WO2019144738A1 - Procédé de vérification de service financier, appareil et dispositif, et support d'informations informatique - Google Patents

Procédé de vérification de service financier, appareil et dispositif, et support d'informations informatique Download PDF

Info

Publication number
WO2019144738A1
WO2019144738A1 PCT/CN2018/122609 CN2018122609W WO2019144738A1 WO 2019144738 A1 WO2019144738 A1 WO 2019144738A1 CN 2018122609 W CN2018122609 W CN 2018122609W WO 2019144738 A1 WO2019144738 A1 WO 2019144738A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification
verified
information
security level
operation instruction
Prior art date
Application number
PCT/CN2018/122609
Other languages
English (en)
Chinese (zh)
Inventor
罗潜锋
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2019144738A1 publication Critical patent/WO2019144738A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3672Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes initialising or reloading thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules

Definitions

  • the present application relates to the field of identity verification, and in particular, to a method, an apparatus, a device, and a computer storage medium for verifying financial services.
  • the user needs to be authenticated to ensure the security of the user's internet financial service.
  • the remote authentication can be performed (can be remotely verified, for example, the user can authenticate through two-way video) , or the user through the mobile phone (such as through the mobile phone verification code, password verification method) these verification methods, as long as other people have the account and password can be verified, the security is low, can not guarantee the authenticity of the identity of the object.
  • the main purpose of the present application is to provide a method, device, device and computer storage medium for verifying financial services, which are intended to efficiently authenticate users, determine whether a user has financial service operation rights, and ensure the security of user operations.
  • the present application provides a method for verifying a financial service, and the method for verifying the financial service includes the following steps:
  • the operation instruction is executed when it is detected that the operation authority verification is passed.
  • the present application further provides a verification apparatus for a financial service
  • the verification device of the financial service includes:
  • Receiving an acquisition module configured to receive an operation instruction of the financial service, and obtain the service information included in the operation instruction
  • a level determining module configured to determine a security level of the operation instruction according to the service information, to obtain a verification rule corresponding to the security level
  • Obtaining a display module configured to obtain a to-be-verified unit included in the verification rule, and display the to-be-verified element in the to-be-verified unit, so that the user inputs verification information corresponding to the element to be verified;
  • a rights verification module configured to compare the verification information with a preset verification library to perform operation authority verification of the operation instruction
  • the instruction execution module is configured to execute the operation instruction when detecting that the operation authority verification is passed.
  • the present application further provides a verification device for a financial service
  • the verification device of the financial service includes: a memory, a processor, and a verification readable instruction of a financial service stored on the memory and executable on the processor, wherein:
  • the step of verifying the readable instructions of the financial service when executed by the processor implements the verification method of the financial service as described above.
  • the present application further provides a computer storage medium
  • the computer storage medium stores the verification readable instructions of the financial service, and the verification readable instructions of the financial service are executed by the processor to implement the steps of the verification method of the financial service as described above.
  • a method, device, device and computer storage medium for verifying a financial service according to embodiments of the present application.
  • the user triggers an operation instruction on the terminal, the terminal receives an operation instruction of the financial service, acquires service information included in the operation instruction, determines a security level of the operation instruction according to the service information, and obtains a verification rule corresponding to the security level; and determines the verification rule.
  • the unit to be verified is included, and the element to be verified in the unit to be verified is displayed for the user to input the verification information corresponding to the element to be verified; the verification information input by the user is compared with the preset verification library, and if the user inputs the verification The information matches the preset verification library, and the operation authority verification corresponding to the operation instruction passes the verification; when the operation authority verification is detected, the operation instruction is executed.
  • the present invention improves the security of financial operation operations by performing an operation authority verification method for financial operations based on the terminal, and can accurately verify the identity information of the user without the user inputting too much information, so that the financial operation is performed. Operational verification efficiency is as important as the security of business operations.
  • FIG. 1 is a schematic structural diagram of an apparatus of a hardware operating environment involved in an embodiment of the present application
  • FIG. 2 is a schematic flowchart of a first embodiment of a method for verifying a financial service according to the present application
  • FIG. 3 is a schematic flowchart of a step S20 of the verification method of the financial service in FIG. 2;
  • step S20 of the verification method of the financial service in FIG. 2 is a schematic diagram of another refinement of step S20 of the verification method of the financial service in FIG. 2;
  • FIG. 5 is a schematic diagram of a refinement process of step S30 of the verification method of the financial service in FIG. 2;
  • FIG. 6 is a schematic flowchart of a second embodiment of a method for verifying a financial service according to the present application
  • FIG. 7 is a schematic diagram of functional modules of an embodiment of a verification apparatus for a financial service according to the present application.
