[go: up one dir, main page]

CN101131759A - One-time password generation and application method for network transaction and system for executing method - Google Patents

One-time password generation and application method for network transaction and system for executing method Download PDF

Info

Publication number
CN101131759A
CN101131759A CNA200610109926XA CN200610109926A CN101131759A CN 101131759 A CN101131759 A CN 101131759A CN A200610109926X A CNA200610109926X A CN A200610109926XA CN 200610109926 A CN200610109926 A CN 200610109926A CN 101131759 A CN101131759 A CN 101131759A
Authority
CN
China
Prior art keywords
transaction
user
disposal password
internet
password used
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA200610109926XA
Other languages
Chinese (zh)
Inventor
李嘉铭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chinatrust Commercial Bank Co ltd
Original Assignee
Chinatrust Commercial Bank Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chinatrust Commercial Bank Co ltd filed Critical Chinatrust Commercial Bank Co ltd
Priority to CNA200610109926XA priority Critical patent/CN101131759A/en
Publication of CN101131759A publication Critical patent/CN101131759A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明是有关于一种网路交易用一次性密码产生及应用方法及其执行该方法的系统。该网路交易用一次性密码产生及应用方法,用以针对每一次线上交易行为产生一组专属的一次性密码(One Time Password,OTP);该OTP是利用交易识别资料,如:交易种类、交易日期等所计算得到,并通过异于网际网路的另一管道,如简讯等各种方式将OTP送至用户手中;唯有在该OTP与交易内容相符的情况下才能进行线上交易,借此可以破解因木马程式、网路钓鱼等造成的危机。

Figure 200610109926

The present invention relates to a method for generating and applying a one-time password for online transactions and a system for executing the method. The method for generating and applying a one-time password for online transactions is used to generate a set of exclusive one-time passwords (OTP) for each online transaction. The OTP is calculated using transaction identification information, such as transaction type, transaction date, etc., and is sent to the user through another channel other than the Internet, such as SMS and other methods. Only when the OTP matches the transaction content can the online transaction be carried out, thereby cracking the crisis caused by Trojan horse programs, online phishing, etc.

Figure 200610109926

Description

网路交易用一次性密码产生及应用方法及其执行该方法的系统 One-time password generation and application method for network transaction and system for executing the method

技术领域 technical field

本发明涉及一种网路交易安全机制,特别是涉及一种可针对当次的交易特征产生专属密码且不增加用户使用负担的网路交易用一次性密码产生及应用方法、及其执行该方法的系统。The present invention relates to a network transaction security mechanism, in particular to a method for generating and applying a one-time password for network transactions, which can generate a dedicated password according to the characteristics of the current transaction without increasing the burden on users, and the method for executing the same system.

背景技术 Background technique

近年来,网路科技发展一日千里,网路购物、线上拍卖等电子商务因应而生,各家银行亦推出网路银行的服务,用户/客户可选择不出门购物、不亲临柜台、不排队等待,只需在家里通过电脑登入购物网站或网路银行网站,即可进行付款、转帐等各种交易。In recent years, with the rapid development of Internet technology, e-commerce such as online shopping and online auctions has emerged accordingly, and various banks have also launched online banking services. Users/customers can choose not to go out to shop, not to visit the counter in person, and not to wait in line , You only need to log in to the shopping website or online banking website through your computer at home, and you can perform various transactions such as payment and transfer.

上述线上交易行为的共通点在于,使用者皆必须在电脑输入自身的金融资料,如信用卡资料、银行帐户、密码、登入帐号、交易资料等,通过网路传输到该信用卡中心或网路银行网站的伺服器。在使用者享受这便捷的服务同时,也造就网路骇客侧录或盗取金融资料的大好机会;一旦骇客盗获这些私人金融资料,使用者及银行的损失可想而知。依据反网路钓鱼工作小组(Anti-Phishing Working Group,APWG)统计资料,70%以上的网路诈欺行为皆是直接锁定网路银行及网路金流服务,目的在于盗取帐号资料,洗劫网路银行。The common point of the above-mentioned online transactions is that users must enter their own financial information on the computer, such as credit card information, bank account, password, login account number, transaction information, etc., and transmit them to the credit card center or online bank through the network. The server of the website. While users enjoy this convenient service, it also creates great opportunities for cyber hackers to log or steal financial information; once hackers steal these private financial information, the losses of users and banks can be imagined. According to the anti-phishing working group (Anti-Phishing Working Group, APWG) statistics, more than 70% of online frauds are directly targeting online banking and online cash flow services, with the purpose of stealing account information and looting internet banking.

目前所知的骇客网路诈骗方法,包括:The currently known methods of cyber-hacker fraud include:

1、网路钓鱼(phishing,与fishing取同音且近似意义)1. Internet phishing (phishing, homophonic and similar to fishing)

主要手法是利用伪造电子邮件作为诱饵,并设连结到假网站。例如,伪装成某知名银行或线上服务业者,通知使用者资料过期或无效而需更新,或基于安全理由需要进行身份验证,要求使用者连结到该电子邮件中所指引的网站以重新确认银行帐号密码或信用卡号。由于诈骗手法细腻,使用者难辨真伪,一旦在该网站中输入帐号密码,也就形同上钩。The main method is to use forged emails as bait and link to fake websites. For example, pretending to be a well-known bank or online service provider, notifying the user that the information is outdated or invalid and needs to be updated, or requiring identity verification for security reasons, requiring the user to link to the website directed in the email to re-confirm the bank Account password or credit card number. Due to the subtlety of the fraudulent techniques, it is difficult for users to distinguish the authenticity from the fake. Once the account password is entered on the website, it is like taking the bait.

2、木马程式或间谍软件2. Trojan horse program or spyware

木马程式或间谍软件包括键盘侧录、画面拦截等程式。骇客将木马程式或间谍软件加壳包装成有趣或实用的工具程式,并且利用电子邮件或在网站上播送,当使用者受到吸引而下载或打开电子邮件的附档,则这些木马程式或间谍软件便有机会入侵电脑。例如日前在两岸发生的事件-骇客广发“x月13日黑色星期五,将有43只电脑病毒发作,微软用户快下载修补程式”电子邮件,诱骗使用者下载木马程式伪装的“系统更新程式.exe”或假“解毒程式.exe”。这种木马程式不会马上发作或使电脑异常,但只要使用者开启浏览器、收信软件甚至文字编辑工具,输入任何“帐号”、“密码”等资料,木马程式即连同对应网站或浏览路径一并记下,因此所有的私人帐号、密码都会被拦截。Trojan horse programs or spyware include programs such as keyloggers and screen interceptors. Hackers package Trojan horse programs or spyware into interesting or useful tool programs, and use emails or broadcast them on websites. When users are attracted to download or open the attached files of emails, these Trojan horse programs or spyware Software has the opportunity to invade the computer. For example, the incident that happened on both sides of the Taiwan Strait a few days ago-hackers widely sent "43 computer viruses will break out on Black Friday, October 13th, Microsoft users download the patch quickly" emails, tricking users into downloading "system update programs" disguised as Trojan horse programs. exe" or fake "Detox.exe". This kind of Trojan horse program will not immediately occur or make the computer abnormal, but as long as the user opens a browser, receiving software or even a text editing tool, and enters any "account number", "password" and other information, the Trojan horse program will be linked with the corresponding website or browsing path. Write it down together, so all private account numbers and passwords will be blocked.

