KR20170072655A - Internet banking apparatus and method for enhanced security - Google Patents

Internet banking apparatus and method for enhanced security Download PDF

Info

Publication number
KR20170072655A
KR20170072655A KR1020150181089A KR20150181089A KR20170072655A KR 20170072655 A KR20170072655 A KR 20170072655A KR 1020150181089 A KR1020150181089 A KR 1020150181089A KR 20150181089 A KR20150181089 A KR 20150181089A KR 20170072655 A KR20170072655 A KR 20170072655A
Authority
KR
South Korea
Prior art keywords
user
financial institution
information
received
password
Prior art date
Application number
KR1020150181089A
Other languages
Korean (ko)
Inventor
조성우
Original Assignee
중소기업은행
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 중소기업은행 filed Critical 중소기업은행
Priority to KR1020150181089A priority Critical patent/KR20170072655A/en
Publication of KR20170072655A publication Critical patent/KR20170072655A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0723Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Economics (AREA)
  • Technology Law (AREA)
  • Marketing (AREA)
  • Development Economics (AREA)
  • Computer Hardware Design (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

According to an embodiment of the present invention, there is provided an information processing apparatus including an information receiving unit for receiving financial institution information and user information from a user terminal; Determining a financial institution and a user based on the received financial institution information and the received user information, and judging whether or not the identified financial institution and the user match each of the predetermined target financial institution and the target user respectively part; A storage unit for storing the authenticity discrimination value corresponding to the target financial institution and the target user; And an authenticity discrimination value transmitter for encrypting the authenticity discrimination value received from the storage unit and transmitting the authenticity discrimination value to the user terminal if the identified financial institution and the user coincide with the target financial institution and the target user respectively, .

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an Internet banking apparatus and method,

The present invention relates to an apparatus for enhancing Internet banking security and a method thereof, and more particularly, to an apparatus and method for enhancing Internet banking security capable of overcoming the limitations of existing general OTP and transaction-linked OTP.

As Internet banking and smart banking are becoming commonplace, the cyber criminal incidents that intend to focus only on Internet banking and smart banking users are rapidly increasing.

In order to minimize the risk of hacking that may occur when customers make transactions using Internet banking or automated devices, financial institutions must abolish the magnetic cards that have been in use for a long time, It is recommended to use OTP generator which is a password generator.

However, OTP generators are inconvenient to carry around separately, and are issued by most financial institutions for a fee. In recent years, it has become difficult to expect complete security in using Internet banking as an OTP generator through the practice of memory hacking .

As an alternative to overcoming the limitations of conventional OTP generators, a transaction-linked OTP generator has been introduced, but with a relatively large size compared to existing OTP generators, the OTP generator must be registered in the deposit account as well as the withdrawal account There are technical limitations to this.

Korean Patent Laid-Open Publication No. 2015-0075857

SUMMARY OF THE INVENTION The present invention provides an Internet banking security enhancement device and a method thereof for enabling a user to make a transfer transaction through Internet banking in a state in which security is secured at a level higher than that using an OTP generator without a separate portable device In order to solve the problem.

According to an aspect of the present invention, there is provided an apparatus for enhancing security of an Internet banking, including: an information receiver for receiving financial institution information and user information from a user terminal; Determining a financial institution and a user based on the received financial institution information and the received user information, and judging whether or not the identified financial institution and the user match each of the predetermined target financial institution and the target user respectively part; A storage unit for storing the authenticity discrimination value corresponding to the target financial institution and the target user; And an authenticity discrimination value transmitter for encrypting the authenticity discrimination value received from the storage unit and transmitting the authenticity discrimination value to the user terminal if the identified financial institution and the user coincide with the target financial institution and the target user, respectively.

The apparatus of claim 1, wherein the storage unit further stores a public certificate corresponding to the target financial institution and a target user, and the apparatus further comprises: a unit that receives the transfer information of the user corresponding to the authenticity determination value from the financial institution server A password comparison unit for comparing the received password with a preset password upon receiving a password for the authorized certificate from the user terminal; And a transaction approval message transmitter for transmitting a transaction approval message to the financial institution server when the received password matches a preset password.

In the above apparatus, the information receiving unit may receive the financial institution information and the user information from the user terminal through a near field communication (NFC) method.

According to another aspect of the present invention, there is provided an apparatus for enhancing security of an Internet banking including a personal information receiver for receiving personal information including a user ID and a password; A communication device search unit searching for a communication device including the personal information and the authorized certificate of the user within a predetermined range from the user terminal if the personal information matches the preset authentication information; A device storage information receiver for receiving the encrypted authenticity discrimination value from the searched communication device when the communication device including the information is searched; A user transaction request information receiver for transmitting the received authenticity discrimination value to a financial institution server and receiving user transaction request information corresponding to the authenticity discrimination value from the financial institution server; A password input message outputting a message for inputting the password of the authorized certificate to the user through a screen of the user terminal when the received user transaction request information is received from the user indicating that the received user transaction request information matches the transaction information requested by the user part; And a transaction approval message transmitter for transmitting a transaction approval message to the financial institution server when receiving a confirmation message that the password of the public certificate received from the user is valid from the communication device.

According to another aspect of the present invention, there is provided an Internet banking security enhancement method including receiving information on a financial institution and user information from a user terminal; Determining a financial institution and a user based on the received financial institution information and the received user information, and judging whether or not the identified financial institution and the user match each of the predetermined target financial institution and the target user respectively step; When the identified financial institution and the user coincide with the target financial institution and the target user, encrypts the authenticity discrimination value received from the storage unit storing the authenticity discrimination value corresponding to the target financial institution and the target user, The authenticity discrimination value sending unit.

Wherein the storage further stores a public certificate corresponding to the target financial institution and a target user, the method further comprising: receiving the transfer information of the user corresponding to the authenticity determination value from the financial institution server; A password comparing step of comparing the received password with a preset password upon receiving a password for the authorized certificate from the user terminal; And a transaction approval message transmission step of transmitting a transaction approval message to the financial institution server when the received password matches a predetermined password.

In the method, the information receiving step may receive the financial institution information and the user information from the user terminal through a near field communication (NFC) method.

According to another aspect of the present invention, there is provided a method for enhancing security of an Internet banking, including: receiving personal information including personal information including a user ID and a password; A communication device searching step of searching for a communication device including the personal information and the user's authorized certificate within a predetermined range from the user terminal if the personal information matches the preset authentication information; A device storage information receiving step of receiving an encrypted authenticity discrimination value from the searched communication device when a communication device including the information is searched; A user transaction request information receiving step of transmitting the received authenticity discrimination value to a financial institution server and receiving user transaction request information corresponding to the authenticity discrimination value from the financial institution server; A password input message outputting a message for inputting the password of the authorized certificate to the user through a screen of the user terminal when the received user transaction request information is received from the user indicating that the received user transaction request information matches the transaction information requested by the user step; And a transaction approval message transmission step of transmitting a transaction approval message to the financial institution server when receiving from the communication device a confirmation message that the password of the authorized certificate received from the user is valid.

The present invention can provide a computer-readable recording medium storing a program for implementing an Internet banking security enhancement method for solving the above-described technical problems.

According to the present invention, the authenticity discrimination value stored in the Internet banking security enhancing device is transferred to the financial institution server through the user terminal installed with the smart banking application of the financial institution or directly to the financial institution server without going through the user terminal, The financial institution server can grasp that a legitimate user is carrying out Internet banking with a user terminal and an Internet banking security enhancing device.

In addition, although the transaction-linked OTP generator currently available on the market has to input all the transaction information through the OTP generator keypad, according to the present invention, the user does not need to input the keypad, You can check it through the installed application.

FIG. 1 is a view schematically showing an Internet banking security enhancement system according to the present invention.
FIG. 2 is a schematic diagram of an example of an Internet banking security enforcement apparatus according to the present invention.
3 is a block diagram of an example of an Internet banking security enforcement apparatus according to the present invention.
4 is a block diagram of another example of an Internet banking security enforcement apparatus according to the present invention.
FIG. 5 is a flowchart illustrating an example of a method for enhancing Internet banking security according to the present invention.
FIG. 6 is a flowchart illustrating another method of enhancing Internet banking security according to the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The present invention is capable of various modifications and various embodiments, and specific embodiments are illustrated in the drawings and described in detail in the detailed description. The effects and features of the present invention and methods of achieving them will be apparent with reference to the embodiments described in detail below with reference to the drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings, wherein like reference numerals refer to like or corresponding components throughout the drawings, and a duplicate description thereof will be omitted .

In the following embodiments, the terms first, second, and the like are used for the purpose of distinguishing one element from another element, not the limitative meaning.

In the following examples, the singular forms "a", "an" and "the" include plural referents unless the context clearly dictates otherwise.

In the following embodiments, terms such as inclusive or possessed mean that a feature or element described in the specification is present, and does not exclude the possibility that one or more other features or components are added in advance.

If certain embodiments are otherwise feasible, the particular process sequence may be performed differently from the sequence described. For example, two processes that are described in succession may be performed substantially concurrently, and may be performed in the reverse order of the order described.