  • FIG. 1 is a schematic structural diagram of a terminal in a hardware operating environment involved in an embodiment of the present application.
  • the terminal may be a fixed terminal, or may be a mobile terminal, such as an “Internet of Things device”, a smart air conditioner with networking function, a smart electric light, a smart power source, a smart speaker, an autonomous driving car, a PC, a smart phone, a tablet computer,
  • the terminal in this embodiment may also be called a verification device for a financial service.
  • the terminal may include a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, and a communication bus 1002.
  • the communication bus 1002 is used to implement connection communication between these components.
  • the user interface 1003 can include a display, an input unit such as a keyboard, and the optional user interface 1003 can also include a standard wired interface, a wireless interface.
  • the network interface 1004 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface).
  • the memory 1005 may be a high speed RAM memory or a stable memory (non-volatile) Memory), such as disk storage.
  • the memory 1005 can also optionally be a storage device independent of the aforementioned processor 1001.
  • the terminal may further include a camera, RF (Radio) Frequency, RF) circuit, sensor, audio circuit, WiFi module; input unit, display screen, touch screen; network interface optional in addition to WiFi in the wireless interface, Bluetooth, probes, etc.
  • sensors such as light sensors, motion sensors, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display according to the brightness of the ambient light, and the proximity sensor may turn off the display and/or when the mobile terminal moves to the ear. Backlighting.
  • the gravity acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes), and can detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of the mobile terminal (such as horizontal and vertical screen switching, Related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; of course, the mobile terminal can also be equipped with other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc. No longer.
  • terminal structure shown in FIG. 1 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements.
  • the computer software product is stored in a storage medium (storage medium: also called computer storage medium, computer medium, readable medium, readable storage medium, computer readable storage medium or directly called medium, etc.
  • a non-volatile readable storage medium such as a ROM/RAM, a magnetic disk, or an optical disk, includes instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the present
  • the memory 1005 as a computer storage medium may include an operating system, a network communication module, a user interface module, and a verification application readable instruction of a financial service.
  • the network interface 1004 is mainly used to connect to the background server and perform data communication with the background server;
  • the user interface 1003 is mainly used to connect the client (user end), and perform data communication with the client; and the processor
  • the 1001 may be used to invoke a verification application readable instruction of the financial service stored in the memory 1005, and perform the steps in the verification method of the financial service provided by the following embodiments of the present application.
  • the present embodiment provides a method for verifying a financial service. Before the step of the embodiment is performed, the user needs to perform login registration of the user on the financial application software or the financial webpage interface corresponding to the terminal, specifically:
  • Step a1 receiving an application request of a financial account input by a user, and acquiring identity information included in the application request;
  • Step a2 Establish a financial account based on the identity information, and set a verification library on the financial account to save standard information of the operation authority verification to the verification library.
  • the user triggers the application request of the financial account on the terminal, and the terminal receives the application request of the financial account input by the user, and obtains the identity information included in the application request, that is, the user needs to input the basic identity information of the user, for example, the user name.
  • User contact information (user contact information: including user mobile phone number, user mail account, etc.), user ID information (user ID information includes: copy of user ID, user ID number, etc.), user address information (user address information includes: user The home address information, the user company address information) and the user biometric information (the user biometric information include: user fingerprint data, user avatar information, user voice information) and other user related information, and the terminal establishes a financial account based on the application information input by the user, The application information input by the user is used as the standard information for the late user authentication.
  • the terminal After the terminal establishes the financial account, the terminal sets a verification library on the financial account, and the verification library is used to save the basic identity information input by the user when establishing the financial account, wherein the basic identity information user is used as the operation authority to verify the relevant standard information.
  • the user can log in to the financial account to perform financial related business operations, that is, the user triggers the financial account login instruction based on the terminal, and performs login verification on the user login information.
  • the financial account that the user logs in displays the corresponding financial service. It is necessary to add that the user needs to establish a related financial account before the embodiment of the verification method of the financial service of the present application, and the user performs login verification when logging in to the financial account.
  • the method of login verification is not the focus of this application. This application mainly focuses on triggering the financial service operation on the financial account after the user logs in to the financial account, thereby authenticating the user and finally realizing the operation authority authorization of the user financial service operation.
  • the human witness comparison that is, in the form of the cloud platform interface call, according to the user's ID information, the user self-photograph and the user's public security base map are compared in real time. Verify the identity of the user; 2. Face matching service, that is, in the form of cloud platform interface call and algorithm private deployment, verify the user identity by comparing the self-photographed by the user twice; 3.
  • OCR technology is Abbreviation for optical character recognition (Optical Character Recognition) is to convert texts of various bills, newspapers, books, manuscripts and other printed materials into image information through scanning and other optical input methods, and then use image recognition technology to convert image information into usable computer input technology
  • the certificate identification and bank card identification function provides services in the form of cloud platform interface call, converts the ID card photos and bank card photos uploaded by the user into editable texts, and confirms the user identity information.
  • voiceprint recognition that is, through the collected voiceprint information of the speaker into the database, when the speaker speaks again, the system compares the voiceprint data in the database to identify (identify/confirm) the identity of the speaker; Identification, that is, the fingerprint information pre-acquired by the user is compared with the fingerprint information for performing the operation, 6, the mobile phone dynamic verification code is recognized, and the like.
  • the verification method of the financial service includes:
  • Step S10 Receive an operation instruction of the financial service, and acquire the service information included in the operation instruction.
  • the user logs in the financial account and triggers an operation instruction of the financial service on the login financial account
  • the terminal receives the operation instruction of the financial service
  • the terminal acquires the service information included in the operation instruction
  • the service information included in the operation instruction includes: the operation instruction triggered by the user is Business type, business name, operation time, business operation amount, etc., that is, business types include: application transfer, fund purchase, stock purchase, futures purchase, insurance purchase, etc., which involve the transfer of funds, for example, the user is logged in.
  • the operation instruction for triggering the purchase of the fund product on the financial account includes the product name, the transaction time, and the transaction amount.
  • Step S20 Determine a security level of the operation instruction according to the service information, to obtain a verification rule corresponding to the security level.
  • the terminal determines the security level of the user operation instruction according to the service information carried in the user operation instruction. For example, the terminal may set the service name and the related operation amount and the preset level table according to the service information (the preset level table is set according to the specific operation scenario). The terminal determines the security level corresponding to the user operation instruction according to the information in the preset level table. If the security level corresponding to the service name and the operation amount in the service information exists in the preset level table, the terminal and the service information The security level matched by the service name and the operation amount is used as the security level of the operation instruction, and the terminal acquires the verification rule corresponding to the security level to perform verification according to the verification rule.
  • step S30 the to-be-verified unit included in the verification rule is obtained, and the to-be-verified element in the to-be-verified unit is displayed, so that the user inputs the verification information corresponding to the element to be verified.
  • the unit to be verified is included in the verification rule, and the unit to be verified refers to a type of verification information.
  • the unit to be verified is divided into: dynamic password verification, user certificate verification, and biometric verification.
  • the elements to be verified in the unit to be verified are determined, and the elements to be verified in the unit to be verified are displayed, that is, one type of verification rule includes the same type of verification unit, and one unit to be verified contains different
  • the elements to be verified (for example, the first security level corresponds to the first verification rule, and the first verification rule includes three verification units: dynamic password verification (the verification element included in the dynamic password verification is: mobile dynamic verification code, mailbox dynamic) Verification code, etc.), user ID verification (user ID verification includes: ID card, driver's license, passport or social security information, etc.) and biometric verification (biometric verification including: fingerprint verification, face verification, voice verification), the terminal is based on random Or determining the elements to be verified in the unit to be verified according to the set rules for User inputs the authentication information corresponding to the set rules
  • the name of the user financial service is transfer, and the transfer amount is 500000, which corresponds to the first security level.
  • the first security level corresponds to the first verification rule.
  • the first verification rule includes three verification units: dynamic password verification.
  • User ID verification and biometric verification the verification elements determined by the unit to be verified are: mobile phone dynamic password, user ID number, fingerprint verification;
  • b the name of the user financial service is transfer, the transfer amount is 50000, then the corresponding
  • the second security level corresponds to the second verification rule, and the second verification rule includes two verification units: dynamic password verification and user certificate verification; and the verification element determined by the unit to be verified is: a mailbox dynamic password, User driving number;
  • c the name of the user financial service is payment, the transfer amount is 500, corresponding to the third security level, the third security level corresponds to the third verification rule, and the third verification rule includes a verification unit: dynamic password Verification, the verification element corresponding to the unit to be verified is: mobile phone dynamic secret ; Name d, users of financial services for the
  • Step S40 comparing the verification information with a preset verification library to perform operation authority verification of the operation instruction.