上述的网路钓鱼的诱饵及木马程式的包装千奇百怪、不断翻新,想全面拦截甚至一一揪出网路骇客十分困难。在近年网路银行不堪其扰的情况下,为了防止损失持续扩大,中国台湾于2004年间关闭网路银行SSL(SecureSocket Layer,SSL,以下均简称为SSL)非约定转帐功能,并规定必须视交易风险,单独或合并运用下述各种严密的技术防护措施,才能开放SSL非约定交易业务:The packages of the above-mentioned phishing baits and Trojan horse programs are all kinds of strange and constantly updated. It is very difficult to completely intercept or even find out the network hackers one by one. In recent years, under the circumstances that Internet banking has been unbearably disturbed, in order to prevent the continuous expansion of losses, Taiwan, China closed the SSL (Secure Socket Layer, SSL, hereinafter referred to as SSL) non-agreed transfer function of Internet banking in 2004, and stipulated that it must be viewed as a transaction. To avoid risks, the SSL non-agreed transaction business can only be opened by using the following strict technical protection measures individually or in combination:

1、SSL约定帐号交易密码-仅开放约定帐户进行交易,相当于因噎废食的做法,限制网路银行交易内容,避免盗领事件发生。1. SSL agreement account transaction password - only open the agreement account for transactions, which is equivalent to the practice of giving up food because of choking, restricting the content of online banking transactions, and avoiding theft.

2、公钥基础设施(Public Key Infrastructure,以下简称PKI)-是一种利用公钥技术实现电子商务安全的体系,整体由公开密钥密码技术、数字证书、证书发放机构(也就是CA),及关闭/公开密钥的安全策略等基本成分共同组成。然而,在用户所有帐号密码全被侧录盗取,及用户使用的私钥保护设备不安全(如:磁片)的情况下,此一加密、认证方法并派不上用场。2. Public key infrastructure (Public Key Infrastructure, hereinafter referred to as PKI) - is a system that uses public key technology to achieve e-commerce security. It is composed of basic components such as the security policy of closing/opening the key. However, when all account passwords of the user are stolen by skimming, and the private key protection device used by the user is not safe (such as a disk), this encryption and authentication method is useless.

3、一次性密码(One Time Password,以下均简称为OTP)-又称动态密码,是运用动态密码产生器(Key Token)、晶片金融卡或以其他方式,随机产生限定一次使用的密码。配合晶片卡使用者,该密码产生器必须插入用户晶片卡,甚至需输入该晶片卡的密码后才能使用,为上述防盗机制添加多一层的防护。3. One-time password (One Time Password, hereinafter referred to as OTP) - also known as dynamic password, is to use a dynamic password generator (Key Token), chip financial card or other methods to randomly generate a password that is limited to one use. Cooperating with the chip card user, the code generator must be inserted into the user's chip card, and can only be used after entering the code of the chip card, adding an additional layer of protection to the above-mentioned anti-theft mechanism.

上述密码产生器是由该用户专门持有且可与网路银行连线,其针对每次交易乱码产生一组OTP密码,该密码产生方式可能是依当时时段产生,或逐次递增计算产生,或综合前述两种条件产生。用户在网路银行进行交易的过程中,可能需逐次或在预定时间(例如20秒)内输入由密码产生器所产生的OTP密码,若用户未在这段时间内输入则该密码失效,需再次操作该密码产生器。虽然上述OTP机制中,OTP密码每次都不同,且原则上仅有持有该产生器的用户能得知,安全性应较一般以固定密码签入者高,但实际上,这种产生OTP密码的方法,并无法防止网路钓鱼或第三人介入交易(Manin the Middle)而窜改交易的事件发生,原因在于该OTP密码只是由密码产生器自行递增或乱数或与时间有关地产生密码,该密码与交易内容、使用者身份、晶片卡的序号或卡片密码皆无关联,且产生器也不限定插入晶片卡,也就是说该OTP密码不会因为交易内容、使用者资讯被更改而失效。因此,存在以下问题:(1)以网路钓鱼来说,用户若在假网站上输入帐号、OTP密码,骇客可据此马上到真正网站上从事盗领等不法交易,用户却浑然不知;(2)以第三人介入交易来说,只要在用户输入其OTP密码后,任何第三人都可能介入窜改交易。The above-mentioned password generator is specially owned by the user and can be connected to the online bank. It generates a set of OTP passwords for each transaction with random characters. A combination of the above two conditions is produced. During the transaction process of online banking, the user may need to input the OTP password generated by the password generator one by one or within a predetermined time (for example, 20 seconds). Operate the password generator again. Although in the above OTP mechanism, the OTP password is different each time, and in principle only the user who owns the generator can know it, the security should be higher than that of a person who usually signs in with a fixed password, but in fact, this OTP generator The password method cannot prevent phishing or a third party intervening in the transaction (Manin the Middle) to tamper with the transaction. The reason is that the OTP password is only incremented by the password generator itself or randomly generated or time-related. The password is not related to the transaction content, user identity, chip card serial number or card password, and the generator is not limited to inserting the chip card, which means that the OTP password will not be invalidated because the transaction content or user information is changed . Therefore, there are the following problems: (1) In the case of phishing, if the user enters the account number and OTP password on the fake website, the hacker can immediately go to the real website to engage in illegal transactions such as stealing, but the user does not know it; (2) As for the third party intervening in the transaction, as long as the user enters his OTP password, any third party may intervene to tamper with the transaction.

综合上述,为了防止发生网路交易帐号密码被窃取、盗领、盗刷的情况,增加的防护措施往往为用户增添不便;且尽管目前发展出各式各样的网路加密、认证、防护机制,但是面对层出不穷的网路犯罪手法或潜藏在身边的危机,仍有百密一疏的风险。因此,有必要为网路金融交易发展一更能有效防堵盗取且不增加用户使用负担的方法。To sum up the above, in order to prevent the passwords of online trading accounts from being stolen, stolen, and swiped, the added protection measures often add inconvenience to users; and although various network encryption, authentication, and protection mechanisms have been developed at present , but in the face of endless cybercriminal methods or hidden crises around us, there is still the risk of a hundred secrets and one sparse. Therefore, it is necessary to develop a method that can effectively prevent blocking and stealing and does not increase the burden on users for online financial transactions.

有鉴于此,本发明人基于从事此类产品设计制造多年丰富的实务经验及专业知识,并配合学理的运用,积极加以研究创新,以期创设一种新的网路交易用一次性密码产生及应用方法及其执行该方法的系统,使其更具有实用性。经过不断的研究、设计,并经反复试作及改进后,终于创设出确具实用价值的本发明。In view of this, based on years of rich practical experience and professional knowledge engaged in the design and manufacture of such products, and in conjunction with the application of academic theories, the inventor actively researches and innovates, in order to create a new generation and application of one-time passwords for online transactions The method and the system for implementing the method make it more practical. Through continuous research, design, and after repeated trials and improvements, the present invention with practical value is finally created.

发明内容 Contents of the invention

本发明的目的在于,提供一种可针对当次的交易特征产生专属密码且不增加用户使用负担的一次性密码产生及应用方法,及其执行该方法的系统,从而更加适于实用。The purpose of the present invention is to provide a one-time password generation and application method that can generate a unique password according to the characteristics of the current transaction without increasing the burden on the user, and a system for executing the method, so that it is more suitable for practical use.

