KR20140114511A - Method and apparatus for banking service and method thereof - Google Patents
Method and apparatus for banking service and method thereof Download PDFInfo
- Publication number
- KR20140114511A KR20140114511A KR1020130027936A KR20130027936A KR20140114511A KR 20140114511 A KR20140114511 A KR 20140114511A KR 1020130027936 A KR1020130027936 A KR 1020130027936A KR 20130027936 A KR20130027936 A KR 20130027936A KR 20140114511 A KR20140114511 A KR 20140114511A
- Authority
- KR
- South Korea
- Prior art keywords
- financial
- user
- otp
- financial transaction
- information
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q2220/00—Business processing using cryptography
Abstract
Description
More particularly, the present invention relates to a method and apparatus for generating an OTP (One Time Password) based on financial IC card information stored in a financial IC card and user information of a mobile terminal, The present invention relates to a method and an apparatus that can be implemented with enhanced security.
Internet banking has become a part of everyday life for the general public as the development of internet communication technology and the activation of online electronic financial transaction according to information age. As the online banking transactions such as Internet banking are activated, financial transaction hacking accidents are causing anxiety about online banking transactions. Recently, OTP, which generates a new one-time password at the time of online banking transactions, keyboard security that encrypts keyboard input information, web encryption that encrypts transmission information between a customer's web browser and a financial institution's web server, And DB security to protect itself.
Recently, the government has set up comprehensive measures to strengthen the security of electronic financial transactions in four areas of anti-hacking, electronic finance, e-commerce and public certificate. In this regard, the Financial Supervisory Service has introduced the introduction of OTP terminals as recommendations Respectively.
OTP is a security system that generates and uses a new password every time a user wishes to be authenticated. Such a one-time password is referred to as OTP, and a terminal that generates such a password in an expanded sense is also called OTP. In an accurate sense, the terminal that generates such a password is called an OTP generator. Such OTP generator or OTP terminal can protect the online electronic financial transaction from hacking by eliminating the possibility of the password used in the user authentication process.
However, it is a reality that the OTP or the authorized certificate method which is commonly used in the existing online financial transaction still has a great risk of hacking, theft and theft. In other words, in the case of a public certificate, there is a need to strengthen the security due to a hacking or the like, and in the case of the OTP, there is a vulnerability such as a loss due to the loss of an individual or a hacking at an intermediate stage. to be.
SUMMARY OF THE INVENTION The present invention has been made to solve the above problems, and it is an object of the present invention to provide an OTP server which can provide financial IC card information for storing information necessary for OTP generation in a memory area, A financial transaction method capable of further enhancing the security of the financial IC card information for OTP generation by executing the authentication for the financial transaction user and transmitting the generated OTP to the mobile terminal according to the result of authentication of the financial transaction service user, The purpose is to provide a device.
It is another object of the present invention to provide a financial transaction method capable of protecting the financial IC card information from illegal hacking of communication data by decrypting the financial IC card information encrypted by the OTP server based on a predefined public key, Device.
It is still another object of the present invention to provide a financial transaction method and apparatus capable of fundamentally preventing financial transaction in the event of loss of one of a mobile terminal and a financial IC card according to respective recording boxes by binarizing financial IC card information and user information .
It is still another object of the present invention to provide an OTP authentication method capable of maintaining a stronger security by further adding an authentication procedure for verifying validity of a financial transaction service subscriber of a mobile terminal and validity of financial IC card information in an existing OTP authentication procedure And to provide a financial transaction method and apparatus.
According to a first aspect of the present invention,
A financial IC card for encrypting financial IC card information, which is information necessary for OTP generation issued from a financial institution,
In order to receive the financial transaction service, the user confirms whether the user is a subscriber of a financial transaction service supplied from a mobile communication company or a financial company. If the subscriber is a financial transaction service member, he / she reads the financial IC card information of the financial IC card through a local communication network, A mobile terminal for transmitting the IC card information and the user information of the mobile terminal through a first communication network,
If the subscriber is a financial transaction service subscriber, authentication is performed on the financial transaction user through the validity of the mobile terminal and the validity of the financial IC card based on the received user information of the mobile terminal and the financial IC card information, And an OTP server for generating an OTP according to a predetermined algorithm and transmitting the generated OTP to the mobile terminal through the first communication network.
Preferably, the financial IC card
The financial IC card information including the ID of the user and the OTP serial number (token serial number) assigned by the financial institution is encrypted using the private key of the symmetric key algorithm and recorded.
