KR20090022682A - Method and system for providing banking service using behavioral pattern based on keystroke - Google Patents
Method and system for providing banking service using behavioral pattern based on keystroke Download PDFInfo
- Publication number
- KR20090022682A KR20090022682A KR1020070088239A KR20070088239A KR20090022682A KR 20090022682 A KR20090022682 A KR 20090022682A KR 1020070088239 A KR1020070088239 A KR 1020070088239A KR 20070088239 A KR20070088239 A KR 20070088239A KR 20090022682 A KR20090022682 A KR 20090022682A
- Authority
- KR
- South Korea
- Prior art keywords
- information
- financial transaction
- keystroke
- authentication
- user
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Economics (AREA)
- Signal Processing (AREA)
- Development Economics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The present invention relates to a method and system for providing a financial transaction service using keystroke-based behavior pattern information, wherein the financial transaction server receives authentication request information of a user from a terminal for financial transaction, and includes account information and account included in the authentication request information. Secondary authentication by performing primary authentication based on password information, keystroke authentication server extracts keystroke based behavior pattern information from keystroke information, and compares the keystroke based behavior pattern information with the authentication information of a user who has previously stored the information. The present invention provides a method and system for performing a user authentication to enable a user to receive a financial transaction service.
Description
The present invention relates to a method and system for providing a financial transaction service using keystroke-based behavior pattern information. More particularly, the present invention relates to a key of authentication information input by a user when performing a financial transaction using a financial transaction terminal such as an ATM. A method and system for providing a financial transaction service using stroke based behavior pattern information.
When conducting financial transactions using ATM devices installed in financial institutions such as banks, as well as e-commerce services such as Internet-based online banking, securities trading and payment services, whether the user is a true user The user authentication process is required to determine. When conducting a financial transaction using an ATM device, the user reads the bankbook or card to the ATM device to authenticate the user's account information, and enters a 4-digit number registered in advance by the user to authenticate the user. Performing is a widely used user authentication process. This conventional user authentication method is widely used in that it is simple, inexpensive, and relatively easy to implement, but this method uses numbers such as social security numbers, phone numbers, or birthdays of users or family members, which are likely to be associated with passwords. In many cases, there is a problem that a password is easily exposed.
On the other hand, in order to compensate for this problem, a user authentication scheme based on biometrics has been proposed. Biometrics refers to a method of recognizing a person based on a person's physiological characteristics or behavioral characteristics. Such recognition methods include: 1) The person to be recognized must be physically present at the recognition site. , 2) It has an advantage over the conventional password input method in that no password is required. In general, biometrics is achieved by using the user's unique biometric features, such as fingerprints, facial features, irises, palm prints, etc., which are unique to each individual. And because it is consistently preserved over time, it can be a highly reliable and accurate recognition method. However, biometrics based on biological characteristics are highly dependent on the input device used for the recognition because the accuracy of the recognition is very important.In order to increase the recognition accuracy, an input device capable of performing precise and precise recognition is required. The disadvantage is that the overall cost increases.
On the other hand, since behavioral characteristics based biometrics have various advantages such as low cost, user convenience, and remote access control possibility, user authentication methods using the same have been proposed in various ways. In particular, a method of extracting a user's behavior pattern (behavior characteristics) based on a user's keystroke input through an input means such as a keyboard or a keypad and using the same in advance for user authentication has been discussed. Accordingly, there is a demand for a specific method for reliably and efficiently performing financial transactions with a bank or securities company through a terminal for financial transactions such as an ATM device using the user's keystroke.
The present invention has been made in view of the above-described problems, and a method for reliably and efficiently performing a financial transaction with a bank or securities company through a financial transaction terminal such as an ATM device using a user's keystroke; It is an object to provide a system.
Another object of the present invention is to provide a method and system for improving the security of financial transactions by receiving a user's keystroke through a financial transaction terminal and extracting a behavior pattern therefrom to perform user authentication. It is done.
In addition, the present invention improves the reproducibility of the authentication information by using an interval assist means for easily referencing the pre-registered keystroke-based behavior pattern when the user inputs the keystroke to request user authentication. It is another object to provide a method and system that can maximize convenience.