本发明的目的及解决其技术问题是采用以下技术方案来实现的。依据本发明提出的一种网路交易用一次性密码产生及应用方法,针对一用户的一线上交易行为产生一专有的一次性密码,该用户使用相异的一第一使用者介面及一第二使用者介面;其包含以下步骤:(A)、接收来自用户输入的交易资料;(B)、依据该交易资料及系统提供资料,逻辑运算产生一组专属对应的一次性密码,该一次性密码包括一笔交易代码,以及一笔交易验证码;(C)、通过相异管道使该交易代码、交易验证码分别传输并显示于该第一使用者介面、第二使用者介面;(D)、接收来自该用户通过该第一使用者介面回传的交易验证码;以及(E)、核对该回传的交易验证码是否正确。The purpose of the present invention and the solution to its technical problems are achieved by adopting the following technical solutions. According to a method for generating and applying a one-time password for online transactions proposed by the present invention, a dedicated one-time password is generated for a user's online transaction behavior, and the user uses a different first user interface and a different The second user interface; it includes the following steps: (A), receiving the transaction data input by the user; (B), according to the transaction data and the data provided by the system, logical operation generates a set of exclusive corresponding one-time passwords, the one-time The sex code includes a transaction code and a transaction verification code; (C), the transaction code and the transaction verification code are respectively transmitted and displayed on the first user interface and the second user interface through different channels; ( D), receiving the transaction verification code sent back from the user through the first user interface; and (E), checking whether the returned transaction verification code is correct.

本发明的目的及解决其技术问题还可采用以下技术措施进一步实现。The purpose of the present invention and its technical problems can also be further realized by adopting the following technical measures.

前述的网路交易用一次性密码产生及应用方法,其中所述的步骤(C)是使交易代码通过网际网路传输到该第一使用者介面,交易验证码通过行动通讯网路传输到该第二使用者介面。In the aforementioned method for generating and applying a one-time password for online transactions, the step (C) is to transmit the transaction code to the first user interface through the Internet, and transmit the transaction verification code to the second user interface through the mobile communication network. 2. user interface.

前述的网路交易用一次性密码产生及应用方法,其中所述的交易验证码是通过简讯、GPRS、MMS、传真、语音、电子邮件的非网际网路全球资讯网机制传送。In the aforementioned one-time password generation and application method for online transactions, the transaction verification code is transmitted through non-Internet global information network mechanisms such as SMS, GPRS, MMS, fax, voice, and email.

前述的网路交易用一次性密码产生及应用方法,其中该方法还包括一步骤(B)、(C)间的步骤(F)依据该交易验证码及交易内容产生一用以通过行动通讯网路发送的简讯。The aforementioned one-time password generation and application method for online transactions, wherein the method also includes a step (F) between steps (B) and (C) to generate a password for passing through the mobile communication network according to the transaction verification code and transaction content. SMS sent.

前述的网路交易用一次性密码产生及应用方法,其中所述的步骤(B)所产生的交易代码是文字形式,交易验证码则为数字形式。In the aforementioned method for generating and applying a one-time password for network transactions, the transaction code generated in step (B) is in text form, and the transaction verification code is in digital form.

前述的网路交易用一次性密码产生及应用方法,其中所述的步骤(A)还接收来自用户输入的个人识别资料;该步骤(B)还依据个人识别资料,包括用户帐号、密码、门号、身份证字号、出生日期其中至少之一进行逻辑运算。In the aforementioned method for generating and applying a one-time password for network transactions, the step (A) also receives the personal identification data input from the user; the step (B) is also based on the personal identification data, including user account number, password, door No., ID number, date of birth at least one of logical operation.

前述的网路交易用一次性密码产生及应用方法,其中所述的步骤(B)中运算依据的交易资料,包括启用交易、金融交易种类、交易帐户、交易额度、交易时间其中至少之一。In the aforementioned one-time password generation and application method for online transactions, the transaction data used in the calculation in step (B) includes at least one of activation transaction, financial transaction type, transaction account, transaction amount, and transaction time.

前述的网路交易用一次性密码产生及应用方法,其中所述的步骤(C)是将该简讯经一简讯闸道器,通过行动通讯网路发送并显示于该第二使用者介面。In the aforementioned method for generating and applying a one-time password for online transactions, the step (C) is to send the short message through a mobile communication network through a short message gateway and display it on the second user interface.

前述的网路交易用一次性密码产生及应用方法,其中所述的简讯闸道器连接至一简讯发送服务供应商,该简讯发送服务供应商以专线将简讯传送给电信业者。In the aforementioned one-time password generation and application method for online transactions, the short message gateway is connected to a short message sending service provider, and the short message sending service provider sends the short message to the telecom operator through a dedicated line.

前述的网路交易用一次性密码产生及应用方法,其中所述的步骤(B)的系统提供资料包括一视需求批次调整的预设变数。In the aforementioned method for generating and applying one-time passwords for online transactions, the system-provided data in step (B) includes a preset variable that can be adjusted in batches according to requirements.

前述的网路交易用一次性密码产生及应用方法,其中所述的步骤(B)包括细步骤(B-1)利用系统乱数功能经运算产生该交易代码;步骤(B-2)依据该交易代码,加上交易资料、个人识别资料,及系统产生的变数,逻辑运算产生该交易验证码。In the aforementioned method for generating and applying a one-time password for online transactions, the step (B) includes the detailed step (B-1) using the random number function of the system to generate the transaction code through calculation; and the step (B-2) according to the transaction The code, together with the transaction data, personal identification data, and variables generated by the system, is logically operated to generate the transaction verification code.

前述的网路交易用一次性密码产生及应用方法,其中所述的步骤(B-2)所述变数,是依据需求批次调整。In the aforementioned method for generating and applying one-time passwords for online transactions, the variables in the step (B-2) are adjusted in batches according to requirements.

前述的网路交易用一次性密码产生及应用方法,其中所述的步骤(A)是接收来自第一使用者介面的资料。In the aforementioned method for generating and applying a one-time password for online transactions, the step (A) is to receive data from the first user interface.

本发明的目的及解决其技术问题还采用以下技术方案来实现。依据本发明提出的一种网路交易用一次性密码产生及应用系统,可通过一网路银行的网站伺服器与一用户的第一使用者介面、第二使用者介面连结,该系统包含:一接收模组,接收来自该第一使用者介面传送的个人识别资料,交易资料,以及后续回传的资料;一用户资料库,预先储存用户的个人识别资料,包括一预设的行动电话门号;一运算模组,依据该交易资料及系统提供资料运算产生一组专属对应该笔交易的一次性密码,该一次性密码包括一笔交易代码,及一笔交易验证码;一第一发送模组,将该交易代码通过网际网路传送并显示于该第一使用者介面;一第二发送模组,将该交易验证码通过非网际网路全球资讯网机制传送于该第二使用者介面:以及一管理模组,核对该用户回传的交易验证码是否正确。The purpose of the present invention and the solution to its technical problem also adopt the following technical solutions to achieve. A system for generating and applying one-time passwords for network transactions according to the present invention can be connected with a user's first user interface and second user interface through a website server of an online bank, and the system includes: A receiving module, which receives the personal identification data, transaction data, and subsequent data sent from the first user interface; a user database, which stores the user's personal identification data in advance, including a default mobile phone door No.; an operation module, which generates a set of one-time passwords corresponding to the transaction based on the transaction data and the data provided by the system. The one-time passwords include a transaction code and a transaction verification code; A module for sending the transaction code through the Internet and displaying it on the first user interface; a second sending module for sending the transaction verification code to the second user through a non-Internet global information network mechanism Interface: and a management module to check whether the transaction verification code returned by the user is correct.

本发明的目的及解决其技术问题还可采用以下技术措施进一步实现。The purpose of the present invention and its technical problems can also be further realized by adopting the following technical measures.

前述的网路交易用一次性密码产生及应用系统,其中该系统是与一简讯发送服务供应商合作,并通过简讯专线与电信业者连系。The aforementioned one-time password generation and application system for network transactions, wherein the system cooperates with a short message sending service provider and connects with the telecommunications operator through a dedicated line for short messages.

