WO2012139350A1 - Procédé et système permettant de vérifier l'identité d'un agent économique sur un dab - Google Patents

Procédé et système permettant de vérifier l'identité d'un agent économique sur un dab Download PDF

Info

Publication number
WO2012139350A1
WO2012139350A1 PCT/CN2011/078433 CN2011078433W WO2012139350A1 WO 2012139350 A1 WO2012139350 A1 WO 2012139350A1 CN 2011078433 W CN2011078433 W CN 2011078433W WO 2012139350 A1 WO2012139350 A1 WO 2012139350A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication code
information
bank card
mobile terminal
atm machine
Prior art date
Application number
PCT/CN2011/078433
Other languages
English (en)
Chinese (zh)
Inventor
冯林
Original Assignee
新宝电子科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 新宝电子科技有限公司 filed Critical 新宝电子科技有限公司
Priority to CN201180069964.6A priority Critical patent/CN103503038A/zh
Publication of WO2012139350A1 publication Critical patent/WO2012139350A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • G06Q20/3255Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/108Remote banking, e.g. home banking
    • G06Q20/1085Remote banking, e.g. home banking involving automatic teller machines [ATMs]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the invention belongs to the technical field of financial transaction security, and relates to a method and system for verifying the identity of a trader on an ATM machine.
  • the user In the current use of the ATM machine, the user first inserts the bank card into the ATM machine, and then enters the password according to the screen on the ATM machine. When inputting the password, the user must input through the keyboard on the ATM machine or the password input device on the touch screen. After the password verification is passed, the financial operations such as withdrawal and transfer can be performed. Therefore, if a criminal wants to impersonate a legitimate user for a withdrawal business, he must first know the bank card information of the legitimate user and the password of the bank card. Install the card reader on the ATM or the access control system to obtain the bank card information, and then copy the bank card and obtain the password of the bank card by installing the camera or password recorder, so that the legitimate user can easily steal the money and give it away. The user of the card brings property damage.
  • the Chinese patent application number: 200610028515.8 provides a system for realizing the withdrawal or payment by using the mobile terminal.
  • the method includes the following steps: binding a specific bank card to a specific mobile phone number; displaying, on the financial terminal, terminal service information; the user directly dialing the feature code by using the mobile phone, and may also send the short message; The information is sent to the financial server; the financial server finds that the bank card information corresponding to the mobile phone number is transmitted to the financial terminal where the user is located; after the user inputs the password and identifies it, the financial operation is performed.
  • the techniques described in this patent for the use of mobile terminals for withdrawal or payment have the following drawbacks:
  • the feature code is displayed on the display of the ATM machine.
  • the display of the ATM machine will be blocked, causing the waiting person to see the feature code.
  • the operation of inputting the feature code on the mobile terminal in advance if the mobile phone is used to operate when it is arranged for the financial transaction, obviously makes the whole operation slower, and increases the time that other people wait in line for withdrawal. .
  • the feature code is printed on the wall above the display, there is a possibility that it will be modified by the criminals.
  • the financial terminal is located by the feature code, but the user's legal identity cannot be accurately determined because there are many users operating on a financial terminal, if the user is operating the financial terminal Before entering the feature code through the mobile phone, and just before the user is a criminal, he knows the user's bank card password in advance, so it is easy to impersonate the user to withdraw money.
  • the Chinese invention patent with the patent application number: 201010116443.9 also discloses an ATM-based authentication method and system.
  • the ATM-based authentication method includes: receiving user input including a signed mobile phone number, an authentication code, a withdrawal amount, and a transaction password.
  • the reservation withdrawal request is obtained, and the reservation information including the bank card number, the authentication code, the withdrawal amount, and the transaction password is obtained from the mobile banking bank according to the contracted mobile phone number; the received reservation withdrawal request is authenticated according to the obtained reservation withdrawal information, to be authenticated
  • the same amount of money as the withdrawal amount in the reservation withdrawal request is output.
  • the Chinese invention patent of CN10763692 A discloses a system for inputting the password of the ATM machine.
  • the user connects with the ATM machine through the transmitting device on his mobile phone, and uses the input on the mobile phone.
  • the device replaces the input device originally set on the ATM machine, so as to avoid the password being recorded by the camera or the fake keyboard.
  • the mobile phone The invention comprises a transmitting unit, the transmitting unit is a transmitting module using short-distance transmission technology, the ATM device comprises a receiving unit, and the receiving unit is a receiving module using short-distance transmission technology, and is configured to receive a personal password transmitted by the transmitting module, a transmitting unit and a receiving unit.
  • the two Bluetooth modules need to be paired when establishing the communication link, only the two parties can know the pairing password. If the default does not require a pairing password, the pairing is successful, which obviously increases the risk of trading. At the same time, it will give the criminals a chance, and the criminals can also enter the password by pairing with the ATM module of the ATM.
  • the object of the present invention is to solve the above technical problem, and to provide a new method and system for verifying the identity of a trader on an ATM machine.
  • the present invention uses a mobile terminal to obtain a withdrawal password of a bank card, and the withdrawal is made by a short message.
  • the password is sent to the server, and the server sends the authentication code after the verification is passed.
  • the ATM sends the authentication code input by the user to the server for verification, and the user input is viewed. Whether the authentication code is the same as the authentication code sent by the server to the mobile terminal. If the authentication code is correct, the authentication code is correct, and the information of the bank card inserted by the user is verified, and it is verified whether the card information is tied to the SIM card of the mobile terminal.
  • the bank card information is the same. If the same, the cashier is considered to be legal and allowed to enter the next trading operation.
  • the invention has high safety, simple method, simple user operation and wide application range.
  • the invention provides a method for verifying the identity of a trader on an ATM machine, characterized in that the method comprises:
  • the ATM machine obtains the bank card information inserted by the user and the authentication code information input by the user, and sends the bank card information and the authentication code information to the server for verification;
  • the operator is sent an order for the trader to pass the authentication.
  • the authentication code sent to the mobile terminal is a dynamic authentication code randomly selected from the authentication code database, and the authentication code is invalidated after being verified correctly.
  • the method further includes:
  • the method further includes:
  • the mobile terminal When it is verified that the transaction password is different from the transaction password corresponding to the bank card, the mobile terminal sends the message information with the wrong transaction password to the mobile terminal, and sends the identity to the mobile terminal when the transaction password verification error is consecutively repeated for a certain period of time. Verify the aborted message information and stop extracting the transaction password information contained in the verification message.
  • the method further includes:
  • the packet information of the authentication code error is sent to the ATM machine, and when the authentication code verification error is consecutively repeated for a certain period of time, Send the message information of the authentication suspension to the ATM machine, and stop verifying the authentication code sent by the ATM machine.
  • the method further includes:
  • the invention further provides a system for verifying the identity of a trader on an ATM machine, characterized in that the system comprises:
  • a mobile terminal configured to acquire a verification short message including transaction password information and send the verification short message to the server;
  • the server includes:
  • a storage device configured to store mobile terminal card number information and bank card information, wherein the card number information of the mobile terminal and the card number information of the bank card are in one-to-one correspondence;
  • a reading device configured to read the bank card information corresponding to the card number information of the mobile terminal that sends the verification short message
  • a transaction password verification device configured to extract transaction password information included in the verification short message and verify whether the transaction password is the same as the transaction password corresponding to the bank card;
  • An authentication code generating and transmitting device after the transaction password is verified correctly, an authentication code is randomly selected in the server authentication code database, and the authentication code is sent to the mobile terminal;
  • the ATM machine is configured to obtain the bank card information inserted by the user, and the bank card information and the authentication code information are sent to the server for verification;
  • the server further includes an authentication code verification device, configured to verify whether the authentication code sent by the ATM machine is the same as the authentication code generated by the authentication code generating device and corresponding to the bank card information;
  • the server sends the trader identity verification to the ATM machine.
  • the system further includes a cache device for storing the authentication corresponding to the card number information of the bank card.
  • the code information, the authentication code information and the card number information of the bank card are in one-to-one correspondence.
  • the system also includes:
  • a timing device configured to calculate a time interval for sending an authentication code to the mobile terminal and receiving an authentication code sent by the ATM
  • An analysis determining device configured to determine whether the time interval exceeds a set threshold
  • the server sends an instruction to the ATM to fail the trader identity verification and the authentication code expires;
  • the server sends an instruction to the ATM to pass the trader's authentication.
  • the system also includes:
  • the counting device is configured to calculate the number of consecutive verifications of the transaction password and the authentication code error within a certain period of time, and after continuously verifying that the number of transaction password errors exceeds a certain threshold within a certain period of time, the server suspends the holding The bank card trader performs authentication.
  • the timing device is further configured to calculate a time when the server stops the identity verification of the trader holding the bank card, and when the time for stopping the identity verification of the trader holding the bank card is greater than a certain threshold, the time is released. Suspension of the identity of the trader holding the bank card.
  • the invention sends the transaction password through the mobile terminal, and then sends the authentication code through the ATM machine, and makes the authentication code and the transaction password correspond to the bank card number and the mobile terminal card number respectively, and the bank card information corresponds to the card number information of the mobile terminal. , to make the identity of the trader in the transaction process, and improve the security of the transaction.
  • the transaction password is sent through the mobile terminal, avoiding sneak peeks or illegal interception
  • the transaction password, and the authentication code sent by the server to the mobile terminal is a dynamic authentication code that is randomly sent. Even if it is sneaked or illegally intercepted by the criminals, it will not bring unsafe factors to the bank account.
  • the authentication code is random and dynamic.
  • the authentication code is automatically invalidated after being used once, and only valid for a certain period of time, exceeding a certain limit. Time is invalid and has a very high security compared to a fixed transaction password.
  • the user can send alarm information to the server in a clever and concealed way to verify the identity of the trader when the user encounters violent coercion, so that the police can track and protect the bank account in time, avoiding the user.
  • the problem of the account being coerced and withdrawn appears, and at the same time it can play a very good blow and threat to the criminals, improving the security of the user's account.
  • Embodiment 1 is a flowchart of a method according to Embodiment 1 of the present invention.
  • Embodiment 1 of the present invention is a block diagram showing the system structure of Embodiment 1 of the present invention.
  • FIG. 3 is a flowchart of a method according to Embodiment 2 of the present invention.
  • FIG. 4 is a block diagram showing the structure of a system according to Embodiment 2 of the present invention.
  • Figure 5 is a flowchart of a method according to Embodiment 3 of the present invention.
  • Figure 6 is a structural diagram of a system according to Embodiment 3 of the present invention.
  • the present invention provides a method and system for verifying the identity of a trader on an ATM machine.
  • the mobile terminal sends the transaction password through the mobile terminal, and then sends the authentication code through the ATM machine, and the authentication code and the transaction password respectively correspond to the bank card number and the mobile terminal card number, and the bank card information corresponds to the card number information of the mobile terminal. It makes the identity of the trader double-certified during the transaction process, which improves the security of the transaction.
  • the embodiment provides a method for verifying the identity of a trader on an ATM machine, and the method includes the following steps:
  • the step is specifically as follows: Before the user withdraws money from the ATM machine, the mobile terminal (for example, a mobile phone) sends a verification message of the transaction password to the server in advance.
  • the transaction password can be sent to the server of the Industrial and Commercial Bank of China: 457523, and the mobile phone number can be "13510617608".
  • the mobile phone is writing the text message "QK#457523#” (QK is the initial letter of the pinyin of the withdrawal) sent to "955881000”
  • the transaction password "457523” is set after the user manually authenticates the ICBC counter.
  • the legal transaction password the user can only be verified by the bank's server after sending the message containing the content of the correct transaction password.
  • the step is specifically: sending a short message sent by the mobile phone to obtain the card number information of the SIM card registered for the mobile terminal.
  • the short message server can know that the mobile phone number is 13510617608.
  • S13 Obtain bank card information bound to a card number of the mobile terminal;
  • the step is specifically as follows:
  • the mobile phone number "13510617608" is manually set in the bank counter, and the mobile phone number is bound to the bank card with the card number: "6240993233994435", and the mobile phone number can be used to query the mobile phone number.
  • the bank card number can also be queried by the bank card number to the mobile phone number corresponding to the bank card number.
  • a mobile phone number can be bound to a bank card number, and a mobile phone number can be bound to a bank card of multiple banks. .
  • the difference is which bank's bank card can send the SMS party's number by sending it.
  • the short message server After obtaining the mobile phone number, the short message server searches for the card number information of the bank card corresponding to the mobile phone number in the database. If the card number information of the bank card corresponding to the mobile phone number is not found in the database, it indicates that the user does not have the advance Bind the mobile phone card to the bank card, and terminate the verification of the identity of the trader.
  • the step is specifically as follows: The mobile phone sends the short message to the short message server in the mobile communication network, and the short message server extracts the transaction password "457523" in the short message content "QK#457523#” and sends the transaction password to the financial server for verification.
  • S15 Verify that the transaction password is the same as the transaction password corresponding to the bank card; the step is specifically: sending a transaction password "457523" sent by the mobile phone and finding the bank card number and the bank card stored in the financial server by using the mobile phone card number The card number is compared with the transaction password corresponding to the bank card number. If the transaction password of the same bank card number is the same, it indicates that the transaction password is verified correctly. If the transaction password of the same bank card number is not the same, the transaction password is incorrect. At this time, the verification of the identity of the trader is suspended and a short message reminder of the transaction password is sent to the mobile phone. The user will send a verification message to the server through the mobile phone again.
  • the server continues to verify whether the transaction password sent by the user's mobile phone is correct. For example, if the transaction password of the same bank card is incorrectly verified three times in one day, the transaction password verification of the bank card is suspended for 24 hours. And send the transaction password verification to the mobile phone Short message.
  • S151 Sending, to the mobile terminal, the message information of the transaction password error when the transaction password is incorrect; the step is specifically: after the financial server verifies the transaction password error, sending the card number of the mobile phone card corresponding to the bank card to the short message server, by using the short message The server sends a short message with the wrong transaction password to the mobile phone.
  • S152 Send an authentication code to the mobile terminal after the transaction password is verified correctly.
  • the step is specifically: after the financial server verifies that the transaction password is correct, a dynamic authentication code is randomly extracted from the authentication code database and sent to the mobile phone corresponding to the bank card through the short message server.
  • S16 the ATM machine obtains the bank card information inserted by the user and the authentication code information input by the user, and sends the bank card information and the authentication code information to the server for verification;
  • the step is specifically: after the user's mobile phone receives the authentication code sent by the short message server, after the user inserts the bank card, the ATM machine obtains the information of the bank card through the card reader, and transmits the information of the bank card to the financial server through the Internet.
  • the financial server analyzes the information of the bank card, and determines whether the bank card is bound to the mobile phone. If the bank card is bound to the mobile phone, the legal identity of the user is verified by the authentication code by default, if the bank card is not bound.
  • the mobile phone by default, verifies the legal identity of the user through the transaction password.
  • the ATM machine sends an instruction to authenticate the user legally through the authentication code, the ATM machine.
  • the screen displays the authentication code input window. The user inputs the authentication code into the authentication code input window through the keyboard of the ATM machine.
  • the ATM machine obtains the authentication code input by the user, and sends the authentication code information to the financial server for verification.
  • the step is specifically as follows: by using the mobile phone card number corresponding to the bank card, and then by the card number of the mobile phone card
  • the short message server searches for the authentication code sent to the mobile phone.
  • the step is specifically: comparing the authentication code sent by the ATM machine with the authentication code sent by the short message server to the mobile phone, and determining whether the authentication code sent by the ATM machine is the same as the authentication code corresponding to the bank card information, if both If the authentication code is the same, the authentication code sent by the ATM is considered to be the correct authentication code. If the authentication codes of the two are not the same, the authentication code sent by the ATM is considered to be the error verification code.
  • an instruction for the trader identity verification is sent to the ATM machine.
  • the step is specifically as follows: when the authentication code is verified correctly, the correct instruction of the authentication code is sent to the ATM machine. At this time, the entire process of verifying the identity of the trader is completed, and after the authentication code and the transaction password are correct, the trader is judged to be qualified. The user is allowed to enter the next transaction operation. When the user needs to withdraw money, the user inputs the withdrawal amount instruction, and sends it to the financial server to analyze whether the withdrawal amount is allowed. If the withdrawal amount is allowed, the ATM machine outputs. cash.
  • the packet information with the authentication code error is sent to the ATM.
  • the step is specifically: when verifying that the authentication code sent by the ATM machine is different from the authentication code corresponding to the bank card information, sending the packet information with the authentication code error to the ATM machine, and the user can be allowed to input again through the ATM machine.
  • the authentication code when the ATM machine obtains the authentication code input by the user again, sends it to the financial server for analysis again, and determines whether the authentication code is correct again. If the user enters the authentication code three times in a day, the authentication code is aborted.
  • this embodiment also provides a method for verifying the identity of a trader on an ATM machine.
  • the system includes:
  • the mobile terminal 1 is configured to acquire a verification short message including the transaction password information and send the verification short message to the server;
  • Server 2 includes:
  • a storage device 21 configured to store mobile terminal card number information and bank card information, wherein the card number information of the mobile terminal and the card number information of the bank card are in one-to-one correspondence;
  • the reading device 22 is configured to read bank card information corresponding to the card number information of the mobile terminal that sends the verification short message;
  • the transaction password verification device 23 is configured to extract transaction password information included in the verification short message and verify whether the transaction password is the same as the transaction password corresponding to the bank card;
  • the authentication code generating and transmitting device 24 after the transaction password verification is correct, the server authentication code database randomly extracts an authentication code, and sends the authentication code to the mobile terminal;
  • the ATM machine 3 is configured to obtain the bank card information inserted by the user, and the bank card information and the authentication code information are sent to the server for verification;
  • the server further includes an authentication code verification device 25, configured to verify whether the authentication code sent by the ATM machine is the same as the authentication code generated by the authentication code generating and transmitting device and corresponding to the bank card information;
  • the server After the authentication code is verified correctly, the server sends the trader identity verification to the ATM machine.
  • the server further includes a counting device 26 for calculating the number of times the transaction password and the authentication code are continuously verified within a certain period of time. After continuously verifying that the number of transaction password errors exceeds a certain threshold within a certain period of time, the server suspends the identity verification of the trader holding the bank card.
  • the mobile terminal 1 is further configured to receive an authentication code sent by a server.
  • this embodiment provides another method for verifying the identity of a trader on an ATM machine, and the method includes the following steps:
  • S25 Verify that the transaction password is the same as the transaction password corresponding to the bank card; S251: Send the transaction password error message information to the mobile terminal when the transaction password is incorrect; S252: After the transaction password verification is correct, move to the mobile The terminal sends an authentication code;
  • the step is specifically: when the server sends the authentication code to the mobile terminal, the time when the authentication code is sent is calculated. Of course, sometimes the time when the server sends the authentication code to the mobile terminal is received by the mobile terminal due to the delay of receiving the short message. There is a large interval at the moment of the authentication code. At this time, it is determined that the mobile terminal receives the short message including the authentication code.
  • the ATM machine obtains the bank card information inserted by the user and the authentication code information input by the user, and sends the bank card information and the authentication code information to the server for verification;
  • the step is specifically: when the server receives the authentication code sent by the ATM machine, the service is recorded. The moment when the device receives the authentication code.
  • S29 Calculate a time interval between sending an authentication code to the mobile terminal and receiving an authentication code sent by the ATM.
  • the step is specifically as follows: If the time interval between sending the authentication code from the server to the mobile terminal to the authentication code sent by the ATM machine is 1 hour, when the time interval between the two is more than 1 hour, the authentication code is determined. If the authentication code corresponding to the bank card is deleted from the server, the authentication code sent by the ATM is determined to be an illegal authentication code, and the transaction is determined. Is authentication failed. At this time, the server sends the result of the authentication code verification failure to the ATM machine that is performing the transaction processing, and the reason why the authentication code verification fails: The authentication code input timeout prompt.
  • S311 After the authentication code is verified correctly, an instruction for the trader identity verification is sent to the ATM machine.
  • S312 When the authentication code is incorrectly verified, the packet information with the authentication code error is sent to the ATM.
  • the embodiment provides another system for verifying the identity of a trader on an ATM.
  • the server 2 of the system further includes:
  • the cache device 27 is configured to store the authentication code information corresponding to the card number information of the bank card,
  • the authentication code information is in one-to-one correspondence with the card number information of the bank card;
  • a timing device 28 configured to calculate a time interval for sending an authentication code to the mobile terminal and receiving an authentication code sent by the ATM;
  • the analyzing and judging device 29 is configured to determine whether the time interval exceeds a set threshold; when the time interval exceeds a set threshold, the server sends an instruction to the ATM machine that the trader identity verification fails and the authentication code times out ;
  • the server sends an instruction to the ATM to pass the trader's authentication.
  • the timing device 28 is further configured to calculate a time period in which the authentication code information corresponding to the bank card number information stored in the cache device exists, and when the time when the authentication code exists exceeds the same time threshold as the time interval, Then, the authentication code information stored in the cache device is deleted.
  • the embodiment further provides a method for using the system to perform an alarm. Specifically, as shown in FIG. 5, the method includes:
  • the step is specifically as follows:
  • the server monitors that the transaction password sent by the mobile terminal is an alarm code preset by the user, the user may encounter a dangerous situation such as kidnapping or coercion, and the transaction behavior of the bank card needs to be monitored to prevent the user from being prevented.
  • the deposit is forcibly taken away, but cannot be discovered in time.
  • the user is in an unsafe state due to the kidnapping or coercion.
  • the server also sends an authentication code to the mobile terminal, which not only alarms. The role does not prevent the criminals from discovering that their wrongdoing has been monitored.
  • S4611 sending, when the transaction password is incorrect, the message information of the transaction password error to the mobile terminal;
  • S4612 Send the authentication code to the mobile terminal after the transaction password is verified correctly
  • S48 the ATM machine obtains the bank card information inserted by the user and the authentication code information input by the user, and sends the bank card information and the authentication code information to the server for verification;
  • S49 Acquire a location of the ATM machine that sends the monitored bank card information, and send the location information of the ATM machine to the public security alarm system;
  • the step is specifically: when the ATM machine sends the bank card information inserted by the user to the financial server, the server detects whether the bank card is in a monitored state, and if the bank card is in the monitored state, it will find out and send the
  • the code information of the ATM machine of the bank card information can be used to find the location of the ATM machine through the coded information of the ATM machine. After transmitting the location information of the ATM machine to the public security alarm system, it is easy to arrest and field the criminals. Tracking. Whether the bank card is not a monitored bank card, the steps of Embodiment 2 are followed. Doing this The advantage is that the criminals are always in a hidden state of being monitored and tracked. Combined with the video surveillance system in the public security alarm system, it is easy to track the whereabouts of criminals, which can protect users and play well. Fight against the purpose of criminals.
  • the remaining steps include:
  • S51 Calculate a time interval between sending an authentication code to the mobile terminal and receiving an authentication code sent by the ATM.
  • the server of the system for verifying the identity of the trader on the ATM machine in this embodiment further includes, as shown in FIG. 6, as shown in FIG. 6:
  • the bank card monitoring device 30 is configured to start monitoring the bank card when the transaction password is an alarm code preset by the user;
  • the alarm device 31 is configured to acquire the location of the ATM machine that sends the monitored bank card information and send the location information of the ATM machine to the public security alarm system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Signal Processing (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé et un système permettant de vérifier l'identité d'un agent économique sur un DAB. Dans le procédé, un terminal mobile obtient le mot de passe de retrait d'une carte bancaire, et envoie celui-ci à un serveur au moyen d'un message court (S42), puis le serveur envoie un code d'authentification après réussite de la vérification, et un DAB envoie le code d'authentification entré par un utilisateur au serveur pour vérification afin de déterminer si oui ou non le code d'authentification entré par l'utilisateur est identique à celui envoyé par le serveur au terminal mobile; s'ils sont identiques, le code d'authentification est alors considéré comme correct, et au même moment, les informations concernant la carte bancaire insérée par l'utilisateur sont vérifiées de façon à vérifier si oui ou non les informations de la carte bancaire sont cohérentes avec les informations de la carte bancaire liées à la carte SIM du terminal mobile; si elles sont cohérentes, l'identité du préleveur est considérée comme légitime et celui-ci est autorisé à passer à l'étape opérationnelle suivante de la transaction. L'application de l'invention possède un niveau de sécurité élevé, un procédé simple et un fonctionnement utilisateur simple, et peut être largement utilisée.
PCT/CN2011/078433 2011-04-09 2011-08-15 Procédé et système permettant de vérifier l'identité d'un agent économique sur un dab WO2012139350A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201180069964.6A CN103503038A (zh) 2011-04-09 2011-08-15 一种对atm机上交易者身份进行验证的方法和系统

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110088168.9 2011-04-09
CN2011100881689A CN102368338A (zh) 2011-04-09 2011-04-09 一种对atm机上交易者身份进行验证的方法和系统

Publications (1)

Publication Number Publication Date
WO2012139350A1 true WO2012139350A1 (fr) 2012-10-18

Family

ID=45760899

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/078433 WO2012139350A1 (fr) 2011-04-09 2011-08-15 Procédé et système permettant de vérifier l'identité d'un agent économique sur un dab

Country Status (2)

Country Link
CN (2) CN102368338A (fr)
WO (1) WO2012139350A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103996252A (zh) * 2014-05-27 2014-08-20 网银在线(北京)科技有限公司 处理鉴权信息的方法和装置
CN105989484A (zh) * 2015-02-13 2016-10-05 阿里巴巴集团控股有限公司 一种密码重置方法和装置

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102402773A (zh) * 2011-12-14 2012-04-04 王筱雨 一种金融交易验证的方法和系统
WO2014043905A1 (fr) * 2012-09-22 2014-03-27 Feng Lin Procédé et système pour authentifier les informations d'identité de l'auteur d'une transaction gab à l'aide d'un smartphone
TW201419185A (zh) 2012-11-08 2014-05-16 Chien-Kang Yang 行動裝置、付款交易系統及付款交易方法
CN104113514B (zh) * 2013-04-19 2019-01-22 腾讯科技(深圳)有限公司 信息安全的处理方法和装置
WO2015110045A1 (fr) * 2014-01-27 2015-07-30 邵通 Dispositif, procédé et système destinés à cacher des données d'identification d'utilisateur
CN104077856B (zh) * 2014-07-07 2017-09-22 浙江维融电子科技股份有限公司 一种现金交易方法、装置及系统
US11966907B2 (en) * 2014-10-25 2024-04-23 Yoongnet Inc. System and method for mobile cross-authentication
CN105741102A (zh) * 2014-12-07 2016-07-06 联芯科技有限公司 取现系统及取现方法
CN104657850A (zh) * 2015-03-12 2015-05-27 张运泉 一种移动支付方法及移动支付系统
CN104702417A (zh) * 2015-04-03 2015-06-10 成都爱维科创科技有限公司 一种安全认证的系统和方法
CN104809810B (zh) * 2015-04-24 2017-08-29 深圳市怡化时代科技有限公司 一种用于检测银行磁条卡复制卡的方法及装置
CN107547206B (zh) * 2017-09-06 2020-08-28 广东小天才科技有限公司 一种用户身份的判断方法、系统及终端设备
CN107454111A (zh) * 2017-09-29 2017-12-08 南京中高知识产权股份有限公司 安全认证设备及其工作方法
CN107483504A (zh) * 2017-09-29 2017-12-15 南京中高知识产权股份有限公司 安全交易认证方法及系统
CN109637053B (zh) * 2018-11-08 2021-03-23 中电金融设备系统(深圳)有限公司 服务器、自助业务系统、业务处理方法和可读存储介质
CN110704823A (zh) * 2019-09-10 2020-01-17 平安科技(深圳)有限公司 数据请求方法、装置、存储介质及电子设备
CN111754232B (zh) * 2020-06-29 2023-11-28 上海通联金融服务有限公司 一种在非金融交易前对关键字段进行校验的控制方法
CN114023015A (zh) * 2021-11-04 2022-02-08 中国银行股份有限公司 一种业务处理方法、系统及装置

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1811830A (zh) * 2005-12-30 2006-08-02 中国工商银行股份有限公司 利用手机进行atm身份验证的系统及其方法
CN101236675A (zh) * 2008-01-30 2008-08-06 信雅达系统工程股份有限公司 一种借助于用户手机短信核验银行终端设备合法性的方法
JP2009276864A (ja) * 2008-05-13 2009-11-26 Hitachi Ltd 情報端末、および認証サーバ
JP2010066917A (ja) * 2008-09-09 2010-03-25 M & S Systems:Kk 個人認証システムおよび個人認証方法
CN101866518A (zh) * 2010-06-30 2010-10-20 宇龙计算机通信科技(深圳)有限公司 一种基于取款系统的现金提取方法、移动终端及系统
JP2011048689A (ja) * 2009-08-27 2011-03-10 Kyocera Corp 入力装置

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1435985A (zh) * 2002-01-30 2003-08-13 鸿联九五信息产业股份有限公司 动态密码安全系统及动态密码生成方法
JP4107580B2 (ja) * 2003-03-12 2008-06-25 株式会社三菱東京Ufj銀行 本人認証システム及び本人認証方法
US7415720B2 (en) * 2003-10-31 2008-08-19 Samsung Electronics Co., Ltd. User authentication system and method for controlling the same
CN100414866C (zh) * 2004-03-26 2008-08-27 西安海星现代科技股份有限公司 无令牌动态口令身份认证方法
CN101329785A (zh) * 2007-06-22 2008-12-24 周雪琴 安全的银行密码支付方法及系统
CN101140672A (zh) * 2007-10-23 2008-03-12 张师祝 一种对银行卡持卡者真实身份识别方法
JP2010009260A (ja) * 2008-06-26 2010-01-14 Hitachi Omron Terminal Solutions Corp 取引処理装置
TWI402775B (zh) * 2009-07-16 2013-07-21 Mxtran Inc 金融交易系統、自動櫃員機、與操作自動櫃員機的方法
CN101853545A (zh) * 2010-05-18 2010-10-06 汕头大学 银行交易终端的防盗方法与防盗系统
CN101968872A (zh) * 2010-09-03 2011-02-09 中国农业银行股份有限公司深圳市分行 一种金融安全交易方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1811830A (zh) * 2005-12-30 2006-08-02 中国工商银行股份有限公司 利用手机进行atm身份验证的系统及其方法
CN101236675A (zh) * 2008-01-30 2008-08-06 信雅达系统工程股份有限公司 一种借助于用户手机短信核验银行终端设备合法性的方法
JP2009276864A (ja) * 2008-05-13 2009-11-26 Hitachi Ltd 情報端末、および認証サーバ
JP2010066917A (ja) * 2008-09-09 2010-03-25 M & S Systems:Kk 個人認証システムおよび個人認証方法
JP2011048689A (ja) * 2009-08-27 2011-03-10 Kyocera Corp 入力装置
CN101866518A (zh) * 2010-06-30 2010-10-20 宇龙计算机通信科技(深圳)有限公司 一种基于取款系统的现金提取方法、移动终端及系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103996252A (zh) * 2014-05-27 2014-08-20 网银在线(北京)科技有限公司 处理鉴权信息的方法和装置
CN105989484A (zh) * 2015-02-13 2016-10-05 阿里巴巴集团控股有限公司 一种密码重置方法和装置

Also Published As

Publication number Publication date
CN102368338A (zh) 2012-03-07
CN103503038A (zh) 2014-01-08

Similar Documents

Publication Publication Date Title
WO2012139350A1 (fr) Procédé et système permettant de vérifier l'identité d'un agent économique sur un dab
WO2013086857A1 (fr) Procédé et système de vérification de transaction financière
US10402803B1 (en) Initiating a kiosk transaction
US10467604B1 (en) ATM transaction with a mobile device
JP6479769B2 (ja) 顧客制御口座の施錠機能を提供する方法及びシステム
CN102197407A (zh) 安全支付交易的系统和方法
US20120303527A1 (en) Process and host and computer system for card-free authentication
WO2013034025A1 (fr) Système de couverture d'urgence automatique et de transaction en libre service
CN102411817A (zh) 一种鉴别银行自助设备的方法及系统
CN111754237B (zh) 一种转账交易的验证方法及装置
US20160283943A1 (en) System and methods thereof for monitoring financial transactions from a credit clearing device
CN103377524A (zh) 一种输入手机短信随机验证码进行银行现场取款的方法
KR20140065818A (ko) 안전 계좌 확인 시스템 및 방법
CN210109962U (zh) 基于安全芯片的atm控制主机
WO2022272218A1 (fr) Systèmes et procédés pour générer et imprimer de manière sécurisée un document
WO2013064269A1 (fr) Procédé, unité de transaction, unité de terminal et unité de serveur dorsal pour traiter un numéro d'identification personnel
CN107862601B (zh) 一种自动定位报警的取现方法及系统
CN106973032B (zh) 一种信息认证方法、服务器、终端设备及系统
JP6511409B2 (ja) 金融機関における取引施錠システム及び取引施錠方法
WO2012155818A1 (fr) Procédé et dispositif pour protéger des informations d'utilisateur sur la base d'une ressource crédible
JP5231320B2 (ja) 取引システムおよびその管理方法
KR20040098407A (ko) 금융거래에 있어서 비상비밀번호 관리 시스템 및 방법
KR20070083100A (ko) 불법 현금인출 방지기능의 금융자동화기기 및 그 방법
US20230376954A1 (en) An Electronic Device, Method and Computer Program Product for Instructing Performance of a Transaction which has been Requested at an Automated Teller Machine
EP3536515A1 (fr) Coupon de paiement

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11863674

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11863674

Country of ref document: EP

Kind code of ref document: A1