The present invention for achieving the above object, the financial transaction service coupled to the financial transaction terminal and the network, the financial transaction service using the keystroke-based behavior pattern information in the financial transaction system including a financial transaction server and a keystroke authentication server In the method for providing, wherein the financial transaction server receives the authentication request information of the user from the financial transaction terminal, wherein the authentication request information includes the user's account information, account password information and keystroke information -; After the financial transaction server performs the first authentication based on the account information and the account password information included in the authentication request information, the keystroke authentication server includes the keystroke information included in the received authentication request information when the first authentication succeeds. Transmitting to; Extracting, by the keystroke authentication server, keystroke based behavior pattern information from the received keystroke information; Performing second authentication by the keystroke authentication server by comparing the extracted keystroke-based behavior pattern information with authentication information of a user previously stored; Transmitting the result of performing the second authentication to the financial transaction server; And transmitting, by the financial transaction server, the result of performing the second authentication to the financial transaction terminal, wherein the financial transaction server performs the financial transaction requested through the financial transaction terminal when the second authentication is successful. It provides a financial transaction service providing method characterized in that.
Here, in the financial transaction server receiving the authentication request information of the user from the financial transaction terminal, the keystroke information is the account password of the user input through the keystroke input means of the financial transaction terminal At least one of input duration information, pressure information, and interval information between keystrokes for each keystroke of information may be included.
In addition, the terminal for financial transactions may be provided with an interval assist means for allowing a user to input by referring to the interval between their keystrokes.
In addition, the interval assistance means may be displayed on the display unit of the financial transaction terminal.
In addition, the interval assist means may be displayed in a form that can determine the passage of time.
In addition, the interval assistance means may be activated by the user's selection.
The extracting of the keystroke based behavior pattern information from the received keystroke information by the keystroke authentication server may include at least one of input duration information, pressure information, and interval information between keystrokes included in the keystroke information. Keystroke-based behavior pattern information for any one or more may be extracted.
In addition, keystroke based behavior pattern information may be extracted by performing a predetermined operation on at least one of input duration information, pressure information, and interval information between keystrokes included in the keystroke information.
In addition, keystroke-based behavior pattern information may be extracted by assigning a weight to at least one of input duration information, pressure information, and interval information between keystrokes included in the keystroke information.
According to another aspect of the present invention, in a financial transaction system using keystroke-based behavior pattern information that provides a financial transaction service by combining through a network and a financial transaction terminal, authentication request information from the user through a financial transaction terminal Receiving and performing the first authentication by the account information and account password information included in the authentication request information, and when the first authentication is successful, the banking to transmit the keystroke information included in the received authentication request information to the keystroke authentication server A transaction server, wherein the authentication request information includes user account information, account password information and keystroke information; And performing second authentication by extracting keystroke-based behavior pattern information from the keystroke information received from the financial transaction server and comparing the authentication information with the user's previously stored information, and then transmitting the second authentication result to the financial transaction server. And a keystroke authentication server, wherein the financial transaction server transmits a result of performing second authentication received from the keystroke authentication server to the financial transaction terminal and, if the second authentication is successful, through the financial transaction terminal. A financial transaction system can be provided that performs a requested financial transaction.
Here, the financial transaction terminal is provided with a keystroke input means for receiving account password information from the user, and continues inputting each of the keystrokes of the account password information of the user input through the keystroke input means. Keystroke information including at least one of time information, pressure information, and interval information between keystrokes may be configured and transmitted to the financial transaction server.
In addition, the financial transaction terminal may include an interval assistance means for allowing a user to input by referring to the interval between the keystrokes.
The interval assisting means may be displayed on a display unit of the financial transaction terminal.
In addition, the interval assistance means may be displayed in a form that can determine the passage of time.
In addition, the interval assistance means may be activated by the user's selection.
According to the present invention, it is possible to provide a method and system for reliably and efficiently performing a financial transaction with a bank or a securities company through a terminal for financial transactions such as an ATM device using a user's keystroke.
In addition, according to the present invention it is possible to improve the security of the financial transaction by receiving the user's keystroke through the financial transaction terminal to extract the behavior pattern from the user authentication.
In addition, according to the present invention, when the user inputs a keystroke to request user authentication, the reproducibility of the authentication information is improved by using an interval assist means for easily referring to a pre-registered keystroke-based behavior pattern. It is possible to provide a method and system that can maximize user convenience.
EMBODIMENT OF THE INVENTION Hereinafter, the Example by this invention is described in detail with reference to an accompanying drawing.
1 is a diagram showing the overall configuration of a system for performing a method for providing a financial transaction service using keystroke based behavior pattern information according to the present invention.
Referring to FIG. 1, a financial transaction service system (hereinafter referred to as a financial transaction service system) using keystroke-based behavior pattern information according to the present invention includes a
The
The financial transaction service system includes a
The
2 is a flowchart of an embodiment of a method for providing a financial transaction service using keystroke based behavior pattern information according to the present invention.
Referring to FIG. 2, first, a user inputs authentication target information through the financial transaction terminal 10 (S100). The authentication target information refers to information such as, for example, a password, which the user inputs through the
When the authentication target information is input, the
On the other hand, the keystroke information means at least one or a combination of input duration information, pressure information, and interval information between keystrokes for each keystroke of the user's account password information. Here, the input duration refers to the time when each keystroke for the account password input by the user is pressed, and the pressure information means the pressure at which each keystroke of the account password input by the user is pressed. The interval information refers to a time interval between each keystroke in which the user inputs an account password. For example, when the user inputs the password "1234" as the authentication target information, the numeric keys "1", "2", "3", and "4" are sequentially input, where each key "1" is input. The input duration information of "," 2 "," 3 ", and" 4 "is generated by calculating the time when each key is pressed, and the pressure information of each key is calculated by means of a pressure sensor or the like. Is generated. Interval information, on the other hand, is generated by calculating the time interval between each key being pressed.
For example, as shown in FIG. 3, when the password "1234" is sequentially input, the input duration for "1" is 200 ms, the input duration for "2" is 300 ms, and the input for "3". It can be seen that the duration is 200ms, and the input duration for "4" is 400ms, and the intervals between inputs between these keystrokes are 600ms, 500ms and 500ms, respectively. Although pressure information is omitted in FIG. 3 for convenience, pressure information when each key is pressed can be similarly generated for each key such as 700 Pa, 550 Pa, 600 Pa, 650 Pa, and the like.
When the authentication request information including the account information, the account password and the keystroke information is configured through the above process, the
The
After performing the first authentication operation, if authentication fails, a signal indicating that authentication has failed is transmitted to the financial transaction terminal 10 (S140), and the
The
For example, when the user selects to use only the input duration information and the interval information among the input duration information, the pressure information, and the interval information as the keystroke-based behavior pattern information, the keystroke behavior pattern extraction is performed from the keystroke information transmitted accordingly. Only input duration information and interval information are extracted.
When the keystroke-based behavior pattern information is registered, if a predetermined operation is performed on the keystroke information, the keystroke-based behavior pattern information is extracted by performing the same operation accordingly. For example, when the keystroke information described in the example of FIG. 3 is transmitted to the
In addition, keystroke-based behavior pattern information may be extracted by weighting the input duration information, the pressure information, and the interval information, respectively. For example, weights such as
Through this process, when the
After performing the second authentication, the
When the second authentication succeeds in the
4 is a block diagram showing the configuration of an embodiment of a
Referring to FIG. 4, the
The keystroke input means 11 is a means for receiving authentication target information from a user. Since the present invention extracts a behavior pattern based on a keystroke and uses it for user authentication, the keystroke input means 11 is a means for acquiring a keystroke of a user, for example, a keyboard, a keypad, or a touch screen in which a keypad is implemented. The display device.
The interval assistance means 12 is a means for referring to the interval between keystrokes when a user inputs authentication target information through the keystroke input means 11. The interval assistance means 12 may be activated and displayed by the user's selection on the display unit of the
The authentication request
The
Meanwhile, the
Figure 5 is a block diagram showing the configuration of an embodiment of a
Referring to FIG. 5, the
The
The primary
6 is a block diagram showing the configuration of an embodiment of the
Referring to FIG. 6, the
The
The keystroke based behavior
When the keystroke based behavior pattern information is extracted, it is transmitted to the
7 to 9 illustrate an example of a process in which an actual user inputs authentication target information through the
The
7 is a state for inputting an account password in a state in which the terminal 10 obtains account information, for example, by reading his bankbook or card. In this state, the user configures the authentication target information by inputting his account password into the display means in the form of a touch screen and acquiring the input duration, pressure information, and interval information of the keystroke input at this time.
In the state shown in FIG. 7, when the user presses the “use safety password helper” button at the bottom of the screen, the screen goes to the screen as shown in FIG. 8, which is for selecting the interval assisting means 12 described above.
When the user selects the hammer picture on the screen of FIG. 8, the hammer picture is changed to the lower surface of the state as shown in FIG. 9. The hammer picture is displayed on the left side of FIG. do. The user can refer to the interval of the keystroke of his password by using the keypad button on the right side of the screen while watching the movement of the hammer picture of FIG.
10 illustrates a procedure for a user to register his / her keystroke-based behavior pattern information in the
Referring to FIG. 10, first, a user inputs authentication registration information through the financial transaction terminal 10 (S300). The authentication registration information refers to information such as, for example, a password, which the user inputs through the
When the authentication registration information is input, the
Next, the
After performing the first authentication operation, if authentication fails, a signal indicating that the authentication has failed is transmitted to the financial transaction terminal 10 (S340). If the first authentication succeeds, the
The
When the registration is completed, the
In this state in which the keystroke-based behavior pattern information is registered, the user later inputs his own authentication information according to the method described in FIGS. 1 to 3, and the
Although the present invention has been described above with reference to preferred embodiments of the present invention, the above embodiments are illustrative rather than limiting, and the embodiments are within the scope of the present invention as understood by reference to the appended claims and drawings. It should be noted that modifications, improvements and variations can be made to those skilled in the art to which the present invention pertains. For example, the
In addition, in the above embodiment, the financial transaction server and the keystroke authentication server have been described as being physically separated, but the financial transaction server and the keystroke authentication server may be physically integrated in one device. It will be apparent to those skilled in the art that such a case can be implemented by means capable of performing a plurality of functions as a financial transaction server and a keystroke authentication server, for example, in one single device (server) such as a computer.
1 is a diagram showing the overall configuration of a system for performing a financial transaction service providing method using keystroke-based behavior pattern information according to the present invention.
2 is a flowchart of an embodiment of a method for providing a financial transaction service using keystroke based behavior pattern information according to the present invention.
3 is a diagram illustrating an example of keystroke information.
Figure 4 is a block diagram showing the configuration of an embodiment of a terminal for financial transactions connected to the financial transaction service system according to the present invention.
Figure 5 is a block diagram showing the configuration of an embodiment of a financial transaction server of the financial transaction service system according to the present invention.
Figure 6 is a block diagram showing the configuration of an embodiment of a keystroke authentication server of the financial transaction service system according to the present invention.
7 to 9 are diagrams illustrating an example of a process in which an actual user inputs authentication target information through a financial transaction terminal used in the present invention.
10 is a flowchart illustrating a procedure for registering a user's keystroke based behavior pattern information with a keystroke authentication server in advance in order to implement a method for providing a financial transaction service using keystroke based behavior pattern information according to the present invention.
<Description of Signs of Major Parts of Drawings>
10 ... financial transaction terminals, 20 ... financial transaction servers,
30 ... Keystroke Authentication Server
Claims (15)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR1020070088239A KR20090022682A (en) | 2007-08-31 | 2007-08-31 | Method and system for providing banking service using behavioral pattern based on keystroke |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR1020070088239A KR20090022682A (en) | 2007-08-31 | 2007-08-31 | Method and system for providing banking service using behavioral pattern based on keystroke |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| KR20090022682A true KR20090022682A (en) | 2009-03-04 |
Family
ID=40692522
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| KR1020070088239A KR20090022682A (en) | 2007-08-31 | 2007-08-31 | Method and system for providing banking service using behavioral pattern based on keystroke |
Country Status (1)
| Country | Link |
|---|---|
| KR (1) | KR20090022682A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109243108A (en) * | 2018-09-27 | 2019-01-18 | 上海理工大学 | A kind of cipher-code input method |
| WO2020070721A1 (en) * | 2018-10-05 | 2020-04-09 | Banco Davivienda S.A. | System and method for easy and secure transactions in social networks for mobile devices |
| WO2020176005A1 (en) * | 2019-02-27 | 2020-09-03 | Общество С Ограниченной Ответственностью "Группа Айби" | Method and system for identifying a user according to keystroke dynamics |
| US11755700B2 (en) | 2017-11-21 | 2023-09-12 | Group Ib, Ltd | Method for classifying user action sequence |
-
2007
- 2007-08-31 KR KR1020070088239A patent/KR20090022682A/en active Search and Examination
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11755700B2 (en) | 2017-11-21 | 2023-09-12 | Group Ib, Ltd | Method for classifying user action sequence |
| CN109243108A (en) * | 2018-09-27 | 2019-01-18 | 上海理工大学 | A kind of cipher-code input method |
| WO2020070721A1 (en) * | 2018-10-05 | 2020-04-09 | Banco Davivienda S.A. | System and method for easy and secure transactions in social networks for mobile devices |
| WO2020176005A1 (en) * | 2019-02-27 | 2020-09-03 | Общество С Ограниченной Ответственностью "Группа Айби" | Method and system for identifying a user according to keystroke dynamics |
| US11934498B2 (en) | 2019-02-27 | 2024-03-19 | Group Ib, Ltd | Method and system of user identification |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2017316312B2 (en) | Remote usage of locally stored biometric authentication data | |
| Tasia et al. | Two novel biometric features in keystroke dynamics authentication systems for touch screen devices | |
| US8869255B2 (en) | Method and system for abstracted and randomized one-time use passwords for transactional authentication | |
| US8836473B2 (en) | Dynamic keypad and fingerprinting sequence authentication | |
| EP2657876B1 (en) | Real and virtual identity verification circuit, system thereof and electronic transaction method | |
| US8910861B2 (en) | Automatic teller machine (“ATM”) including a user-accessible USB port | |
| US20210029112A1 (en) | Taptic authentication system and method | |
| US20060242691A1 (en) | Method for carrying out a secure electronic transaction using a portable data support | |
| US20190065919A1 (en) | Payment Card With Integrated Biometric Sensor And Power Source | |
| CN109426963B (en) | Biometric system for authenticating biometric requests | |
| US20230020600A1 (en) | System, Method, and Computer Program Product for Authenticating a Transaction | |
| EP3786820B1 (en) | Authentication system, authentication device, authentication method, and program | |
| JP5970974B2 (en) | Transaction apparatus and program | |
| KR100939820B1 (en) | User terminal apparatus for obtaining keystroke information from user to perform authenticattion by using behavior pattern based on keystroke and method for obtaining keystroke information using the same | |
| KR20090022682A (en) | Method and system for providing banking service using behavioral pattern based on keystroke | |
| Marasco et al. | Biometric multi‐factor authentication: On the usability of the FingerPIN scheme | |
| US11928199B2 (en) | Authentication system, authentication device, authentication method and program | |
| KR20090069964A (en) | Method and system for analyzing keystroke pattern of authentication information inputted from user | |
| TWI722337B (en) | Transaction system, automated teller machine and method for card-less transaction | |
| US11991180B2 (en) | Authentication system, authentication device, authentication method and program | |
| WO2017058108A1 (en) | Method and system for performing an action in a branchless banking environment | |
| JP5528504B2 (en) | User authentication system, user authentication program, and user authentication method | |
| JP6753175B2 (en) | User authentication system, user authentication method and program | |
| CN107241349B (en) | Service processing system, virtual operation device, ATM and service processing method | |
| JP2006227944A (en) | Communication assist system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| A201 | Request for examination | ||
| N231 | Notification of change of applicant | ||
| E902 | Notification of reason for refusal | ||
| AMND | Amendment | ||
| E601 | Decision to refuse application | ||
| J201 | Request for trial against refusal decision | ||
| AMND | Amendment | ||
| B601 | Maintenance of original decision after re-examination before a trial | ||
| E801 | Decision on dismissal of amendment | ||
| J301 | Trial decision |
Free format text: TRIAL DECISION FOR APPEAL AGAINST DECISION TO DECLINE REFUSAL REQUESTED 20100617 Effective date: 20120928 Free format text: TRIAL NUMBER: 2010101004484; TRIAL DECISION FOR APPEAL AGAINST DECISION TO DECLINE REFUSAL REQUESTED 20100617 Effective date: 20120928 |