前述的网路交易用一次性密码产生及应用系统,其中该第二发送模组是将该交易验证码通过简讯、无线封包交换服务(GPRS)、多媒体简讯服务(MMS)、传真、语音、电子邮件的非网际网路的全球资讯网机制传送。The aforementioned one-time password generation and application system for online transactions, wherein the second sending module sends the transaction verification code through SMS, wireless packet switching service (GPRS), multimedia messaging service (MMS), fax, voice, electronic Non-Internet World Wide Web mechanisms for mail delivery.

前述的网路交易用一次性密码产生及应用系统,其中该第二发送模组是一简讯产生模组,依据该交易代码、交易验证码整合产生一简讯,通过行动通讯网路传送并显示于该第二使用者介面。The aforementioned one-time password generation and application system for online transactions, wherein the second sending module is a short message generation module, generates a short message according to the transaction code and transaction verification code, and transmits it through the mobile communication network and displays it on the Second user interface.

前述的网路交易用一次性密码产生及应用系统,其中该运算模组产生的交易代码是文字形式,交易验证码则为数字形式。In the aforementioned one-time password generation and application system for network transactions, the transaction code generated by the computing module is in text form, and the transaction verification code is in digital form.

前述的网路交易用一次性密码产生及应用系统,其中该运算模组还依据该个人识别资料,包括用户帐号、密码、门号、身份证字号、出生日期其中至少之一进行逻辑运算。In the aforementioned system for generating and applying one-time passwords for online transactions, the calculation module also performs logic operations based on at least one of the personal identification data, including user account number, password, door number, ID card number, and date of birth.

前述的网路交易用一次性密码产生及应用系统,其中该运算模组运算依据的交易资料,包括启用交易、金融交易种类、交易帐户、交易额度、交易时间其中至少之一。In the aforementioned one-time password generation and application system for online transactions, the transaction data on which the operation module operates includes at least one of enabled transaction, financial transaction type, transaction account, transaction amount, and transaction time.

前述的网路交易用一次性密码产生及应用系统,其中该运算模组运算依据的系统提供资料是包括一视需求批次调整的预设变数。In the aforementioned system for generating and applying one-time passwords for online transactions, the data provided by the system on which the computing module operates includes preset variables adjusted in batches according to requirements.

前述的网路交易用一次性密码产生及应用系统,其中该运算模组利用系统乱数功能经运算产生该交易代码;且依据该交易代码,加上交易资料、个人识别资料,及系统产生的变数,逻辑运算产生该交易验证码。The above-mentioned one-time password generation and application system for online transactions, wherein the calculation module uses the system random number function to generate the transaction code through calculation; and based on the transaction code, plus transaction data, personal identification data, and variables generated by the system , the logic operation generates the transaction verification code.

本发明与现有技术相比具有明显的优点和有益效果。由以上可知,为了达到上述目的,本发明网路交易用一次性密码产生及应用方法,针对一用户的一线上交易行为产生一专有的一次性密码(OTP),该用户使用相异的一第一使用者介面及一第二使用者介面;该方法包含以下步骤:(A)、接收来自用户输入的交易资料。(B)、依据该交易资料及系统提供资料,逻辑运算产生一组专属对应的一次性密码,该一次性密码包括一笔交易代码,及一笔交易验证码。(C)、通过相异管道使该交易代码、交易验证码分别传输并显示于该第一使用者介面、第二使用者介面;交易代码通过网际网路传输到该第一使用者介面,交易验证码通过行动通讯网路,以简讯、无线封包交换服务(GPRS)、多媒体简讯服务(MMS)的非网际网路机制传输到该第二使用者介面。(D)、接收来自该第一使用者介面回传的交易代码及交易验证码,该交易验证码是通过用户输入;以及(E)、核对该回传的交易验证码是否正确。Compared with the prior art, the present invention has obvious advantages and beneficial effects. As can be seen from the above, in order to achieve the above object, the method for generating and applying a one-time password for online transactions of the present invention generates a proprietary one-time password (OTP) for a user's online transaction behavior, and the user uses a different one-time password (OTP). A first user interface and a second user interface; the method includes the following steps: (A), receiving transaction data input from a user. (B) According to the transaction data and the data provided by the system, logical operation generates a set of corresponding one-time passwords. The one-time passwords include a transaction code and a transaction verification code. (C), the transaction code and transaction verification code are transmitted and displayed on the first user interface and the second user interface respectively through different channels; the transaction code is transmitted to the first user interface through the Internet, and the transaction The verification code is transmitted to the second user interface through the non-Internet mechanism of SMS, Wireless Packet Switching Service (GPRS), and Multimedia Message Service (MMS) through the mobile communication network. (D) receiving the transaction code and transaction verification code returned from the first user interface, the transaction verification code is input by the user; and (E) checking whether the returned transaction verification code is correct.

借由上述技术方案,本发明网路交易用一次性密码产生及应用方法及其执行该方法的系统至少具有下列优点:本发明的有益效果在于,由于本发明一次性密码(One Time Password,OTP)产生方法是针对每一次线上交易行为,利用交易识别资料产生一组专属的OTP,并通过异于网际网路的另一管道将OTP送至用户手中;唯有在该OTP与交易内容相符的情况下才能进行线上交易,可确实防止盗领、盗刷。By means of the above-mentioned technical scheme, the method for generating and applying a one-time password for network transactions of the present invention and the system for executing the method thereof at least have the following advantages: the beneficial effect of the present invention is that, due to the One Time Password (OTP ) generation method is to use transaction identification data to generate a set of exclusive OTP for each online transaction, and send the OTP to the user through another channel different from the Internet; only when the OTP matches the transaction content Online transactions can only be carried out under certain circumstances, which can really prevent stolen claims and stolen brushes.

综上所述,本发明提供了一种可针对当次的交易特征产生专属密码且不增加用户使用负担的一次性密码产生及应用方法,及其执行该方法的系统。该网路交易用一次性密码产生及应用方法,用以针对每一次线上交易行为产生一组专属的一次性密码(One Time Password,OTP);该OTP是利用交易识别资料,如:交易种类、交易日期等所计算得到,并通过异于网际网路的另一管道,如简讯等各种方式将OTP送至用户手中;唯有在该OTP与交易内容相符的情况下才能进行线上交易,借此可以破解因木马程式、网路钓鱼等造成的危机。本发明具有上述诸多优点及实用价值,其不论在方法、应用系统的结构或功能上皆有较大的改进,在技术上有显著的进步,并产生了好用及实用的效果,且具有增进的突出功效,从而更加适于实用,诚为一新颖、进步、实用的新设计。To sum up, the present invention provides a method for generating and applying a one-time password that can generate a unique password according to the characteristics of the current transaction without increasing the burden on the user, and a system for implementing the method. The online transaction uses a one-time password generation and application method to generate a set of exclusive one-time passwords (One Time Password, OTP) for each online transaction behavior; the OTP uses transaction identification data, such as: transaction type , transaction date, etc., and send the OTP to the user through another channel different from the Internet, such as SMS, etc.; only when the OTP matches the transaction content can online transactions be carried out , so as to solve the crisis caused by Trojan horse programs and phishing. The present invention has the above-mentioned many advantages and practical value, and it has great improvements in the method, structure or function of the application system, and has made remarkable progress in technology, and has produced easy-to-use and practical effects, and has enhanced The outstanding effect, thus more suitable for practicality, is a novel, progressive, practical new design.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其他目的、特征和优点能够更明显易懂,以下特举较佳实施例,并配合附图,详细说明如下。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the following preferred embodiments are specifically cited below, and are described in detail as follows in conjunction with the accompanying drawings.

附图说明 Description of drawings

图1是本发明网路交易用一次性密码产生系统较佳实施例的示意图。FIG. 1 is a schematic diagram of a preferred embodiment of a system for generating a one-time password for network transactions according to the present invention.

图2是本发明网路交易用一次性密码产生及应用方法较佳实施例中,有关启用简讯OTP交易的流程图。Fig. 2 is a flow chart of enabling SMS OTP transactions in a preferred embodiment of the method for generating and applying one-time passwords for online transactions of the present invention.

图3是类似于图2的流程图,说明利用简讯OTP交易执行金融交易的前置流程图。FIG. 3 is a flow chart similar to FIG. 2, illustrating a pre-flow process for performing a financial transaction using an SMS OTP transaction.

图4是本发明网路交易用一次性密码产生及应用方法的较佳实施例执行交易的示意图。FIG. 4 is a schematic diagram of a preferred embodiment of a method for generating and applying a one-time password for network transactions of the present invention to execute transactions.

具体实施方式 Detailed ways

为更进一步阐述本发明为达成预定发明目的所采取的技术手段及功效,以下结合附图及较佳实施例,对依据本发明提出的网路交易用一次性密码产生及应用方法及其执行该方法的系统其具体实施方式、方法步骤、结构、特征及其功效,详细说明如后。In order to further explain the technical means and effects of the present invention to achieve the intended purpose of the invention, the following in conjunction with the accompanying drawings and preferred embodiments, the method for generating and applying one-time passwords for network transactions proposed according to the present invention and its implementation The system of the method and its specific implementation, method steps, structure, features and effects thereof are described in detail below.

请参阅图1所示,是本发明网路交易用一次性密码产生系统较佳实施例的示意图。本发明网路交易用一次性密码产生系统2及方法的较佳实施例,适用于一网路银行的线上交易,用以针对每一次线上交易行为的交易资料产生一组专属此交易的一次性密码(One Time Password,简称OTP),并通过简讯、无线封包交换服务(GPRS)、多媒体简讯服务(MMS)、传真、语音、电子邮件等,非网际网路(internet)的全球资讯网(WWW)机制的发送方式,将OTP送至用户手中;唯有在该OTP与交易内容相符的情况下才能在该网路银行接续进行交易,借此可以破解因木马程式、网路钓鱼等造成的危机。Please refer to FIG. 1 , which is a schematic diagram of a preferred embodiment of the one-time password generation system for online transactions of the present invention. The preferred embodiment of the system 2 and method for generating one-time passwords for Internet transactions of the present invention is suitable for online transactions of an Internet bank, and is used to generate a set of unique transaction data for each online transaction. One-time password (One Time Password, referred to as OTP), and through SMS, wireless packet switching service (GPRS), multimedia messaging service (MMS), fax, voice, email, etc., non-Internet (internet) World Wide Web The (WWW) mechanism sends the OTP to the hands of the user; only when the OTP matches the transaction content can the transaction be continued in the online bank, so that it can be cracked due to Trojan horse programs, phishing, etc. crisis.

本实施例的一次性密码产生系统2,包含一接收模组21、一用户资料库22、一运算模组23、一简讯产生模组24、一发送模组25,以及一管理模组26,并与一简讯发送服务供应商3合作,通过简讯专线与各家电信业者4连系。The one-time password generating system 2 of this embodiment includes a receiving module 21, a user database 22, a computing module 23, a short message generating module 24, a sending module 25, and a management module 26, And cooperate with a short message sending service provider 3, connect with various telecommunications operators 4 through the short message dedicated line.

该接收模组21、发送模组25,与该网路银行的网站伺服器51连结,借此经网际网路接收来自用户通过一第一使用者介面11输入的讯息,或发送讯息至该第一使用者介面11。The receiving module 21 and the sending module 25 are connected with the web server 51 of the online bank, thereby receiving messages input from users through a first user interface 11 via the Internet, or sending messages to the first user interface 11 A user interface 11 .

该用户资料库22,可与网银主机50连接或直接设于主机50内,储存有用户的个人识别资料,包括预设行动电话门号,该等预先储存的资料是用户亲临柜台办理,或持晶片金融卡至自动柜员机(ATM)设定,或其他可确认身份的方式办理者,该手机门号是设定来接收简讯OTP用的,可以与记录在银行用户资料中的联络电话不同。当使用者办理资料修改,经认证后通过分行人员电脑32等可确认身份的管道连到该资料库22进行修改。The user database 22 can be connected to the online banking host 50 or directly installed in the host 50, and stores the user's personal identification data, including the default mobile phone number. Chip financial card to automatic teller machine (ATM) setting, or other methods that can confirm the identity, the mobile phone number is set to receive SMS OTP, which can be different from the contact number recorded in the bank user information. When the user handles the data modification, after authentication, the channels that can confirm the identity such as the branch staff computer 32 are connected to the database 22 for modification.

该运算模组23,可依据接收的交易识别资料产生OTP的交易代码及交易验证码,其详细运算内容将于下文说明。The calculation module 23 can generate an OTP transaction code and a transaction verification code according to the received transaction identification data, and the detailed calculation content will be described below.

该简讯产生模组24,是依据交易代码、交易验证码等,整合产生一简讯,并与一简讯闸道器(SMS Gateway)40连结,借此将简讯通过通讯网路,由该简讯发送服务供应商3以专线经电信业者4,发送到预设门号,供用户通过一第二使用者介面12读取。The short message generation module 24 integrates and generates a short message according to transaction codes, transaction verification codes, etc., and connects with a short message gateway (SMS Gateway) 40, thereby passing the short message through the communication network and sending the service provider by the short message The merchant 3 sends to the preset door number through the dedicated line through the telecommunications operator 4 for the user to read through a second user interface 12 .

上述的第一使用者介面11,为可连上网际网路的各种电脑、个人数位助理(PDA)等,第二使用者介面12为用户随身携带的行动电话,或结合行动电话功能的PDA。The above-mentioned first user interface 11 is various computers, personal digital assistants (PDAs) etc. that can be connected to the Internet, and the second user interface 12 is a mobile phone carried by the user, or a PDA combined with a mobile phone function .

请同时参阅图1、图2及图4所示,当用户预先持身份证明文件及原留印鉴亲临银行柜台(或前述其他可确认身份的方式)办理简讯OTP交易后,第一次使用时必须进行启用动作,并在用户由第一使用者介面11登入网路银行后开始,OTP产生系统2配合闸道器40及简讯发送服务供应商3共同执行步骤611~65,经电信业者执行步骤9a、用户回应步骤81a~83a后,再由OTP产生系统2接续执行步骤66~67。现将其详细流程具体说明如下:Please refer to Figure 1, Figure 2 and Figure 4 at the same time. After the user goes to the bank counter (or the aforementioned other ways to confirm the identity) to handle the SMS OTP transaction with the identity certificate and the original seal in advance, the first use must After the user logs into the online bank through the first user interface 11, the OTP generation system 2 cooperates with the gateway 40 and the SMS sending service provider 3 to jointly execute steps 611-65, and the telecom operator executes step 9a 1. After the user responds to steps 81a-83a, the OTP generating system 2 continues to execute steps 66-67. The detailed process is now described as follows:

0TP产生系统0TP generation system

步骤611一接收模组21接收用户个人识别资料;该用户是通过第一使用者介面11连上网际网路登入网路银行,该个人识别资料包括登入帐号、密码等。Step 611 - The receiving module 21 receives the user's personal identification information; the user is connected to the Internet through the first user interface 11 to log in to the online bank, and the personal identification information includes login account number and password.

步骤612-接收模组21接收门号资料;该用户登入网路银行后,输入申请简讯OTP交易时,所预设用来接收OTP简讯的行动电话门号。Step 612 - The receiving module 21 receives the information of the phone number; after the user logs into the online banking, he inputs the phone number of the mobile phone that is preset to receive the OTP SMS when applying for the SMS OTP transaction.

