1258969 九、發明說明: 【發明所屬之技術領域】 本發明涉及一種網路金融交易的安全認證方法,特別 是結合金融與通訊業者的資料認證中心,對消費者基本資 料進行第一階段的雙重認證,也包含結合相異通訊網路及 其通訊設備進行第二階段的密碼比對,據以確認交易安全 的技術。 【先前技術】 網際網路的興起,已造就了電子商務的蓬勃發展,一 種全新的交易模式也隨之發生,包含了線上刷卡、網路銀 行等相關金融業務的推展,也為消費者帶來了生活上的便 利。但隨之而來的交易安全問題卻不斷發生,諸如層出不 窮的網路信用卡盜刷事件,或是網路銀行的密碼外洩,尤 有盛者,駭客大規模的盜取信用卡號或是金融卡密碼的事 件也不斷發生,對網路金融交易的安全蒙上了巨大的陰 影,也造成了金融交易的混亂。 目前坊間所使用的電子交易認證方式,通常都是消費 者由用戶端輸入一組消費者的帳號(User ID),在金融交易 時,這個帳號有可能是信用卡的卡號或帳號、一組已註冊 的ID碼或是銀行帳號等,同時,消費者並輸入一組事前由 系統資料庫給予或消費者事先設定好的密碼,當這兩組資 訊輸入完成後,透過網際網路連結至系統資料庫端,並就 先前消費者事先所設定或被給予之的兩項資訊進行比對, ^58969 巾::::=對時’則視一,便可享有該 戶端再ΐ t r電子交易認證系統’通常會在客 數==力止Γί盜用,業者通常都會將認證資=過 再將進:系統:;料 消費者的資料安全性。=料進行解譯及規則化,以保障 的也有其技術上的偈限性::?=斷魏^ 端,骇客盜取帳號穷碼的安疋在用戶端、系統資料庫 善的防火騰,都無^全不斷增加,即便是具有完 =機 ==制=:上r,:都造成了密碼外 務的信心。 敬打名般消費者使用電子商 從事網路電本子商了^子商務的發展,特以其專門 *研究,研創 費使用環境。 疋〃 4費者女全然虞的消 【發明内容】 本發明之目的旨Λ姐 方法,特別是種網路金融交易的安全認證 交易時所需之^ 式傳送消費者的基本資料以及 被盜用,並二二肖費者的網路銀行帳號 同時,”==風險。 1而更換現有的設備或使用習慣,而且 1258969 /、而在通訊網路上輪入簡單的基本資料,即可同時擁有金 融業者及通訊業者的雙重認證。 然而為了達到上述目的,本發明架構出一交易認證系 統’包括可透過一苐一通訊網路而與商家或消費者等消費 端的第一管道通訊毁備、金融資料認證中心以及通訊資料 涊證中心相連結;同時,該交易認證系統也可透過另一第 二通訊網路而與消費者指定的第二管道通訊設備相連結; 據此,進行下列的安全認證程序·· 第一階段認證:當消費者發生消費時,可使用商家或 消費者專消費端的第一管導通訊設備,透過第一通訊網路 連結至交易認證系統,將至少包含有金融消費資料、身分 資料以及通訊資料在内的消費者基本資料,傳送至認證系 統内加以分類,並將分類後的基本資料分流傳送至金融業 者與通訊業者的資料認證中心内,進行第一階段的雙重認 證,藉以防止消費者基本資料在交易過程中被竊取或盜用。 當消費者的基本資料在通過上述第一階段的雙重認證 且確定無誤後,會自動產生一交易用的隨機密碼,並可選 擇下列任一種方式進行第二階段認證: 方式一:交易認證系統可透過消費者已認證通過的第 一通訊網路,而將密碼傳送並顯示在消費端的第一管道通 訊設備上,消費者必須以先前基本資料中已輸入並通過認 證之通訊資料中的電話號碼,使用第二管道通訊設備撥打 該電話號碼,並透過第二通訊網路將該密碼回報至認證系 統内進行密碼比對,當密碼正確,即完成安全認證的網路 1258969 金融交易。 方式二:交易認證系統可透過第二通訊網路及其第二 管道通訊設備,自動撥打先前基本資料中已通過認證的電 話號碼,而將密碼告知或傳送給消費者,消費者必須透過 第一通訊網路及其連結至消費端的第二管道通訊設備,輸 入密碼並回傳至認證系統内進行密碼比對,當密碼正確, 即完成安全認證的網路金融交易。 然而,為能再加詳述本發明,請配合圖式及實施方式 之說明如后述: 【實施方式】 為了實施本發明,首觀圖一所示之方塊圖,揭示出本 發明在消費端1、金融業者的金融資料認證中心2以及通訊 業者的通訊資料認證中心3之間架構出一父易認證糸統4 ’ 並使用第一通訊網路5,使交易認證系統4能與消費端1、 金融資料認證中心2以及通訊資料認證中心3相連結,同 時,該交易認證系統4也可使用另一第二通訊網路6而與 消費端1相連結。其中: 各個消費端1,為消費者10自己或商家的使用者,可 利用即有的第一管道通訊設備11,透過第一通訊網路5而 與父易認證糸統4相連結。且消費端1即有的弟一官道通 訊設備Π,係可依據及搭配第一通訊網路5的種類而說明 如下: a.當消費端1使用個人電腦或筆記型電腦作為第一管 道通訊設備11時,可透過網際網路作為第一通訊網路5, 1258969 連結至交易認證系統4 ;1258969 IX. Description of the invention: [Technical field of invention] The present invention relates to a method for secure authentication of online financial transactions, in particular to a data authentication center of a financial and communication industry, for the first stage of dual authentication of basic consumer data. It also includes a second-stage password comparison combined with a different communication network and its communication equipment to confirm the transaction security technology. [Prior Art] The rise of the Internet has created a boom in e-commerce, and a new trading model has also taken place, including the promotion of related financial services such as online credit card and online banking, and also brought to consumers. The convenience of life. However, the security of the transaction has continued to occur, such as the endless stream of online credit card theft incidents, or the password leakage of online banking, especially the savvy, hackers stealing credit card numbers or financial The card password incident has also occurred constantly, which has cast a huge shadow on the security of online financial transactions and caused confusion in financial transactions. At present, the electronic transaction authentication method used by the workshop is usually that the consumer inputs a group of consumer account numbers (User ID). In the financial transaction, the account may be the credit card number or account number, and a group of registered The ID code or bank account number, etc., at the same time, the consumer enters a set of passwords given in advance by the system database or pre-set by the consumer. When the two sets of information are input, the Internet database is linked to the system database. And compare the two information that the previous consumer has set or been given in advance, ^58969 towel::::= on time, then you can enjoy the account and then the tr-trans electronic transaction authentication system. 'There will usually be in the number of customers == force to stop Γ thieves, the industry will usually pass the certification = re-entry: system:; material consumer data security. = material to interpret and regularize, to protect it also has its technical limitations::? = broken Wei ^ end, hackers steal account passwords of the ampoule in the user side, system database good fire None of them are constantly increasing, even if there is a complete = machine == system =: on r, : all have the confidence of password foreign affairs. Dear-name consumers use e-commerce to engage in the development of network sub-businesses, and specialize in research and research.疋〃 4 费 费 费 【 【 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 And the Internet banking account number of the second and second Shafeis, at the same time, "== risk. 1 and replace the existing equipment or usage habits, and 1258969 /, and the simple basic information on the communication network, you can have both the financial industry and The two-factor authentication of the carrier. However, in order to achieve the above object, the present invention provides a transaction authentication system that includes a first-line communication communication with a consumer or a consumer such as a communication network, and a financial information authentication center. The communication data certification center is connected; at the same time, the transaction authentication system can also be connected to the second pipeline communication equipment designated by the consumer through another second communication network; accordingly, the following safety certification procedures are performed. Stage certification: When the consumer consumes, the first tube communication device of the merchant or consumer-specific consumer can be used. The communication network is linked to the transaction authentication system, and the basic consumer data including at least the financial consumption data, the identity data and the communication data is transmitted to the authentication system for classification, and the classified basic data is distributed to the financial industry and the In the data certification center of the carrier, the first phase of the two-factor authentication is carried out to prevent the consumer's basic data from being stolen or stolen during the transaction process. When the consumer's basic information is passed the above-mentioned two-stage certification and is confirmed to be correct. , a random password for transaction will be automatically generated, and the second stage authentication can be performed by any of the following methods: Method 1: The transaction authentication system can transmit and display the password through the first communication network that the consumer has authenticated. On the first pipe communication device of the consumer side, the consumer must use the second pipe communication device to dial the phone number from the telephone number in the previously entered and authenticated communication data, and the password is transmitted through the second communication network. Return to the authentication system for password comparison, when The password is correct, that is, the network authentication 1258969 financial transaction is completed. Method 2: The transaction authentication system can automatically dial the authenticated phone number in the previous basic data through the second communication network and its second pipe communication device, and the password is To inform or transmit to the consumer, the consumer must input the password through the first communication network and its second pipeline communication device connected to the consumer, and return it to the authentication system for password comparison. When the password is correct, the security certification is completed. Internet financial transactions. However, in order to further describe the present invention, the description of the drawings and the embodiments will be described later. [Embodiment] In order to implement the present invention, the block diagram shown in FIG. The present invention constructs a parent authentication system 4' between the consumer terminal 1, the financial information authentication center 2 of the financial institution, and the communication data authentication center 3 of the communication provider, and uses the first communication network 5 to enable the transaction authentication system 4 to It is connected with the consumer 1, the financial information certification center 2, and the communication data certification center 3, and the transaction authentication system 4 is also Another use of the second communication network 6 and a terminal coupled with the consumer. Among them: each consumer 1, for the consumer 10 himself or the user of the merchant, can use the first pipeline communication device 11 to connect with the parent authentication system 4 through the first communication network 5. And the consumer 1 is the brother of the official communication device, which can be based on and matched with the type of the first communication network 5: a. When the consumer 1 uses a personal computer or a notebook computer as the first pipeline communication device At 11 o'clock, it can be linked to the transaction authentication system 4 via the Internet as the first communication network 5, 1258969;
b.當消費端1使用行動上網、WAP、GPRS、3G或4G 作為第一管道通訊設備11時,可透過無線網路作為第一通 訊網路5,連結至交易認證系統4 ;或者, c·當消費端1使用數位機上盒(Set top box)、數位電 視或其它可對外通訊之終端機作為第一管道訊設備11時, 也可透過有線或無線網路作為第一通訊網路5,連結至交易 認證糸統4。 上述消費端1的消費者10或商家使用者,在交易時已 備有消費者10私人的基本資料8,包含有和金融業者往來 時所用的私人金融消費資料81與身分資料82,也包含和通 訊業者往來所用的私人通訊資料83與身分資料82。 該一金融資料認證中心2,具有驗證消費者10私人金 融消費資料81與身分資料82之能力,包括驗證金融或信 用卡卡號與有限年月日、銀行帳號、已註冊之密碼、身分 證字號、身分密碼或個人數位憑證編號的能力。 該一通訊資料認證中心3,具有驗證消費者10私人通 訊資料83與身分資料82之能力,包括驗證有線電話、無 線電話(即行動或衛星電話)、身分證字號、身分密碼或個人 數位憑證編號的能力。 消費者10也可透過讀卡機的方式,將上述可供驗證的 私人部分或全部的基本資料8存入以電磁(如磁條)或數 位儲存裝置(如晶片卡)記錄的物件内,並透過消費端1 的終端通訊設備及第一通訊網路5,而將基本資料傳送給交 1258969 易認證系統4。 _ 該一交易認證系統4,至少包括有一認證資料處理及分 流中心41、一涊證結果處理單元42、一密碼產生暨記錄單 元43以及另一密碼比對單元44。 上述之交易認證系統4所連結之第二通訊網路6,係可 依據及搭配消費者10使用的第二管道通訊設備12種類而 分類如下: a_當消費者使用有線或無線電話作為第二管道通訊設 備12時,可搭配使用自動應答系統(Aut〇 calling System,鲁 ACS)作為第二通訊網路6,以利在交易認證系統4與消費 者10之間構成通訊連結。 b·當消費者使用有線或無線電話作為第二管道通訊設 備12時,可搭配使用IVR透過自動回應系統(Auto Response System, ARS)作為第二通訊網路6,以利在交易 認證系統4與消費者10之間構成通訊連結。 c·當消費者使用無線電話、呼叫器、PDA或股票機作 為第二管道通訊設備12時,亦可搭配使用簡訊發報系統 ® (Short Message System,SMS)或多媒體簡訊服務(Multi Media Service,MMS)作為第二通訊網路6,以利在交易認 證系統4與消費者1〇之間構成通訊連結。 依據上述架構,本發明係可進行下列的安全認證程序: 第一階段認證7 : 當消費者10發生消費時,可使用消費端1的第一管道 通訊設備11輸入基本資料8 (如圖二所示),並透過第一通 10 1258969 訊網路5連結至交易認證系統4的認證資料處理及分流中 心41,將消費者10的基本資料8傳送至認證資料處理及分 流中心41内加以分類;此刻,消費者1〇的金融消費資料 81與身分資料82會分流傳送至金融資料認證中心2内,且 消費者10的通訊資料83與身分資料82也會傳送至通訊資 料認證中心3内,藉由金融資料認證中心2與訊資料認證 中心3等兩個不同單位,各自進行消費者1〇的金融用或通 訊用基本資料8的檢核暨認證,隨後並將結果傳送至交易 認證系統4的認證結果處理單元42内進行辨識;當辨認結 果顯示 >肖費者10的基本資料8在金融資料認證中心2或通 訊資料認證中心3任一的認證過程不正確時,交易認證系 統4即會立即取消交易40,或通知消費者1 〇應重新輸入基 本資料8 ;當辨認結果顯示消費者10的基本資料8完全正 確時,即通過第一階段認證7,認證結果處理單元42並會 通知密碼產生及記錄單元43發送一交易用的隨機密碼45, 供給第二階段認證9使用。 藉由上述第一階段認證7的程序,即透過由金融資料 認證中心2與通訊資料認證中心3進行雙重認證方式,將 可有效防止消費者10的身份被冒用或基本資料8在網路交 易過程中被竊取或盜用。 第二階段認證9 : 使用者10的基本資料8在通過上述第一階段認證7而 產生密碼45之後,即可藉由交易認證系統4將該密碼45 轉交至下列種可以各自單獨實施的通訊網路内,以便進行 1258969 第二階段認證9 ·· · 方式^^ :交易認證糸統4可透過已在上达弟"^階段5忍 證7過程中通過認證的第一通訊網路5,而將密碼45傳送 並顯示在消費端1的第一管道通訊設備11上(如圖三所 示);隨後,消費者10可以使用有線電話、行動或衛星等無 線電話的任一種作為第二管道通訊設備12,撥打於先前基 本資料8内已輸入並通過認證之通訊資料83中的電話號 碼,並透過一種自動應答系統(Auto Calling System,ACS) 作為第二通訊網路6,將密碼45回報至交易認證系統4的 春 密碼比對單元44内進行比對;當密碼45與先前密碼產生 及記錄單元43所發送的隨機密碼45不相同時,交易認證 系統4即會立即取消交易46,或通知消費者10應重新進行 交易;當密碼比對單元44比對的密馬45完全正確時,即 通過第二階段認證9,以順利且安全的完成交易47。 方式二:交易認證系統4可使用另一種透過IVR的自 動回應系統(Auto Response System,ARS)作為第二通訊網 路6(如圖四所示),在通過第一階段認證7而產生密碼45 鲁 時,即自動撥打先前基本資料8中已通過認證之通訊資料 83中的電話號碼,並透過語音方式,將密碼45傳送至消費 者10所使用的弟^一管道通訊設備12内,包括可以使用有 線電活、行動或爾星等無線電話的任一種作為第二管道通 訊設備12來接收該密碼45 ;隨後,消費者1〇可以使用第 一管道通訊設備11來輸入該密碼45,並透過先前已通過認 證的第一通訊網路5,而將密碼45回傳至密碼比對單元44 12 1258969 内進行比對,以辨識是否順利完成交易47 ◦ · 上述方式二中,也可以使用簡訊發報系統(Short Message System, SMS)或多媒體簡訊服務(Multi Media Service,MMS)來作為第二通訊網路6,用以自動撥打先前基 本資料8中已通過認證之通訊資料83中的電話號碼,並透 過簡訊方式,將密碼45傳送至消費者10所使用的第二管 道通訊設備12内;在此方式下,消費者10必須使用行動 或衛星等無線電話、呼叫器、PDA或股票機等任一種作為 第二管道通訊設備12,才可接收由簡訊所通報的密碼45 ; · 隨後,消費者10並可使用與上述方式二相同的第一管道通 訊設備11以及第一通訊網路5,而將密碼45回傳至密碼比 對單元44内進行比對。 藉由上述第一階段認證7與第二階段認證9之程序, 除了可以對消費者的基本資料進行雙重認證之外,也可以 透過相異通訊網路及其設備來進行嚴密的密碼比對作業, 已可有效防止消費者的網路銀行帳號被盜用,並效降低信 用卡被盜刷的風險;是以,本發明確實具備有提昇網路金 * 融交易之安全性,且本發明前述交易程序重未見坊間公開 或思及,故已符合新穎、進步之要件。 綜合上述實施方式之說明,相信已詳加揭示出本發明 裝置體的完整技術内容,但本發明並不局限於此,舉凡依 據上述以及后述申請專利範圍等内容而作出簡略修飾的等 效技術均應隸屬於本發明之應用範疇,並予陳明。 【圖式簡單說明】 13 1258969 圖一:揭示出本發明的架構方塊圖,說明將一交易認 · 證系統架構於消費端、金融資料認證中心與通訊資料認證 中心之間,並使用第一通訊網路與第二通訊網路進行連結。 圖,一 ·揭不出本勒明執行弟一階段認證的程序方塊 圖,說明消費端可透過第一管道通訊設備、第一通訊網路 以及交易認證系統,而將基本資料傳送至金融業者與通訊 業者的資料認證中心内,進行雙重認證及產生交易密碼的 程序。 圖三:揭示出本發明執行第一種方式之第二階段認證 _ 的程序方塊圖,說明第一階段認證產生之密碼,可透過第 一通訊網路與第一管道通訊設備傳送給消費者,消費者並 透過第二管道通訊設備與第二通訊網路,而將密碼回報至 交易認證糸統内進行比對的程序。 圖四:揭示出本發明執行第二種方式之第二階段認證 的程序方塊圖,說明第一階段認證後產生之密碼’可透過 第二通訊網路、第二管道通訊設備傳送給消費者,消費者 並透過第一管道通訊設備與第一通訊網路,而將密碼回報 _ 至交易認證系統内進行比對的程序。 【主要元件符號說明】 1...... …消費端 10—一消費者 11—— —第管道通訊設備 12_______第二管道通訊設備 2...... …金融資料認證中心 3-------通訊資料認證中心 4------ …認證系統 40、46…取消交易 41----- —認證資料處理及分流中心 14 1258969 42———認證結果處理單元 43-------密碼產生暨記錄單元 44—— ——岔碼比對單元 45—— …密碼 47…- -完成父易 5 -… …-第一通訊網路 6…- -…第二通訊網路 7 -… -…第一階段認證 8…痛 -…基本資料 81 — 一一金融消費資料 82…-9 •…身分資料 一一第二階段認證 83…· —通说資料b. When the consumer 1 uses the mobile Internet, WAP, GPRS, 3G or 4G as the first pipeline communication device 11, it can be connected to the transaction authentication system 4 via the wireless network as the first communication network 5; or, c. When the consumer terminal 1 uses a set top box, a digital television or other external communication terminal as the first communication device 11, it can also be connected to the first communication network 5 through a wired or wireless network. Transaction certification system 4. The consumer 10 or the merchant user of the consumer 1 has a basic information 8 of the consumer 10 at the time of the transaction, and includes the private financial consumption data 81 and the identity data 82 used in connection with the financial industry, and also includes The personal communication data 83 and identity data used by the communication industry. The financial information certification center 2 has the ability to verify the consumer 10 private financial consumption data 81 and the identity information 82, including verifying the financial or credit card number and the limited year and month, the bank account number, the registered password, the identity card number, and the identity. The ability to password or personal digital certificate number. The communication data authentication center 3 has the ability to verify the consumer 10 private communication data 83 and the identity data 82, including verifying the wired telephone, the wireless telephone (ie, mobile or satellite telephone), the identity card number, the identity code, or the personal digital certificate number. Ability. The consumer 10 can also store the part or all of the basic data 8 that can be verified by the card reader into an object recorded by electromagnetic (such as a magnetic strip) or a digital storage device (such as a wafer card) through a card reader. The basic data is transmitted to the 1258969 Easy Certification System 4 through the terminal communication device of the consumer 1 and the first communication network 5. The transaction authentication system 4 includes at least one authentication data processing and distribution center 41, a certificate result processing unit 42, a password generation and recording unit 43, and another password comparison unit 44. The second communication network 6 connected to the transaction authentication system 4 described above can be classified according to the type of the second pipeline communication device 12 used by the consumer 10 as follows: a_When the consumer uses the wired or wireless telephone as the second conduit When the communication device 12 is used, an automatic answering system (Aut〇 Calling System) can be used as the second communication network 6 to facilitate communication between the transaction authentication system 4 and the consumer 10. b. When the consumer uses the wired or wireless telephone as the second pipeline communication device 12, the IVR can be used in conjunction with the Auto Response System (ARS) as the second communication network 6 to facilitate the transaction authentication system 4 and consumption. 10 constitute a communication link. c. When a consumer uses a wireless telephone, pager, PDA or stock machine as the second conduit communication device 12, it can also be used with a Short Message System (SMS) or a multimedia service (Multimedia Service, MMS). As the second communication network 6, a communication link is formed between the transaction authentication system 4 and the consumer. According to the above architecture, the present invention can perform the following security authentication procedures: First stage authentication 7: When the consumer 10 consumes, the first pipeline communication device 11 of the consumer 1 can be used to input the basic data 8 (as shown in Fig. 2). And transmitting the basic data 8 of the consumer 10 to the authentication data processing and distribution center 41 for classification through the first access 10 1258969 network 5 to the authentication data processing and distribution center 41 of the transaction authentication system 4; At this moment, the consumer's financial consumption data 81 and the identity data 82 will be transmitted to the financial information certification center 2, and the communication data 83 and the identity data 82 of the consumer 10 will be transmitted to the communication data certification center 3, Two different units, such as the Financial Data Certification Center 2 and the Information Certification Center 3, each perform the inspection and certification of the basic information 8 for financial use or communication by the consumer, and then transmit the result to the transaction authentication system 4. The identification result processing unit 42 performs identification; when the recognition result is displayed > the basic information 8 of the Xiao Fei 10 is in the financial information authentication center 2 or the communication data authentication center 3 If the authentication process is incorrect, the transaction authentication system 4 will immediately cancel the transaction 40, or notify the consumer 1 that the basic data 8 should be re-entered; when the identification result shows that the basic information 8 of the consumer 10 is completely correct, The one-stage authentication 7, the authentication result processing unit 42 notifies the password generation and recording unit 43 to send a random password 45 for the transaction, which is supplied to the second-stage authentication 9. By the above-mentioned first-stage certification 7 procedure, that is, through the two-factor authentication method by the financial information certification center 2 and the communication material certification center 3, it is possible to effectively prevent the identity of the consumer 10 from being fraudulently used or the basic data 8 in the online transaction. It was stolen or stolen during the process. The second stage of authentication 9: The basic information 8 of the user 10 can be transferred to the following communication network which can be separately implemented by the transaction authentication system 4 after the password 45 is generated by the first stage authentication 7 described above. Inside, in order to carry out the 1258969 second stage certification 9 · · · Way ^^: The transaction authentication system 4 can pass the first communication network 5 that has been certified in the process of the last time The password 45 is transmitted and displayed on the first pipe communication device 11 of the consumer 1 (as shown in FIG. 3); subsequently, the consumer 10 can use any one of the wireless phones such as a wired phone, an action or a satellite as the second pipe communication device. 12. Calling the telephone number in the communication data 83 that has been entered and authenticated in the previous basic data 8 and returning the password 45 to the transaction authentication through an automatic communication system (ACS) as the second communication network 6. The spring password comparison unit 44 of the system 4 compares; when the password 45 is different from the random password 45 sent by the previous password generation and recording unit 43, the transaction authentication system 4 46 immediately cancel the transaction, or 10 should be re-notify the consumer transactions; horse when encrypted password comparison unit 44 entirely correct than 45, i.e., authentication by the second stage 9, in order to successfully complete the transaction 47 and secure. Method 2: The transaction authentication system 4 can use another Auto Response System (ARS) through the IVR as the second communication network 6 (as shown in FIG. 4), and generate a password 45 through the first stage authentication 7 At that time, the telephone number in the authenticated communication material 83 in the previous basic data 8 is automatically dialed, and the password 45 is transmitted to the peer communication device 12 used by the consumer 10 by voice, including the use. Any one of the wireless telephones, such as a wired live, mobile or satellite, receives the password 45 as a second conduit communication device 12; subsequently, the consumer 1 can use the first conduit communication device 11 to enter the password 45 and pass the previous The authenticated first communication network 5 is passed, and the password 45 is transmitted back to the password comparison unit 44 12 1258969 to identify whether the transaction is successfully completed. 47 ◦ In the above manner 2, the short message transmission system can also be used ( Short Message System (SMS) or Multimedia Media Service (MMS) is used as the second communication network 6 to automatically dial the previous basic data 8 The password 45 is transmitted to the second pipeline communication device 12 used by the consumer 10 through the telephone number in the authenticated communication material 83, and in this manner, the consumer 10 must use wireless such as mobile or satellite. Any one of the telephone, pager, PDA or stock machine as the second pipeline communication device 12 can receive the password 45 notified by the short message; · Subsequently, the consumer 10 can use the same first pipe communication as the above method 2 The device 11 and the first communication network 5 pass the password 45 back to the password comparison unit 44 for comparison. Through the above-mentioned procedures of the first stage certification 7 and the second stage certification 9, in addition to the two-factor authentication of the basic data of the consumer, the strict communication comparison operation can also be performed through the different communication network and its equipment. It has effectively prevented the consumer's online banking account from being stolen, and reduced the risk of the credit card being stolen; therefore, the present invention does have the security of improving the online financial transaction, and the aforementioned transaction procedure of the present invention is heavy. It has not been seen or discussed in the market, so it has met the requirements of novelty and progress. In view of the above description of the embodiments, it is believed that the complete technical content of the device body of the present invention has been disclosed in detail, but the present invention is not limited thereto, and equivalent techniques are briefly modified based on the above-mentioned and the scope of the patent application described later. All should be subject to the application of the invention, and will be given to Chen Ming. [Simple description of the schema] 13 1258969 Figure 1: Revealing the architecture block diagram of the present invention, illustrating a transaction authentication system architecture between the consumer terminal, the financial data certification center and the communication data authentication center, and using the first communication network The road is connected to the second communication network. Figure, I. Uncover the block diagram of the first-stage certification of Ben Liming's executive brother, indicating that the consumer can transmit basic information to the financial industry and communication through the first pipeline communication device, the first communication network and the transaction authentication system. In the data certification center of the industry, a process of double authentication and generation of a transaction password is performed. Figure 3: Revealing the program block diagram of the second stage certification of the first mode of the present invention, illustrating that the password generated by the first stage authentication can be transmitted to the consumer through the first communication network and the first pipeline communication device, and consumes And through the second pipeline communication device and the second communication network, the password is returned to the transaction authentication system for comparison. Figure 4: Revealing the block diagram of the second stage of the second mode of the present invention, illustrating that the password generated after the first stage of authentication can be transmitted to the consumer through the second communication network and the second pipeline communication device. And through the first pipeline communication device and the first communication network, the password is returned to the transaction authentication system for comparison. [Description of main component symbols] 1...... ... consumer end 10 - a consumer 11 - - pipe communication equipment 12_______ second pipeline communication equipment 2 ... ... Financial Information Certification Center 3 ------Communication Information Certification Center 4------ ...Authentication System 40, 46... Cancellation of Transaction 41------Authentication Data Processing and Distribution Center 14 1258969 42—Authorization Result Processing Unit 43 ------- password generation and recording unit 44 - - weight comparison unit 45 - ... password 47 ... - - complete the father easy 5 - ... - first communication network 6 ... - - ... second Communication network 7 -... -...First stage certification 8...pain-...Basic information 81 - One financial consumption data 82...-9 •...Identity data one-stage second stage certification 83...·-General information
1515