  • the terminal compares the verification information with the preset verification library (the default verification library: set when the financial account is established, and the verification library stores the identity information provided when the user establishes the account) to perform the operation authority verification of the operation instruction. That is, the terminal compares the verification information input by the user with the identity information stored in the preset verification library, and when the verification information input by the user matches the information in the preset information base, the operation authority corresponding to the operation instruction is granted.
  • the preset verification library the default verification library: set when the financial account is established, and the verification library stores the identity information provided when the user establishes the account
  • step S40 includes:
  • Step b1 Obtain verification information input by the user, and compare the verification information with standard information in the preset verification library;
  • Step b2 if the verification information matches the standard information in the preset verification library, the operation authority corresponding to the operation instruction is verified;
  • step b3 if the verification information does not match the standard information in the preset verification library, the operation authority verification corresponding to the operation instruction fails, and the to-be-verified element in the to-be-verified unit is adjusted to perform secondary verification.
  • the terminal obtains the verification information input by the user, and compares the verification information with the standard information in the preset verification library; if the verification information matches the standard information in the preset verification library, that is, the verification information is the same as the standard information, the operation instruction If the verification information does not match the standard information in the preset verification library, that is, the verification information is different from the standard information, the operation authority verification corresponding to the operation instruction fails, and the unit to be verified is adjusted.
  • a specific processing step is determined according to the verification situation.
  • the terminal may automatically perform adjustment of the to-be-verified element in the to-be-verified unit, that is, after determining the first security level, the first security is performed.
  • the verification unit in the level includes dynamic password verification, user ID verification and biometric verification.
  • the first verified element to be verified is the mobile phone dynamic password, user ID number, fingerprint verification, verification fails, and the secondary verification terminal will be verified. Adjusted to: mailbox dynamic password verification, date verification of driving documents, user voiceprint verification, when the secondary verification still fails, adjust the elements to be verified again until the verification exceeds the threshold, and the financial function of the corresponding account is frozen.
  • Step S50 when it is detected that the operation authority verification is passed, the operation instruction is executed.
  • the terminal After the terminal obtains the user identity verification according to the verification message input by the terminal, the terminal performs a corresponding operation according to the operation instruction of the user.
  • the user triggers an operation instruction on the terminal
  • the terminal receives an operation instruction of the financial service, acquires service information included in the operation instruction, and determines a security level of the operation instruction according to the service information, to obtain the security level corresponding to the operation level.
  • a verification rule obtaining a to-be-verified unit included in the verification rule, and displaying the to-be-verified element in the to-be-verified unit for the user to input verification information corresponding to the element to be verified; and verifying information input by the user
  • the verification library is compared for comparison. If the verification information input by the user matches the preset verification library, the operation authority verification verification corresponding to the operation instruction passes; when the operation authority verification is detected, the operation instruction is executed.
  • the present application improves the security of financial business operations by performing an operation authority verification method for financial operations based on terminals for financial operations.
  • the present embodiment of the verification method for the financial service of the present application is proposed.
  • This embodiment is specific to the refinement of step S20 in the first embodiment, and is specifically implemented in this embodiment. Describes how to determine the implementation level of the operational instruction security based on the business information;
  • the verification method of the financial service includes:
  • Method 1 Referring to FIG. 3, the service information is compared with a preset level table to determine the security level.
  • step S21 the service information is compared with a preset level table to determine whether there is a security level matching the service information in the preset level table.
  • the service information and the preset level table includes setting according to the operation service information involved in the operation instruction, and determining the security corresponding to the user operation according to the service information. Level) to perform a comparison to determine whether there is a security level matching the service information in the preset level table. For example, if the operation instruction triggered by the user is transferring 50000 yuan, the preset level table is searched, and the service type is determined as a transfer, and the payment is received. If the party is a stranger and the transfer amount is 50000, it is determined that the security level corresponding to the user triggering operation instruction is one level.
  • Step S22 If there is a security level matching the service information in the preset level table, and the security level is used as the security level of the operation instruction.
  • the terminal has a security level matching the service information in the preset level table, and the security level is used as the security level of the operation instruction, and the terminal determines the security level corresponding to the operation instruction of the user according to the preset level table, to further , the verification rules are determined according to the security level.
  • Step S23 If there is no security level matching the service information in the preset level table, the operation instruction is used as the verification-free instruction.
  • the terminal uses the operation instruction as a verification-free instruction; for example If the user performs a small payment of 50 yuan on the terminal, the verification instruction is a verification-free instruction, and the user does not need to perform operation authority verification.
  • the service information in the operation instruction is compared with the preset level table, the level table is set in advance, and the service information included in the user operation instruction is accurately identified, and the security level corresponding to the operation instruction is implemented for the user. Accurate verification of operational instructions.
  • Method 2 Referring to FIG. 4, the security level is determined based on the historical operation record of the service information.
  • Step S24 Obtain a historical operation record related to the service information, and obtain operation information in the historical operation record.
  • the terminal obtains the historical operation record related to the service information, that is, the terminal acquires the operation information in the historical operation record, the time when the user triggers the operation instruction, the frequency at which the user triggers the operation instruction, and the user triggers the payment party corresponding to the operation instruction, for example,
  • the user performs the operation on the terminal at 3:00, 100 times, and transfers the unfamiliar account to 500 yuan, and the terminal acquires the financial account operation time of the preset time period.
  • step S25 the operation information is compared with a preset instruction security level, and the security level of the operation instruction is determined to obtain a verification rule corresponding to the security level.
  • the terminal compares the operation information with a preset instruction security level, and determines a security level of the operation instruction, wherein the preset level table is a level table set in advance according to operation information such as operation time and operation frequency, for example, In the rating table: the operation time is 3:00 am, the operation level corresponding to the operation frequency is greater than 30, and the security level is 3, and the terminal will operate the operation time, operation frequency, or other information corresponding to the operation command triggered by the user.
  • the level table is compared to determine the security level of the operation instruction.
  • the security level of the operation instruction is higher than the preset value, the preset value may be set according to a specific situation. For example, if the level is set to level 2, the terminal identifies the operation instruction triggered by the user as The sensitive operation, the terminal determines the security level of the operation instruction to obtain the verification rule corresponding to the security level.
  • first mode and the second mode in the embodiment may be combined, that is, in the embodiment, the user operation instruction security level verification is performed only for the user single time according to the solution described in the first mode. If the security level of the user operation command is determined to be inaccurate, the method of the second embodiment is used to determine the security level. The terminal is determined again according to the historical operation of the financial account.
  • the security level corresponding to the user operation instruction is determined, and the verification rule is determined according to security or the like, so that the financial operation is more accurate.
  • the present embodiment of the verification method for the financial service of the present application is proposed. This embodiment is directed to the refinement of step S30 in the first embodiment. Specific implementation manners for determining an element to be displayed are specifically described in the embodiment;
  • Step S30 of the verification method of the financial service includes:
  • Step S31 Query a preset verification database according to a security level of the operation instruction, and obtain a verification rule that matches a security level in the preset verification database;
  • the terminal queries the preset verification database according to the security level of the operation instruction, and obtains the verification rule that matches the security level in the preset verification database, that is, the security level of the terminal operation instruction and the preset verification database are traversed, and the terminal acquires the preset verification database.
  • the verification rule that matches the security level wherein the verification rule is preset according to the security level, and different verification rules include different verification elements, and the verification rule is associated with the verification unit.
  • the first verification rule is The most stringent verification of the user
  • the first verification rule includes the unit to be verified for user dynamic password verification, user certificate verification and biometric verification
  • the second verification rule is stricter verification for the user
  • the second verification rule includes user dynamic password verification.
  • the unit to be verified by the user ID verification the third verification rule is the most basic verification to the user, and the third verification rule includes the user dynamic password verification as the unit to be verified.
  • Step S32 Acquire a unit to be verified included in the verification rule, and obtain a history verification record of each element to be verified in the unit to be verified.
  • the terminal obtains the to-be-verified unit included in the verification rule according to the verification rule and the corresponding association relationship, and the terminal obtains the historical verification record of the unit to be verified in the financial account.
  • the unit to be verified in the financial account is the user biometric verification, and the biometric verification is performed.
  • the included unit to be verified is user voiceprint verification, fingerprint verification and facial expression collection verification;
  • the historical verification record in the preset time period is 10 times of user voiceprint verification, 50 fingerprint verification, facial expression collection and identification verification 15 times, user
  • the voiceprint verification pass rate is 95%, the fingerprint verification pass rate is 99%, and the facial expression collection and recognition verification pass rate is 85%.
  • Step S33 Determine, according to the historical verification record of each element to be verified in the unit to be verified, the element to be verified in the unit to be verified.
  • the terminal determines the to-be-verified element in the to-be-verified unit according to the historical verification record of each element to be verified in the unit to be verified, that is, the terminal obtains the verification that the verification element has fewer verification times and the verification pass rate is low according to the historical verification record.
  • the element is the element to be verified corresponding to the operation instruction.
  • Step S34 Display the to-be-verified element for the user to input verification information corresponding to the element to be verified.
  • the terminal determines the verification of the element to be verified for the user to input the verification information corresponding to the element to be verified. It is necessary to add that the method for determining the element to be verified in this embodiment is based on the historical verification situation, and may also adopt other The method of determining the feature to be verified, such as random extraction, or setting the corresponding weight to determine the feature to be verified.
  • the terminal may perform determining the element to be verified, and the user obtains the verification of the user by chance, and performs financial business operations on the user's financial account, so that the security of the terminal financial account is higher.
  • FIG. 6 based on the first embodiment of the present application, a second embodiment of the verification method of the financial service of the present application is proposed.
  • the second embodiment of the present application is directed to the processing scheme proposed by the verification failure, that is, in step S40 of the first embodiment: comparing the verification information with the preset verification library to perform the operation authority of the operation instruction. After the verification, if the verification fails, in the execution step: the operation authority corresponding to the operation instruction fails to pass, and the element to be verified in the unit to be verified is adjusted to perform the second verification, and the following steps are also performed:
  • Step S60 The verification operation frequency of the operation authority verification is not verified, and the verification frequency is compared with a preset threshold.
  • the terminal statistics operation authority verifies the verification frequency that fails, and compares the verification frequency with a preset threshold (preset threshold: according to a specific situation, for example, setting the preset threshold to 10 times) to determine whether it is needed. Freeze the corresponding operation instructions or freeze the financial account.
  • a preset threshold according to a specific situation, for example, setting the preset threshold to 10 times
  • Step S70 If the verification frequency exceeds a preset threshold, the operation service corresponding to the operation instruction is partially frozen.
  • the operation service corresponding to the operation instruction is partially frozen, that is, the terminal may freeze part of the operation instructions related to the financial operation in the financial account, and then open again when receiving the application of the user.
  • the terminal when the terminal fails to pass multiple financial operations, the terminal freezes part of the financial service in the financial account of the terminal, thereby avoiding the problem of inconvenient user operation caused by the complete freezing of the financial account, and ensuring the user financial operation. Security.
  • the embodiment of the present application further provides a verification apparatus for a financial service, where the verification apparatus of the financial service includes:
  • the receiving and acquiring module 10 is configured to receive an operation instruction of the financial service, and obtain the service information included in the operation instruction;
  • a level determining module 20 configured to determine a security level of the operation instruction according to the service information, to obtain a verification rule corresponding to the security level
  • the obtaining display module 30 is configured to obtain the to-be-verified unit included in the verification rule, and display the to-be-verified element in the to-be-verified unit, so that the user inputs the verification information corresponding to the element to be verified;
  • the authority verification module 40 is configured to compare the verification information with a preset verification library to perform operation authority verification of the operation instruction;
  • the instruction execution module 50 is configured to execute the operation instruction when detecting that the operation authority verification is passed.
  • the steps of implementing the function modules of the financial service verification device may refer to various embodiments of the verification method of the financial service of the present application, and details are not described herein again.
  • the embodiment of the present application further provides a computer storage medium.
  • the computer storage medium stores the verification readable instructions of the financial service, and the verification readable instructions of the financial service are executed by the processor to implement the operations in the verification method of the financial service provided by the foregoing embodiments.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un procédé de vérification de service financier, comprenant les étapes consistant : à recevoir une instruction d'opération d'un service financier, et à obtenir des informations de service comprises dans l'instruction d'opération; à déterminer le niveau de sécurité de l'instruction d'opération conformément aux informations de service pour obtenir une règle de vérification correspondant au niveau de sécurité; à obtenir une unité à vérifier comprise dans la règle de vérification, et à afficher un élément à vérifier dans ladite unité, de telle sorte qu'un utilisateur entre des informations de vérification correspondant audit élément; à comparer les informations de vérification avec une bibliothèque de vérification prédéfinie en vue de réaliser une vérification d'autorisation d'opération; et lorsqu'il est détecté que la vérification d'autorisation d'opération est réussie, à exécuter l'instruction d'opération. L'invention concerne également un appareil de vérification de service financier et un dispositif, et un support d'informations informatique. Conformément à la présente invention, au moyen de la solution de réglage d'une vérification d'autorisation d'opération correspondante pour l'instruction d'opération d'un service financier, l'efficacité de vérification d'opération financière et la sécurité d'opération de service étant toutes les deux d'importance égale.
PCT/CN2018/122609 2018-01-29 2018-12-21 Procédé de vérification de service financier, appareil et dispositif, et support d'informations informatique WO2019144738A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810081998.0 2018-01-29
CN201810081998.0A CN108269187A (zh) 2018-01-29 2018-01-29 金融业务的验证方法、装置、设备和计算机存储介质

Publications (1)

Publication Number Publication Date
WO2019144738A1 true WO2019144738A1 (fr) 2019-08-01

Family

ID=62776843

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/122609 WO2019144738A1 (fr) 2018-01-29 2018-12-21 Procédé de vérification de service financier, appareil et dispositif, et support d'informations informatique

Country Status (2)

Country Link
CN (1) CN108269187A (fr)
WO (1) WO2019144738A1 (fr)

Families Citing this family (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254378B (zh) * 2016-09-09 2020-02-07 宇龙计算机通信科技(深圳)有限公司 一种近距离通信nfc移动终端的安全控制方法及系统
CN108269187A (zh) * 2018-01-29 2018-07-10 深圳壹账通智能科技有限公司 金融业务的验证方法、装置、设备和计算机存储介质
CN110889106A (zh) * 2018-09-11 2020-03-17 北京京东金融科技控股有限公司 配置方法、装置、系统、计算机可读存储介质
CN111181725A (zh) * 2018-11-12 2020-05-19 奇酷互联网络科技(深圳)有限公司 身份信息的验证方法、移动终端以及计算机存储介质
CN110011957B (zh) * 2018-12-13 2022-08-30 创新先进技术有限公司 企业账户的安全认证方法、装置、电子设备及存储介质
CN109686011A (zh) * 2018-12-18 2019-04-26 维拓智能科技(深圳)有限公司 自助终端及自助终端的用户识别方法
CN110113168B (zh) * 2019-04-03 2022-04-22 厦门历思科技服务有限公司 一种信息认证方法、客户端、系统及计算机可读存储介质
CN110166438B (zh) * 2019-04-19 2022-03-18 平安科技(深圳)有限公司 账户信息的登录方法、装置、计算机设备及计算机存储介质
CN110188159B (zh) * 2019-05-27 2023-05-12 深圳前海微众银行股份有限公司 征信数据接入方法、装置、设备及计算机可读存储介质
CN110457876A (zh) * 2019-08-15 2019-11-15 中国银行股份有限公司 身份认证方法、装置及系统
CN110909013B (zh) * 2019-10-12 2023-10-03 中国平安财产保险股份有限公司 业务清单生成方法、装置、设备及计算机可读存储介质
CN111786936A (zh) * 2019-11-27 2020-10-16 北京沃东天骏信息技术有限公司 用于鉴权的方法和装置
CN111160137B (zh) * 2019-12-12 2021-03-12 天目爱视(北京)科技有限公司 一种基于生物3d信息的智能业务处理设备
CN112231617A (zh) * 2020-10-12 2021-01-15 深圳市欢太科技有限公司 服务调用校验方法、装置、存储介质及电子设备
CN112328482A (zh) * 2020-11-05 2021-02-05 中国平安人寿保险股份有限公司 基于脚本模板的测试方法、装置、计算机设备和存储介质
CN113409043A (zh) * 2020-11-17 2021-09-17 葛云霞 结合互联网金融和生物识别的信息安防方法及云平台
CN112714108B (zh) * 2020-12-21 2022-08-12 中国移动通信集团江苏有限公司 终端通信号码验证的方法、装置、设备及计算机存储介质
CN112395541A (zh) * 2020-12-29 2021-02-23 畅捷通信息技术股份有限公司 数据内容验证方法、装置、系统、存储介质及计算设备
CN112669163B (zh) * 2021-01-20 2021-11-02 深圳市快付通金融网络科技服务有限公司 基于大数据和云计算的金融业务管理方法及系统
CN113609182A (zh) * 2021-01-20 2021-11-05 何青波 基于大数据的金融业务信息查询方法
CN112801619A (zh) * 2021-01-29 2021-05-14 中国农业银行股份有限公司上海市分行 金融业务操作日志的筛查方法及筛查装置
CN112669042A (zh) * 2021-03-15 2021-04-16 中国银联股份有限公司 支付方法、服务器、用户终端、系统及存储介质
CN113299016A (zh) * 2021-04-27 2021-08-24 深圳市怡化时代科技有限公司 自助终端的业务计时方法、系统、自助设备和存储介质
CN112995227B (zh) * 2021-05-13 2021-07-13 深圳格隆汇信息科技有限公司 一种基于三方信用管理的一站式信息服务平台
CN113191757A (zh) * 2021-06-03 2021-07-30 中国银行股份有限公司 银行业务控制方法、装置、服务器及存储介质
CN114138790A (zh) * 2021-12-02 2022-03-04 中国建设银行股份有限公司 界面要素的验证方法、设备、存储介质及程序产品
CN114553838A (zh) * 2022-02-23 2022-05-27 京东方科技集团股份有限公司 远程业务办理的实现方法、系统及服务器
CN115001779A (zh) * 2022-05-26 2022-09-02 中国农业银行股份有限公司 一种操作指令的验证方法、装置、设备及介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104867010A (zh) * 2015-05-20 2015-08-26 杨淼彬 一种人性化支付的方法
US20150302411A1 (en) * 2014-04-22 2015-10-22 Bank Of America Corporation Proximity to a location as a form of authentication
CN107316195A (zh) * 2017-06-26 2017-11-03 北京明华联盟科技有限公司 一种安全便捷的支付方法和装置
CN108269187A (zh) * 2018-01-29 2018-07-10 深圳壹账通智能科技有限公司 金融业务的验证方法、装置、设备和计算机存储介质

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2438651A (en) * 2006-06-02 2007-12-05 Michael Arnold Secure financial transactions
CN102347929A (zh) * 2010-07-28 2012-02-08 阿里巴巴集团控股有限公司 一种用户身份的验证方法及装置
CN102790674B (zh) * 2011-05-20 2016-03-16 阿里巴巴集团控股有限公司 身份验证方法、设备和系统
CN104158665A (zh) * 2014-08-25 2014-11-19 小米科技有限责任公司 验证的方法及装置
CN105991590B (zh) * 2015-02-15 2019-10-18 阿里巴巴集团控股有限公司 一种验证用户身份的方法、系统、客户端及服务器
CN107231232B (zh) * 2016-03-23 2020-04-28 阿里巴巴集团控股有限公司 一种身份验证方法及装置
CN106027543A (zh) * 2016-06-23 2016-10-12 北京孔方同鑫科技有限公司 一种基于权值计算的身份识别方法及装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150302411A1 (en) * 2014-04-22 2015-10-22 Bank Of America Corporation Proximity to a location as a form of authentication
CN104867010A (zh) * 2015-05-20 2015-08-26 杨淼彬 一种人性化支付的方法
CN107316195A (zh) * 2017-06-26 2017-11-03 北京明华联盟科技有限公司 一种安全便捷的支付方法和装置
CN108269187A (zh) * 2018-01-29 2018-07-10 深圳壹账通智能科技有限公司 金融业务的验证方法、装置、设备和计算机存储介质

Also Published As

Publication number Publication date
CN108269187A (zh) 2018-07-10

Similar Documents

Publication Publication Date Title
WO2019144738A1 (fr) Procédé de vérification de service financier, appareil et dispositif, et support d'informations informatique
WO2018030707A1 (fr) Système et procédé d'authentification, et équipement d'utilisateur, serveur d'authentification, et serveur de service pour exécuter ledit procédé
WO2021010766A1 (fr) Dispositif et procédé d'authentification électronique faisant appel à une chaîne de blocs
WO2019174090A1 (fr) Procédé, appareil et dispositif de commande de partage de fichier de capture d'écran, et support de stockage informatique
WO2018194379A1 (fr) Procédé d'approbation de l'utilisation d'une carte à l'aide d'un identificateur de jeton sur la base d'une chaîne de blocs et structure en arbre de merkle associée à celui-ci, et serveur l'utilisant
WO2020062642A1 (fr) Procédé, dispositif et équipement à base de chaîne de blocs pour signer des documents électroniques, et support d'informations
WO2014026443A1 (fr) Dispositif et procédé d'authentification et de gestion d'identité
WO2017094998A1 (fr) Système d'authentification d'identité personnelle d'informations biométriques et procédé utilisant des informations de carte financière stockées dans un terminal de communication mobile
WO2020147384A1 (fr) Procédé, dispositif et appareil de transaction sécurisée à base de chaîne de blocs, et support de stockage
WO2014030836A1 (fr) Procédé et système pour authentifier une demande de transaction provenant d'un dispositif
WO2011118871A1 (fr) Procédé d'authentification et système utilisant un terminal mobile
WO2013141602A1 (fr) Procédé d'authentification et système pour ce procédé
WO2013004065A1 (fr) Procédé et système de sécurité d'informations basés sur une acquisition d'image
WO2016126090A1 (fr) Système et procédé pour prouver une falsification de fichier numérique par utilisation d'un téléphone intelligent, téléphone intelligent ayant une fonction d'authentification d'image de capture d'écran de téléphone intelligent, et procédé pour authentifier une image de capture d'écran de téléphone intelligent
AU2019260125A1 (en) Biometric authentication method, system, and computer program
WO2020206899A1 (fr) Procédé, appareil et dispositif de vérification d'identité basée sur un horodatage, et support d'informations
WO2020253131A1 (fr) Procédé, appareil et dispositif de paiement par carte bancaire, et support de stockage informatique
WO2020042463A1 (fr) Procédé, appareil, dispositif et support de déverrouillage de contrôle d'accès basé sur la reconnaissance biométrique
WO2017065576A1 (fr) Procédé et système d'authentification d'utilisateur faisant appel à un clavier variable
WO2020253120A1 (fr) Procédé, système et dispositif d'enregistrement de page web, et support de stockage informatique
WO2023128345A1 (fr) Procédé et système d'identification personnelle utilisant une image chiffrée de manière homomorphe
WO2020034527A1 (fr) Procédé, appareil, et dispositif de chiffrement et d'autorisation d'informations personnelles d'utilisateur, et support de stockage lisible
WO2023128342A1 (fr) Procédé et système d'identification d'un individu à l'aide d'une voix chiffrée de manière homomorphe
WO2019161598A1 (fr) Procédé, appareil et dispositif d'interaction entre messagerie instantanée et courrier électronique, et support d'informations
WO2020103275A1 (fr) Procédé, appareil et dispositif de commande de déduction d'argent, support d'informations lisible

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18902198

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 02/12/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18902198

Country of ref document: EP

Kind code of ref document: A1