FIG. 1 is a view schematically showing an Internet banking security enhancement system according to the present invention.

1, the Internet banking security enhancement system 10 according to the present invention includes a computer 120 capable of Internet banking, an integrated circuit chip card 140 (hereinafter, OTP-IC card) having a disposable password generator, The intelligent hybrid terminal 160 and the financial institution server 180 are connected to each other through the wired / wireless communication networks 130, 150, and 170.

1, the user 110 is an entity that performs Internet banking by inputting inputs to a computer 120 capable of Internet banking, an OTP-IC card 140, and a multifunctional intelligent compound terminal 160. [ 1, the OTP-IC card 140 and the multifunctional intelligent hybrid terminal 160 are owned by the user 110.

The computer 120 capable of Internet banking refers to a computer placed in an environment capable of accessing the Internet through various wired / wireless communication networks and includes both a desktop computer and a notebook computer. The user 110 can use the Internet banking with the computer 120 capable of Internet banking. When the user 110 inputs remittance information (deposit account, deposit amount, withdrawal account, etc.) to the computer 120 capable of Internet banking, the remittance information inputted by the user is transmitted to the financial institution server 180 through the communication network . The financial institution server 180 waits while saving the remittance information inputted by the user until the user performs the following procedure using the OTP-IC card 140 and the multifunctional intelligent compound terminal 160. [

The OTP-IC card 140 is a card that the user 110 visits and receives from a financial institution. The OTP-IC card 140 contains a disposable password generator and stores various information for normally performing Internet banking on the IC chip. The OTP generator included in the OTP-IC card 140 is an OTP generator for generating a password in synchronization with the network time of the financial institution server.

The OTP-IC card 140 transmits information stored in the IC chip to the multifunctional intelligent hybrid terminal 160 when the multifunctional intelligent hybrid terminal 160 requests information through a local area network (not shown) To the institution server 180. The process of moving the information of the OTP-IC card will be described in detail with reference to FIG.

The multifunctional intelligent compound terminal 160 refers to various portable terminals, and includes various types of wired / wireless communication functions and includes a mechanical button and a touch panel so that the user can use smart banking. The multifunctional intelligent compound terminal 160 includes a display unit for outputting a smart banking procedure and a user can input smart information into the multifunctional intelligent compound terminal 160 through a user interface screen output through the display unit, have.

The user 110 installs an application capable of communicating with the financial institution server 180 through the communication network 170 to the multifunctional intelligent compound terminal 160 and uses the Internet banking security enhancement device according to the present invention to enhance security The Internet banking service can be performed.

The financial institution server 180 transmits and receives various information through the Internet 120 capable computer 120, the OTP-IC card 140 and the multifunctional intelligent hybrid terminal 160 and the communication networks 130, 150 and 170. The communication networks 130, 150, and 170 centering on the financial institution server 180 include various wired and wireless communication networks such as a general telephone network, a data network, and a mobile communication network.

The financial institution server 180 temporarily stores the information transmitted from the computer 120 capable of Internet banking, the OTP-IC card 140 and the multifunctional intelligent compound terminal 160, determines the authenticity or validity of the information, And transmits information corresponding to the information to each of the devices again.

Hereinafter, the multifunctional intelligent hybrid terminal 160 will be referred to as a user terminal for the sake of brevity.

FIG. 2 is a schematic diagram of an example of an Internet banking security enforcement apparatus according to the present invention.

Referring to FIG. 2, the Internet banking security enforcement apparatus 20 according to the present invention includes an IC chip 210, an OTP display unit 230, and an OTP generation unit 250. 1, the Internet banking security enhancing apparatus 20 shown in FIG. 2 is the same apparatus as the OTP-IC card 140 of FIG. 1, and is a general credit card or a check card It has a form.

First, the IC chip 210 stores various types of information necessary for Internet banking. The information stored in the IC chip 210 is transmitted to the user terminal or the financial institution server only when the user terminal requests it.

That is, the IC chip 210 includes a memory (not shown) for storing various information necessary for Internet banking, a communication unit (not shown) for receiving an information request signal from the user terminal, a memory (not shown) And a control unit (not shown) that transmits information to the user terminal or the financial institution server through a communication unit (not shown).

The OTP display unit 230 displays the one-time password generated by the OTP generation unit 250, which will be described later.

The OTP generation unit 250 generates a disposable password and outputs it to the OTP display unit 230 when the user inputs the input. More specifically, when the OTP generation unit 250 receives an input from a user, the OTP generation unit 250 communicates with a financial institution server to receive a cipher key for a one-time password that changes in units of one minute according to the time on the financial institution server, Key is decrypted to generate a one-time password, and then the one-time password is output through the OTP display unit 230. [

3 is a block diagram of an example of an Internet banking security enforcement apparatus according to the present invention.

3, the Internet banking security enhancement apparatus 300 according to the present invention includes an information receiving unit 310, an object determining unit 320, a storage unit 330, an authenticity determination value transmission unit 340, a password comparison unit 350 and a transaction approval message transmission unit 360. According to the embodiment, the information receiving unit 310, the authenticity determination value transmitting unit 340, and the transaction approval message transmitting unit 360 may be included in the communication unit (not shown), and the password comparison unit 350 and the transaction approval message transmission unit 360 ) May be omitted.

The information receiving unit 310 receives financial institution information and user information from the user terminal. 1, the financial institution information is information including a financial institution name set in advance so as to enable the Internet banking through the Internet banking security enhancing apparatus 300, and the user terminal is a multi- The information means information indicating who the user is.

As an alternative embodiment, the information receiver 310 may receive financial institution information and user information from a user terminal through a near field communication (NFC) method. In this alternative embodiment, the user terminal includes a configuration for activating the NFC function, and the Internet banking security enhancing device according to the present invention, which is implemented in the form of an IC card, incorporates an IC chip including an NFC function.

The target determining unit 320 determines the financial institution and the user based on the financial institution information and the user information, and determines whether the financial institution and the user match the predetermined target financial institution and the target user, respectively.

First, the target determining unit 320 analyzes the financial institution information and the user information received by the information receiving unit 310 to grasp the financial institution and the user, respectively. As an example of the information that can be grasped by the target determining unit 320, the target determining unit 320 determines whether the financial institution is Bank A, the name of the user is 'Hong Gil Dong', and the resident registration number of the user is '111111-1111111' .

Subsequently, the target determining unit 320 determines whether the financial institution and the user coincide with the predetermined target financial institution and the target user, respectively. Here, the target financial institution means a financial institution that compares the financial institution with the financial institution determined from the financial institution information to determine whether the target determining unit 320 matches the financial institution identified from the financial institution information. The target user is a user who compares the user with the user determined from the user information in order to determine whether the target determining unit 320 matches the user that is determined from the user information.

When the information receiving unit 310 receives the financial institution information and the user information and the financial institution and the user are identified, the target determining unit 320 stores the target financial institution and the target user for comparison with the identified financial institution and the user Or the target financial institution and the target user stored in the storage unit 330 to be described later can be received and compared with the financial institution and the user.

In other words, if the target financial institution and the target user are expressed differently, the target financial institution is a financial institution that receives the Internet banking security enhancement device according to the present invention and intends to conduct internet banking, The Internet banking security enforcement apparatus according to the present invention can be understood to mean a user having a legitimate right.

The storage unit 330 stores the authenticity discrimination value corresponding to the target financial institution and the target user. The authenticity discrimination value is a value that proves that information on an entry account, a deposit amount, and a withdrawal account in the Internet banking is inputted by a legitimate user. The authenticity discrimination value is a value set by the financial institution to correspond to the financial institution and the user at a ratio of 1: 1 when issuing the apparatus for enhancing Internet banking security to the user. The authenticity discrimination value is encrypted and stored in the storage unit 330, Authenticity discrimination value transmission unit 340 and transmitted to the user terminal or the financial institution server.

If the object determining unit 320 determines that the financial institution and the user identified from the financial institution information and the user information match the target financial institution and the target user, the authenticity determination value transmission unit 340 determines, based on the determination result, Receives the authenticity discrimination value from the storage unit 330, and transmits the authenticity discrimination value to the user terminal.

As an alternative embodiment, the authenticity discrimination value transmission unit 340 may be configured such that when the object judging unit 320 judges that the financial institution and the user grasped from the financial institution information and the user information coincide with the target financial institution and the target user respectively, The authenticity discrimination value from the storage unit 330, encrypts the authenticity discrimination value, and transmits the authenticity discrimination value to the financial institution server.

According to the present invention, the authenticity discrimination value stored in the Internet banking security enhancing device is transferred to the financial institution server through the user terminal installed with the smart banking application of the financial institution or directly to the financial institution server without going through the user terminal, The financial institution server can grasp that a legitimate user is carrying out Internet banking with a user terminal and an Internet banking security enhancing device.

As another alternative embodiment, the storage 330 may further store a public certificate corresponding to the target financial institution and the target user.

The Internet banking security enhancing apparatus according to this alternative embodiment may further include a password comparing unit 350, an authenticity determination unit 350, and an authenticity determination unit 350 in addition to the information receiving unit 310, the object determining unit 320, the storage unit 330, And a transaction approval message transmission unit 360.

The password comparison unit 350 compares the received password with the preset password when receiving the password for the authorized certificate from the user terminal that has received the transfer information (transfer information) of the user corresponding to the authenticity discrimination value from the financial institution server do.

First, in order to facilitate the description of the present alternative embodiment, a process of a user performing an Internet banking will be described in a time-series manner. The user turns on a computer capable of Internet banking, logs in to the Internet banking website of the financial institution, and inputs information on the deposit account, the deposit amount, and the withdrawal account. Here, the user may turn on the computer capable of Internet banking to login the website of the financial institution, and then, instead of inputting the transfer information, the user inputs information on the deposit account, the deposit amount, and the withdrawal account through the smart banking application installed in the user terminal .

Then, the financial institution server detects the fact that the user tries to make a transfer transaction through internet banking (smart banking) based on the user logging in the financial institution web site and inputting the transfer information.

The user executes the financial institution application of the user terminal, logs in, and receives the authenticity discrimination value from the authenticity discrimination value transmitter 340 according to the above description, and delivers the authenticity discrimination value to the financial institution server. The financial institution server already stores the user's transfer information, and also stores information about corresponding users for each authenticity discrimination value.

The financial institution server receives the authenticity discrimination value from the user terminal and the user according to the authenticity discrimination value inputs the transfer information through the computer (or the user terminal) capable of Internet banking, and the transfer information is already stored in the financial institution server . Then, the financial institution server transmits the transfer information of the user corresponding to the authenticity discrimination value to the user terminal.

Through the above-described process, the user can confirm the transfer information inputted by the user into the computer (or user terminal) capable of Internet banking through the user terminal. A user is an indication that the authenticity of the transaction content is confirmed through the user terminal and then confirmed the authenticity of the transaction content. The user inputs a specific input to the user terminal, touches the confirmation key, The confirmation number can be confirmed on the screen of the user terminal. Here, the transaction authenticity information is transmitted when the financial institution server transmits the transfer information of the user to the user terminal.

When a user inputs a transaction authenticity confirmation number into a computer capable of Internet banking (or a smart banking application input window of the user terminal) waiting for inputting transfer information, the financial institution server transmits the transaction authenticity confirmation number And transmits a message to the Internet banking-enabled computer and the user terminal to proceed to the next procedure for the transfer transaction, assuming that the Internet banking is performed by the authorized user.

In order to proceed with the transfer transaction, the user inputs a public certificate password to a computer or a user terminal capable of Internet banking. The password comparison unit 350 receives a password for a public certificate from a computer or a user terminal capable of Internet banking , It compares the received password with a predetermined password, and determines whether the two passwords match each other.

Here, the predetermined password is a password of a public certificate which can complete the digital signature through the public certificate, is stored in the password comparison unit 350 or stored in the storage unit 330, Lt; / RTI >

If the password comparison unit 350 determines that the password received by the password comparison unit 350 matches the preset password, the transaction approval message transmission unit 360 transmits a transaction approval message to the financial institution server. After receiving the transaction approval message, the financial institution server starts a transaction of transferring, from the withdrawal account of the user, the amount specified by the user to the deposit account in accordance with the contents of the transfer transaction requested by the user.

2, since the Internet banking security enforcement apparatus according to the present invention includes an OTP display unit and an OTP generation unit, a user must input a disposable password generated by the OTP generation unit when entering a public certificate password. That is, the apparatus of FIG. 3 includes an OTP communication unit for communicating with a financial institution server and performing synchronization according to an embodiment, an OTP generation unit for generating a one-time password by decrypting a cryptographic key received from a financial institution server, And an OTP display unit for displaying a password.

Since the OTP generator (OTP communication unit, OTP generating unit, OTP display unit) built in the Internet banking security enhancing device according to the present invention does not differ from the existing OTP unit in the method of generating the secret number in synchronization with the time on the financial institution server, A detailed description thereof will be omitted.

The conventional OTP generator has a disadvantage of carrying a separate OTP generator, and the card-type OTP generator which has improved the existing OTP generator has a possibility of illegal transfer transaction by the memory hacking method. In addition, in the case of a transaction-linked OTP generator in which the above-described OTP generator is improved, a one-time password for transaction details is generated through a keypad composed of a security token, which can enhance security. However, It is troublesome to register the deposit account as well as the withdrawal account in the OTP generator in advance.

According to the present invention, when the user conducts the transfer transaction to the Internet banking, since the authenticity of the transaction can be confirmed on the basis of the smart phone and the IC card owned by most users, It is not necessary to register an OTP generator for each deposit account, so that an Internet banking user can securely and conveniently conduct a transfer transaction.

4 is a block diagram of another example of an Internet banking security enforcement apparatus according to the present invention.

4, the Internet banking security enforcement apparatus 400 according to the present invention includes a personal information receiver 410, a communication device search unit 420, a device storage information receiver 430, a user transaction request information receiver 440, A password input message output unit 450, and a transaction approval message transmission unit 460.

The Internet banking security enhancing apparatus according to FIG. 4 may be included in the multifunctional intelligent hybrid terminal 160 of FIG. 1 or may be implemented as an application type of the multifunctional intelligent hybrid terminal 160. A description overlapping with those described in FIGS. 1 and 3 will be omitted.

The personal information receiving unit 410 receives personal information including a user ID and a password. If the personal information received by the personal information receiver 410 is identical to the preset authentication information, the communication device search unit 420 searches the communication device 300 including the personal information and the user's authorized certificate within a predetermined range from the user terminal . Here, the communication device is considered as an example of the Internet banking security enhancing apparatus 300 in FIG.

The device storage information receiving unit 430 receives the encrypted authenticity discrimination value from the communication device when the communication device searching unit 420 searches for the communication device within a predetermined range of the user terminal.

The user transaction request information receiver 440 transmits the authenticity discrimination value received by the device storage information receiver 430 to the financial institution server and receives user transaction request information corresponding to the authenticity discrimination value from the financial institution server. Here, the user transaction request information is regarded as the same as the transfer information (transfer information) of the user described above with reference to FIG.

When the password input message output unit 450 receives an input indicating that the user transaction request information matches the transaction information requested by the user, the password input message output unit 450 outputs a message to the user to input the password of the authorized certificate through the screen of the user terminal.

Finally, when the user inputs the password of the authorized certificate, the password is transmitted to the communication device, and the confirmation message indicating that the password of the authorized certificate entered by the user is valid is received from the communication device, Transmits a transaction approval message to the financial institution server.

In an alternative embodiment, if the communication device receiving the password of the valid authorized certificate is previously set up in such a manner as to transmit the transaction approval message to the financial institution server, the transaction approval message transmission unit 460 may be omitted in this alternative embodiment.

FIG. 5 is a flowchart illustrating an example of a method for enhancing Internet banking security according to the present invention.

The method for enhancing Internet banking security according to FIG. 5 can be realized by the Internet banking security enhancing apparatus according to FIG. 3, and thus a description overlapping with that of FIG. 3 will be omitted.

First, the information receiving unit receives financial institution information and user information from the user terminal (S510). The target determining unit determines the financial institution and the user from the financial institution information and the user information received in step S510, and determines whether the identified financial institution and the user match the predetermined target financial institution and the target user, respectively (S520) .

The authenticity discrimination value transmission unit transmits the authenticity discrimination value corresponding to the target financial institution and the target user to the user terminal (or the financial institution server) when the financial institution and the user judged by the judging unit match with the target financial institution and the target user respectively S530).

The password comparison unit receives the password for the authorized certificate from the user terminal that has received the transfer information (transfer information) of the user corresponding to the authenticity discrimination value from the financial institution server (S540), compares the received password with the preset password It is determined whether both passwords match (S550). Steps S540 and S550 may be performed on the premise that the authenticity discrimination value and the authorized certificate corresponding to the target financial institution and the target user are stored in the storage unit.

If the password comparison unit determines that the password received from the user terminal is identical to the predetermined password in step S550, the transaction approval message transmission unit transmits a transaction approval message to the financial institution server in step S560.

FIG. 6 is a flowchart illustrating another method of enhancing Internet banking security according to the present invention.

The method for enhancing Internet banking security according to FIG. 6 can be implemented by the Internet banking security enhancing apparatus described with reference to FIG. 4, and thus a description overlapping with that described in FIG. 4 will be omitted.

The information receiving unit receives the personal information including the user's ID and the password from the user (S610). The communication device search unit determines whether the personal information of the user received in step S610 is identical to the preset authentication information (S620).

If the communication device search unit determines in step S620 that the user's personal information matches the predetermined authentication information, the communication device searching unit searches the communication device including the user's personal information and the user's authorized certificate within the predetermined setting range from the user terminal (S630 ).

If the communication device search unit searches for a communication device existing within a predetermined range from the user terminal in step S640, the device storage information receiving unit receives the authenticity discrimination value from the communication device in step S650.

The user transaction request information receiving unit transmits the authenticity discrimination value received by the device storage information receiving unit to the financial institution server and receives user transaction request information corresponding to the authenticity discrimination value from the financial institution server in operation S660.

The password input message output unit receives a message from the user that the user transaction request information received by the user transaction request information receiving unit matches the transfer transaction information requested by the user in step S660 and transmits a message to the user to input the password of the authorized certificate into the user terminal (S670).

Upon receipt from the communication device, the transaction approval message transmission unit transmits a transaction approval message to the financial institution server (S680). If the communication device is set to send a transaction approval message directly to the financial institution server, step S680 may be omitted according to the embodiment.

The embodiments of the present invention described above can be embodied in the form of a computer program that can be executed on various components on a computer, and the computer program can be recorded on a computer-readable medium. At this time, the medium may be a magnetic medium such as a hard disk, a floppy disk and a magnetic tape, an optical recording medium such as CD-ROM and DVD, a magneto-optical medium such as a floptical disk, , A RAM, a flash memory, and the like, which are specifically configured to store and execute program instructions. Further, the medium may include an intangible medium that is implemented in a form that can be transmitted over a network, and may be, for example, a medium in the form of software or an application, which can be transmitted and distributed through a network.

Meanwhile, the computer program may be specifically designed and configured for the present invention or may be known and used by those skilled in the computer software field. Examples of computer programs may include machine language code such as those produced by a compiler, as well as high-level language code that may be executed by a computer using an interpreter or the like.

The specific acts described in the present invention are, by way of example, not intended to limit the scope of the invention in any way. For brevity of description, descriptions of conventional electronic configurations, control systems, software, and other functional aspects of such systems may be omitted. Also, the connections or connecting members of the lines between the components shown in the figures are illustrative of functional connections and / or physical or circuit connections, which may be replaced or additionally provided by a variety of functional connections, physical Connection, or circuit connections. Also, unless explicitly mentioned, such as " essential ", " importantly ", etc., it may not be a necessary component for application of the present invention.

The use of the terms " above " and similar indication words in the specification of the present invention (particularly in the claims) may refer to both singular and plural. In addition, in the present invention, when a range is described, it includes the invention to which the individual values belonging to the above range are applied (unless there is contradiction thereto), and each individual value constituting the above range is described in the detailed description of the invention The same. Finally, the steps may be performed in any suitable order, unless explicitly stated or contrary to the description of the steps constituting the method according to the invention. The present invention is not necessarily limited to the order of description of the above steps. The use of all examples or exemplary language (e.g., etc.) in this invention is for the purpose of describing the present invention only in detail and is not to be limited by the scope of the claims, It is not. It will also be appreciated by those skilled in the art that various modifications, combinations, and alterations may be made depending on design criteria and factors within the scope of the appended claims or equivalents thereof.

Claims (9)

An information receiver for receiving financial institution information and user information from a user terminal;
Determining a financial institution and a user based on the received financial institution information and the received user information, and judging whether or not the identified financial institution and the user match each of the predetermined target financial institution and the target user respectively part;
A storage unit for storing the authenticity discrimination value corresponding to the target financial institution and the target user;
And an authenticity discrimination value transmitter for encrypting the authenticity discrimination value received from the storage unit and transmitting the authenticity discrimination value to the user terminal if the identified financial institution and the user coincide with the target financial institution and the target user respectively, . The method according to claim 1,
Wherein,
Further storing an authorized certificate corresponding to the target financial institution and the target user,
The apparatus comprises:
A password comparing unit comparing the received password with a preset password upon receiving a password for the authorized certificate from the user terminal that has received the user's transfer information corresponding to the authenticity discrimination value from the financial institution server; And
And a transaction approval message transmitter for transmitting a transaction approval message to the financial institution server when the received password matches the predetermined password. The method according to claim 1,
Wherein the information receiver comprises:
Wherein the financial institution information and the user information are received from the user terminal through a near field communication (NFC) method. A personal information receiving unit for receiving personal information including a user ID and a password;
A communication device search unit searching for a communication device including the personal information and the authorized certificate of the user within a predetermined range from the user terminal if the personal information matches the preset authentication information;
A device storage information receiver for receiving the encrypted authenticity discrimination value from the searched communication device when the communication device including the information is searched;
A user transaction request information receiver for transmitting the received authenticity discrimination value to a financial institution server and receiving user transaction request information corresponding to the authenticity discrimination value from the financial institution server;
A password input message outputting a message for inputting the password of the authorized certificate to the user through a screen of the user terminal when the received user transaction request information is received from the user indicating that the received user transaction request information matches the transaction information requested by the user part; And
And a transaction approval message transmitter for transmitting a transaction approval message to the financial institution server when the confirmation message is received from the communication device that the password of the public certificate received from the user is valid. An information receiving step of receiving financial institution information and user information from a user terminal;
Determining a financial institution and a user based on the received financial institution information and the received user information, and judging whether or not the identified financial institution and the user match each of the predetermined target financial institution and the target user respectively step;
When the identified financial institution and the user coincide with the target financial institution and the target user, encrypts the authenticity discrimination value received from the storage unit storing the authenticity discrimination value corresponding to the target financial institution and the target user, And an authenticity discrimination value transmitter for transmitting the authenticity discrimination value to the Internet. 6. The method of claim 5,
Wherein,
Further storing an authorized certificate corresponding to the target financial institution and the target user,
The method comprises:
A password comparison step of comparing the received password with a preset password upon receiving a password for the authorized certificate from the user terminal that has received the user transfer information corresponding to the authenticity discrimination value from the financial institution server; And
And a transaction approval message transmission step of transmitting a transaction approval message to the financial institution server when the received password matches the predetermined password. 6. The method of claim 5,
The information receiving step includes:
Wherein the financial institution information and the user information are received from the user terminal through a NFC (Near Field Communication) method. A personal information receiving step of receiving personal information including a user's ID and a password;
A communication device searching step of searching for a communication device including the personal information and the user's authorized certificate within a predetermined range from the user terminal if the personal information matches the preset authentication information;
A device storage information receiving step of receiving an encrypted authenticity discrimination value from the searched communication device when a communication device including the information is searched;
A user transaction request information receiving step of transmitting the received authenticity discrimination value to a financial institution server and receiving user transaction request information corresponding to the authenticity discrimination value from the financial institution server;
A password input message outputting a message for inputting the password of the authorized certificate to the user through a screen of the user terminal when the received user transaction request information is received from the user indicating that the received user transaction request information matches the transaction information requested by the user step; And
And a transaction approval message transmission step of transmitting a transaction approval message to the financial institution server when receiving from the communication device a confirmation message that the password of the authorized certificate received from the user is valid. A computer-readable recording medium storing a program for executing the method according to any one of claims 5 to 8.
KR1020150181089A 2015-12-17 2015-12-17 Internet banking apparatus and method for enhanced security KR20170072655A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150181089A KR20170072655A (en) 2015-12-17 2015-12-17 Internet banking apparatus and method for enhanced security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150181089A KR20170072655A (en) 2015-12-17 2015-12-17 Internet banking apparatus and method for enhanced security

Publications (1)

Publication Number Publication Date
KR20170072655A true KR20170072655A (en) 2017-06-27

Family

ID=59514714

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150181089A KR20170072655A (en) 2015-12-17 2015-12-17 Internet banking apparatus and method for enhanced security

Country Status (1)

Country Link
KR (1) KR20170072655A (en)

Similar Documents

Publication Publication Date Title
CN106875173B (en) Method for authenticating transaction
US9813236B2 (en) Multi-factor authentication using a smartcard
KR102382492B1 (en) Method, system, and apparatus for payment authorization and payment by a wearable device
EP3138265B1 (en) Enhanced security for registration of authentication devices
CN108810021B (en) Query system and method for determining verification function
US8132243B2 (en) Extended one-time password method and apparatus
US20110185181A1 (en) Network authentication method and device for implementing the same
EP3535724A1 (en) Verifying an association between a communication device and a user
EP2569692A1 (en) One-time use password systems and methods
KR20130107188A (en) Server and method for authentication using sound code
KR20120078333A (en) Method and system for providing financial service
KR101609274B1 (en) Smart card, smart authentication server and smart card authentication method
US20210073813A1 (en) A system and method for processing a transaction
JP2011134332A (en) Authentication device using human body communication, portable device equipped with authentication function using human body communication, and authentication method using human body communication
KR101001400B1 (en) Online mutual authentication method and system thereof
KR101388930B1 (en) Divided signature based user authentication apparatus and method
KR20150106198A (en) Method, server and device for certification
KR20110002968A (en) Method and system for providing financial trading service by using biometrics and portable memory unit therefor
KR20150050280A (en) Authentication method using fingerprint information and certification number, user terminal and financial institution server
KR101388935B1 (en) Two channel based user authentication apparatus and method
KR101856530B1 (en) Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof
US11880840B2 (en) Method for carrying out a transaction, corresponding terminal, server and computer program
CN104113417A (en) Dynamic password identity authentication method and system based on near field communication (NFC)
KR20110002967A (en) Method and system for providing authentication service by using biometrics and portable memory unit therefor
KR20180037168A (en) Cross authentication method and system using one time password

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application