KR20140025773A - Method for restricting internet banking service from overseas - Google Patents

Method for restricting internet banking service from overseas Download PDF

Info

Publication number
KR20140025773A
KR20140025773A KR1020120091864A KR20120091864A KR20140025773A KR 20140025773 A KR20140025773 A KR 20140025773A KR 1020120091864 A KR1020120091864 A KR 1020120091864A KR 20120091864 A KR20120091864 A KR 20120091864A KR 20140025773 A KR20140025773 A KR 20140025773A
Authority
KR
South Korea
Prior art keywords
internet banking
information
customer
terminal
address
Prior art date
Application number
KR1020120091864A
Other languages
Korean (ko)
Inventor
임영학
Original Assignee
주식회사 우리은행
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 우리은행 filed Critical 주식회사 우리은행
Priority to KR1020120091864A priority Critical patent/KR20140025773A/en
Publication of KR20140025773A publication Critical patent/KR20140025773A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Technology Law (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Development Economics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

An overseas internet banking restriction service method according to the present invention includes the steps of: receiving an internet banking IP of a user by being connected to a storage medium of an internet banking server where overseas IP band information is stored; checking whether the received internet banking IP address is an IP address of a domestic band or an IP address of an overseas band; and prohibiting internet banking usage of the user in case the received internet banking IP address is an IP address of an overseas band, after checking the received internet banking IP address. Also, the method further includes the step of inputting an exclusively overseas password to a terminal of the user in order to enable internet banking by the selection of the user in the step of prohibiting the internet banking usage of the user, in case of the IP address of an overseas band. [Reference numerals] (300) Internet banking server; (300a) Web interface part; (300b) IP checking part; (300c) Information confirming part; (300d) Web page operation part; (300e) Content operation part; (300f) Customer satisfaction part; (300g) Banking processing part; (300h) Ledger processing part; (300i) UI processing part; (310) Storing medium; (AA) Accounting; (B1) Internet banking part; (B2) Phone banking part; (B3) Call center part; (B4) Financial payment part; (CC) Account system; (D1) Loan part; (D2) Reception part; (D3) Trust part; (EE) Information system; (F1) Asset debt management part; (F2) Customer relation management part; (F3) Record management part; (GG) Interface module (middleware); (HH) Financial system; (I1) Financial goods; (I2) Ledger information; (I3) Management information; (JJ) Web operation data; (K1) Web page source; (K2) Digital content; (LL) Internet banking information; (M1) Customer authentication information; (M2) Banking element information; (NN) IP band information; (O1) Domestic IP band information; (O2) Overseas IP band information; (PP) Communication unit; (QQ) Network unit; (RR) Customer terminal; (SS) Wireless terminal; (TT) Wired terminal

Description

Restricting Internet Banking Service from Overseas}

The present invention relates to a method for restricting overseas internet banking, and more specifically, to confirm a user's internet banking IP address, and to disallow the user's use of internet banking primarily when the IP address of the overseas band is used.

Internet banking refers to a system in which a customer accesses the Internet through a personal computer and connects to a bank's host computer to receive financial services. The path to receive financial services is known as CD (Cash Dispenser) / In addition to the Automatic Teller Machine (ATM), telephone, and PC (PC) communication, the Internet adds one more type. Here, PC (PC) banking using PC (PC) communication is a customer using an Internet service provider (ISP: Internet Service Provider) (for example, Hitel, Unitel, etc.) or using a dedicated software and modem provided by the bank This system differs from Internet banking in that it connects its personal computer with a bank host computer and provides financial services.

The characteristics of internet banking are that financial transactions can be carried out beyond local and time constraints, thereby facilitating the globalization of financial services, diversifying the convenience of customers and the choice of the use path, and reducing fees. In addition, the bank can reduce transaction costs by visiting banks and shortening processing time.By using customer information, banks can create new business planning and revenue sources such as providing customized services to individual customers and payment services related to e-commerce. In addition, customers also have the opportunity to receive customer-specific customized financial services such as corporate spending systems.

