to the authentication determination system through the communication terminal.

In addition, such manual operation causes inconvenience in operation and at the same time includes a problem that occurs when a key input error occurs.

Therefore, although the above-mentioned authentication method is a method of escaping from the authentication method by inputting a password among the methods proposed until recently, as described above, there is a problem that a lot of inconvenience occurs for a general user.

In addition, the above-described authentication methods are used not only for authentication on remote financial services such as home banking in the description of the embodiment, but also for credit card payment methods in electronic commerce. It is difficult to prevent illegal use of others due to the leakage of credit card numbers because it is required to enter simple personal information such as social security number or credit card password. The problem arises that economic and mental damage.

In addition, because of the above-mentioned reasons, the general users to avoid the e-commerce, thereby making it difficult to operate the e-commerce site has a problem that acts as a factor that hinders the activation of the e-commerce.

An object of the present invention for solving the problems of the prior art as described above in the electronic commerce to prevent the illegal use of credit cards by others by adopting a fingerprint recognition method in the authentication process of payment for credit cards. It is to provide a user authentication method.

1 is a block diagram illustrating an authentication method of a conventional remote financial service;

2 is a block diagram illustrating an authentication method of a remote financial service using a conventional computer communication network;

3 is a side view illustrating a fingerprint recognition system configured at a lower portion of a computer monitor;

4 is a view showing the structure of the electronic commerce making a payment with a credit card according to the present invention,

5 is a flowchart illustrating a user authentication operation and an e-commerce operation according to the present invention.

A feature of the present invention for achieving the above object is a first step in which a consumer accesses an e-commerce site through an Internet communication network using his personal computer; A second process of requesting a fingerprint input from the user when the user places an order to purchase a desired product in a space of an electronic commerce and wants to pay a card after the first process is performed; A third step of requesting input of a credit card number and user personal information after authentication of the fingerprint input in the second step is performed; A fourth step of requesting authentication by providing the credit card number, user personal information and the amount inputted in the third step to the card company; And a fifth process of informing the user that the transaction is established and performing a corresponding electronic commerce when the card company generates an authentication confirmation signal in the fourth process.

The above objects and various advantages of the present invention will become more apparent from the preferred embodiments of the present invention described below with reference to the accompanying drawings by those skilled in the art.

Hereinafter, a preferred embodiment according to the present invention will be described in detail with reference to the accompanying drawings.

First, the present invention is intended to fundamentally prevent illegal use of credit cards by others by including authentication procedures through fingerprint recognition in electronic commerce.

In general, biometrics can be defined as "a study of measurable physical or personal characteristics to verify the identity or identification of a particular individual by automated means." From the point of view, personal characteristics cannot be transmitted by theft or leakage, and there is an advantage of correct identification because there is no fear of change or loss.

Therefore, fingerprint recognition has been studied for the longest time in the above-mentioned biometrics, and since it has been applied to police work and the like, many institutions and companies are continuously studying to protect personal information.

In the fingerprint recognition process, a fingerprint image is obtained through a fingerprint reader, and features of the fingerprint, such as a branching point of the fingerprint, are extracted and compared with a reference pattern.

Therefore, the present invention provides a user authentication for e-commerce or home banking using a commercially available fingerprint reader that can be easily carried on a computer, and a user authentication for closing a payment or financial transaction and a method of providing a service accordingly. It is for.

First, in the present invention, a specific sensor or device for fingerprint identification for fingerprint recognition may be used in a computer. For example, the "computer monitor using a fingerprint recognition device" described in Korean Utility Model Publication No. 1999-0033423 may be used. It may be. At this time, the present invention is not characterized in the fingerprint recognition device, it is clear that there is a gist in the part of performing a security authentication on the Internet website with a specific operating software and fingerprint recognition flow, the fingerprint reader is a fingerprint reader You may use it.

4 is a view showing the structure of the electronic commerce according to the present invention for payment by credit card, Figure 5 is a flow chart showing the user authentication operation and electronic commerce operation according to the present invention.

4 and 5, after a consumer accesses an operator's computer of an e-commerce site through an internet communication network using his personal computer at home, the user places an order to purchase a desired product in an e-commerce space. When a card payment is desired, the operator computer requests a user to input a fingerprint using a fingerprint reader.

When the fingerprint input request as described above occurs, the user inputs the fingerprint using a fingerprint reader provided in his personal computer. At this time, the user's fingerprint is registered in the fingerprint recognition and authentication server in advance.

In the above process, when fingerprint recognition and fingerprint input from the authentication server are authenticated, the operator computer again requests the user to input a credit card number and user personal information. At this time, the card server provides the credit card number, the user's personal information and the amount entered by the user to the card company through the VAN to require authentication.

When the card company generates an authentication confirmation signal in the above process, it notifies the user that the transaction has been established, and ends by performing the corresponding electronic commerce.

While the invention has been shown and described with respect to particular embodiments, it will be apparent to those skilled in the art that various modifications and changes can be made without departing from the spirit and scope of the invention as indicated by the appended claims. Anyone can grow up easily.

As described above, the user authentication method in the electronic commerce of the present invention can accurately determine whether the user is using a fingerprint reader before payment of the money, thereby fundamentally preventing illegal use of another person's credit card due to the leakage of the credit card number. There is an effect that can be activated to activate the e-commerce.

In addition, the fingerprint recognition allows the individual to be clearly distinguished, so the audit function can be completely built, and various financial information and personal information are stored in the fingerprint recognition and authentication server, such as CMS account transfer and micropayment. Various services can be easily used.

In addition, when another person inputs a fingerprint for the purpose of illegal use of the credit card, the tracking can be performed.

Claims (1)

A first step of a consumer accessing an e-commerce site through an internet communication network using his personal computer; A second process of requesting a fingerprint input from the user when the user places an order to purchase a desired product in a space of an electronic commerce and wants to pay a card after the first process is performed; A third step of requesting input of a credit card number and user personal information after authentication of the fingerprint input in the second step is performed; A fourth step of requesting authentication by providing the credit card number, user personal information and the amount inputted in the third step to the card company; And And a fifth process of informing the user that the transaction is established and performing a corresponding electronic commerce when the card company generates an authentication confirmation signal in the fourth process.