步骤613-管理模组26核对帐号及门号,并检视本次行为是否是在亲临柜台办理或至ATM设定申请,或其他可确认身份的方式办理简讯OTP交易后,期限(如:一周)内进行,若核任身份无误,将续行步骤621;若核对不符,则无法继续执行交易;若非在该预定时间内进行启用,则系统注销申请资格。Step 613 - The management module 26 checks the account number and door number, and checks whether this behavior is performed at the counter or at the ATM to set up an application, or after the SMS OTP transaction is processed in other ways that can confirm the identity. The time limit (such as: one week) If the verified identity is correct, proceed to step 621; if the verification is inconsistent, the transaction cannot be continued; if the activation is not performed within the predetermined time, the system will cancel the application qualification.

步骤621-产生OTP交易代码;运算模组23利用系统乱数功能经运算产生交易代码,例如ABCD,然而不以文字形式为限,亦不以四码为限。本步骤产生该交易代码后,除了接续进行步骤622及步骤623外,还同步接续进行步骤65。Step 621 - generate an OTP transaction code; the operation module 23 uses the random number function of the system to generate a transaction code, such as ABCD, but it is not limited to a text form, nor is it limited to four codes. After the transaction code is generated in this step, in addition to proceeding to step 622 and step 623, step 65 is also proceeded synchronously.

步骤622-产生OTP数字部分的交易验证码;运算模组23依据步骤621的该交易代码,加上“交易资料”(可包括交易日期、时间,交易种类(图2为开启交易、图3为其他金融交易)、帐号、金额等,项目数量不限)、“用户个人识别资料”(可包括用户帐号、密码、门号、身份证字号、出生日期等,项目数量不限),及系统产生的变数,逻辑运算(X0R/AND/OR......etc)产生交易验证码。前述变数可依据需求批次调整,例如针对特定交易专案作不同设定,并以三重资料加密标准(Triple Data Encryption Standard,3DES)加密后,再以逻辑运算(XOR/AND/OR...etc)产生一组专属本次启用行为的OTP数字,例如123456。Step 622-generate the transaction verification code of OTP digital part; Calculation module 23 is based on this transaction code of step 621, adds " transaction data " (can comprise transaction date, time, transaction kind (Fig. 2 is to open transaction, Fig. 3 is Other financial transactions), account number, amount, etc., the number of items is not limited), "user personal identification information" (may include user account number, password, door number, ID card number, date of birth, etc., the number of items is not limited), and system generated variables, logic operations (X0R/AND/OR...etc) generate transaction verification codes. The above-mentioned variables can be adjusted in batches according to the needs, such as different settings for specific transaction projects, and encrypted with Triple Data Encryption Standard (3DES), and then logical operations (XOR/AND/OR...etc ) to generate a set of OTP numbers exclusive to this activation behavior, such as 123456.

综合步骤621、622所述,该OTP包括文字部分(ie.交易代码)及数字部分(ie.交易验证码),该文字部分与数字部份虽不必然一对一,但以同样的交易识别资料(包括用户输入及系统提供资料),系统将计算得出单一专属的OTP,并将文字部分与数字部分以不同管道分开传送(将在步骤63~65中详述)。Combining steps 621 and 622, the OTP includes a text part (ie. transaction code) and a number part (ie. transaction verification code). Although the text part and the number part are not necessarily one-to-one, they are identified by the same transaction Data (including user input and data provided by the system), the system will calculate a single exclusive OTP, and send the text part and number part separately through different channels (will be described in detail in steps 63-65).

此外,前述的交易识别资料不限项目多寡,也就是说,该OTP是由多项资料产出,而与以往不同,且还提高其专有、私密、安全性。In addition, the above-mentioned transaction identification data is not limited to the number of items, that is to say, the OTP is produced by multiple data, which is different from the past, and it also improves its proprietary, privacy, and security.

步骤623-产生简讯内容;统合上述步骤622、623所产生的OTP交易代码、交易验证码,以及有关本次交易行为“简讯OTP交易启用”的字句,甚至网页识别码,作为简讯内容。Step 623—generate the content of the short message; integrate the OTP transaction code, the transaction verification code generated in the above steps 622 and 623, and the words and sentences related to this transaction behavior "SMS OTP transaction activation", and even the web page identification code, as the content of the short message.

步骤63-将简讯内容传至闸道器40。由于本实施例中简讯是通过有别于网际网路的行动通讯网路进行传送,因此需通过该闸道器40连接转换传输。Step 63 - Send the SMS content to the gateway 40 . Since the short message in this embodiment is transmitted through a mobile communication network different from the Internet, the gateway 40 needs to be used for connection conversion and transmission.

步骤64-将简讯内容及预设门号传至电信业者4。在本实施例,是通过预先缔约合作的简讯发送服务供应商3进行,该供应商3与电信业者4间以专线(Lease-Line)方式进行传送,相当于利用专属的简讯传送通道,独立于一般的简讯传送业务,借此符合交易简讯安全及提高简讯传送效率。Step 64 - Send the content of the SMS and the preset phone number to the telecom operator 4 . In this embodiment, it is carried out through the pre-contracted short message sending service provider 3, and the provider 3 and the telecom operator 4 are transmitted in a leased line (Lease-Line), which is equivalent to using an exclusive short message transmission channel, independent of General SMS transmission business, so as to meet the security of transaction SMS and improve the efficiency of SMS transmission.

步骤65-传送交易代码,通过网际网路将自步骤621所产生的交易代码,传送至第一使用者介面11,供用户检阅及后续对照。Step 65—transmitting the transaction code, sending the transaction code generated in step 621 to the first user interface 11 via the Internet for user review and subsequent comparison.

电信业者telecom operator

步骤9a-将简讯发送到预设门号。Step 9a - Send SMS to preset door number.

用户user

步骤81a-利用第一使用者介面11(如图4所示的电脑)接收由系统在步骤65所传出的交易代码(如图4所示的ABCD)。Step 81a—use the first user interface 11 (computer as shown in FIG. 4 ) to receive the transaction code (ABCD as shown in FIG. 4 ) transmitted by the system in step 65 .

步骤82a-利用第二使用者介面12接收由电信业者在步骤9a所传出的简讯;也就是说,OTP的交易验证码显示于行动电话,该交易验证码不但产生是与交易识别资料息息相关,且另外发送到第二使用者介面12,可杜绝网路钓鱼等状况。Step 82a - use the second user interface 12 to receive the SMS sent by the telecom operator in step 9a; that is to say, the transaction verification code of the OTP is displayed on the mobile phone, and the transaction verification code is not only closely related to the transaction identification data, In addition, it is sent to the second user interface 12, which can prevent situations such as phishing.

步骤83a-在第一使用者介面11如图4所示的交易代码下方,输入验证码的栏位上输入该简讯内容中所显示的数字形式交易验证码,如123456;借此,交易代码连同交易验证码一起传送回系统。Step 83a-In the first user interface 11 below the transaction code as shown in Figure 4, input the transaction verification code in digital form displayed in the content of the text message on the column for inputting the verification code, such as 123456; thereby, the transaction code together with The transaction verification code is sent back to the system together.

上述交易代码ABCD加上交易验证码123456,即完整的OTP,针对该次交易是独一无二的。The above transaction code ABCD plus the transaction verification code 123456, that is, the complete OTP, is unique for this transaction.

OTP产生系统OTP generation system

步骤66-接收模组21接收该验证码。Step 66 - the receiving module 21 receives the verification code.

步骤67-先由运算模组23依据该验证码与系统发出(步骤65)的交易代码,反向运算推出各项交易识别资料,若反推成功,经管理模组26与原始交易识别资料核对,若相符,则启用完成,相反地则启用失败。Step 67 - Firstly, the calculation module 23 performs reverse calculations based on the verification code and the transaction code issued by the system (step 65) to deduce various transaction identification data. If the reverse derivation is successful, the management module 26 checks with the original transaction identification data , if they match, the activation is completed, otherwise, the activation fails.

一旦管理模组26核对不相符,表示使用者输入的交易验证码有误,或说是与该交易代码非对应,若错误连续达上限(如:3次),则系统设定该用户无法以简讯OTP交易机制执行交易,需依规定办理解锁作业。Once the management module 26 checks that it does not match, it means that the transaction verification code input by the user is wrong, or that it does not correspond to the transaction code. The SMS OTP transaction mechanism executes the transaction, and the unlocking operation needs to be handled according to the regulations.

简讯OTP交易经过启用后,即可在网路银行利用简讯OTP机制进行转帐、付款等线上金融交易。请主要参阅图3所示,并配合参阅图1、图4所示,线上金融交易流程与前述的启用流程,主要差异在于,用户有输入如转帐帐号、转帐金额等交易资料(步骤712),且可设计为不用再次输入门号资料,系统直接依据该用户的个人识别资料到用户资料库22读取用户的预设门号(步骤72),至于启用流程中,用户登入且输入任何资料可视为广义的输入交易资料,交易内容就是启用OTP交易机制。中间过程原则相同-OTP产生系统依据个人识别资料、交易资料、交易时间等产生交易代码及交易验证码(步骤751、752),分别通过网际网路(步骤77)、电信业者传输(步骤761、762、9)后,分别呈现在用户的第一使用者介面11、第二使用者介面12(步骤81、82),用户在第一使用者介面11输入交易验证码(步骤83)后,系统进行核对(步骤79),若核对成功,则交由网路银行主机50执行交易;若核对验证码错误,则回复交易失败的讯息。After the SMS OTP transaction is enabled, you can use the SMS OTP mechanism to conduct online financial transactions such as transfers and payments in online banking. Please mainly refer to Figure 3, and refer to Figure 1 and Figure 4 together, the main difference between the online financial transaction process and the aforementioned activation process is that the user has to input transaction data such as transfer account number and transfer amount (step 712) , and can be designed so that no need to input the door number data again, the system directly reads the user's preset door number from the user database 22 according to the user's personal identification data (step 72). As for the activation process, the user logs in and enters any data It can be regarded as the input transaction data in a broad sense, and the transaction content is to enable the OTP transaction mechanism. The principle of the intermediate process is the same - the OTP generation system generates transaction codes and transaction verification codes (steps 751, 752) based on personal identification data, transaction data, transaction time, etc. 762, 9), respectively presented in the user's first user interface 11, second user interface 12 (steps 81, 82), after the user inputs the transaction verification code (step 83) in the first user interface 11, the system Check (step 79), if the check is successful, the transaction will be executed by the network bank host 50; if the verification code is wrong, the message of transaction failure will be replied.

归纳上述,本发明一次性密码产生及应用方法,有别于以往只是以递增或乱数产生密码的做法,本发明可针对当次的使用者身份、交易内容、时间等交易识别资料产生专属的OTP密码,一旦交易内容变动,该OTP密码立即失效;因此即使使用者电脑已被植入木马程式或因受网路钓鱼盗取帐号密码,骇客或任何第三人也无法另外或介入从事其他交易。此外,本发明应用几乎人人习惯持用的行动电话,不但骇客绝难得知OTP密码的交易验证码,且使用者无须额外保存/携带一密码产生器,可谓使用非常方便。To sum up the above, the method for generating and applying one-time passwords of the present invention is different from the previous method of generating passwords with incremental or random numbers. The present invention can generate exclusive OTP for the current transaction identification data such as user identity, transaction content, time, etc. Password, once the transaction content changes, the OTP password will become invalid immediately; therefore, even if the user's computer has been implanted with a Trojan horse program or the account password is stolen due to phishing, hackers or any third party cannot additionally or intervene in other transactions . In addition, the present invention uses mobile phones that almost everyone is used to. Not only is it extremely difficult for hackers to know the transaction verification code of the OTP password, but also the user does not need to store/carry an additional password generator, which is very convenient to use.

以上所述,仅是本发明的较佳实施例而已,并非对本发明作任何形式上的限制,虽然本发明已以较佳实施例揭露如上,然而并非用以限定本发明,任何熟悉本专业的技术人员,在不脱离本发明技术方案范围内,当可利用上述揭示的技术内容作出些许更动或修饰为等同变化的等效实施例,但凡是未脱离本发明技术方案内容,依据本发明的技术实质对以上实施例所作的任何简单修改、等同变化与修饰,均仍属于本发明技术方案的范围内。The above description is only a preferred embodiment of the present invention, and does not limit the present invention in any form. Although the present invention has been disclosed as above with preferred embodiments, it is not intended to limit the present invention. Anyone familiar with this field Those skilled in the art, without departing from the scope of the technical solution of the present invention, may use the technical content disclosed above to make some changes or modify them into equivalent embodiments with equivalent changes, but as long as they do not depart from the technical solution of the present invention, the Technical Essence Any simple modifications, equivalent changes and modifications made to the above embodiments still fall within the scope of the technical solution of the present invention.

Claims (22)

1. a disposal password used for internet trade produces and application process, produces a proprietary disposal password at an online trading behavior of a user, and this user uses one first different user's interface and one second user's interface; It is characterized in that it comprises following steps:
(A), receive the transaction data of importing from the user;
(B), give information, logical operation produces the disposal password of one group of exclusive correspondence, and this disposal password comprises a transaction code, and a transaction identifying code according to this transaction data and a system;
(C), by different pipeline this transaction code, transaction verification sign indicating number are transmitted respectively and be shown in this first user interface, second user's interface;
(D), receive the transaction verification sign indicating number by this first user interface passback from this user; And
Whether (E), check the transaction verification sign indicating number of this passback correct.
2. disposal password used for internet trade according to claim 1 produces and application process, it is characterized in that wherein said step (C) is to make transaction code be transferred to this first user interface by Internet, the transaction verification sign indicating number is transferred to this second user interface by mobile communication network.
3. disposal password used for internet trade according to claim 1 produces and application process, it is characterized in that wherein said step (C) is to make transaction code be transferred to this first user interface by Internet, the transaction verification sign indicating number is the world wide web mechanism transmission by the non-Internet of news in brief, wireless packet-switched service, multimedia short message service, fax, voice, Email.
4. disposal password used for internet trade according to claim 2 produces and application process, it is characterized in that this method comprises that also the step (F) between a step (B), (C) produces one in order to the news in brief by the mobile communication network transmission according to this transaction verification sign indicating number and transaction content.
5. produce and application process according to claim 1,2,3 or 4 described disposal password used for internet trade, it is characterized in that the transaction code that wherein said step (B) is produced is a written form, the transaction verification sign indicating number then is a digital form.
6. produce and application process according to claim 1,2,3 or 4 described disposal password used for internet trade, it is characterized in that wherein said step (A) also receives the individual identification data from user's input; This step (B) is also according to the individual identification data, comprises that user account number, password, door number, I.D. font size, date of birth wherein carry out one of at least logical operation.
7. produce and application process according to claim 1,2,3 or 4 described disposal password used for internet trade, the transaction data that it is characterized in that computing foundation in the wherein said step (B) comprises and enables transaction, financial transaction kind, transaction account, transaction limit, exchange hour wherein one of at least.
8. disposal password used for internet trade according to claim 4 produces and application process, it is characterized in that wherein said step (C) be with this news in brief through a news in brief gateway, send and be shown in this second user interface by mobile communication network.
9. disposal password used for internet trade according to claim 8 produces and application process, it is characterized in that wherein said news in brief gateway is connected to a news in brief and sends the service supplier, this news in brief sends the service supplier and sends news in brief to the telecommunications dealer with special line.
10. disposal password used for internet trade according to claim 1 produces and application process, and the system that it is characterized in that wherein said step (B) gives information and comprises a default parameter.
11. produce and application process according to the described disposal password used for internet trade of claim 10, it is characterized in that wherein said step (B) comprises that thin step (B-1) utilizes the random number function of system to produce this transaction code through computing; Step (B-2) adds transaction data, individual identification data according to this transaction code, and the parameter of system's generation, and logical operation produces this transaction verification sign indicating number.
12. produce and application process according to the described disposal password used for internet trade of claim 11, it is characterized in that the described parameter of wherein said step (B-2), be according to demand batch adjustment.
13. disposal password used for internet trade according to claim 1 produces and application process, it is characterized in that wherein said step (A) is the data that receives from first user's interface.
14. a disposal password used for internet trade produces and application system, can link by the website servomechanism of a networking bank and a user one first different user's interface, one second user's interface, it is characterized in that this system comprises:
One receives module, receives the individual identification data that transmits from this first user interface, transaction data, and the data of follow-up passback;
One subscriber data storehouse, the individual identification data of stored user in advance comprises a default mobile phone door number;
One computing module is given information according to this transaction data and a system, computing produce one group exclusive to disposal password that should transaction, this disposal password comprises a transaction code, and a transaction identifying code;
One first sends module, and this transaction code is transmitted and be shown in this first user interface by Internet;
One second sends module, and this transaction verification sign indicating number is transmitted in this second user interface by non-Internet world wide web mechanism; And
One management module, whether the transaction verification sign indicating number of checking this user's passback is correct.
15. produce and application system according to the described disposal password used for internet trade of claim 14, it is characterized in that this second transmission module is that the world wide web mechanism of this transaction verification sign indicating number by the non-Internet of news in brief, wireless packet-switched service, multimedia short message service, fax, voice, Email is transmitted.
16. produce and application system according to the described disposal password used for internet trade of claim 14, it is characterized in that this second transmission module is that a news in brief produces module, integrate generation one news in brief according to this transaction code, transaction verification sign indicating number, transmit and be shown in this second user interface by mobile communication network.
17. produce and application system according to claim 14,15 or 16 described disposal password used for internet trade, it is characterized in that the transaction code that this computing module produces is a written form, the transaction verification sign indicating number then is a digital form.
18. produce and application system according to claim 14,15 or 16 described disposal password used for internet trade, it is characterized in that this computing module also according to this individual identification data, comprise that user account number, password, door number, I.D. font size, date of birth wherein carry out one of at least logical operation.
19. produce and application system according to claim 14,15 or 16 described disposal password used for internet trade, the transaction data that it is characterized in that this computing module computing foundation comprises and enables transaction, financial transaction kind, transaction account, transaction limit, exchange hour wherein one of at least.
20. produce and application systems according to the described disposal password used for internet trade of claim 14, it is the default parameter that comprises the demand of looking batch adjustment that the system that it is characterized in that this computing module computing foundation gives information.
21. produce and application system according to the described disposal password used for internet trade of claim 20, it is characterized in that this computing module utilizes the random number function of system to produce this transaction code through computing; And according to this transaction code, add transaction data, individual identification data, and the parameter of system's generation, logical operation produces this transaction verification sign indicating number.
22. produce and application system according to the described disposal password used for internet trade of claim 14, it is characterized in that this system sends the service supplier with a news in brief to cooperate, and link by news in brief special line and telecommunications dealer.
CNA200610109926XA 2006-08-24 2006-08-24 One-time password generation and application method for network transaction and system for executing method Pending CN101131759A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA200610109926XA CN101131759A (en) 2006-08-24 2006-08-24 One-time password generation and application method for network transaction and system for executing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA200610109926XA CN101131759A (en) 2006-08-24 2006-08-24 One-time password generation and application method for network transaction and system for executing method

Publications (1)

Publication Number Publication Date
CN101131759A true CN101131759A (en) 2008-02-27

Family

ID=39129019

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA200610109926XA Pending CN101131759A (en) 2006-08-24 2006-08-24 One-time password generation and application method for network transaction and system for executing method

Country Status (1)

Country Link
CN (1) CN101131759A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104077690A (en) * 2014-06-24 2014-10-01 北京安讯奔科技有限责任公司 One-time password generation method and device, authentication method and authentication system
CN104182660A (en) * 2013-05-22 2014-12-03 北大方正集团有限公司 User equipment identification management method and system for digital right management
CN105046488A (en) * 2014-04-24 2015-11-11 Xilix有限公司 Method, apparatus, and system for generating transaction-signing one-time password
CN108701301A (en) * 2015-11-23 2018-10-23 万事达卡国际股份有限公司 For verifying the system and method for being directed to the recidivity of payment account and merchandising
TWI669672B (en) * 2018-02-09 2019-08-21 玉山商業銀行股份有限公司 Electronic trading method and system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104182660A (en) * 2013-05-22 2014-12-03 北大方正集团有限公司 User equipment identification management method and system for digital right management
CN105046488A (en) * 2014-04-24 2015-11-11 Xilix有限公司 Method, apparatus, and system for generating transaction-signing one-time password
CN104077690A (en) * 2014-06-24 2014-10-01 北京安讯奔科技有限责任公司 One-time password generation method and device, authentication method and authentication system
CN108701301A (en) * 2015-11-23 2018-10-23 万事达卡国际股份有限公司 For verifying the system and method for being directed to the recidivity of payment account and merchandising
CN108701301B (en) * 2015-11-23 2021-08-20 万事达卡国际股份有限公司 System and method for verifying recurring transactions to a payment account
US11797989B2 (en) 2015-11-23 2023-10-24 Mastercard International Incorporated Systems and methods for use in verifying recurring transactions to payment accounts
TWI669672B (en) * 2018-02-09 2019-08-21 玉山商業銀行股份有限公司 Electronic trading method and system

Similar Documents

Publication Publication Date Title
CA2701055C (en) Method of providing assured transactions using secure transaction appliance and watermark verification
RU2645593C2 (en) Verification of portable consumer devices
US10049360B2 (en) Secure communication of payment information to merchants using a verification token
US7606560B2 (en) Authentication services using mobile device
US20070043681A1 (en) Online transactions systems and methods
US20070162961A1 (en) Identification authentication methods and systems
US8924309B2 (en) Method of providing assured transactions by watermarked file display verification
AU2010292125B2 (en) Secure communication of payment information to merchants using a verification token
WO2009094521A1 (en) Symmetric verification of websites and client devices
CN102611702B (en) A kind of system and method ensureing safety of network trade
CN105431843A (en) Use communication device identification code as network identity verification
CN101131759A (en) One-time password generation and application method for network transaction and system for executing method
TW201305935A (en) One time password generation and application method and system using the same
TWI288554B (en) Method of generating and applying one time password in network transactions, and system executing the same method
Nosrati et al. A review of mobile banking security
Singh et al. When social networks meet payment: a security perspective
Polyakov et al. Security of user authentication in payment systems in the agricultural value chain
CN202120203U (en) Input terminal provided with keyboard and encryption module
Igor SECURITY FEATURES OF INNOVATIVE ELECTRONIC COMMERCE ON THE INTERNET NETWORK
AU2016203876B2 (en) Verification of portable consumer devices
Shin et al. Micro Payment System Using OTP for Customer's Anonymous
Tapera International Journal of Economics, Commerce and Management
Jawahitha et al. E-Banking: A Malaysian Legal Paradigm.
AU2014201222A1 (en) Verification of portable consumer devices

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20080227