However, while there are valid points as described above, various cases of hacking damages through the Internet are increasing, and in particular, a large portion of domestic hacking damages are occurring using IP addresses abroad.

The present invention is connected to the storage medium of the Internet banking server in which the overseas IP band information is stored in order to solve the above problems, receiving the user's Internet banking IP address, the received Internet banking IP address of the domestic band Checking whether it is an IP address or an overseas band IP address, and after checking the received Internet banking IP address, disallowing the use of Internet banking by the user when the IP address of the overseas band is limited. In providing.

In accordance with another aspect of the present invention, a method for restricting overseas internet banking is connected to a storage medium of an internet banking server storing overseas IP band information, and receives an internet banking IP address of the user. Checking whether the IP address or the IP address of the overseas band, and after confirming the received Internet banking IP address, the step of disallowing the use of the user's Internet banking when the IP address of the overseas band.

In addition, when the IP address of the overseas band, the step of disallowing the user's use of the Internet banking further comprises the step of inputting a foreign-only password to the user terminal to enable the Internet banking by the user's selection do.

According to the overseas Internet banking limited service method according to the present invention, by allowing only Internet banking of the band having a domestic IP address, there is an effect that can prevent the hacking of the overseas IP address primarily, and the user's second Optionally, by inputting a dedicated password that can be used abroad in the user's terminal, there is an effect that the Internet banking of the overseas band can be safely used.

1 is a diagram illustrating a configuration of an internet banking system through access IP verification according to an embodiment of the overseas internet banking restriction service method of the present invention.
2 is a diagram illustrating a process of connecting an internet banking-based financial transaction channel through access IP verification according to an embodiment of the overseas internet banking restriction service method of the present invention.
3 is a diagram illustrating a configuration of an internet banking system through access IP verification according to another embodiment of the overseas internet banking restriction service method of the present invention.
4 is a diagram illustrating a process of connecting an internet banking-based financial transaction channel through access IP verification according to another embodiment of the overseas internet banking restriction service method of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and the description of the overseas internet banking restriction service method according to the present invention.

It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

In addition, terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to the intention or custom of those skilled in the art. Therefore, the definition should be based on the contents throughout the present invention.

It is to be understood that both the foregoing general description and the following detailed description of the present invention are exemplary and explanatory and are intended to provide further explanation of the invention as claimed. The configuration is omitted as much as possible, and a functional configuration that should be additionally provided for the present invention is mainly described.

Those skilled in the art will readily understand the functions of components that have been used in the prior art among the functional configurations that are not shown in the following description, The relationship between the elements and the components added for the present invention will also be clearly understood.

1 is a diagram illustrating a configuration of an internet banking system through access IP verification according to an embodiment of the overseas internet banking restriction service method of the present invention.

More specifically, Figure 1 is linked to the financial system in the Internet banking server 100 is connected to the communication channel for the customer terminal and the Internet banking based on the TCP / IP (Transmission Control Protocol / Internet Protocol) based network.

When the processing of the financial transaction is requested from the customer terminal, the Internet banking server 100 is an implementation method for the Internet banking system that provides a financial transaction service only to customers connected in Korea through IP verification of the customer terminal. .

The client terminal is provided with a desktop having at least one web browser for accessing the internet banking server 100 and receiving a browsing-based wired web service based on the wired communication function based on TCP / IP and the wired communication function ( Desktop) characterized in that it comprises a wired terminal including at least one computer or a notebook (Notebook), the Internet banking server 100 and the Internet through a predetermined network means including the Internet based on the TCP / IP A communication channel for banking is connected.

Referring to FIG. 1, the internet banking server 100 connects and manages a hyper-text transfer protocol (HTTP) based communication channel for providing an internet banking service to a client terminal, and the web. An IP verification unit 100b for confirming the IP address of the client terminal connected through the communication channel connected from the interface unit 100a, and the IP address of the confirmed client terminal in connection with the storage medium and a database on the storage medium. The web interface unit 100a based on the information confirming unit 100c for confirming whether the customer terminal IP exists in Korea through the included IP band information, and the IP address of the customer terminal confirmed from the information checking unit 100c. ) And a web page operating unit (100d) for operating a web page to be provided to the customer terminal in conjunction with the storage medium 110, and a predetermined interface to the customer terminal in conjunction with the web page operating unit (100d) A UI processor 100i for generating a user interface (UI) screen for providing a banking service and a predetermined interface for providing the Internet banking service from the storage medium 110 in association with the UI processor 100i. And a content operation unit 100e for extracting content from the customer terminal or receiving predetermined content to be stored in the storage medium 110 from the customer terminal. A communication channel and a user interface for processing Internet banking based on HTTP are implemented between the banking server 100.

The web page operating unit 100d of the Internet banking server 100 connects to the Internet banking server in connection with the storage medium based on the IP address of the customer terminal identified from the information checking unit 100c. When the address is included in an overseas IP band, the web interface unit 105 blocks the customer's internet banking access without providing a web page to the customer terminal in association with the UI processing unit 100i. It features.

The internet banking server 100 provides a customer authentication interface screen to at least one or more customer terminals by interworking with the web page operation unit 100d through a UI processing unit 100i based on the customer authentication information of the internet banking information. And a customer authentication unit 100f receiving at least one customer authentication information based on the interface screen, and operating the web page through the UI processing unit 100i based on the banking element information of the internet banking information. It is provided with a banking processing unit (100g) to provide a financial transaction-related interface screen to the customer terminal in conjunction with the unit (100d), or receives the financial transaction-related information based on the interface screen.

The customer authentication information stored in the storage medium 110 preferably includes ID / PW information and personal information of a customer accessing the Internet banking server 100 through the customer terminal. 100f) requests the ID / PW information of the customer from the client terminal in cooperation with the UI processing unit 100i, receives the ID / PW information from the customer terminal, and receives the received ID / PW information and the member. By comparing the ID / PW information included in the information, it characterized in that the customer is authenticated.

In addition, the customer authentication information stored in the storage medium 110 includes a copy of a certificate of a customer accessing the internet banking server 100 through the customer terminal.

In addition, it is preferable to include the directory connection information of the certification authority that issued a predetermined certificate to the customer, wherein the customer authentication unit (100f) is linked with the authentication server of the certification authority that issued the certificate to the customer And requesting certificate-based customer information from the customer terminal, receiving the certificate-based customer information from the customer terminal, and authenticating the certificate-based customer information through a copy of the certified certificate or a directory of a certification authority.

According to another exemplary embodiment of the present invention, the certificate-based customer information may include stored information previously stored in the customer terminal, stored information serial number read from an IC card interworking with the customer terminal, or the IC card issuer. It may be information stored in the card memory.

In such a case, the client terminal encrypts the stored information through at least one encryption method of the symmetric key encryption method, the public key encryption method, the electronic envelope encryption method, or the key exchange encryption method through the public certificate. Provided to the customer authentication unit 100f, and the customer authentication unit 100f decrypts encrypted stored information based on the copy of the customer's official certificate or the certificate information of the customer extracted from the directory, and compares each other. It is desirable to authenticate.

In addition, the customer authentication information stored in the storage medium 110 is preferably made of OTP generation information for generating an OTP authentication code matching the OTP code generated through the One Time Password (OTP) authenticator provided to the customer.

At this time, the customer authentication unit 100f interoperates with the UI processing unit 100i and requests an OTP code from the customer terminal, receives the OTP code from the customer terminal, and generates an OTP authentication code based on the OTP generation information. To generate, by comparing the received OTP code and the generated OTP authentication code characterized in that to authenticate the customer.

When the banking processor 100g requests a financial transaction from the client terminal, the banking processor 100g provides a financial transaction request information input interface screen corresponding to the requested financial transaction to the client terminal in association with the UI processor 100i. When the financial transaction request information is input and received from the customer terminal through the financial transaction request information input interface screen, the financial transaction information corresponding to the financial transaction request information is generated by referring to the banking element information and the ledger processing unit 100h. It is characterized by providing in).

