KR20170052763A - Method and system for financial transaction using certifying of terminal - Google Patents

Method and system for financial transaction using certifying of terminal Download PDF

Info

Publication number
KR20170052763A
KR20170052763A KR1020150154090A KR20150154090A KR20170052763A KR 20170052763 A KR20170052763 A KR 20170052763A KR 1020150154090 A KR1020150154090 A KR 1020150154090A KR 20150154090 A KR20150154090 A KR 20150154090A KR 20170052763 A KR20170052763 A KR 20170052763A
Authority
KR
South Korea
Prior art keywords
terminal
financial transaction
authentication
user
online
Prior art date
Application number
KR1020150154090A
Other languages
Korean (ko)
Other versions
KR101847243B1 (en
Inventor
정재욱
Original Assignee
주식회사 우리은행
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 우리은행 filed Critical 주식회사 우리은행
Priority to KR1020150154090A priority Critical patent/KR101847243B1/en
Publication of KR20170052763A publication Critical patent/KR20170052763A/en
Application granted granted Critical
Publication of KR101847243B1 publication Critical patent/KR101847243B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a financial transaction method through authentication of a terminal and a system thereof wherein a terminal is registered through authentication when the terminal is used by a relevant user for the first time as a financial transaction terminal used for online banking and so on, and, when the authentication fails, a financial transaction through a relevant terminal is denied to prevent an electronic banking accident such as phishing from occurring. According to the present invention, a method for approving a financial transaction through authentication of a terminal applied to an online financial transaction system comprise: a first step of checking, in real time, information of a terminal trying an online financial transaction; a second step of approving the online financial transaction when the relevant terminal is a terminal having been preregistered through authentication of the relevant user based on a checking result of the first step; a third step of requesting the users authentication when the relevant terminal is not the terminal having been preregistered through authentication of the relevant user; and a fourth step of registering the terminal as a users authenticated terminal and then approving the online financial transaction when authentication information, corresponding to the request in the third step, is input.

Description

[0001] METHOD AND SYSTEM FOR FINANCIAL TRANSACTION USING CERTIFICATION OF TERMINAL [0002]

The present invention relates to a financial transaction method and system through terminal authentication. More specifically, the present invention relates to a financial transaction terminal used for on-line banking and the like, The present invention relates to a financial transaction method and system using terminal authentication to prevent the occurrence of an electronic financial accident such as phishing by rejecting a financial transaction through the terminal.

According to the Bank of Korea's announcement of Internet banking service usage in the first quarter of 2014, the total number of registered Internet banking users is approximately 97.7 million, and the total number of Internet banking usage is an average of 63.69 million per day, among which the number of registered mobile banking customers Approximately 525 million people use an average of 27.6 million per day. Also, most of the mobile banking is based on smartphones.

Internet banking such as mobile banking is superior to any existing financial transaction method in terms of ease of use, but is vulnerable to risks such as phishing. In other words, in response to an increase in the number of online banking users such as Internet banking, fraudulent funds transfer (financial transaction) is performed illegally by taking personal financial information (account number, account password, security card number, The number of accidents involving the taking of funds is continuously increasing.

In order to prevent this, financial institutions such as banks have provided safeguards such as receiving additional authentication using mobile terminals owned by customers. However, since electronic bank fraud methods are becoming more detailed and sophisticated day by day, However, the amount of damages and the number of electronic financial losses are not decreasing at all.

Therefore, in using online banking such as Internet banking, it is required to introduce a more effective and strong security authentication procedure that can be safe from electronic financial fraud such as phishing.

Korean Patent Laid-Open Publication No. 10-2005-0035979 (Title: User Authentication System Using One-Time Connection Number) Korean Patent Laid-Open Publication No. 10-2013-0106331 (entitled " System and Method for Preventing Deferred Automatic Debit &

SUMMARY OF THE INVENTION The present invention has been conceived to solve the above-mentioned problems, and it is an object of the present invention to provide a financial transaction terminal, which is used for online banking and the like, The object of the present invention is to provide a financial transaction method and system through terminal authentication in order to prevent the occurrence of electronic financial accidents such as phishing by rejecting financial transactions.

The objects of the present invention are not limited to the above-mentioned objects, and other objects and advantages of the present invention which are not mentioned can be understood by the following description and more clearly understood by the embodiments of the present invention. It will also be readily apparent that the objects and advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.

According to another aspect of the present invention, there is provided a method for approving a financial transaction through terminal authentication applied to an online financial transaction system, the method comprising: a first step of real- A second step of approving the on-line financial transaction if the terminal is a pre-registered terminal through authentication of the user as a result of the first step; A third step of requesting the user for authentication if the terminal is not a terminal registered through authentication of the user as a result of the first step; And a fourth step of registering the terminal as the authentication terminal of the user and approving the online financial transaction when the authentication information is inputted so as to correspond to the request of the third step. .

Here, the fifth step of the financial transaction method using the terminal authentication of the present invention may include a fifth step of denying the online financial transaction using the terminal when the authentication information corresponding to the request of the third step can not be inputted have.

In this case, when authentication information corresponding to the request of the third step can not be input, it may be preferable that the terminal registers and manages the terminal as a crime suspect terminal.

According to another aspect of the present invention, there is provided an online financial transaction system including: And an on-line financial transaction server for approving the on-line financial transaction to correspond to whether the terminal is a pre-registered terminal through authentication of the user, wherein the on-line financial transaction server comprises: The terminal may be configured to approve the on-line financial transaction if the terminal is registered with the terminal, and to request the user to perform authentication if the terminal is not a terminal registered through authentication of the user.

Here, the on-line financial transaction server may be configured to deny an on-line financial transaction using the terminal if authentication information corresponding to the request can not be input.

At this time, if the authentication information corresponding to the request can not be inputted, the online financial transaction server may preferably register and manage the terminal as a crime suspect terminal.

According to the present invention as described above, it is possible to perform strict authentication such as 2-channel authentication in the case of the first use for a financial transaction terminal for performing on-line banking, and refuse a financial transaction for a terminal that has not been authenticated, It is possible to prevent the occurrence of electronic financial accidents such as phishing.

In addition, the present invention can provide advantages such as simplification of financial transaction procedures and cost reduction for authentication by enabling subsequent online financial transactions to be performed only with a minimum security authentication procedure for a terminal that has been authenticated.

Furthermore, the authentication denial terminal can be registered as a suspected crime terminal and can be managed separately, thereby providing various advantages such as more effective prevention of electronic financial crime.

FIG. 1 is a block diagram illustrating a financial transaction system through terminal authentication according to an embodiment of the present invention. Referring to FIG.
2 is a flowchart illustrating a financial transaction method using terminal authentication according to an embodiment of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings.

It is to be understood that the following specific structure or functional description is illustrative only for the purpose of describing an embodiment in accordance with the concepts of the present invention and that embodiments in accordance with the concepts of the present invention may be embodied in various forms, It should not be construed as limited to the embodiments.

The embodiments according to the concept of the present invention can make various changes and have various forms, so that specific embodiments are illustrated in the drawings and described in detail in this specification or application. However, it should be understood that the embodiments according to the concept of the present invention are not intended to limit the present invention to specific modes of operation, but include all changes, equivalents and alternatives included in the spirit and scope of the present invention.

The terms first and / or second etc. may be used to describe various components, but the components are not limited to these terms. The terms may be named for the purpose of distinguishing one element from another, for example, without departing from the scope of the right according to the concept of the present invention, the first element being referred to as the second element, The second component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when it is mentioned that an element is "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions for describing the relationship between components, such as "between" and "between" or "adjacent to" and "directly adjacent to" should also be interpreted.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. It is to be understood that the terms such as " comprises "or" having "in this specification are intended to specify the presence of stated features, integers, But do not preclude the presence or addition of steps, operations, elements, parts, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the meaning of the context in the relevant art and, unless explicitly defined herein, are to be interpreted as ideal or overly formal Do not.

1 is a block diagram illustrating a financial transaction system through terminal authentication according to an embodiment of the present invention.

Referring to FIG. 1, a financial transaction system using terminal authentication according to an exemplary embodiment of the present invention includes an online financial transaction server 110 and a user terminal 120.

The online financial transaction server 110 is provided in a financial institution such as a bank and processes a request task input from the user terminal 120 connected to the online financial transaction server 110 and performs a management task for each account do.

The online financial transaction server 110 may include a database 130 to systematically manage various data such as user information, account information, transaction history information, and user terminal information.

The user terminal 120 refers to all personal terminal devices for processing a financial transaction work through wired / wireless communication network, and may include a PC, a notebook, a tablet PC, a smart phone, and the like. The on-line financial transaction using the user terminal 120 may include login / balance / transaction history inquiry, money transfer transaction, authorized certificate issuance, change of customer information, termination / deposit cancellation, Application and so on.

When the online financial transaction server 110 is accessed through the user terminal 120, the online financial transaction server 110 can confirm whether or not the logged-in user has registered the terminal 120. That is, when the terminal 120 has performed an online financial transaction even once through the terminal 120, the terminal 120 may be registered and managed in the database 130 controlled by the online financial transaction server 110 Accordingly, the online financial transaction server 110 can be configured to approve the financial transaction that the user intends to proceed through matching between the terminal 120 and the user who logs in using the terminal 120.

However, when the user first attempts an online financial transaction through the terminal 120, the online financial transaction server 110 may request registration of the terminal 120 through message transmission or the like.

In other words, only when the user first accesses the online financial transaction server 110 using the terminal 120, the server 110 can request registration of the terminal 120, ), The same user can be reconnected at a later time so that the online banking service can be performed through the simple authentication procedure.

At this time, the user authentication for the initially connected terminal is performed by two or more authentication methods selected from a normal user authentication method such as a security method input method, an authentication number input method using SMS, an ARS method, It is preferable that the two-channel authentication method is applied simultaneously.

However, if the user denies the registration request of the online financial transaction server 110, the online financial transaction using the terminal 120 may be denied until the registration is made, and further, It is also possible to provide a configuration such as registering with the terminal in the database 130 and managing it continuously and systematically.

In other words, since an electronic financial crime is generally attempted by using a terminal that is not used by a customer, the terminal registers and manages the terminal normally used by the user, and when a financial transaction attempt is made from a terminal that is not normally used, And if the authentication fails, the terminal can be classified as a criminal suspicious terminal or the like and managed.

Accordingly, if the user successfully registers the terminal through the strict authentication process with respect to the terminal 120 to be initially connected, if the terminal 120 is used, then the online financial service can be provided only through the simple authentication procedure There are advantages.

In addition, in the case where the number of IDs attempted to be accessed through the same terminal exceeds a certain level, for example, when five or more IDs attempt to connect through the same terminal within the past one month, It is possible to provide a configuration such as registering and managing the terminal as a criminal suspicious terminal or the like irrespective of whether the terminal is a criminal or not.

In other words, by registering and managing suspicious devices through the development of various crime suspicion patterns, and by requesting more stringent authentication for financial transaction attempts through such suspicious devices, and further blocking transactions, electronic crime Active prevention can be implemented.

2 is a flowchart illustrating a financial transaction method using terminal authentication according to an embodiment of the present invention.

Referring to FIG. 2, a financial transaction method using terminal authentication according to an exemplary embodiment of the present invention includes a step S210 of checking terminal information in real time, a step S220 of checking whether the terminal is a registered terminal, In step S230, the financial transaction is approved. In step S230, the user is requested to authenticate the user in step S240. In step S250, the terminal is registered in step S260. (S250), rejecting the financial transaction (S270), and the like.

That is, according to the present invention, as described above, it is checked in real time whether the terminal attempting to access a financial transaction by accessing an online financial transaction server is registered as a terminal of the user (S220) (S230). ≪ / RTI >

If the terminal is not a registered terminal (S220), the user authentication is requested through a two-channel authentication method or the like (S240). If the authentication is successful (S250), terminal registration (S260) (S250), it is possible to provide a configuration such as rejecting the financial transaction.

At this time, the terminal whose financial transaction is rejected (S270) due to the authentication failure (S250) is registered as a criminal suspicious terminal through a separate database or the like (S280) so as to manage the transaction, In this case, it is possible to provide a structure such as prevention of the occurrence of crime through more careful observation.

Furthermore, if the number of IDs attempted to be accessed through the same terminal exceeds a certain level within a predetermined period, the terminal is registered as a crime suspect terminal regardless of whether the terminal is authenticated or not, In the case of a financial transaction attempt through a terminal, it is possible to implement aggressive prevention against an electronic crime that is being developed day by day, through demanding authentication or blocking transactions.

As described above, according to the present invention, strict authentication such as 2-channel authentication is performed in the case of the first use for a financial transaction terminal for performing on-line banking, and denial of a financial transaction is performed for a terminal that is not authenticated It is possible to prevent the occurrence of electronic financial accidents such as phishing.

In addition, it is possible to provide the advantages such as simplification of the financial transaction procedure and cost reduction for authentication by allowing the subsequent online financial transactions to be performed only with the minimum security authentication procedure for the terminal that has been authenticated, The present invention can provide a variety of advantages such as being able to register and manage criminal suspicious terminals separately and to prevent a more effective electronic financial crime.

The present invention is not limited to the above-described embodiments, and various changes, substitutions, and alterations can be made hereto without departing from the scope of the present invention. But the present invention is not limited thereto.

110: Online financial transaction server
120: User terminal
130: Database

Claims (6)

A method for approving a financial transaction through terminal authentication applied to an online financial transaction system,
A first step of real-time checking information of a terminal attempting an online financial transaction;
A second step of approving the on-line financial transaction if the terminal is a pre-registered terminal through authentication of the user as a result of the first step;
A third step of requesting the user for authentication if the terminal is not a terminal registered through authentication of the user as a result of the first step; And
And registering the terminal as the authentication terminal of the user and accepting the online financial transaction when the authentication information is inputted so as to correspond to the request of the third step.
The method according to claim 1,
And refusing the online financial transaction using the terminal if the authentication information corresponding to the request of the third step is not input.
3. The method of claim 2,
And if the authentication information corresponding to the request of the third step is not input, the terminal is registered as a criminal suspicion terminal and managed.
In an online financial transaction system,
A terminal attempting an online financial transaction; And
And an online financial transaction server for approving the online financial transaction to correspond to whether the terminal is a pre-registered terminal through authentication of the user,
Wherein the online financial transaction server approves the on-line financial transaction if the terminal is a terminal registered through authentication of the user, and if the terminal is not a terminal registered through authentication of the user, Wherein the terminal is authenticated by the terminal.
5. The method of claim 4,
Wherein the online financial transaction server rejects an online financial transaction using the terminal if authentication information corresponding to the request can not be input.
6. The method of claim 5,
Wherein the online financial transaction server registers and manages the terminal as a criminal suspicion terminal when the authentication information corresponding to the request can not be input.
KR1020150154090A 2015-11-03 2015-11-03 Method and system for financial transaction using certifying of terminal KR101847243B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150154090A KR101847243B1 (en) 2015-11-03 2015-11-03 Method and system for financial transaction using certifying of terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150154090A KR101847243B1 (en) 2015-11-03 2015-11-03 Method and system for financial transaction using certifying of terminal

Publications (2)

Publication Number Publication Date
KR20170052763A true KR20170052763A (en) 2017-05-15
KR101847243B1 KR101847243B1 (en) 2018-04-10

Family

ID=58739582

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150154090A KR101847243B1 (en) 2015-11-03 2015-11-03 Method and system for financial transaction using certifying of terminal

Country Status (1)

Country Link
KR (1) KR101847243B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109636503A (en) * 2018-11-06 2019-04-16 福建省辅城网络科技有限公司 It is a kind of to be traded based on social commodity customization commercial on line and deposit card method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100799250B1 (en) * 2007-10-29 2008-01-29 주식회사 파인디지털 Anti-theft system of digital apparatus, digital apparatus therefor

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109636503A (en) * 2018-11-06 2019-04-16 福建省辅城网络科技有限公司 It is a kind of to be traded based on social commodity customization commercial on line and deposit card method

Also Published As

Publication number Publication date
KR101847243B1 (en) 2018-04-10

Similar Documents

Publication Publication Date Title
US11172361B2 (en) System and method of notifying mobile devices to complete transactions
US8510797B2 (en) Online user authentication
US8302187B1 (en) System and method for preventing large-scale account lockout
US8180686B2 (en) Multi-step authentication-based electronic payment method using mobile terminal
US8281129B1 (en) Direct authentication system and method via trusted authenticators
US20120266227A1 (en) Verification and authentication systems and methods
JP2007514333A (en) System and method for risk-based authentication
US10735198B1 (en) Systems and methods for tokenized data delegation and protection
WO2014207615A1 (en) Financial account with group authorization
AU2015268106A1 (en) System and method for generating a location specific token
WO2015157424A1 (en) System for policy-managed secure authentication and secure authorization
Jawale et al. A security analysis on apple pay
US9177126B2 (en) System and method for human identity validation via a mobile device
US20110317824A1 (en) Anti-hacking system through telephone authentication
KR101847243B1 (en) Method and system for financial transaction using certifying of terminal
KR101697432B1 (en) Method for certifying of financial transaction using location information
US11341231B2 (en) Data security system for analyzing historical authentication entry attempts to identify misappropriation of security credential and enforce password change
US20210185036A1 (en) Secure authentication system
KR20070107896A (en) A phone-banking auto calling system and finance dealing method using the same
Smedinghoff The duty to verify identity: A critical component of privacy and security compliance
Di Resta The increase of SIM Swap Frauds and new risks on European costumers: Payment services and data protection in Italian law courts
KR20090019278A (en) Authentication system for electonic service using telephone network
Doeland How to keep payments safe and secure in a changing world
Ndunagu et al. Development of an enhanced mobile banking security: multifactor authentication approach
Kim Changes in the environment of electronic finance and its challenges-Focusing on the prospects and implications of changes in electronic finance

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
AMND Amendment
X701 Decision to grant (after re-examination)
GRNT Written decision to grant