Preferably, the mobile terminal further comprises:
In order to receive the financial transaction service, a password designated by the user is registered in the OTP server in an initial menu for confirming whether the user is a financial transaction service subscriber supplied from a mobile communication company or a financial company, and the registered password and the inputted password A user interface module for confirming that the user is a financial transaction service subscriber,
A short distance communication module for reading the financial IC card information stored in the financial IC card in the case of the financial transaction service subscriber,
And a financial transaction control module for transmitting the financial IC card information including the leading user ID and the OTP serial number and the user information of the mobile terminal to the OTP server through the first communication network through the short distance communication module .
Preferably, the user information comprises:
And a telephone number of the mobile terminal.
Preferably, the user interface module comprises:
After downloading the financial transaction service providing application provided through the browser, an initial menu for confirming whether or not the financial transaction service is to be added is created,
The password of the financial transaction service is registered in accordance with the generated initial menu OPT And registers it in the server and confirms whether it is a financial service subscriber based on the registered password and the inputted password when requesting the financial transaction service.
Preferably, the OTP server comprises:
A decryption module for receiving the financial IC card information provided from the mobile terminal and decrypting the received financial IC card information using a predefined public key when it is confirmed as a financial distance service subscriber based on the registered password ;
A financial information storage module in which financial information provided from a financial company is stored,
A financial transaction user authentication module for authenticating a financial transaction user based on user information of the mobile terminal and financial IC card information decrypted by the decryption module;
And an OTP generation module for generating an OTP according to a predetermined algorithm when the financial transaction user is valid and transmitting the encrypted OTP to the mobile terminal.
Preferably, the financial transaction service authentication
The first authentication for the financial transaction user is performed based on the user information of the mobile terminal and the user information of the financial information of the financial information storage module,
The second authentication for the financial transaction user is executed based on the user ID and the OTP serial number of the financial IC information decrypted by the decryption module and the user ID and OTP serial number of the financial information stored corresponding to the user information according to the first authentication result .
Preferably,
And a financial service server connected to the mobile terminal through a second communication network and executing a financial transaction using a mobile terminal or a personal computer as an input of an OTP provided from the OTP server.
According to a second aspect of the present invention, there is provided a financial IC card comprising:
A security communication unit for reading the financial IC card information in response to a financial IC card information request from a mobile terminal, which is a financial transaction service subscriber, and transmitting the read information to the mobile terminal;
And a memory for encrypting and recording financial IC card information supplied from a financial institution.
Preferably, the financial IC card information includes:
And the financial IC card information including the user ID and the OTP serial number assigned by the financial institution is encrypted and stored using the private key of the symmetric key algorithm.
According to a third aspect of the present invention,
In order to receive a financial transaction service, a user creates an initial menu for confirming whether the user is a financial transaction service subscriber using an application supplied from a mobile communication company or a financial company, A user interface module for confirming whether the user is a transaction service subscriber,
A short distance communication module for reading the financial IC card information stored in the financial IC card when the user interface module is confirmed as a financial transaction service subscriber,
And a financial transaction control module that transmits the read financial IC card information and the user information of the mobile terminal to the OTP server through the first communication network through the short-range communication module.
Preferably, the user interface module comprises:
After downloading the financial transaction service providing application provided through the browser, an initial menu for confirming whether or not the financial transaction service is to be added is created,
A password is input in accordance with the initial menu, OTP Server,
And to confirm whether the subscriber is a financial transaction service subscriber based on the registered password and the password entered through the keypad.
Preferably, the user information comprises:
And is a telephone number of the mobile terminal.
According to a fourth aspect of the present invention, there is provided an OTP server comprising:
A decryption module for decrypting the encrypted financial IC card information by receiving the encrypted financial IC card information read through the mobile terminal when it is determined that the user is a financial distance service subscriber based on the registered password ;
A financial information storage module for receiving financial information from the financial institution, the financial information including a user ID and an OTP serial number, and user information being a phone number of the mobile terminal,
A financial transaction user authentication module for authenticating a financial transaction user based on the financial IC card information decrypted by the decryption module and the user information of the mobile terminal;
And an OTP generation module for generating an OTP according to a predetermined algorithm when the financial transaction user is valid and transmitting the encrypted OTP to the mobile terminal through the first communication network.
According to a fifth aspect of the present invention,
A financial transaction method for authenticating a subscriber of a financial transaction service and executing an authentication procedure for a financial transaction user, the subscriber being connected to the encrypted financial IC card, the mobile terminal, and the OTP server via a communication network,
A service subscription confirming step of confirming whether the subscriber is a financial transaction service subscriber based on the password registered when the financial transaction application is executed through the communication network of the mobile communication company or the financial company in the mobile terminal;
A financial transaction user information transmission step of reading the financial IC card information stored in the financial IC card through the local communication network in the mobile terminal and transmitting the read financial IC card information and the user information of the mobile terminal to the OTP server Wow,
A financial transaction user authentication step of performing financial transaction user authentication based on the received financial IC card information and user information and financial information previously stored in the OTP server,
And generating an OTP when the financial transaction user is valid through the financial transaction user authentication and transmitting the generated OTP to the mobile terminal.
Preferably, the financial IC card information includes:
And a user ID and an OTP serial number provided as financial companies.
Preferably, the user information comprises:
And the telephone number of the mobile terminal is included in the OTP server.
Preferably, the financial information includes:
And a user ID and an OTP serial number stored corresponding to user information including a phone number of a mobile terminal provided from a financial company.
Preferably, the financial transaction user authentication step includes:
The first authentication for the financial transaction user is executed based on the user information of the mobile terminal and the financial information of the financial information storage module,
The financial IC card information encrypted according to the first authentication result for the financial transaction user is decrypted using the predefined public key,
And the second authentication for the financial transaction user is performed based on the user ID and the OTP serial number included in the decrypted financial IC information, the user ID included in the financial information, and the OTP serial number.
Preferably, the OTP generation step comprises:
If the financial transaction user is valid as a result of the financial transaction user authentication at the OTP server, the OTP server generates an OTP according to a predefined algorithm and transmits the encrypted OTP to the mobile terminal via the first communication network.
Preferably,
And performing a financial transaction using a mobile terminal or a user terminal as an input of an OTP provided from the OTP server at a financial service server connected through the second communication network with the mobile terminal.
As described above, according to the financial transaction apparatus and method according to the embodiment of the present invention, the financial IC card information for storing information necessary for OTP generation in the memory area in the online financial transaction in the OTP server, It is possible to further enhance the security of the financial IC card information for generating the OTP by transmitting the OTP generated according to the financial transaction service user authentication result to the mobile terminal by receiving the user information and performing the authentication for the financial transaction user .
Also, according to the present invention, the financial IC card information encrypted by the OTP server and the user information are decrypted based on the predefined public key, thereby protecting the financial IC card information from illegal hacking of communication data.
According to the present invention, the financial IC card information and the user information can be duplicated, and the exposure of the financial IC card information at the time of loss of the mobile terminal can be fundamentally prevented according to the respective recording boxes.
According to the present invention, in an existing OTP authentication procedure, an authentication procedure for a financial transaction service subscriber of a mobile terminal, which is executed based on a registered password at the time of executing a financial transaction service application, It is possible to further enhance the security by adding a certificate confirming validity.
BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate preferred embodiments of the invention and, together with the description of the invention given below, serve to further understand the technical idea of the invention. And should not be construed as limiting.
1 is a diagram illustrating a configuration of a financial transaction apparatus according to an embodiment of the present invention.
2 is a diagram illustrating a configuration of a mobile terminal used in financial transactions according to an embodiment of the present invention.
3 is a diagram illustrating a configuration of an OTP server used in financial transactions according to an embodiment of the present invention.
4 is a flowchart illustrating a procedure of a financial transaction process according to another embodiment of the present invention.
In order to fully understand the present invention, operational advantages of the present invention, and objects achieved by the practice of the present invention, reference should be made to the accompanying drawings and the accompanying drawings which illustrate preferred embodiments of the present invention.
BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the preferred embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.
1 is a diagram illustrating a configuration of a financial transaction apparatus according to an embodiment of the present invention.
Another financial transaction apparatus according to an embodiment of the present invention includes a
Here, the
Here, the first and second communication networks include a CDMA (Code Division Multiple Access) network, a WCDMA (Wideband Code Division Multiple Access) network, and the like, which provide mobile communication services such as basic voice call service and data communication service .
In addition, the local area network includes a Wi-Fi network capable of providing high-speed Internet within a certain distance of a place where a wireless access point (AP) is installed, but the present invention is not limited thereto.
Also, when the
The financial IC card is given from a financial institution, and the financial IC card information including the user ID and the OTP serial number for the financial registrant is encrypted and stored in the memory area.
The financial IC card information is information obtained by encrypting the user ID and the OTP serial number using the private key of the symmetric key algorithm, and is recorded in the memory area of the
The
When the
Here, the
The
That is, the
The
If the
The
In addition, since the
2 shows a configuration of a mobile terminal according to the present invention.
2, the
That is, the
In accordance with the WAP browsing solution, the
The
If the
Also, the short-
If the authentication result of the
3 shows a configuration of an OTP server according to an embodiment of the present invention.
3, the
The
Meanwhile, the financial
The financial IC card information includes a user ID and an OTP serial number provided from a financial institution, and the user information includes a telephone number of the mobile terminal.
The financial transaction user authentication module 350 performs financial transaction user authentication based on the financial information of the financial
That is, the financial transaction user authentication module 350 performs a primary authentication for the financial transaction user, which determines whether the financial transaction user is valid based on the user information of the mobile terminal and the user information of the financial information of the financial information storage module The validity of the financial IC card based on the user ID and the OTP serial number of the financial IC information decrypted by the decryption module and the user ID and the OTP serial number stored in the financial information corresponding to the user information, The second authentication for the financial transaction user is performed.
If the financial transaction user is valid, the
If the financial transaction user is not valid, the financial transaction user authentication module 350 provides the authentication result for the financial transaction user to the
Hereinafter, the financial transaction processing operation according to the present invention will be described.
4 is a flowchart illustrating a financial transaction processing operation according to an embodiment of the present invention.
Referring to the drawings, a user interface module (110) of a mobile terminal according to the present invention installs a browser to receive financial related services, and then, through a financial transaction related website provided from a financial company or a mobile communication company, (S11), and then a financial transaction service subscription is executed (S11).
That is, the mobile terminal includes a PC, a notebook PC, a PDA, a smart phone, and the like. The mobile terminal includes a web browser, and is connected to the
In the embodiment of the present invention, a series of processes of downloading a financial transaction application from a web site connected through a browser and subscribing to a financial transaction service are well known and widely known, and therefore, a detailed description thereof will be omitted.
Next, the
When the subscriber is a financial transaction service subscriber, the
Also, the financial transaction control module 170 carries out a process of transmitting the financial IC card information stored in the financial IC card to the
Here, the
Next, the
Also, the financial transaction user authentication module 350 performs an authentication procedure for the user based on the financial information of the registered financial information registration module, the financial IC card information, and the user information provided by the financial company.
In this case, the authentication for the financial transaction user may include whether the financial information matches with the financial IC card information, whether the financial information matches the user information, whether the financial information matches the user information and the financial IC information (S21).
The financial transaction user authentication result is provided to the
If the received financial transaction user authentication result is valid, the
The OTP generation is generated as an OTP random number through a predefined algorithm, and is simultaneously issued by the
The generated OTP is provided to the financial transaction control module 170 of the
The OTP provided to the mobile terminal is displayed on the screen, and the displayed OTP is input through the user terminal including the mobile terminal or the personal PC (S25). The input OTP is input to the financial institution And is provided to the
The
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
In the OTP server, the financial IC card information storing the information necessary for OTP generation in the memory area during the online financial transactions and the user information of the mobile terminal generated by the OTP server are received to execute the financial transaction user authentication, The OTP generated by the OTP is transmitted to the mobile terminal, thereby improving the security of the financial IC card information for OTP generation. In addition, It is an invention that is industrially applicable because it can bring about progress and it is enough to be able to carry out the commercialization or operation of the applied financial product as well as realistically and clearly.
Claims (22)
In order to receive the financial transaction service, the user confirms whether the user is a subscriber of a financial transaction service supplied from a mobile communication company or a financial company. If the subscriber is a financial transaction service member, he / she reads the financial IC card information of the financial IC card through a local communication network, A mobile terminal for transmitting the IC card information and the user information of the mobile terminal through a first communication network,
If the subscriber is a financial transaction service subscriber, authentication is performed on the financial transaction user through the validity of the mobile terminal and the validity of the financial IC card based on the user information of the mobile terminal and the encrypted financial IC card information, And an OTP server for generating an OTP according to a predetermined algorithm and transmitting the generated OTP to the mobile terminal through the first communication network.
The financial transaction device encrypts the financial IC card information including the user's ID and OTP serial number (token serial number) assigned by the financial institution using the private key of the symmetric key algorithm, and records the encrypted information.
A user interface module for confirming that the subscriber is a financial transaction service subscriber based on a password registered by a user in an initial menu for confirming whether the subscriber is a financial transaction service subscriber supplied from a mobile communication company or a financial company,
A short distance communication module for reading the financial IC card information stored in the financial IC card in the case of the financial transaction service subscriber,
And a financial transaction control module for transmitting the financial IC card information including the leading user ID and the OTP serial number and the user information of the mobile terminal to the OTP server through the first communication network through the short distance communication module Wherein said financial transaction device is a financial transaction device.
And a telephone number of the mobile terminal.
After downloading the financial transaction service providing application provided through the browser, an initial menu for confirming whether or not the financial transaction service is to be added is created,
And registers the password of the financial transaction service in the OPT server according to the generated initial menu, and confirms whether it is a financial service subscriber based on the password registered at the time of requesting the financial transaction service and the password input through the keypad Financial transaction device.
A decryption module for receiving the financial IC card information provided from the mobile terminal and decrypting the encrypted financial IC card information using a predefined public key when it is determined that the user is a financial distance service subscriber based on the registered password ;
A financial information storage module in which financial information provided from a financial company is stored,
A financial transaction user authentication module for authenticating a financial transaction user based on the financial IC card information and the user information decrypted by the decryption module and the financial information provided from a financial company;
And an OTP generation module for generating an OTP according to a predefined algorithm when the financial transaction user is valid and transmitting the encrypted OTP to the mobile terminal after encrypting the generated OTP.
Performing first authentication for a financial transaction user to determine whether a financial transaction user is valid based on user information of the mobile terminal and financial information of a financial information storage module,
A financial transaction user who determines the validity of the financial IC card based on the user ID and the OTP serial number included in the decrypted financial IC information and the user ID and the OTP serial number included in the financial information, And executes authentication for the financial transaction user by executing the second authentication for the financial transaction user.
Further comprising a financial transaction server connected to the mobile terminal through a second communication network and executing a financial transaction using a mobile terminal or a personal computer as an input of an OTP provided from the OTP server.
And a memory for encrypting and recording financial IC card information supplied from a financial institution.
And the financial IC card information including the user ID and the OTP serial number assigned by the financial institution is encrypted and stored using the private key of the symmetric key algorithm.
A short distance communication module for reading the financial IC card information stored in the financial IC card when the user interface module is confirmed as a financial transaction service subscriber,
And a financial transaction control module for transmitting the financial IC card information and user information read through the short-range communication module to the OTP server through a first communication network.
After downloading the financial transaction service providing application provided through the browser, an initial menu for confirming whether or not the financial transaction service is to be added is created,
Registers a password according to the initial menu,
And to confirm whether the subscriber is a financial transaction service subscriber based on the registered password and the password input through the cash pad .
And the OTP server includes a phone number of the mobile terminal.
A financial information storage module for receiving and storing financial information including a user ID and an OTP serial number corresponding to a telephone number of the mobile terminal,
A financial transaction user authentication module for authenticating a financial transaction user based on the financial IC card information decrypted by the decryption module, the user information of the mobile terminal and the financial information of the financial information storage module provided from a financial company,
And an OTP generation module for generating an OTP according to a predefined algorithm when the financial transaction user is valid and transmitting the encrypted OTP to the mobile terminal through a first communication network, OTP server.
Authentication of the financial transaction user is executed based on whether the financial information matches with the financial IC card information, whether the financial information matches with the user information, and whether the financial information matches the user information and the financial IC card information The OTP server of the financial transaction device.
A service subscription confirming step of confirming whether the subscriber is a financial transaction service subscriber based on the password registered when the financial transaction application is executed through the communication network of the mobile communication company or the financial company in the mobile terminal;
A financial transaction user information transmission step of reading the financial IC card information stored in the financial IC card through the local communication network in the mobile terminal and transmitting the read financial IC card information and the user information of the mobile terminal to the OTP server Wow,
A financial transaction user authentication step of performing financial transaction user authentication on the OTP server based on the received financial IC card information and user information and pre-stored financial information;
And generating an OTP when the financial transaction user is valid through the financial transaction user authentication and transmitting the generated OTP to the mobile terminal.
And a user ID and an OTP serial number provided as financial companies.
And a telephone number of the mobile terminal generated by the OTP server.
A financial IC card information including a user ID and an OTP serial number provided from a financial company, and user information including a telephone number of a mobile terminal of a financial trader.
The first authentication for the financial transaction user is executed based on the user information of the mobile terminal and the financial information of the financial information storage module,
The financial IC card information encrypted according to the first authentication result for the financial transaction user is decrypted using the predefined public key,
And the second authentication for the financial transaction user is performed based on the user ID and the OTP serial number included in the decrypted financial IC information, the user ID included in the financial information, and the OTP serial number.
When the financial transaction user is valid as a result of the financial transaction user authentication in the OTP server, the OTP server generates an OTP according to a predefined algorithm and transmits the encrypted OTP to the mobile terminal via the first communication network .
Further comprising executing a financial transaction using a mobile terminal or a user terminal as an input of an OTP provided from the OTP server at a financial service server connected to the mobile terminal via a second communication network, .
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130027936A KR20140114511A (en) | 2013-03-15 | 2013-03-15 | Method and apparatus for banking service and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130027936A KR20140114511A (en) | 2013-03-15 | 2013-03-15 | Method and apparatus for banking service and method thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20140114511A true KR20140114511A (en) | 2014-09-29 |
Family
ID=51758176
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020130027936A KR20140114511A (en) | 2013-03-15 | 2013-03-15 | Method and apparatus for banking service and method thereof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20140114511A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101512001B1 (en) * | 2014-10-08 | 2015-04-14 | 주식회사 한국엔에프씨 | System and method for user authentication by using a physical financial card and mobile communication terminal |
KR20200022194A (en) * | 2018-08-22 | 2020-03-03 | 엔에이치엔한국사이버결제 주식회사 | System and Method for Identification Based on Finanace Card Possessed by User |
-
2013
- 2013-03-15 KR KR1020130027936A patent/KR20140114511A/en not_active Application Discontinuation
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101512001B1 (en) * | 2014-10-08 | 2015-04-14 | 주식회사 한국엔에프씨 | System and method for user authentication by using a physical financial card and mobile communication terminal |
WO2016056853A1 (en) * | 2014-10-08 | 2016-04-14 | 주식회사 한국엔에프씨 | System for convenient person authentication using mobile communication terminal and actual financial card and method therefor |
KR20200022194A (en) * | 2018-08-22 | 2020-03-03 | 엔에이치엔한국사이버결제 주식회사 | System and Method for Identification Based on Finanace Card Possessed by User |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10586229B2 (en) | Anytime validation tokens | |
US20150310427A1 (en) | Method, apparatus, and system for generating transaction-signing one-time password | |
EP2690840B1 (en) | Internet based security information interaction apparatus and method | |
US20140172741A1 (en) | Method and system for security information interaction based on internet | |
KR20120080283A (en) | Otp certification device | |
KR20130061165A (en) | Method for providing network type one time password by using a medium for near field communication | |
KR20140114511A (en) | Method and apparatus for banking service and method thereof | |
KR20170042137A (en) | A authentication server and method thereof | |
KR101710950B1 (en) | Method for distributing encrypt key, card reader and system for distributing encrypt key thereof | |
AU2015200701B2 (en) | Anytime validation for verification tokens | |
KR20130061163A (en) | Method for controlling a program by using a medium for near field communication | |
KR20130080029A (en) | Method for displaying network type one time password by using authentication of near field communication medium | |
KR20130075761A (en) | Method for operating network type one time password by using authentication of near field communication medium | |
KR20100136379A (en) | System and method for settling mobile phone by multiple code creation mode network otp authentication and recording medium | |
KR20100136371A (en) | System and method for settling mobile phone by seed combination mode's otp authentication and recording medium | |
KR20100136318A (en) | System and method for creating otp by code combination mode with index exchange and recording medium | |
KR20130075762A (en) | System for operating network type one time password | |
KR20100136370A (en) | System and method for settling mobile phone by otp authentication and recording medium | |
KR20130061166A (en) | Method for displaying network type one time password by using a medium for near field communication | |
KR20130061164A (en) | Method for acting a program by using a medium for near field communication | |
KR20100136373A (en) | System and method for settling mobile phone by multiple code creation mode's otp authentication and recording medium | |
KR20100136377A (en) | System and method for settling mobile phone by multiple code creation mode network otp authentication and recording medium | |
KR20100136380A (en) | System and method for settling mobile phone by multiple authentication mode network otp authentication and recording medium | |
KR20100136324A (en) | System and method for settling mobile phone by multiple code creation mode's otp authentication with index exchange and recording medium | |
KR20100136334A (en) | System and method for mobile payment by using otp authentication with customer's media and recording medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |