RU2776594C2 - Method for increasing safety of operations related to access to user account, performed by user in remote access mode (options) - Google Patents

Abstract

FIELD: computer technology.

SUBSTANCE: method for increasing the safety of operations related to the access to a user account, performed by a user in a remote access mode, consists in transmission by a user of a request for action performance to an action implementation center, in sending by the action implementation center via a channel, by which the request came, a confirmation for user identification, and, when receiving from a terminal a confirmation, performance of the action specified in the request by the action implementation center. In this case, the user is equipped with a separate communication device with possibility of communication with the specified center via a separate channel made with the possibility of issuing via this channel a signal corresponding to an action performance prohibition. The center for implementation of an action related to a user account, when receiving from the terminal a request for action, sends to the user a signal on the received request and, when receiving during set time for waiting a response signal from this device on the action performance prohibition, blocks the specified request.

EFFECT: increase in the safety of operations performed by a user in a remote access mode.

2 cl

Description

The present invention relates to complex security systems that allow users to remotely perform an emergency blocking of access to his account or suspend an electronic digital signature (EDS) when it is performed, including a banking operation of transferring funds from an account, including cases of suppressing unauthorized actions performed by third parties with the user's account or data without his knowledge.

Users are constantly faced with the need to go through authorization procedures on various resources to use e-mail, personal account, social networks, perform various types of banking transactions, payments via the Internet, cryptocurrency transactions, which is especially important, using secret data of bank cards and EDS . The scope of the scope of procedures for identification, authentication with subsequent authorization of users is quite wide. At the same time, in the framework of this application, the term "account" means a set of data about a user stored in any computer system that is necessary to identify (authenticate) him and provide access to his personal data and settings or to perform other actions in a remote communication mode (often the term "acc" or "account" or "account" is used as a synonym .

Currently, all systems operating in the remote communication mode, including banking or requiring authentication of the identity by passwords or code words / numbers, etc., use mobile communication devices worn by users / owners as a communication tool, through which you can obtain additional information about the owner or obtain permission from him to carry out the action. The use of such a mobile communication tool is due to the fact that these tools (phones with the function of receiving and sending CMC messages) entered the everyday life of users long before the advent of computerized banking control systems. The first computerized banking systems did not control the reliability of banking operations in terms of the authorization of its owner to write off funds or to carry out any personalized action. To exclude fraud and accurately identify the user or the person conducting the operation / action, there were quite a lot of complex and inconvenient-to-use systems on the market aimed at ensuring the security of operations performed by the user in remote access mode related to access to the user account.

So, for example, one of such systems is a subscriber identification system in a mobile communication network, which contains an identification data block with software that provides registration and in which identification data and information from an identity document are entered. To do this, the user receives a photo image of the document. Based on the obtained photo image of the document, a check is made that a genuine document is presented, and textual information from the document and the photo image of the owner presented in the document are recognized. The block contains information about the person conducting the registration. To do this, the user receives his video image using the capture module, then, using the received video image of the user, it is checked that a real person is located in front of the capture module. One frame is selected from the frames of the video image or a photo image with the user is generated, the one that is most suitable for comparison with the photo image from the document. Then, the photo image of the user from the document and the photo image of the user from the video image are compared. Registration is possible only if the specified photographs depict the same person. Then enter information about the signature of the user. To do this, the user acts on the touch screen, signing on the front surface of the screen with a finger or stylus. After the receiving-transmitting unit sends the signal corresponding to the received specified information to the corresponding devices of the operator, the registration is considered completed, and it becomes possible to use the mobile communication device (RU 188800, G06F 21/31, G06K 9/62, G06K 9/78. publ. 23.04. 2019).

As you can see, such a system is extremely inconvenient for the user, since when performing actions with an account, one has to repeat the entire technical part of the identity verification procedure by comparing the user's photo in the database and the user's photo sent by the user at the present real time. It takes a lot of time and, in addition, it is necessary that the person in the photo available in the system matches the angle and general external features with the new photo. Or vice versa. Comparison of personalities in photographs is based on the coincidence of control points. And in case of unsuccessful shooting by angle or when the appearance changes (for example, after cosmetic procedures or for age-related reasons or as a result of a disease), the system algorithm may not recognize the user. In addition, a well-known system compares photos regardless of who sent them. An attacker can take a photo of the "object" and send this photo as his portrait to the system. In any case, such a security system in the implementation of actions due to the need to spend time is considered inconvenient and therefore ineffective.

The appearance of fraud in this area has led to the fact that one of the world's financial systems, namely VISA (the world banking system based on settlements in dollars as the base currency against which all settlements take place) has created a software product called the system "Verified-by -Visa", which for the first time introduced control over payment verification by sending a CMC message with a digital code to the owner of the card or account to confirm it and send confirmation to the banking system. Since the banking systems of different banks and in different countries have a connection with each other (for international transfers), all banking systems automatically switched to this product and introduced the option of sending CMC messages with its subsequent confirmation. CMC messages are sent to mobile phones as the only universal tool that almost everyone has (article "How to cancel a transaction on a bank card", posted online on the Internet on the website "Home Credit People" at: https://hcpeople.ru/bankovskie-karty-kak-cancel-operaciuy/).

Thus, a system for initializing banking transactions without the use of POS terminals is known, including a “Buyer's” smartphone with the function of receiving and transmitting SMS messages, connected via mobile communication channels to the “Buyer's” issuing bank and acquiring banks of the banking system, the “Buyer's” bank card ”, the smartphone of the “Seller” with the function of receiving and transmitting SMS messages, connected via wireless Internet channels and mobile communication channels with the issuing bank of the “Seller” and acquiring banks of the banking system, with the function of POS-terminal emulation, with the function of implementing contactless "EMV Contactless" technology and/or with the function of implementing the "E-Commerce" technology, containing a built-in NFC chip, a camera with an image scanning function, an interface for data entry, while issuing banks and acquiring banks are interconnected via Internet channels (RU 2642360, G06Q 20/00, published on January 24, 2018).

This system allows you to use the smartphone of the "Seller", connected via wireless Internet channels and mobile communication channels with the banking system. At the same time, the system necessarily includes the installation of a program that emulates a POS terminal in the Seller’s smartphone, a one-time registration of the emulated POS terminal in the Seller’s issuing bank, and the use of EMV Contactless contactless technology in the Seller’s smartphone. A banking transaction is initiated using NFC wireless technology by presenting the Buyer's bank card with a chip to the Seller's smartphone equipped with an NFC chip to read data from the Buyer's bank card, and/or using the E-Commerce technology. At the moment of presenting the card, the bank transaction is initiated by scanning the data located on the front side of the Buyer's bank card with the camera of the Seller's smartphone and/or by manually entering data about the Buyer's bank card into the Seller's smartphone using the interface of the program that emulates POS-terminal in the smartphone of the "Seller", entering data on the banking transaction, confirming the transaction via an SMS password sent to the smartphone of the "Buyer" from the issuing bank of the "Buyer", conducting a banking transaction, sending SMS messages by the issuing bank of the "Seller" to the smartphone of the "Seller" about the transaction, the transmission of SMS messages by the issuing bank of the "Buyer" to the smartphone of the "Buyer" about the transaction.

Also known is a method for implementing an electronic payment turnover using a mobile terminal, in particular a mobile phone, including the following steps:

- transferring the payment request from the mobile terminal to the payment center,

- transferring the desired payment parameters from the mobile terminal to the payment center,

- assigning an individual transaction code or authorization code for each payment procedure,

- transmission of the assigned transaction code or authorization code to the mobile terminal and/or the payment addressee (RU 2273049, G06Q 30/00, published on February 10, 2005).

This decision was made as a prototype.

The well-known system of today's level presented for analysis clearly shows that the security function from unauthorized access to personal data (which, in fact, is an unauthorized write-off of money from the user's card) is built on the verification of the person performing the action by sending him to his phone (the phone number of which is entered in the bank record) CMC messages with a digital code to confirm it and return the digital confirmation code to the banking system.

The use of mobile phones and CMC messages as a software tool for confirming the validity of an operation/action from the owner has become widespread, and today this technique is used in a wide variety of computerized systems that work remotely with subscribers/users.

Such a widespread use of the CMC message as an element of authentication or validity is due to the ease of implementation of this technique in existing systems for any purpose. In addition, during the implementation of the "Verified-by-Visa" system, it was proved and publicly announced that the risk of using data on a plastic card and at the same time the mobile phone of the owner of this card by intruders is reduced to almost zero. In this regard, banking systems that use this simple and very reliable verification are not legally liable for unauthorized transfers of funds due to the simultaneous loss of a card (or disclosure of card data) and a mobile phone. The publicly announced principle of lack of responsibility, as it were, opened the "gates" for the introduction of this technique everywhere.

For the expanded and ramified computerized systems already on the market or in the social infrastructure that work with user identification data, the question of changing this system or introducing cardinal improvements to it is unacceptable. Therefore, the developers of innovations follow the principle of supplementing such systems with new options that do not affect the root part of the system itself.

An analysis of the reviewed domestic and foreign patents for computerized systems with the function of confirming the reliability of an operation or action has shown that, in principle, all these systems are built using the CMC confirmation function, as a result of recent advances in the field of transaction security.

The principle of security, based on the fact that the mobile phone and bank card is always in the hands of the owner, is adopted as a postulate of security solely on the basis of the user's common sense. If a bank card is sold at a terminal or at the checkout of a shopping center or funds are transferred using a bank card, then the transfer will take place only when the bank receives a digital code confirming the transfer, regardless of who received this code and who sent it. It is this moment that is the weak link in the well-known transaction security system. Fraud is especially common when making payments in various online trading platforms. On such sites, it is enough to enter the data of a bank card and have the phone number of the owner of this card, or to build a message forwarding program into this phone.

And now the so-called contactless payment option is widely promoted, which is considered a simplified payment process with confirmation of CMC messages. This procedure was made possible thanks to NFC technology. The owner of a bank card can only install a specialized application on a mobile phone. After that, you can make payments. Contactless payment options mean payment for goods with a bank card without installation in the reader. It is enough to bring a "credit card" at a distance of 10 cm from the terminal and the amount corresponding to the purchase will be debited from the account. If the check is less than a certain amount set as a limit limit, then you do not need to enter a pin code. In this case, it is considered that sending a transfer from the phone is simultaneously considered a confirmation of the digital code for the permission of such a payment. Thanks to NFC technology, users can pay with a phone, watch or wristband that has an NFC chip embedded in it.

Such a simplified system, for example, was developed by JSC Sberbank for smartphones with a built-in NFC module and the Android operating system version 4.4 or higher: To make transactions, you need to connect the Google Pay service in the Sberbank Online mobile application. The smartphone does not store the Sberbank card number. To pay, you need to unlock the screen of your smartphone and bring it to the terminal that accepts contactless payment. Upon completion of the transfer, the inscription “Done” appears on the screen and a sound signal sounds - the payment has been successfully completed. The owner of the credit card needs to put a finger on the fingerprint scanner on the smartphone or enter a PIN code. After that, the phone will receive a notification about the withdrawal of funds. The use of an NFC chip is characterized by a high degree of security, since for successful payment it must be at a minimum distance from the terminal. In order for the payment to go through correctly, it is advisable to select the application for payments by default in the phone settings. It is the "default" conditions that allow fraudsters to use a stolen phone as a mechanism for transferring money from a user's account. At the same time, from the moment the phone is lost to the discovery of this act, sometimes a lot of time passes, which is quite enough to withdraw at least part of the money from the user's account. If the phone uses a fingerprint instead of a PIN code option, then there are more than enough such fingerprints on the phone case and it is not difficult to make a cast of this fingerprint.

Fraud as a misdemeanor is based on purely human factors. For example, a user lost a wallet with a bank card or forgot a phone with card data or an NFC chip built in. It is the lack of concentration, forgetfulness and inattention of the user that creates the ground for scammers.

As a result, we can conclude that today there are practically no absolutely protected and secure systems for transactions or systems containing access to a user account. If we are talking about security, then it is rather a category of conditional security, as it is based on the careful and accurate execution of the necessary actions both on the part of the user and on the part of the system containing the user's personal information.

Patents for the use of separate communication means, for which the owner receives separately allocated information about the action being taken in relation to his property or means, have not been identified.

The present invention is aimed at achieving a technical result, which consists in improving the security of operations performed by the user in remote access mode related to access to the user account due to remote suppression, in case of emergency, of the result of the action performed from the received signal from one appropriate source by the control signal from another source its emergency cancellation, which is a priority.

The specified technical result is achieved by the fact that in the method for improving the security of operations performed by the user in remote access mode related to access to the user account, which consists in the user sending a request to perform an action from a mobile or stationary terminal to the center for performing actions associated with the user account , and upon receipt by this center from this terminal of confirmation to perform the action, the action specified in the request is carried out, the user is equipped with a separate communication tool with a processor and an autonomous power source that has the ability to communicate with the specified center and is configured to implement the function of issuing a signal on this channel about prohibition of the action or permission to perform the action, and the center for performing the action associated with the user account, upon receiving an action request from a mobile or stationary terminal, sends the user i on the communication tool, a signal about the incoming request and upon receipt of a response signal from this tool about the prohibition of the action within a specified waiting time, blocks the specified request, and the signal coming from the communication tool to this center is a priority within the specified waiting time.

The specified technical result is also achieved by the fact that in the method for improving the security of operations performed by the user in the remote access mode related to access to the user account, which consists in the user sending a payment request from a mobile or stationary terminal to the payment center indicating the payment parameters, and when the payment center receives confirmation from this user terminal for making the payment, the specified payment is made, the user is equipped with a separate communication tool with a processor and an autonomous power source that can communicate with the payment center and is configured to implement the function of issuing a prohibition signal via this channel making a payment or on permission to make a payment, and the payment center, upon receiving a payment request from a mobile or stationary terminal, sends a signal to the user on the communication tool about the incoming payment request and upon receipt within a specified waiting time of a response signal from this means of prohibition of making a payment, it blocks the specified request, and the signal coming from the communication tool to the payment center is a priority within the specified waiting time.

At the same time, to confirm the payment, a digital PIN code is sent to the payment center.

The specified technical result is also achieved by the fact that in the method for improving the security of operations performed by the user in the remote access mode related to access to the user account, which consists in the user sending a payment request from a mobile or stationary terminal to the payment center indicating the payment parameters, assigning by the payment center for each payment procedure of an individual transaction code or authorization code and its transmission to the user, and upon receipt by the payment center from this user terminal of the individual transaction code or authorization code transmitted to the payment center, the specified payment is made, the user is equipped with a separate communication tool with a processor and an autonomous power source having the ability to communicate with the payment center and which is configured to implement the function of issuing a signal on the prohibition of payment via this channel. payment processing or permission to make a payment, and the payment center, upon receiving a payment request from a mobile terminal, sends a signal to the user to the communication device about the received payment request, and upon receiving a response signal from this device about the prohibition of making a payment within a specified waiting time, blocks the specified request, and the signal coming from the communication means to the payment center is a priority within the specified waiting time.

The security of making an erroneous or malicious transfer (payment) is based on the maintenance of additional functionality for its emergency cancellation by a separate tool. At the same time, a time delay is introduced into the connection, allowing the owner to assess the situation and make a decision to prohibit the operation, and the credit institution either to block the transfer or return the funds to the owner’s account within a short time after the erroneous transfer of money if such a user error occurs or fraudulent activities of intruders.

These features are essential and are interconnected with the formation of a stable set of essential features sufficient to obtain the desired technical result.

According to the present invention, a new method for improving the security of operations performed by a user in remote access mode related to access to a user account is considered. Any form of participation or presence of a user in computerized networks and systems, especially those that operate in the mode of remote access to the server/frames and provide the output of information or the performance of operations on a remote request, is based on the creation of a user account and on providing access to this record both from the side of the user (for the purpose of identifying himself) and from the side of the server making the request (for the purpose of identifying the user who sent the request and establishing whether he has the right to this operation). Therefore, an "account" is a set of data about a user stored in any computer system that is necessary to identify (authenticate) him and provide access to his personal data and settings or to perform other actions in remote communication mode. At the same time, the presence of an account does not depend on the type or type of functionality of the computerized system itself. These can be banking systems, subscriber systems, working production systems and any other systems in which a separate personalized page is allocated for each user with his personal identification data and his legal capabilities in terms of obtaining information or performing certain significant actions.

As a rule, all these types and types of computerized systems have security features built into the system to prevent unauthorized use of the personal data of one user by another user in the structure of such a computerized system - the center of action at the request of the user.

In general, in such systems, increasing the security of operations performed by the user in the remote access mode related to access to the user's account lies in the fact that when the user sends a request from a mobile or stationary terminal to perform an action to the center for performing actions associated with the account user, this center waits for a predetermined set period of time on the same channel through which the request was received, from this terminal confirmation to perform the action is carried out the action specified in the request. Such confirmation may be the introduction of a password or a code word or a PIN code, or a fingerprint or retinal scan. And only when such confirmation is received, the system executes the requested request within the authority of the user on whose behalf the account was accessed.

The considered example is a typical variant of information computerized systems with limited access to the information contained in it. At the same time, such systems do not identify the real person making the request. The algorithm for building such a system in terms of security and targeted issuance of information is based, in the vast majority, on the only parameter that allows you to get the requested information - entering a password, the value of which for each user is in the system itself. This allows anyone who knows someone else's password to log in under a name other than their own and gain unauthorized information or access to files. In such systems, security is based on the responsible attitude of the user to his password and on the provision of secrecy by the user himself when entering it into the system.

In the framework of the present invention, it is proposed for any computerized systems that allow remote communication to conduct sessions that affect access to a particular user's account, to form a separate communication channel of the system with this particular user, which notifies the user of an event and waits for a response within a specified period of time. reactions to this event: receiving a signal about the prohibition of the appeal or about the permission of access to this account. This will significantly increase security and exclude unauthorized access to the system according to the information access algorithm installed in this system. Naturally, such a channel does not mean the use of a mobile (cellular) telephone, through which the user can be requested to send a response digital code as a signal allowing access.

For this purpose, the user is equipped with a separate autonomous communication tool (CS) with a processor and an autonomous power source, which is capable of providing a remote connection in the range of the voice frequency channel with the transceiver part of the computerized system. Such a connection is necessary to communicate with the specified control center and perform an action in the system and to implement the function of issuing a signal on this channel to prohibit the action or to allow the action to be performed. The center for carrying out an action associated with a user account, upon receiving a request for action from a mobile or stationary terminal, must send a signal to the user to the CS about the incoming request, and upon receiving a response signal from this tool about the prohibition of the action within a specified waiting time, it blocks the specified request.

What is essential in this exchange process is that the system sends a signal to the user via a separate channel that is not associated with the channel through which the action request passes, and therefore this signal is not controlled by the attacker (to control this signal, the attacker must have the user's CS with him). Another feature in this exchange process is that the signal coming from the CS to the system (this center) within the specified waiting time is a priority in relation to the signal, which is a request, and the signal, which is permission to execute the request (in relation to the code word or PIN).

The specified CS is made with a processor and an autonomous power source and has a transceiver part for exchanging signals with the system, the function of which is to maintain user accounts. The CS operating system or a software application in this operating system is configured to display the corresponding menu on the CS display or CS monitor and has at least two controllable keys or touch fields, one of which is designed to transmit a signal to the system confirming permission to access the account , and the other - to transmit a signal that prohibits this action.

Thus, when the system receives a request to perform an action that requires the involvement of information from the account of a specific user, the system puts this signal into standby mode for a while and is not sent for execution. At the same time, the control signal leaves the system CS, on the screen/display of which the corresponding information about the action performed by the system is reflected (date, time of receipt of the request and, possibly, an indication of the source of this request or the signal corresponding to the request, etc.). and also the countdown of time begins, during which the owner of this CS must make decisions on the type of "allow / not allow" and press the corresponding button/key or on the corresponding touch field. When a permissive signal is received from the CS to the source of the request signal (to the system), the standby mode is removed and the control signal enters the system for the execution of the priority signal. When a deny signal is received, the corresponding request is blocked and the system remains in access denied.

To enhance the security mode of the system, a function of periodically changing the code of the signal to be transmitted to the CS or the code of the signal with which the response from the CS should enter the system can be provided. In this case, between the system and the CS, the function of interchanging recoded signals according to a random time law can be implemented. It is also possible that such a recoding of the communication signals is carried out immediately at the moment of receipt of a signal that allows/prohibits the action with the request.

By design, a communication tool with a processor and an autonomous power source, as well as one with the function of receiving and transmitting radio signals in remote communication mode (via satellite or via repeaters) can be an analogue of a mobile phone that does not have access to telephone number lines.

As an option, in hardware, this CS, as a reference example, includes a detachable housing (as a possible implementation example), on one half of which a screen or monitor is displayed - an LCD matrix on thin film transistors (Thin Film Transistor), matrix model - GL080001T0- 50v1. Nearby, on this half of the body, a 3.7V Li-polymer lithium battery with a capacity of 3000 mAh is fixed. The battery has a built-in charge/discharge controller with a built-in charge/discharge controller. In the center of the printed circuit board (located on the second half of the case), a single-core processor is installed - ALLWENNER TECH A13 (1GHz), next to it is an 8-pin microcircuit in the SO8 package - this is PCF8563T (8563T) - a real time clock (RTC) with a built-in calendar, next to the chip ( CF227) is a 24 MHz quartz resonator and oscillator chip. The touchscreen is controlled by the FT5306DE4 chip - a capacitive touch panel controller. This controller is used to work with touch panels from 4.3" to 7". The FT5306DE4 communicates with the main processor via the I ² C or SPI interface. There may also be such elements as a vibration motor, a miniature speaker, an SD card slot, a USB cable connector, a headphone output, a power connector. RAM (random access memory) means - one or two H5TQ2G83CFR DDR3 SDRAM-memory chips of 2Gb (2 gigabit) each. It may also be present in the minimum hardware configuration option to be present to boot a local specialized OS instead of a DOM hard disk (DiskOnModule) [a module with an IDE connector, flash memory and a chip that implements the logic of a conventional hard disk - it is defined in the BIOS as a regular hard disk, only the size it is usually 2-3 times less].

The considered typical computerized system functions as follows. Using a mobile terminal (for example, a mobile phone or tablet) or a fixed terminal, person A issues a request to perform a certain action that requires identification of the person who made the request. That is, we are talking about the need to verify the personal data of person A, previously registered in a computerized system, with those entered in the access menu as a password or identifier. The system, through the request channel, sends to person A a request to confirm the execution of the request, as part of the function for the security of the action and establishing the availability of permission for this request. Technically, this looks like a requirement to enter, for example, a PIN code or a code word. At the same time, the processor part of the system generates a signal that is sent via another communication channel to the CS of person A. This signal can be different in format and content and corresponds to the fact that a request has appeared to perform an action requiring the involvement of person A's account. By default, for example, 5- 10 seconds delay for person A to decide between two options: block the request or grant permission to execute the request. If the request is made by person A, then he presses the corresponding button or touch shelf on the CS and sends a signal to the system confirming the completion of the request. Or does not send any response signal, which will be considered by the system, for example, as a default conditional permission to perform the operation on request. If, having received a signal to the CS, person A sees that they did not issue a request and, equally, no one was given permission to issue a request on behalf of person A, then person A presses another button or other touch field on the CS menu screen and sends a signal to block the execution of the request . Upon receipt of such a signal within the specified time interval, the system blocks the execution of the request.

At present, electronic trading platforms have become widespread, where it is fashionable to select the product of interest to the buyer and immediately pay for it remotely from a bank card. The service belongs to the category of easy-to-use, as it reveals to the buyer a wide selection of goods in the assortment and in the pre-order function upon receipt of the goods on the site. For one-time buyers, the traditional payment confirmation system is used by receiving a digital code on the buyer's mobile phone, which must be entered in the menu field to be sent to the payment system. When making a payment, you must enter the data from your bank card once. It is believed that if the digital code came to the mobile phone of the bank card holder and sent to the payment system, then the buyer and the person who owns the card are one and the same person. This completes the identification process, and the payment system makes a payment from a bank card. But, if the buyer often purchases goods on the same trading platform on the Internet, then in the "Payments" or "Pay" options, the card details are reflected by default and when buying, you do not need to enter bank card details, but just click the "Pay" option and the system automatically makes a payment from a card whose data is stored in the system and has become a default requisite, without identifying the person who clicked the "Pay" button. This opens up great opportunities for scammers.

According to the claimed solution for such a system, a method is proposed to improve the security of operations performed by the user in the remote access mode related to access to the user account, which consists in the user sending a payment request from a mobile or stationary terminal to the payment center indicating the payment parameters, and upon receipt by the center making payments from this user terminal confirming (for example, a digital PIN code) for making a payment make the specified payment. In this case, the user uses a separate communication tool with a processor and an autonomous power source, which has the ability to communicate with the payment center and which is configured to implement the function of issuing a signal on this channel to prohibit the payment or to allow the payment. Upon receiving a payment request from a mobile or stationary terminal, the payment center sends a signal to the user to the communication device about the payment request received and upon receiving a response signal from this device about the prohibition of payment within a specified waiting time, it blocks the specified request, and the signal coming from communication means to the payment center is a priority within the specified waiting time.

In banking payment systems, when a request for a payment is received from a bank card user to a payment center from a mobile or stationary terminal, the payment parameters must be specified; when such a request is received without identifying the person who created this request, the payment center assigns an individual transaction code or authorization code and transmits it via a telephone communication channel to the owner of a bank card. It is believed that if this code is sent from the specified phone number, then the identification operation has been completed and the person who made the request for the payment is the person to whom the bank card is issued. And therefore, upon receipt by the payment center from this terminal of the user of the individual transaction code or permission code transmitted to the payment center, the specified payment is made.

Improving the security of conducting payment transactions on behalf of the first person, that is, the owner of a bank card, in the framework of the present invention is carried out by organizing an additional channel for notifying the first person about an upcoming transfer or payment on his bank card or from his bank account. This is solved by introducing a CS into the payment system, the signal from which is a priority in relation to the signal for processing a request for a transfer or payment and a signal confirming permission by correctly specifying an individual transaction code or permission code.

The present invention is industrially applicable, since it can be implemented practically on the basis of any mechanical-electronic computerized system, which includes elements of processor processes. The novelty of the claimed invention lies in the organization of an additional connection of the elements responsible for accessing accounts with an external communication tool that receives signals about the actions performed by the system and whose signals, allowing or prohibiting the final action of the system, are priority for execution.

The present invention makes it possible to increase the security of ongoing actions that require the involvement of information from accounts by performing an action from a received signal from one source only when a control signal from another source is received, which is a priority.

Claims (2)

1. A method for improving the security of operations performed by a user in remote access mode related to access to a user account, which consists in the user sending a request from a mobile or stationary terminal to perform an action associated with a user account to the action execution center, in sending the execution center actions on the channel through which the request was received, confirmation from the user in the form of a password or code word or PIN code to identify the user and upon receipt by this center from this terminal of confirmation, which is permission to access the user account, the action center performs the specified in the request, an action, characterized in that the user is equipped with a separate communication tool with a processor and an autonomous power source, which has the ability to communicate with the specified center via a department that is not connected to the request channel and the mobile telephone communication channel at the same time, the specified communication tool is configured to implement the function of issuing a signal corresponding to the prohibition of the action on this separate channel, and the center for performing the action associated with the user account, when receiving a request for action from a mobile or stationary terminal, sends the user a separate channel to the communication tool, a signal about the incoming request and upon receipt of a response signal from this tool about the prohibition of the action within a specified waiting time, blocks the specified request, and the signal coming from the communication tool to this center is priority within the specified waiting time according to in relation to the signal, which is an acknowledgment, and the signal, which is a request. 2. A method for improving the security of operations performed by the user in the remote access mode related to access to the user account, which consists in the user sending a payment request from a mobile or stationary terminal requiring access to the user account to the payment center indicating the payment parameters, assigning by the execution center payments for each payment procedure an individual transaction code or permission code to identify the user according to his account data, which is the permission to access the user account, and transfer it to the user via a channel that is not associated with the payment request transmission channel and upon receipt by the payment center from the user an individual transaction code or an authorization code makes the specified payment, characterized in that the user is equipped with a separate communication tool with a processor and an autonomous power source that has the ability to communicate I with the specified center via a separate channel that is not connected with the channels of sending a request and transmitting an individual code, while the specified separate communication tool is configured to implement the function of issuing a signal on the prohibition of access to the user account via this separate channel, and the payment center upon receipt from of the payment request terminal sends to the user a signal about the incoming payment request to the communication tool via a separate channel associated with it, and upon receiving a response signal from this tool about the payment prohibition within a specified waiting time, it blocks the specified request, and the signal coming from the communication tool to the payment processing center is a priority within the specified waiting time in relation to the signal received via the identification code transmission channel.