For example, when the financial transaction requested from the client terminal is a bank transfer transaction, the banking processor 100g interworks with the UI processor 100i to input a predetermined interface screen for inputting the information required for the account transfer to the client terminal. If the information required for the account transfer is received through the interface screen is received, the predetermined financial transaction information to withdraw the transfer amount from the withdrawal account to deposit into the deposit account with reference to the banking element information Produces and provides to the ledger processing unit 145

According to the implementation method of the present invention, the banking processing unit (100g) is to secure the confidentiality, authentication, and non-repudiation of the financial transaction request information transmitted from the customer terminal, the financial transaction request information in the customer terminal; Attach the electronic signature of the customer, and transmits the encrypted financial transaction request information attached with the electronic signature by using a public key encryption method according to the public key infrastructure.

In this case, the banking processor 100g receives the financial transaction request information from the customer terminal, decrypts the public key decryption method according to the public key infrastructure, and confirms the electronic signature.

The ledger processing unit 100h may be linked with the financial system through a predetermined communication means. When predetermined financial transaction information is generated by the banking processing unit 100g, the ledger processing unit 100h may correspond to the financial transaction information. Identify the ledger information to be extracted from the ledger on the financial system, and extract or generate the confirmed ledger information from the ledger on the financial system through the communication means.

2 is a diagram illustrating a process of connecting an internet banking-based financial transaction channel through access IP verification according to an embodiment of the overseas internet banking restriction service method of the present invention.

More specifically, in the Internet banking system shown in FIG. 1, when the customer terminal accesses the Internet banking server 100 through a TCP / IP-based network, the connected customer terminal in the country is domestically. In order to provide the Internet banking service only to the connected customers, an Internet banking-based financial transaction channel is established between the customer terminal and the Internet banking server 100 by confirming the Internet banking access IP address of the customer terminal and performing a predetermined customer authentication procedure. It is about the implementation method to connect.

Referring to FIG. 2, first, a predetermined browser program is executed in the terminal to access the server through the TCP / IP based network (200).

The server extracts the IP address of the connected terminal (205), and whether the IP address of the connected storage medium 150 and the connected terminal is an IP address of a domestic band based on the extracted IP address of the terminal. Check whether the IP address of the overseas band (210).

Those skilled in the art to which the present invention pertains, the method of checking whether the domestic IP address of the terminal IP address through the IP address band of the connected terminal, the IP address of the terminal and the storage medium ( A method of comparing and verifying domestic IP band information included in 150) and a method of comparing and verifying an IP address of the terminal with foreign IP band information included in the storage medium 150; and an IP address and the storage of the terminal. Various methods may be inferred such as a method of comparing and verifying domestic IP band information and overseas IP band information included in the medium 150.

If the checked terminal is identified as a connected terminal in the overseas base IP (215), the server first blocks the Internet banking access of the terminal (220).

When it is confirmed that the access IP of the checked terminal, which is preferentially blocked, is an IP connected in Korea (215), the server connects the communication channel between the terminal and the server through the browser (225).

Herein, the communication channel refers to a web page generated by a request of a browser program provided to the customer terminal in the server and transmitted to the customer terminal, and included in the web page in the browser program provided to the customer terminal. This means that a communication session is allocated to receive information input based on a user interface.

Thereafter, the server includes a predetermined security module for internet banking or a script for checking whether to update the security module in a web page generated for providing to the terminal. By providing, it is confirmed whether to update the security module (230).

According to another exemplary embodiment of the present invention, when a predetermined internet banking program is provided in the customer terminal, the server may update the internet banking program by requesting version information or last update date information from the internet banking program. You can check whether or not.

If a predetermined security module is mounted or updated in the terminal (235), the server transmits and mounts the latest version of the security module for internet banking to the terminal according to a remote program installation procedure defined in the browser program. Or update 240.

If the terminal does not need to install or update the latest version of the security module for internet banking (245), or if the terminal does not need to load or update the security module for internet banking (235), the server is mounted on the terminal. By activating the security module for internet banking, a security channel for internet banking is connected between the terminal and the server.

According to another embodiment of the present invention, if the customer terminal is provided with an Internet banking program, the Internet banking-based secure channel is an electronic signature for information provided from the server to the terminal according to a communication protocol defined in the Internet banking program. Attached or provided by encrypting with at least one encryption method, the terminal checks the electronic signature.

Or a communication channel for decrypting the information by a predetermined decryption method corresponding to the encryption method, and attaching a predetermined electronic signature to information to be provided from the terminal to the server for the financial transaction according to the present invention. When the data is encrypted or transmitted using an encryption method, it means a communication channel that allows the server to verify the electronic signature or to decrypt the information by a predetermined decryption method corresponding to the encryption method.

According to the present invention, the security module is characterized by performing an electronic signature attachment, encryption, or protection function for the information by using the certificate of the customer mounted on the terminal.

When the secure channel for internet banking is connected, the server requests the terminal to perform an internet banking customer authentication procedure through the browser program (255).

According to an exemplary embodiment of the present invention, the Internet banking customer authentication procedure may be performed when the customer inputs Internet banking-based customer authentication data through the terminal and transmits the received data to the server. This includes authenticating a customer connected via the Internet banking customer.

Thereafter, the terminal requests the Internet banking customer authentication by inputting predetermined customer authentication data according to the request and transmitting the electronic signature or encryption through the security module to the server (260).

The server authenticates a customer connected through the terminal as an Internet banking customer for non-face-to-face financial transactions based on the customer authentication data received from the terminal (265).

If the Internet banking customer authentication fails (270), the server blocks the Internet banking security channel for the terminal (275), so that the Internet banking-based financial transaction is not made through the terminal.

On the other hand, if the Internet banking customer authentication is successful (270), the server is connected to the security module provided in the terminal to convert the Internet banking security channel to the Internet banking-based financial transaction channel (280), the server In connection with the terminal, the financial transaction is processed by the user (285).

3 is a diagram illustrating a configuration of an internet banking system through access IP verification according to another embodiment of the overseas internet banking restriction service method of the present invention.

More specifically, Figure 3 is linked to the financial system in a predetermined Internet banking server 300 is connected to the communication channel for the customer terminal and the Internet banking based on the TCP / IP (Transmission Control Protocol / Internet Protocol) based network When a request for processing a financial transaction is requested from the client terminal, the Internet banking server 300 provides an internet banking system for providing a limited financial transaction service to a customer who accesses overseas through IP verification of the client terminal. to be.

Referring to FIG. 3, the Internet banking server 300 includes a web interface 300a for connecting and managing a Hyper-Text Transfer Protocol (HTTP) -based communication channel for providing a predetermined Internet banking service to a customer terminal. IP verification unit (300b) for confirming the IP address of the customer terminal connected through the communication channel connected from the web interface unit (300a), and the IP address of the confirmed customer terminal on the storage medium in association with the storage medium The web interface based on the information confirming unit 300c for confirming whether the customer terminal IP exists in Korea through the IP band information included in the database, and the address of the customer terminal IP identified from the information checking unit 300c. A web page operating unit 300d for operating a web page to be provided to at least one or more customer terminals in cooperation with the unit 300a and the storage medium 310, and interworking with the web page operating unit 300d. The UI banking unit 300i for generating a user interface (UI) screen for providing an Internet banking service to a customer terminal, and the Internet banking service from the storage medium 310 in conjunction with the UI processing unit 300i. It is characterized in that it comprises a content management unit (300e) for extracting a predetermined content for providing a, or receives a predetermined content to be stored in the storage medium 310 from the customer terminal.

The web page operation unit 300d includes the IP address of the client terminal connected to the Internet banking server in connection with the storage medium based on the IP address of the client terminal identified from the information confirmation unit 300c in the overseas IP band. If the customer is operating a web page including a foreign web page source of a limited portion of the Internet banking service to the customer, by providing to the customer terminal through the UI processing unit 300i, thereby limiting the customer's Internet banking service It is characterized by.

The internet banking server 300 provides a customer authentication interface screen to at least one or more customer terminals by interworking with the web page operation unit 300d through a UI processing unit 300i based on the customer authentication information of the internet banking information. And a customer authentication unit 300f receiving at least one customer authentication information based on the interface screen, and operating the web page through the UI processing unit 300i based on banking element information of the internet banking information. It is provided with a banking processing unit (300g) for providing a financial transaction-related interface screen to the customer terminal in conjunction with the unit 300d, or receives the financial transaction-related information based on the interface screen.

The customer authentication information stored in the storage medium 310 preferably includes ID / PW information and personal information of a customer accessing the Internet banking server 300 through the customer terminal. 300f) requests the ID / PW information of the customer to the client terminal in association with the UI processing unit 300i, receives the ID / PW information from the client terminal, and receives the received ID / PW information and the member. By comparing the ID / PW information included in the information, it characterized in that the customer is authenticated.

In addition, the customer authentication information stored in the storage medium 310 includes a copy of a certificate of a customer accessing the internet banking server 300 through the customer terminal.

In addition, it is preferable to include the directory connection information of the certification authority that issued a predetermined certificate to the customer, wherein the customer authentication unit 300f is linked with the authentication server of the certification authority that issued the certificate to the customer And requesting certificate-based customer information from the customer terminal, receiving the certificate-based customer information from the customer terminal, and authenticating the certificate-based customer information through a copy of the certified certificate or a directory of a certification authority.

According to another exemplary embodiment of the present invention, the certificate-based customer information may include stored information previously stored in the customer terminal, stored information serial number read from an IC card interworking with the customer terminal, or the IC card issuer. It may be information stored in the card memory.

In such a case, the client terminal encrypts the stored information through at least one encryption method of the symmetric key encryption method, the public key encryption method, the electronic envelope encryption method, or the key exchange encryption method through the public certificate. Provided to the customer authentication unit 300f, and the customer authentication unit 300f decrypts the encrypted stored information based on the copy of the customer's official certificate or the certificate information of the customer extracted from the directory, and compares them with each other. It is desirable to authenticate.

In addition, the customer authentication information stored in the storage medium 310 is preferably made of OTP generation information for generating an OTP authentication code matching the OTP code generated through the One Time Password (OTP) authenticator provided to the customer.

At this time, the customer authentication unit 300f requests the OTP code to the customer terminal in conjunction with the UI processing unit 300i, receives the OTP code from the customer terminal, and OTP authentication code based on the OTP generation information. To generate, by comparing the received OTP code and the generated OTP authentication code characterized in that to authenticate the customer.

When the banking processor 300g requests a financial transaction from the client terminal, the banking processor 300g provides the financial transaction request information input interface screen corresponding to the requested financial transaction to the client terminal in association with the UI processor 300i. When the financial transaction request information is input and received from the customer terminal through the financial transaction request information input interface screen, the financial transaction information corresponding to the financial transaction request information is generated by referring to the banking element information and the ledger processing unit 300h. It is characterized by providing in).

For example, when the financial transaction requested from the client terminal is a bank transfer transaction, the banking processor 300g interworks with the UI processor 300i to input a predetermined interface screen for inputting the information required for the account transfer to the client terminal. If the information required for the account transfer is received through the interface screen is received, the predetermined financial transaction information to withdraw the transfer amount from the withdrawal account to deposit into the deposit account with reference to the banking element information Generates and provides it to the ledger processor 300h.

According to an embodiment of the present invention, the banking processing unit 300g may include the financial transaction request information in the customer terminal to secure confidentiality, authentication, and non-repudiation of the financial transaction request information transmitted from the customer terminal. Attach the electronic signature of the customer, and transmits the encrypted financial transaction request information attached with the electronic signature by using a public key encryption method according to the public key infrastructure.

In this case, the banking processor 130g receives the financial transaction request information from the customer terminal, decrypts the public key decryption method according to the public key infrastructure, and confirms the electronic signature.

The ledger processing unit 300h may be linked with the financial system through a predetermined communication unit. When predetermined financial transaction information is generated by the banking processing unit 300g, the ledger processing unit 300h may correspond to the financial transaction information. Identify the ledger information to be extracted from the ledger on the financial system, and extract or generate the confirmed ledger information from the ledger on the financial system through the communication means.

4 is a diagram illustrating a process of connecting an internet banking-based financial transaction channel through access IP verification according to another embodiment of the overseas internet banking restriction service method of the present invention.

In more detail, in FIG. 4, in the Internet banking system shown in FIG. 3, when the customer terminal connects to the Internet banking server 300 through a TCP / IP-based network, the client is connected to the Internet banking server 300. In order to provide a limited financial transaction service to the accessing customer, confirming the access IP of the client terminal and performing an authentication process to connect an internet banking-based financial transaction channel between the client terminal and the internet banking server 300. It's about how.

Referring to FIG. 4, the terminal accesses the server through the TCP / IP based network by executing a predetermined browser program (400).

The server checks the IP address of the connected terminal (405), and the IP address of the connected storage medium 350 and the connected terminal is an IP address of a domestic band based on the confirmed IP address of the terminal. Check whether the IP address of the overseas band (410).

Those skilled in the art to which the present invention pertains, the method of checking whether the domestic IP address of the terminal IP address through the IP address band of the connected terminal, the IP address of the terminal and the storage medium ( A method of comparing and verifying domestic IP band information included in 350 and a method of comparing and verifying an IP address of the terminal with foreign IP band information included in the storage medium 350, and an IP address of the terminal and the storage There may be a method of comparing and verifying domestic IP band information and overseas IP band information included in the medium 350.

If the confirmed terminal is confirmed as a terminal connected from abroad (415), the server connects the communication channel between the terminal and the server through the browser based on the confirmed IP address.

Herein, the communication channel refers to a web page generated by an overseas web page source included in the web operation data on the storage medium 350 in the server and transmitted to the customer terminal, and the web in the browser program provided in the customer terminal. This means that a predetermined communication session is allocated to receive input information based on a predetermined user interface included in a page.

If the identified IP of the terminal is confirmed as an IP connected in Korea (415), the server connects the communication channel between the terminal and the server through the browser based on the IP address of the confirmed terminal. 425)

Thereafter, the server adds a script for checking whether the security module for internet banking is installed on the terminal or whether to update the security module in a predetermined web page generated for the terminal. By providing to the terminal, it is checked whether or not to update the security module (430).

After checking whether to update the security module or not, if a predetermined security module is mounted or updated in the terminal (435), the server is updated to the terminal according to a remote program installation procedure defined in the browser program. Transmit and update the version of the security module for Internet banking (440).

If the terminal does not need to install or update the latest version of the Internet banking security module (445), or if the terminal does not need to install or update the Internet banking security module (435), the server is the Internet mounted on the terminal By activating a security module for banking, a security channel for internet banking is connected between the terminal and the server.

According to an embodiment of the present invention, the security module is characterized by performing an electronic signature attachment, encryption, or protection function for the information by using the certificate of the customer mounted on the terminal.

When the secure channel for internet banking is connected, the server requests the terminal to perform an internet banking customer authentication procedure through the browser program (455).

According to the exemplary embodiment of the present invention, the Internet banking customer authentication procedure is based on the customer authentication data in the server when the customer inputs predetermined Internet banking-based customer authentication data through the terminal and transmits it to the server. And authenticating a customer connected through the terminal as an internet banking customer.

Thereafter, the terminal inputs predetermined customer authentication data according to the request, requests an electronic banking customer authentication by electronic signature or encryption through the security module, and transmits the data to the server (460), and the server receives from the terminal. Based on the customer authentication data, the customer connected through the terminal is authenticated as an internet banking customer for a non-face-to-face channel-based financial transaction (465).

If the Internet banking customer authentication fails (470), the server blocks the Internet banking security channel for the terminal (475), so that the Internet banking-based financial transaction is not made through the terminal.

On the other hand, if the Internet banking customer authentication is successful (470), the server is connected to the security module provided in the terminal to convert the Internet banking security channel to the Internet banking-based financial transaction channel (480), the server In connection with the terminal, the financial transaction for the user is completed (485).

300: Internet banking server 300a: Web interface unit
300b: IP verification unit 300c: information verification unit
300d: Web page operation unit 300e: Content operation unit
300f: customer authentication 300g: banking processing
300h: ledger processing unit 300i: UI processing unit

Claims (2)

Receiving the user's Internet banking IP address in association with a storage medium of the Internet banking server in which foreign IP band information is stored;
Checking whether the received Internet banking IP address is an IP address of a domestic band or an IP address of an overseas band; And
And disabling the user's use of Internet banking when the IP address of the overseas band is confirmed after checking the received Internet banking IP address. The method of claim 1, further comprising: inputting a foreign-only password to the user's terminal to enable internet banking by the user's selection in the step of disallowing the user's use of the Internet banking when the IP address of the overseas band is used. Overseas Internet banking limited service method comprising the.
KR1020120091864A 2012-08-22 2012-08-22 Method for restricting internet banking service from overseas KR20140025773A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020120091864A KR20140025773A (en) 2012-08-22 2012-08-22 Method for restricting internet banking service from overseas

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020120091864A KR20140025773A (en) 2012-08-22 2012-08-22 Method for restricting internet banking service from overseas

Publications (1)

Publication Number Publication Date
KR20140025773A true KR20140025773A (en) 2014-03-05

Family

ID=50640693

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020120091864A KR20140025773A (en) 2012-08-22 2012-08-22 Method for restricting internet banking service from overseas

Country Status (1)

Country Link
KR (1) KR20140025773A (en)

Similar Documents

Publication Publication Date Title
US10885501B2 (en) Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same
KR101661933B1 (en) Ccertificate authentication system and method based on block chain
KR100939725B1 (en) Certification method for a mobile phone
KR100862098B1 (en) Method for affiliating Financial Goodsum
KR20090095940A (en) System and Method for Non-faced Financial Transaction by Using Verification of Transaction Step and Program Recording Medium
KR101106992B1 (en) System and Method for Processing Payment Settlement using Electron Money Processing Account and Recording Medium
KR20090104198A (en) System and Method for Processing Transfer using Phone Number and Recording Medium
KR100833625B1 (en) Method for Processing Utility Charge Payment by Using Messenger and Program Recording Medium
KR100822939B1 (en) System and Method for Providing Unfaced Channel User Interface by Using Nickname and Recording Medium
KR20140025773A (en) Method for restricting internet banking service from overseas
KR100922105B1 (en) System for Managing Business Banking
KR101061716B1 (en) Method and system for operating carbon credit account
KR100822957B1 (en) System and Method for Processing Financial Transaction and Recording Medium
KR20090002044A (en) System and method for restricting internet banking service from foreign country and program recording medium
KR20090019029A (en) System and method for providing customized bank book and program recording medium
KR100738207B1 (en) System for processing cash payment, financial automatic devices and program recording medium
KR20070076575A (en) Method for processing user authentication
KR100821850B1 (en) Method for sending foreign exchange and program recording medium
KR101072929B1 (en) Method for Managing Local Financial Account for Foreign Worker and Program Recording Medium
KR20090055531A (en) Method for restricting internet banking service from foreign country
KR20090009364A (en) System and method for integrated payment of trade transaction service and program recording medium
KR20090094717A (en) System and Method for Transferring Certificate and Program Recording Medium
KR20080036563A (en) Method for sending foreign exchange
KR20090094716A (en) System and Method for Managing Certificate and Program Recording Medium
KR20080050377A (en) Method for processing information

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination