TW201027443A - Sound OTP certification method - Google Patents

Sound OTP certification method Download PDF

Info

Publication number
TW201027443A
TW201027443A TW98100582A TW98100582A TW201027443A TW 201027443 A TW201027443 A TW 201027443A TW 98100582 A TW98100582 A TW 98100582A TW 98100582 A TW98100582 A TW 98100582A TW 201027443 A TW201027443 A TW 201027443A
Authority
TW
Taiwan
Prior art keywords
voice
transaction
dynamic password
consumer
bank
Prior art date
Application number
TW98100582A
Other languages
Chinese (zh)
Other versions
TWI391866B (en
Inventor
Jun-Cheng Bai
Hong-Xian Shi
Yu-xian GUO
Jia-Ming Li
Original Assignee
Jun-Cheng Bai
Hong-Xian Shi
Yu-xian GUO
Jia-Ming Li
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jun-Cheng Bai, Hong-Xian Shi, Yu-xian GUO, Jia-Ming Li filed Critical Jun-Cheng Bai
Priority to TW98100582A priority Critical patent/TW201027443A/en
Publication of TW201027443A publication Critical patent/TW201027443A/en
Application granted granted Critical
Publication of TWI391866B publication Critical patent/TWI391866B/zh

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A sound OTP certification method is provided, in which the consumer, when carrying out a transaction transfer, requests an OTP transaction to a bank and inputs related information to carry out the transaction transfer. The request message is transmitted from the bank to a certification center, which will generate a set of OTP password and transfer it to the sound system of a telecommunications room to allow a telephone of the telecommunications room to dial out to inform consumer of the transaction amount and the OTP password, while simultaneously confirming the sound dial-out state and transmitting the corresponding message to the certification center. Finally, the consumer inputs the OTP password for the bank verification, and the bank displays a corresponding message for indicating whether the transaction succeeds or fails. By using the phone sound to send out and confirm whether the consumer exactly receives the OTP password, it is able to avoid the situation in which the OTP password is delayed in sending out or the consumer does not receive the OTP password. Furthermore, because the verified data is not retained in the consumer end, the security of using the OTP password can be increased.

Description

201027443 六、發明說明: 【發明所屬之技術領域】 本發明係有關一種實獰商店或電信網路上交易用的 οτρ認證之方法,特別是指一種使用語音系統來通知消費 者OTP動態密碼的方法,使得認證資料不會留在消費者 端,增加使用OTP動態密碼的安全性。 【先前技術】 近幾年來網路科技的發展日益進步,使用網路已成為 現代人每日所必備的活動之一,故網路上的電子商務發展 也因此油然而生,民眾可以選擇以不出門及不需等待的方 式’僅需要在家透過電腦登入網站或網路銀行即可進行付 款或轉帳等各種交易,因此,使用網路購物、線上拍賣或 網路繳費都已成為民眾日常生活的一部份。 一般在使用網路上的電子商務皆需要進行身份認證或 是輸入自身金融資料,像是姓名、身分證字號、生日、俨 用卡資料、銀行帳戶、職密碼、登人帳號等重要資料, 但也因此容易於過程中受到網路駭客來盜取個人重要資 料’讓竊取到資料的财即可糊該資料顧餘刷消費 者的信用卡。 目則常見的竊取方式大多制木馬減、侧錄程式、 釣魚程式或間雜式,㈣魚糊,—般鮮會將網頁偽 造成知名的銀行或是公司行號,讓消費者連接到該網頁中 輸入自己的銀行帳號、信用卡卡號及信用卡密碼等,如此 骇客即可取制f者料金崎料;㈣相木馬或間諜 201027443 程式為例,骇客會將自己設計好的木馬或間課程式包裝於 實用的程錢是—般網路上傳下載職案巾,藉由消費者 使用此程式或是下載此一檔案時,即把木馬程式或間諜 程式載入電辦’於制賴輸人糊金融資料或是個人 資料時,進一步側錄鍵盤輸入順序或攔截資料輸入畫面; 自於嚇上的各種木觸纽式不斷_,从防不勝防。 現今有_站有提供安全電子交S (Secme Electronic Transaction簡稱SET)機制,或使用交易憑證方式將相關資 • 料進行加密保護’以達到網路登入或網路交易的安全,此 機制下的消費者電腦需安裝相關軟體,使用上比較複雜且 價格昂貴,因此-直無法大量普及,實有相當大的改盖空 間。 而另外一種常用的安全機制係使用一次性密碼(〇ne201027443 VI. Description of the Invention: [Technical Field] The present invention relates to a method for authenticating οτρ for transactions on a store or a telecommunications network, and more particularly to a method for using a voice system to notify a consumer of an OTP dynamic password. The authentication data will not remain on the consumer side, and the security of using the OTP dynamic password is increased. [Prior Art] In recent years, the development of network technology has been progressing increasingly. The use of the Internet has become one of the daily activities necessary for modern people. Therefore, the development of e-commerce on the Internet has emerged. People can choose not to go out. And the way you don't have to wait 'just need to go to the website or online banking at home to make various transactions such as payment or transfer. Therefore, using online shopping, online auction or online payment has become a part of people's daily life. Share. Generally, e-commerce on the Internet needs to authenticate or input its own financial information, such as name, ID card number, birthday, card information, bank account, job password, and account number, but also Therefore, it is easy for the Internet hackers to steal personal important information in the process. 'Let the money stolen from the data to paste the information and brush the consumer's credit card. Most common stealing methods are Trojan reduction, side recording programs, fishing programs or miscellaneous, (4) fish paste, which will fake the web page into a well-known bank or company line number, allowing consumers to connect to the web page. Enter your bank account number, credit card number and credit card password, etc., so that you can pick up the material, and (4) the Trojan horse or spy 201027443 program, for example, the hacker will package the Trojan or the course in his own design. The practical way is to upload and download the job towel. When the consumer uses the program or downloads the file, the Trojan or spy program is loaded into the computer. Or when personal information, further record the keyboard input order or intercept the data input screen; since the various wooden touches that are scared, _, it is impossible to prevent. Nowadays, there are _ stations that provide Secme Electronic Transaction (SET) mechanism, or use transaction credentials to encrypt related information to achieve the security of network login or online transactions. Consumption under this mechanism The computer needs to install related software, which is complicated and expensive to use. Therefore, it cannot be widely popularized, and there is considerable room for modification. Another common security mechanism is to use a one-time password (〇ne

TimePasSword ’ _〇τρ),又稱為動態密碼,係搭配一動 態密碼產生器使用,讓使用者於每次網路交易中亂數產生 ❿ "且不同的0Τρ動態密碼’使用者需再取得此一 0ΤΡ動態 密碼的預定時間内,向網路銀行輸入0ΤΡ動態密碼,若用 戶未於這段預設時間内輸入該組〇τρ動態密碼,則該組 0ΤΡ動態密碼失去作用,要重新操作密瑪產生器釋出一組 新的0ΤΡ動態密碼。 目前市面上最常見_ 0ΤΡ動態密碼秋對每一次線 找易行為的資料產生一組專屬的οτρ動態密碼,並透過 簡訊產生模組將0ΤΡ動態密碼、交易代碼、交易驗證碼等 驗a貝料整合成_簡訊’並由簡綱道邮MSGat_y)透 4 201027443 過通訊網路將簡訊傳輸至電信業者’由電信業者發送驗證 資料到使用者的預設門號,使用者透過可攜式行動裝置讀 取此一簡訊,再將驗證資料輸入完成交易。 此種習用的簡訊發送OTP動態密碼的缺點在於簡訊發 送方式會有延遲發送或是手機未開機導致簡訊被擋住而導 致遺失,無法確認使用者是否確實收到此一簡訊,此外, 若是使用者位於國外地區,則只能使用國際漫遊接收簡 訊’導致使用上的不便利’同時’以簡訊傳送OTP動態密 鼸碼會使認證資料存留於行動裝置内,對於有心人士竊取的 防範尚有待加強。 因此,面對層出不窮的網路犯罪手法或潛藏的危機, 為了有效防止網路交易的金融資料被竊取、盜領、盜刷等 情況發生,實有必要發展出一種不增加使用者負擔且更具 有防堵竊盜的網路交易方式。 【發明内容】 • 爰是,本發明之主要目的,旨在提供一種語音οτρ認 戍之方法,藉由電話語音的方式發送並確認消費者是否確 實收到ΟΤΡ動態密碼,減少ΟΤΡ動態密碼延遲發送或是消 費者未收到ΟΤΡ動態密碼的機會。 、本發日月之另一目的,旨在提供一種語音ΟΤΡ認證之方 法,透過電話語音方式使得認㈣料不會留在消費者端, 增加使用⑽動態密碼的安全性,並配合電信網路,降低 駭客入侵的情況發生。 本發明之再-目的,旨在提供一種語音〇τρ認證之方 201027443 、、可直接撥通4 f者所設定的—般家用電話、手機或是 界各地的電話’同_配事先設定的各種語言並以語音 方式。知οτρ賴麵,增加使用OTp動_碼的廣泛性 及便利性。 為達上揭目的’本發明語音OTP認證之方法,係包含 以下步驟: 4費者進行刷卡購物或轉帳時,向銀行請求〇τρ動態 密碼交易; 輸入相關資料登入銀行進行交易轉帳,由銀行傳送請 求訊息至認證中心申請OTP動態密碼; 雛中心收到請求訊息後產生—組〇τρ _密碼並傳 送至電信機房的語音系統; 電城房電話外撥消費者並以語音播報來通知交易金 額及贈賴_,同時電賴房會確騎音外撥狀態並 傳輸相關確認訊息至認證中心; 、 肩費者接聽電話語音播報確認交易金額及〇τρ動態密 碼認後,向銀行輸入ΟΤΡ動態密碼驗證;以及 u 銀行凊求認證中心核對消費者輪入的〇Τρ動態密碼, 並顯示交易成功或失敗的對應訊息。 於一可行實施例中,上述消費者刷卡購物或轉帳係採 用於電信網路上進行網路交易。 於另一可行實施例中,上述消費者刷卡購物係採用一 電子票證至實體商店進行交易,由實體商店向銀行請求 ΟΤΡ動態密碼交易。 6 201027443 於-較佳實施例中,上述相關資料係包含:個人識別 資料、金融資料及消費資料。 於一可行實施例中,上述個人識別資料包含姓名、生 曰、身分證字號、手機號碼、登入帳號、登入密碼等其中 任-項社資料;上述麵資料包含··銀行、金融卡卡號、 卡號驗證碼、預設密碼等其中任一項以上資料;上述消費 資料包含:轉帳金額、到期日、付費方式等其中任一項以 上資料。 ' 於-較佳實施财,上述語音播報於—慨時間之内 斷線則語音播報失敗,傳送斷線訊息至認證中心,將此組 otp動態密碼視為無效驗證碼,則該項交易轉帳失敗,需 要重新進行請求OTP動態密碼交易。 於-較佳實施财’上述電料撥無法接通時,重複 撥打舰魏電話,當断職:欠數電_無法接通時, 將此組ΟΤΡ_密碼視為無錄證碼,職項交易轉帳失 敗,需要重新進行請求ΟΤΡ動態密碼交易。 【實施方式】 茲為便於更步縣拥之構造、使肢其特徵有 更深-層明確、詳實的認識與瞭解,爰舉出較佳實施例, 配合圖式詳細說明如下: 首先請參閱第1圖本發明語音0TP認證之方法的較佳 實施例’對於銀行每次交祕帳㈣料產生—組對應的一 次性密碼(One Time Password ’簡稱ΟΤΡ) ’又稱動態密碼, 由一互動式語音應答的電話語音系統(InteractiveTimePasSword ' _〇τρ), also known as dynamic password, is used with a dynamic password generator to allow users to randomly generate ❿ " and different 0Τρ dynamic passwords for users to obtain again. If the user does not input the dynamic password of the group 〇τρ within the preset time within the predetermined time period of the 0ΤΡ dynamic password, if the user does not input the dynamic password of the group 〇τρ within the preset time, the dynamic password of the group 0 is lost, and the password is re-operated. The Ma generator releases a new set of 0 dynamic passwords. At present, the most common _ 0 ΤΡ dynamic password in the market produces a set of exclusive οτρ dynamic passwords for each line of easy-to-follow behavior data, and through the short message generation module, 0 ΤΡ dynamic password, transaction code, transaction verification code, etc. Integral _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Take this newsletter and enter the verification data into the transaction. The disadvantage of sending such an OTP dynamic password to the conventional SMS is that the SMS transmission method will be delayed or the mobile phone will not be turned on, causing the SMS to be blocked and lost. It is impossible to confirm whether the user actually received the SMS. In addition, if the user is located, In foreign countries, you can only use the international roaming to receive the newsletter 'caused inconvenience in use' and the transmission of the OTP dynamic password in the newsletter will keep the authentication data in the mobile device, and the prevention of the intentional stealing needs to be strengthened. Therefore, in the face of endless cybercrime techniques or hidden crises, in order to effectively prevent theft of financial information, such as theft, theft, and theft of online transactions, it is necessary to develop a kind of Anti-blocking online trading methods. SUMMARY OF THE INVENTION The main purpose of the present invention is to provide a method for voice ο ρ 戍 , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Or the consumer did not receive a chance to have a dynamic password. Another purpose of this month is to provide a method for voice authentication. The phone voice is used to make the (4) material not stay on the consumer side, increase the security of using (10) dynamic password, and cooperate with the telecommunication network. To reduce the incidence of hacking. The re-purpose of the present invention is to provide a voice 〇τρ authentication party 201027443, which can be directly dialed by a 4f-type home phone, a mobile phone, or a local telephone. Language and voice. Knowing the ττρ surface, increasing the versatility and convenience of using OTp dynamic _ code. In order to achieve the purpose of the invention, the method for the voice OTP authentication of the present invention comprises the following steps: 4, when the card purchase or transfer is performed, the bank requests the 〇τρ dynamic password transaction; input relevant information to the bank for transaction transfer, and the bank transfers Requesting a message to the certification center to apply for an OTP dynamic password; after receiving the request message, the youth center generates a group 〇τρ _ password and transmits it to the voice system of the telecommunications room; the electric city phone dials out the consumer and announces the transaction amount by voice broadcast and Gift _, at the same time, the electric house will indeed ride the sound outbound status and transmit the relevant confirmation message to the certification center; , the shoulder fee person receives the phone voice broadcast to confirm the transaction amount and 〇τρ dynamic password recognition, enter the bank dynamic password verification And u the bank begged the certification center to check the dynamic password of the customer's turn-in, and display the corresponding message of the success or failure of the transaction. In a possible embodiment, the consumer card shopping or transfer system is used for telecommunications networks for online transactions. In another possible embodiment, the consumer credit card shopping system uses an electronic ticket to conduct transactions to the physical store, and the physical store requests the bank for dynamic password transactions. 6 201027443 In the preferred embodiment, the above related data includes: personal identification data, financial information, and consumption data. In a possible embodiment, the personal identification data includes a name, a birth certificate, an identity card number, a mobile phone number, a login account number, a login password, and the like, and the above information includes: a bank, a financial card number, and a card number. Any one or more of the verification code, the default password, etc.; the above consumption data includes: one or more of the transfer amount, the due date, and the payment method. ' 于 - Better implementation of the money, the above voice broadcast within the time limit, the voice broadcast failed, the disconnection message is sent to the certification center, the group otp dynamic password is regarded as invalid verification code, then the transaction transfer failed , need to re-request OTP dynamic password transaction. When the above-mentioned electric material dialing cannot be connected, the ship Weiwei call is repeatedly dialed. When the service is broken: the number of powers is _ unable to connect, the group ΟΤΡ password is regarded as no record code, the title The transaction transfer failed and the request, dynamic password transaction, needs to be re-executed. [Embodiment] In order to facilitate the construction of the county, and to make the characteristics of the limbs deeper and clearer, and to understand and understand the details, the preferred embodiment is described below. The details are as follows: First, please refer to the first The preferred embodiment of the method for voice 0TP authentication of the present invention 'for the bank each time the secret account (four) material is generated - the corresponding one-time password (One Time Password 'referred to as ΟΤΡ) 'also known as dynamic password, by an interactive voice Answering telephone voice system (Interactive

Voice 7 201027443Voice 7 201027443

Response ’簡稱IVR)的發送方式,讓消費者確認〇Tp動態 密碼及消費金額’當消費者輸入與銀行驗證密碼相符的 ΟΤΡ動態密碼,銀行才會進行接續交雜帳的流程。 請參閱第1圖本發明語音〇τρ認證之方法的較佳實施 例示意圖及第2圖本發明語音〇τρ認證之方法的流程圖, 該方法包含以下步驟: 步驟1 :消費者進行刷卡購物或轉帳時,向銀行請求 ΟΤΡ動態密碼交易。 • 於一可行實施例中’消費者可經由電信網路向網路商 家進行網路購物交易,由網路商家向銀行請求〇Tp動態密 碼交易,於另一可行實施例中,消費者亦可經由電信網路 直接向銀行進行轉帳,同時請求0ΤΡ動態密碼交易,於再 -可行實施射者亦可_—電子綠肖實贿家 進行刷卡購物,消費者經由實體商家向銀行請求〇τρ動態 密碼交易。 φ 步驟2 :輸入相關資料登入銀行進行交易轉帳,由銀行 傳送请求訊息至認證中心申請0ΧΡ動態密碼。 於一可行實施例中,當消費者使用電子票證於實體商 店進行刷卡購物時,商家透過電子票證預設的識別個人資 料及金融資料登錄銀行,再將交易轉帳的消費資料輸入, 銀行會向認證中心申請0ΤΡ動態密碼,於另一可行實施例 中,當消費者使用電乜網路進行刷卡購物或轉帳時,消費 者網路連結銀行並輸入個人識別資料登入,同時申請〇τρ 動態密碼交易並輸入交易轉帳的金融資料與消費資料。 201027443 其中,上述個人識別資料包含姓名、生曰、身分證字 號、手機號碼、登入帳號、登入密碼等其中任一項以上資 料’上述金融資料包含:銀行、金融卡卡號、卡號驗證碼、 預設密碼等其中任一項以上資料,上述消費資料包含:轉 帳金額、到期日、付費方式等其中任一項以上資料。 步驟3 ·認證中心收到請求訊息後產生一組〇τρ動態 密碼並傳送至電信機房的語音系統。 認證中心在取得銀行傳輸過來的消費者金融資料及消 • ff料後’會產生—組對麟費者的OTP動態密碼,並將 消費金額與對應OTP動態密碼傳輸到電信業者的電信機 房,由電信機房的語音系統將消費金額與對應〇Tp動態密 碼套入預設的語音播報程式内。 步驟4:電信機房電話外撥消費者並以語音播報來通知 交易金額及ΟΤΡ動態密碼’同時電信機房會確認語音外撥 狀態並傳輸相關確認訊息至認證中心。 Φ 將套設好交易金額及οτρ動態密碼的語音播報程式, 由電信機房外撥消費者對應的電話號碼,於撥通後告知消 費者此次交易的消費金額及ΟΤΡ動態密碼,此時,電信機 房會依據消費者是否完整接聽語音播報内容來產生一對應 的確認訊息’並將該確認訊息傳輸至認證中心。 消費者若是有接通電話外撥並接聽超過預設時間的語 音播報’則電信機房產生一消費者收到ΟΤΡ動態密碼的確 認訊息並將其傳輸至認證中心,讓認證中心驗證此一組 ΟΤΡ動態密碼有效。如參閱第3厨所示’但若是電話外撥 9 201027443 後消費者端無法接通’則電信機房會重複撥打預設次數的 確保消費者可以確實接到otp動態密碼;如果經由 夕次重複撥打都無法接通時,電信機房會產生一消費者未 ^到OTP動態密碼的確認訊息,並將該確認訊祕輸給認 證中心,當認證中心接收到此一確認訊息時,會將此組οτρ 動態密碼視為無效的驗證碼,使得該項交易槪失敗,要 重新進行請求ΟΤΡ認證。 請參閱第4圖所示,如果消費者於接通語音播報時, • 在未超過語音播報的預設時間内斷線,則視此次語音播報 斷線失敗,傳送斷線訊息至認證中心,同樣將此〇τρ動態 雄、碼視為無效的驗證碼,舉例來說,若是語音播放的整個 時間為20秒,播報有關交易驗證内容為15秒,其他服務 内容為5秒,則必須接聽超過此一預設時間15秒,若於語 曰播報在14秒刖就斷線,則視此次語音播報斷線失敗。 步驟5:消費者接聽電話語音播報確認交易金額及〇τρ _ 動態畨碼認後’向銀行輸入ΟΤρ動態密碼驗證。 消費者接通語音播報後仔細聆聽消費金額與〇Τρ動態 密碼,並讀認消費金額是否正確,如有語音内容收聽不清 楚狀況發生時’可於最後按下預設重播的數字來重新胯聽 一次,最後將聆聽完整的0ΤΡ動態密碼向銀行輸入驗證。 步驟6 :銀行請求認證中心核對消費者輸入的〇τρ動 態密碼,並顯示交易成功或失敗的對應訊息。 銀行將消費者輸入0ΤΡ動態密碼傳輸至認證中心與原 先設定的ΟΤΡ動態密碼核對,若消費者輸入的〇τρ動態密 201027443 碼無誤,繼+心會產生-驗證成魏息麟輸至銀行, 由銀行顯不出交易轉帳成功,但若消費者輸入的OTP動態 迷、碼與原先設定的密碼不相符,則認證中心會產生一驗證 失敗訊息傳輸至銀行,由綺顯示蚊碼錯紐交易轉帳 失敗,需要重新進行請求0TP動態密碼交易。 綜上所述,本發明語音OTP認證之方法,藉由電話語 音的方式發送並確認消費者是否確實收到οτρ動態密碼, 減少ΟΤΡ動態密碼延遲發送或是消費者未收到〇τρ動態密 • 碼的機會’並使得認證資料不會留在消費者端,增加使用 ΟΤΡ動態密碼的安全性,並配合電信網路,降低駭客入侵 的情況發生,此外’該方式可直接撥通消費者所設定的一 般家用電話、手機或是世界各地的電話,同時搭配事先設 定的各種語言並以語音方式告知0Τρ動態密碼,增加使用 ΟΤΡ動態密碼的廣泛性及便利性。 以上所舉實施例,僅用為方便說明本發明並非加以限 鲁制,在不離本發明精神範疇,熟悉此一行業技藝人士依本 發明申請專利範圍及發明說明所作之各種簡易變形與修 飾,均仍應含括於以下申請專利範圍中。 【圖式簡單說明】 第1圖係本發明語音ΟΤΡ認證之方法較佳實施例之示 意圖; 第2圖係本發明語音OJP認證之方法之流程圖; 第3圖係本發明重複撥打電話且並未接通之流程圖; 201027443 第4圖係本發明於未超過播報語音預設時間内斷線之 流程圖。 【主要元件符號說明】 無。 ❿ 12The response method of Response ‘referred to as IVR” allows the consumer to confirm the 〇Tp dynamic password and the amount of consumption. When the consumer enters the dynamic password that matches the bank verification password, the bank will proceed with the process of connecting the miscellaneous accounts. Please refer to FIG. 1 for a schematic diagram of a preferred embodiment of the method for authenticating speech 〇ρρ of the present invention, and FIG. 2 is a flow chart of a method for authenticating speech 〇ρρ of the present invention, the method comprising the following steps: Step 1: Consumers make a swipe shopping or When transferring funds, request a dynamic password transaction from the bank. • In a possible embodiment, 'the consumer can conduct a network shopping transaction to the online merchant via the telecommunication network, and the online merchant requests the bank for the Tp dynamic password transaction. In another possible embodiment, the consumer can also The telecommunications network transfers funds directly to the bank, and requests 0ΤΡ dynamic password transactions. In the case of re-actuable implementation, the advertiser can also use the electronic green hack to make a credit card purchase. The consumer requests the bank to 〇τρ dynamic password transaction via the entity merchant. . φ Step 2: Enter the relevant information and log in to the bank for transaction transfer. The bank sends the request message to the certification center to apply for the dynamic password. In a possible embodiment, when the consumer uses the electronic ticket to perform the credit card shopping in the physical store, the merchant logs in the bank through the personal identification and financial information preset by the electronic ticket, and then inputs the consumption data of the transaction transfer, and the bank will authenticate the bank. The Center applies for a dynamic password. In another possible embodiment, when the consumer uses the e-mail network for credit card purchase or transfer, the consumer network connects to the bank and enters the personal identification data to log in, and simultaneously applies the 〇τρ dynamic password transaction and Enter the financial information and consumption data of the transaction transfer. 201027443 The above personal identification data includes any one or more of the name, the birth certificate, the identity card number, the mobile phone number, the login account number, the login password, etc. The financial information includes: bank, financial card number, card number verification code, preset Any one or more of the passwords, such as the transfer amount, expiration date, payment method, etc. Step 3 • After receiving the request message, the authentication center generates a set of 〇τρ dynamic passwords and transmits them to the voice system of the telecommunications room. After obtaining the consumer financial information and the consumer information transmitted by the bank, the certification center will generate the OTP dynamic password of the group, and transmit the consumption amount and the corresponding OTP dynamic password to the telecom engine room of the telecom operator. The voice system of the telecom equipment room puts the consumption amount and the corresponding 〇Tp dynamic password into the preset voice broadcast program. Step 4: The telecom equipment room dials out the consumer and informs the transaction amount and the dynamic password by voice broadcast. At the same time, the telecom equipment room confirms the voice outbound status and transmits the relevant confirmation message to the certification center. Φ The voice broadcast program with the transaction amount and οτρ dynamic password will be set up. The telephone number corresponding to the consumer will be dialed out from the telecommunications room. After dialing, the consumer will be informed of the transaction amount and the dynamic password. At this time, the telecommunications The equipment room will generate a corresponding confirmation message according to whether the consumer completely answers the voice broadcast content and transmit the confirmation message to the certification center. If the consumer has dialed the phone and answered the voice broadcast for more than the preset time, the telecommunication room generates a confirmation message that the consumer receives the dynamic password and transmits it to the authentication center, so that the certificate center verifies the group. The dynamic password is valid. As shown in the 3rd kitchen, 'but if the phone is out of the 9 201027443 and the consumer can't connect', then the telecom machine room will repeatedly dial the preset number to ensure that the consumer can actually receive the otp dynamic password; if the call is repeated via the evening When it is unable to connect, the telecom equipment room will generate a confirmation message that the consumer has not reached the OTP dynamic password, and the confirmation message is sent to the certification center. When the certification center receives the confirmation message, the group will be οτρ The dynamic password is treated as an invalid verification code, causing the transaction to fail, and the request is re-authenticated. Please refer to Figure 4, if the consumer disconnects the voice during the preset time period of the voice announcement, if the voice broadcast fails, the disconnection message will be sent to the authentication center. Similarly, the 〇τρ dynamic male and the code are regarded as invalid verification codes. For example, if the entire time of voice playback is 20 seconds, the content of the transaction verification is 15 seconds, and the other service content is 5 seconds, then it must be answered more than This default time is 15 seconds. If the message is disconnected after 14 seconds, the voice broadcast will be disconnected. Step 5: The consumer answers the telephone voice broadcast to confirm the transaction amount and 〇τρ _ dynamic weight recognition. Enter the dynamic password verification to the bank. After the consumer connects to the voice broadcast, listen carefully to the amount of the purchase and the dynamic password, and read whether the amount of the purchase is correct. If there is any unclear situation when the voice content is heard, 'you can press the preset replay number to re-listen. Once, you will finally listen to the full 0ΤΡ dynamic password and enter the verification into the bank. Step 6: The bank requests the certificate authority to check the 〇τρ dynamic password entered by the consumer and display the corresponding message of the success or failure of the transaction. The bank will input the 0输入 dynamic password to the certification center and the original dynamic password check. If the consumer input 〇τρ dynamic secret 201027443 code is correct, the + heart will be generated - verified into Wei Yulin lost to the bank, The bank does not show the transaction transfer success, but if the OTP dynamic fan and code entered by the consumer do not match the originally set password, the certificate center will generate a verification failure message and transmit it to the bank, because the display of the mosquito code error message transfer failed. , need to re-request 0TP dynamic password transaction. In summary, the voice OTP authentication method of the present invention sends and confirms whether the consumer actually receives the οτρ dynamic password by means of telephone voice, reduces the delayed transmission of the dynamic password, or the consumer does not receive the 〇τρ dynamic secret. The opportunity of the code' makes the authentication data not stay on the consumer side, increases the security of using the dynamic password, and cooperates with the telecommunication network to reduce the hacker intrusion. In addition, the method can directly dial the consumer. Set the general home phone, mobile phone or telephones around the world, and at the same time with the various languages set in advance and voice notification 0Τρ dynamic password, increase the extensiveness and convenience of using the dynamic password. The above embodiments are merely for convenience of description and are not intended to be limiting, and various modifications and modifications may be made without departing from the spirit and scope of the invention. It should still be included in the scope of the following patent application. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of a preferred embodiment of a method for voice ΟΤΡ authentication of the present invention; FIG. 2 is a flow chart of a method for voice OJP authentication of the present invention; FIG. 3 is a repeat call of the present invention and Flowchart that is not connected; 201027443 Figure 4 is a flow chart of the present invention for disconnection within a preset time period without exceeding the broadcast voice. [Main component symbol description] None. ❿ 12

Claims (1)

201027443 七、申請專利範圍: 1. -種語音GTP認社方法,财法包含以下步羯 OTP /肖費者進行刷卡購物或轉帳時,向銀行請求 動態密碼交易; 輸入相關資料登人銀行進行交祕帳,由銀 請求訊息至認證巾^申請QTp動態密碼; 、 動態密碼 認證中心收到請求訊息後產生一組οτρ 並傳送至電信機房的語音系統;201027443 VII. The scope of application for patents: 1. - The method of voice GTP recognition, the financial method includes the following steps: OTP / Xiao Fei who applies for dynamic password transaction when swiping shopping or transferring money; input relevant information to the bank for payment The secret account, the request message from the silver to the certification towel ^ apply for the QTp dynamic password; the dynamic password authentication center receives the request message and generates a set of οτρ and transmits it to the voice system of the telecommunications room; 電信機房電話外撥消費者並以語音播報來通知交 易金額及ΟΤΡ動態密碼,_電信機房會確認語音外撥 狀態並傳輪相關確認訊息至認證中心; 肩費者接聽電話語音播報確認交易金額及0ΤΙ>動 態密碼認後’向銀行輸入οτρ動態密碼驗證;以及 銀行請求認證中心核對消費者輸入的οτρ動態密 碼,並顯示交易成功或失敗的對應訊息。 2.如申請專利範圍第1項所述語音〇τρ認證之方法,其 中,上述消費者刷卡購物或轉帳係採用於電信網路上進 行網路交易。 3.如申請專利範圍第1項所述語音〇Τρ認證之方法,其 中,上述消費者刷卡購物係採用一電子票證至實體商店 進行交易,由實體商店向銀行請求〇Τρ動態密碼交易。 4·如申請專利範圍第1項所述語音〇Τρ認證之方法,其 中,上述相關資料係包含:個人識別資料、金融資料及 消費資料。 201027443 5. 如申請專利範圍第4項所述語音OTP認證之方法,其 中,上述個人識別資料包含姓名、生日、身分證字號、 手機號碼、登入帳號、登入密碼等其中任一項以上資料。 6. 如申請專利範圍第4項所述語音OTP認證之方法,其 中’上述金融資料包含:銀行、金融卡卡號、卡號驗證 碼、預設密碼等其中任一項以上資料。 7. 如申請專利範圍第4項所述語音0TP認證之方法,其 中’上述消費資料包含:轉帳金額、到期日、付費方式 • 等其中任一項以上資料。 8. 如申請專利範圍第1項所述語音〇τρ認證之方法,其 中,上述語音播報於一預設時間之内斷線則語音播報失 敗,傳送斷線訊息至認證中心,將此組〇ΤΡ動態密碼視 為無效驗證碼,則該項交易轉帳失敗,需要重新進行請 求ΟΤΡ動態密碼交易。 9. 如申請專利範圍第1項所述語音0ΤΡ認證之方法,其 • 中,上述電話外撥無法接通時,重複撥打預設次數電話。 10·如申請專利範圍第9項所述語音〇τρ認證之方法,其 中,上述撥打預設次數電話都無法接通時,認證中心將 此組ΟΤΡ動態密碼視為無效驗證碼,則該項交易轉帳失 敗’需要重新進行請求贈動_碼交易。The telecommunications room telephone dials out the consumer and informs the transaction amount and the dynamic password by voice broadcast. The telecom equipment room will confirm the voice outbound status and transmit the relevant confirmation message to the certification center; the shoulder fee receiver will answer the telephone voice broadcast to confirm the transaction amount and 0ΤΙ> After the dynamic password is recognized, 'Enter οτρ dynamic password verification to the bank; and the bank requests the certificate authority to check the οτρ dynamic password input by the consumer and display the corresponding message of the transaction success or failure. 2. The method of claim 21, wherein the consumer card shopping or transfer is performed on a telecommunications network for online transactions. 3. The method of claim 1, wherein the consumer card shopping uses an electronic ticket to conduct transactions in a physical store, and the physical store requests a dynamic password transaction from the bank. 4. The method for authenticating voice 〇Τρ according to item 1 of the patent application scope, wherein the related data includes: personal identification data, financial information and consumption data. 201027443 5. The method for claiming voice OTP according to item 4 of the patent scope, wherein the personal identification data includes any one of the name, the birthday, the identity card number, the mobile phone number, the login account number, and the login password. 6. The method for applying for voice OTP authentication according to item 4 of the patent scope, wherein the above financial information includes: one or more of a bank, a financial card number, a card number verification code, and a preset password. 7. In the method of applying for the voice 0TP certification described in item 4 of the patent scope, wherein the above-mentioned consumption data includes: one or more of the transfer amount, the due date, the payment method, and the like. 8. The method for applying the voice 〇τρ authentication according to the first item of the patent scope, wherein the voice broadcast fails within a preset time, the voice broadcast fails, and the disconnection message is sent to the certification center, and the group is 〇ΤΡ If the dynamic password is regarded as invalid verification code, the transaction transfer fails and the request/required dynamic password transaction needs to be re-executed. 9. If the method of voice 0ΤΡ authentication mentioned in item 1 of the patent application is applied, in the case where the above telephone outbound call cannot be connected, the preset number of calls is repeatedly dialed. 10. The method for authenticating a voice 〇τρ according to claim 9 wherein, when the above-mentioned dialing number of calls cannot be connected, the certification center regards the group dynamic password as an invalid verification code, and the transaction Transfer failed 'requires a new request _ code transaction.
TW98100582A 2009-01-09 2009-01-09 Sound OTP certification method TW201027443A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98100582A TW201027443A (en) 2009-01-09 2009-01-09 Sound OTP certification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98100582A TW201027443A (en) 2009-01-09 2009-01-09 Sound OTP certification method

Publications (2)

Publication Number Publication Date
TW201027443A true TW201027443A (en) 2010-07-16
TWI391866B TWI391866B (en) 2013-04-01

Family

ID=44853204

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98100582A TW201027443A (en) 2009-01-09 2009-01-09 Sound OTP certification method

Country Status (1)

Country Link
TW (1) TW201027443A (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200529625A (en) * 2004-02-20 2005-09-01 Financial Esolution Co Ltd Method and architecture for personal identification by utilizing one-time password
JP2007102777A (en) * 2005-10-04 2007-04-19 Forval Technology Inc User authentication system and method therefor
TWI288554B (en) * 2005-12-19 2007-10-11 Chinatrust Commercial Bank Ltd Method of generating and applying one time password in network transactions, and system executing the same method
KR101104500B1 (en) * 2006-12-21 2012-01-12 엘지전자 주식회사 Method for signalling voice call of mobile terminal
TWM337797U (en) * 2007-08-17 2008-08-01 Chunghwa Internat Comm Network Co Ltd Website identification authenticating apparatus

Also Published As

Publication number Publication date
TWI391866B (en) 2013-04-01

Similar Documents

Publication Publication Date Title
AU2013272182B2 (en) Enterprise triggered 2CHK association
EP2859489B1 (en) Enhanced 2chk authentication security with query transactions
US9699183B2 (en) Mutual authentication of a user and service provider
US20170279788A1 (en) Secure remote password retrieval
JP2014524622A (en) Transaction payment method and system
JP6625815B2 (en) User authentication
US9001977B1 (en) Telephone-based user authentication
CA3050566C (en) Contact centre user authentication
WO2012131268A1 (en) Strong authentication by presentation of the number
WO2010019348A2 (en) Method and system for automated user authentication
KR20100038990A (en) Apparatus and method of secrity authenticate in network authenticate system
CN101620705A (en) Safety certificate method and system for Internet banking
CN100574328C (en) Verification System and authentication method
WO2013114248A1 (en) Near sound communication payment system
US9137241B2 (en) Method and system using a cyber ID to provide secure transactions
JP4746643B2 (en) Identity verification system and method
TWI326183B (en)
US20130151411A1 (en) Digital authentication and security method and system
TW201027443A (en) Sound OTP certification method
CN101860437A (en) Method and system for authenticating identity by using mobile phone
CN102480706B (en) Short message authentication method
GB2464615A (en) Authentication of mobile terminals
WO2006018892A1 (en) Telephone authentication system preventing spoofing even when personal information is leaked
KR101971023B1 (en) The method of secure transaction with keeping both phone and web/app connected on smartphone
TWM621619U (en) Digital identity verification speech system

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees