TW202226123A - Online banking combined with communication software login system and method - Google Patents

Online banking combined with communication software login system and method Download PDF

Info

Publication number
TW202226123A
TW202226123A TW109144828A TW109144828A TW202226123A TW 202226123 A TW202226123 A TW 202226123A TW 109144828 A TW109144828 A TW 109144828A TW 109144828 A TW109144828 A TW 109144828A TW 202226123 A TW202226123 A TW 202226123A
Authority
TW
Taiwan
Prior art keywords
customer
communication software
client
login
bank
Prior art date
Application number
TW109144828A
Other languages
Chinese (zh)
Inventor
李培松
Original Assignee
臺灣銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣銀行股份有限公司 filed Critical 臺灣銀行股份有限公司
Priority to TW109144828A priority Critical patent/TW202226123A/en
Publication of TW202226123A publication Critical patent/TW202226123A/en

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

In order to improve the security and convenience of logging in to online banking, an online banking combined with communication software login method is provided. When a customer sends a login request for online banking, the bank’s official account generates a verification page and sends a client account of the communication software to the verification page. The bank will bind the customer's identity data with the customer account of the communication software. After the customer account of the communication software account is bound, the customer enters a ID number in the bank's official account to verify whether it is bound to the communication software account. The bank's official account generates a hyperlink login URL and sends it to the customer account of the communication software. When the browser of the hyperlink login URL has retained the customer's identity information, start to log in to online banking.

Description

網路銀行結合通訊軟體推播登入系統及其方法Online banking combined with communication software push broadcast login system and method

本發明是有關於一種網路銀行登入系統及其方法,特別是一種網路銀行結合通訊軟體推播登入系統及其方法。The present invention relates to an online bank login system and method, in particular to an online bank combined with communication software push broadcast login system and method.

現行傳統之網路銀行登入方式大都使用網路銀行APP或是銀行之網頁進行登入。然上述兩種方法皆須輸入身分證字號、使用者代號、使用者密碼及圖形驗證碼等多項資訊,尤其在行動裝置上因螢幕較小且使用手指輸入不便。雖然現在許多網路銀行APP有提供生物辨識的方式快速登入,然,各銀行目前的做法係為間接生物辨識,即無直接存留客戶生物特徵資料,而是採用手機作業系統之生物辨識資料,也就是由手機作業系統回覆生物特徵是否正確。故可能有手機留存多人生物特徵資料,或因手機廠牌眾多使得安控品質不一之風險。Most of the current traditional online banking login methods use the online banking APP or the bank's website to log in. However, the above two methods require the input of ID number, user ID, user password, and graphic verification code, etc., especially on mobile devices because the screen is small and it is inconvenient to use fingers to input. Although many online banking APPs now provide a way to quickly log in with biometric identification, the current practice of various banks is indirect biometric identification, that is, they do not directly store customer biometric information, but use the biometric information of the mobile operating system. It is the mobile phone operating system that replies whether the biometrics are correct. Therefore, there may be risks that the mobile phone retains the biometric data of multiple people, or the security control quality varies due to the large number of mobile phone brands.

並且當客戶之身分證字號外洩時,可能會遭駭客攻擊登入網路銀行而導致帳號鎖定。此外,釣魚網站係利用偽冒網站誘使客戶登入竊取帳號密碼,網路銀行之網頁無法有效防範社交工程攻擊,以致誤入釣魚網站遭竊取帳號密碼。有鑑於此,若能開發一種結合現今廣泛使用之通訊軟體推播之網路銀行登入系統及其方法,將可大幅提升網路銀行登入之安全性以及便利性。Moreover, when the customer's identity card number is leaked, the account may be locked due to hacker attack to log in to the online banking. In addition, phishing websites use fake websites to lure customers to log in and steal account passwords. The web pages of online banks cannot effectively prevent social engineering attacks, resulting in account passwords being stolen by mistakenly entering phishing websites. In view of this, if we can develop an online banking login system and its method combined with the widely used communication software, the security and convenience of online banking login will be greatly improved.

鑑於上述欲解決之問題及其原因,具體而言,本發明提供一種網路銀行結合通訊軟體推播登入方法,包括:於一使用者裝置上,一客戶於一通訊軟體之一銀行的官方帳號中發出網路銀行的登入請求。該銀行的官方帳號開啟一瀏覽器並產生一認證網頁以及將該通訊軟體的客戶帳號傳送至該認證網頁,以供該客戶輸入複數個客戶身分資料,其中該些客戶身分資料包括一身分證字號。該銀行發送一電信代碼至該使用者裝置以驗證該客戶之身分。該銀行綁定該些客戶身分資料與該通訊軟體的客戶帳號。該認證網頁儲存一認證字串至該瀏覽器之一儲存空間中,其中該認證字串係由該使用者裝置之特徵值、該些客戶身分資料以及點擊該認證網頁之時間所組成。於該銀行的官方帳號輸入該身分證字號以驗證該身分證字號是否已與該通訊軟體帳號綁定。該銀行的官方帳號產生帶有一組一次性參數之一超連結登入網址,並傳送至該通訊軟體的客戶帳號。待該客戶開啟該超連結登入網址後,驗證該超連結登入網址之該瀏覽器是否留存該客戶之該些客戶身分資料。當該超連結登入網址之該瀏覽器有留存該客戶之該些客戶身分資料時,發動登入網路銀行。In view of the above-mentioned problems to be solved and the reasons, in particular, the present invention provides a method for online banking combined with communication software push broadcast login, including: on a user device, a customer's official account of a bank in a communication software A login request for Internet Banking is issued. The official account of the bank opens a browser and generates an authentication web page and transmits the client account of the communication software to the authentication web page for the client to input a plurality of client identification information, wherein the client identification information includes an identification number . The bank sends a telecommunication code to the user device to verify the identity of the customer. The bank binds the customer identity information to the customer account of the communication software. The authentication web page stores an authentication string in a storage space of the browser, wherein the authentication string is composed of the characteristic value of the user device, the client identity information and the time when the authentication web page is clicked. Enter the ID number in the official account of the bank to verify whether the ID number has been bound with the communication software account. The official account number of the bank generates a hyperlink login URL with a set of one-time parameters and transmits it to the client account of the communication software. After the client opens the hyperlink login URL, verify whether the browser of the hyperlink login URL retains the client identity information of the client. When the browser of the hyperlink login website has stored the customer's identity information of the customer, start to log in to the Internet Banking.

根據本發明之另一實施例,上述方法更包括開啟一身分認證功能以開啟該瀏覽器之該認證網頁。According to another embodiment of the present invention, the above-mentioned method further includes enabling an identity authentication function to open the authentication webpage of the browser.

根據本發明之另一實施例,上述客戶身分資料包括一網路銀行的使用者代號和密碼。According to another embodiment of the present invention, the above-mentioned customer identity information includes a user ID and password of an online bank.

根據本發明之另一實施例,上述超連結登入網址包括一生日欄位,以供該客戶輸入並驗證該客戶之身分。According to another embodiment of the present invention, the above-mentioned hyperlink login website includes a birthday field for the customer to input and verify the identity of the customer.

根據本發明之另一實施例,上述超連結登入網址具有時效性。According to another embodiment of the present invention, the above-mentioned hyperlink login URL is time-sensitive.

本發明提供一種網路銀行結合通訊軟體推播登入系統,包括一使用者裝置之一通訊軟體之一銀行的官方帳號、一銀行伺服器以及一登入模組。上述銀行的官方帳號包括身分認證模組以及輸入模組。上述身分認證模組,用以對一客戶進行身分認證。上述輸入模組,供該客戶輸入一身分證字號以登入網路銀行。上述銀行伺服器包括綁定模組以及驗證模組。上述綁定模組,連接該身分認證模組,接收該通訊軟體的客戶帳號,開啟一瀏覽器並產生一認證網頁以供該客戶輸入複數個客戶身分資料,發送一電信代碼以驗證該客戶之身分,將該些客戶身分資料與該通訊軟體的客戶帳號進行綁定,並儲存一認證字串至該瀏覽器之一儲存空間中,其中該認證字串係由該使用者裝置之特徵值、該些客戶身分資料以及點擊該認證網頁之時間所組成。上述驗證模組,連接該輸入模組,驗證該客戶輸入之該身分證字號是否已與該通訊軟體的客戶帳號綁定,產生帶有一組一次性參數之一超連結登入網址並傳送至對應之該通訊軟體的客戶帳號,待該客戶開啟該超連結登入網址後,驗證該超連結登入網址之該瀏覽器是否留存該客戶之該些客戶身分資料。上述登入模組,連接該銀行伺服器,當該超連結登入網址之該瀏覽器有留存該客戶之該些客戶身分資料時,發動登入網路銀行。The invention provides an online banking combined with communication software push broadcast login system, comprising a user device, a communication software, an official account of a bank, a bank server and a login module. The official account of the above-mentioned bank includes an identity verification module and an input module. The above-mentioned identity authentication module is used for identity authentication of a client. The above input module is used for the customer to input an identity card number to log in to the Internet Banking. The above-mentioned bank server includes a binding module and a verification module. The above-mentioned binding module is connected to the identity authentication module, receives the customer account of the communication software, opens a browser and generates an authentication webpage for the customer to input a plurality of customer identity information, and sends a telecommunication code to verify the customer's identity. identity, bind the client identity data with the client account of the communication software, and store an authentication string in a storage space of the browser, wherein the authentication string is determined by the feature value of the user device, The customer identity information and the time when the authentication page was clicked. The above verification module is connected to the input module to verify whether the identity card number input by the customer has been bound to the customer account of the communication software, generate a hyperlink login URL with a set of one-time parameters and send it to the corresponding For the client account of the communication software, after the client opens the hyperlink login URL, verify whether the browser of the hyperlink login URL retains the client identity information of the client. The above-mentioned login module is connected to the bank server, and when the browser of the hyperlink login website has stored the customer identity information of the customer, it starts to log in to the online bank.

根據本發明之另一實施例,上述綁定模組將該通訊軟體的客戶帳號傳送至該認證網頁。According to another embodiment of the present invention, the above-mentioned binding module transmits the client account of the communication software to the authentication webpage.

根據本發明之另一實施例,上述客戶身分資料包括該身分證字號以及一網路銀行的使用者代號和密碼。According to another embodiment of the present invention, the above-mentioned customer identity information includes the identity card number and an online banking user ID and password.

根據本發明之另一實施例,上述超連結登入網址包括一生日欄位,以供該客戶輸入並驗證該客戶之身分。According to another embodiment of the present invention, the above-mentioned hyperlink login website includes a birthday field for the customer to input and verify the identity of the customer.

根據本發明之另一實施例,上述超連結登入網址具有時效性。According to another embodiment of the present invention, the above-mentioned hyperlink login URL is time-sensitive.

綜上所述,本發明提供一種網路銀行結合通訊軟體推播登入系統及其方法,藉由驗證身分證字號與通訊軟體是否與資料庫留存之對應資料是否一致才會推播登入之超連結網址,有效解決先前技術之問題。藉以達到同時兼顧安全性高以及便利性高的網路銀行登入之願景。To sum up, the present invention provides an online bank combined with a communication software push login system and a method thereof. The hyperlinks for push login are only available after verifying whether the ID card number and the communication software are consistent with the corresponding data stored in the database. URL, effectively solving the problems of the prior art. In order to achieve the vision of online banking login with high security and high convenience at the same time.

請同時參閱圖1及圖2,圖1係繪示依據本發明之一實施例之一網路銀行結合通訊軟體推播登入方法的流程示意圖。圖1之步驟200為開始。Please refer to FIG. 1 and FIG. 2 at the same time. FIG. 1 is a schematic flow chart illustrating a method for online banking combined with communication software push broadcast login according to an embodiment of the present invention. Step 200 of FIG. 1 is a start.

在步驟201中,於一使用者裝置110上,一客戶於一通訊軟體112之一銀行的官方帳號114中發出網路銀行的登入請求。根據本發明之一實施例,上述通訊軟體112例如可為Line、WhatsApp、Telegram、Signal、Facebook Messenger、微信、Kakao Talk、Skype、Google chat等即時通訊軟體。上述使用者裝置110例如可為手機、平板、電腦等具有瀏覽器以及通訊軟體之任意設備。根據本發明之一實施例,客戶可於兩個以上、多個使用者裝置110分別綁定網路銀行結合通訊軟體推播登入,藉以提高客戶登入網路銀行的方便性。In step 201 , on a user device 110 , a customer sends a log-in request for online banking in an official account 114 of a bank in a communication software 112 . According to an embodiment of the present invention, the above-mentioned communication software 112 may be, for example, instant communication software such as Line, WhatsApp, Telegram, Signal, Facebook Messenger, WeChat, Kakao Talk, Skype, and Google chat. The above-mentioned user device 110 can be, for example, any device with a browser and communication software, such as a mobile phone, a tablet, or a computer. According to an embodiment of the present invention, the customer can bind two or more user devices 110 respectively to the online banking combined with the communication software push broadcast login, so as to improve the convenience for the customer to log in to the online banking.

在步驟202中,該銀行的官方帳號114開啟一瀏覽器並產生一認證網頁以及將該通訊軟體112的客戶帳號傳送至該認證網頁,以供該客戶輸入複數個客戶身分資料,其中上述客戶身分資料包括一身分證字號。根據本發明之另一實施例,上述客戶身分資料還包括一網路銀行的使用者代號和密碼。上述通訊軟體112的客戶帳號例如可為Line UID。In step 202, the official account 114 of the bank opens a browser and generates an authentication webpage and transmits the customer account of the communication software 112 to the authentication webpage for the customer to input a plurality of customer identity information, wherein the above customer identity The information includes an identity card number. According to another embodiment of the present invention, the above-mentioned customer identity information further includes a user ID and password of an online bank. The client account of the communication software 112 can be, for example, a Line UID.

根據本發明之另一實施例,上述方法更包括客戶於銀行的官方帳號114的介面開啟一身分認證功能以開啟該瀏覽器之該認證網頁。According to another embodiment of the present invention, the above method further includes that the customer activates an identity authentication function on the interface of the official account 114 of the bank to activate the authentication webpage of the browser.

根據本發明之另一實施例,例如,假設通訊軟體112為Line,客戶於Line的銀行的官方帳號114開啟身分認證功能,銀行的官方帳號114將另開瀏覽器導入認證網頁並且同時在背景帶入Line UID。客戶於認證網頁輸入身分證字號、網路銀行使用者代號及密碼等資訊。According to another embodiment of the present invention, for example, assuming that the communication software 112 is Line, and the customer enables the identity authentication function in the official account 114 of the bank of Line, the official account 114 of the bank will open a separate browser to import the authentication webpage and at the same time in the background band Enter the Line UID. The customer enters information such as ID number, online banking user ID and password on the authentication page.

在步驟203中,銀行伺服器120發送一電信代碼至該使用者裝置110以驗證該客戶之身分。上述電信代碼例如可為簡訊一次性密碼(One Time Password, OTP)。根據本發明之另一實施例,銀行伺服器120發送簡訊OTP至留存於銀行中心之行動電話。In step 203, the bank server 120 sends a telecommunication code to the user device 110 to verify the identity of the customer. The above-mentioned telecommunication code may be, for example, a one-time password (OTP) for SMS. According to another embodiment of the present invention, the bank server 120 sends the short message OTP to the mobile phone stored in the bank center.

在步驟204中,銀行伺服器120綁定該些客戶身分資料與該通訊軟體112的客戶帳號。根據本發明之另一實施例,客戶輸入簡訊OTP,驗證成功後將進行通訊軟體112的客戶帳號與身分證字號之對應關係綁定。In step 204 , the bank server 120 binds the customer identification data to the customer account of the communication software 112 . According to another embodiment of the present invention, the customer inputs the OTP message, and after the verification is successful, the corresponding relationship between the customer's account and the ID number of the customer who uses the communication software 112 is bound.

在步驟205中,該認證網頁儲存一認證字串至該瀏覽器之一儲存空間中,其中該認證字串係由該使用者裝置110之特徵值、該些客戶身分資料以及點擊該認證網頁之時間所組成。根據本發明之另一實施例,上述儲存空間例如可為認證網頁瀏覽器之 Local Storage、Cookie 或 Session Storage 等儲存空間。上述認證字串為使用者裝置110之特徵值、身分證字號以及點擊該認證網頁之時戳(Time stamp)經過雜湊(Hash)所產生的字串。根據本發明之另一實施例,上述認證字串更包括儲存至銀行伺服器120中。In step 205, the authentication web page stores an authentication string in a storage space of the browser, wherein the authentication string is composed of the feature value of the user device 110, the client identity information, and the click of the authentication web page. composed of time. According to another embodiment of the present invention, the above-mentioned storage space may be, for example, a storage space such as Local Storage, Cookie or Session Storage of the authentication web browser. The above authentication string is a string generated by hashing the characteristic value of the user device 110, the ID number and the time stamp when the authentication webpage is clicked. According to another embodiment of the present invention, the above-mentioned authentication string is further stored in the bank server 120 .

根據本發明之另一實施例,為了進一步提高客戶綁定通訊軟體帳號之安全性,上述方法更包括待客戶登入網路銀行後,利用晶片金融卡驗證啟用使用通訊軟體推播登入功能,方可完成綁定步驟。According to another embodiment of the present invention, in order to further improve the security of the customer's binding of the communication software account, the above method further includes using the chip financial card verification to enable the use of the communication software push login function after the customer logs in to the online banking. Complete the binding steps.

在步驟206中,當客戶要進行網路銀行登入時,於使用者裝置110之該銀行的官方帳號114輸入該客戶之身分證字號以進行身分驗證。根據本發明之另一實施例,例如,客戶於銀行的官方帳號114之介面點選「網路銀行登入」按鈕,點選後出現「請輸入身分證字號」,輸入身分證字號。In step 206 , when the customer wants to log in to the online bank, the customer's ID card number is input in the official account 114 of the bank in the user device 110 for identity verification. According to another embodiment of the present invention, for example, the customer clicks the "Internet Banking Login" button on the bank's official account 114 interface, and after clicking the button, "Please enter the ID number" appears, and input the ID number.

在步驟207中,銀行伺服器120驗證該身分證字號是否已與該通訊軟體112的客戶帳號綁定。若是,則進入步驟208中,該銀行的官方帳號114產生帶有一組一次性參數之一超連結登入網址,並傳送至該通訊軟體112的客戶帳號。若否,則進入步驟211結束登入網路銀行。In step 207 , the bank server 120 verifies whether the identity card number has been bound with the client account of the communication software 112 . If so, go to step 208 , the official account 114 of the bank generates a hyperlink login URL with a set of one-time parameters, and transmits it to the client account of the communication software 112 . If not, go to step 211 to end logging in to the online banking.

根據本發明之另一實施例,為了進一步提高客戶登入網路銀行之安全性,上述超連結登入網址包括一生日欄位,以供該客戶輸入並驗證該客戶之身分。上述生日欄位例如可為4位數、6位數或是8位數生日欄位。According to another embodiment of the present invention, in order to further improve the security of the customer logging in to the online banking, the above-mentioned hyperlink login website includes a birthday field for the customer to input and verify the identity of the customer. The birthday field can be, for example, a 4-digit, 6-digit or 8-digit birthday field.

根據本發明之另一實施例,例如,銀行伺服器120接收身分證字號並檢核上述客戶是否啟用通訊軟體推播功能、客戶所登入之身分證字號是否為有效身分證,以及此身分證字號與通訊軟體112的客戶帳號是否與銀行伺服器120之資料庫留存之對應資料是否一致。如無誤即產生一組帶有OTP參數之唯一超連結登入網址透過訊息平台採用通訊軟體推播方式至對應通訊通訊軟體112的客戶帳號,並且超連結登入網址具有時效性,例如,120秒之時效,客戶必須於限期內完成登入,逾時則失效。According to another embodiment of the present invention, for example, the bank server 120 receives the ID card number and checks whether the above-mentioned customer has enabled the push function of the communication software, whether the ID card number logged in by the customer is a valid ID card, and the ID card number. Whether the client account number of the communication software 112 is consistent with the corresponding data stored in the database of the bank server 120 . If there is no error, a set of unique hyperlink login URLs with OTP parameters will be generated through the message platform through the communication software push method to the client account corresponding to the communication software 112, and the hyperlink login URLs are time-sensitive, for example, the time limit of 120 seconds , the customer must complete the login within the time limit, otherwise it will be invalid.

在步驟209中,待該客戶開啟該超連結登入網址後,驗證該超連結登入網址之該瀏覽器是否留存該客戶之該些客戶身分資料。若是,則進入步驟210中,當該超連結登入網址之該瀏覽器有留存該客戶之該些客戶身分資料時,發動登入網路銀行。最後步驟211為結束。若否,則直接進入步驟211結束登入網路銀行。In step 209 , after the client opens the hyperlink login website, verify whether the browser of the hyperlink login website retains the client identity information of the client. If yes, then go to step 210, when the browser of the hyperlink login website has stored the customer identity information of the customer, start to log in to the online banking. The final step 211 is the end. If not, go directly to step 211 to end logging in to the online banking.

根據本發明之另一實施例,例如,客戶從通訊軟體112的銀行的官方帳號114收到超連結網址後點擊後會另開瀏覽器導入認證網頁,輸入客戶之生日後發送認證,此時銀行伺服器120會檢核瀏覽器之儲存空間是否有當初留存之字串(憑證)且與銀行伺服器120留存相符,如有相符則確認為同一台裝置,再檢核簡訊OTP與生日是否正確,如正確,網路登入頁則自動發動登入交易登入網路銀行,如否則終止交易。According to another embodiment of the present invention, for example, after the customer receives the hyperlink URL from the bank's official account 114 of the communication software 112 and clicks on it, a separate browser will be opened to import the authentication page, and the customer's birthday will be entered and the authentication will be sent. The server 120 will check whether there is a string (certificate) stored in the storage space of the browser and it is consistent with that stored in the bank server 120. If there is a match, it will be confirmed as the same device, and then it will be checked whether the SMS OTP and the birthday are correct. If it is correct, the online login page will automatically initiate a login transaction to log in to the online banking, otherwise the transaction will be terminated.

請參閱圖2,圖2係繪示依據本發明之一實施例之一種網路銀行結合通訊軟體推播登入系統之各模組的關係架構圖。圖2之一種網路銀行結合通訊軟體推播登入系統100包括一使用者裝置110之一通訊軟體112之一銀行的官方帳號114、一銀行伺服器120以及一登入模組130。Please refer to FIG. 2 . FIG. 2 is a diagram illustrating the relationship structure of each module of an online bank combined with a communication software push broadcast login system according to an embodiment of the present invention. 2 , an online banking combined with communication software push broadcast login system 100 includes a user device 110 , a communication software 112 , a bank official account 114 , a bank server 120 and a login module 130 .

上述銀行的官方帳號114包括身分認證模組116以及輸入模組118。上述身分認證模組116,用以對一客戶進行身分認證。上述輸入模組118,供該客戶輸入一身分證字號以登入網路銀行。The official account 114 of the above-mentioned bank includes an identity authentication module 116 and an input module 118 . The above-mentioned identity authentication module 116 is used to authenticate the identity of a customer. The above-mentioned input module 118 is used for the customer to input an ID number to log in to the Internet Banking.

上述銀行伺服器120包括綁定模組122以及驗證模組124。上述綁定模組122,連接該身分認證模組116,接收該通訊軟體112的客戶帳號,開啟一瀏覽器並產生一認證網頁以供該客戶輸入複數個客戶身分資料,發送一電信代碼以驗證該客戶之身分,將該些客戶身分資料與該通訊軟體112的客戶帳號進行綁定,並儲存一認證字串至該瀏覽器之一儲存空間中。其中該認證字串係由該使用者裝置之特徵值、該些客戶身分資料以及點擊該認證網頁之時間所組成。The above-mentioned bank server 120 includes a binding module 122 and a verification module 124 . The above-mentioned binding module 122 is connected to the identity authentication module 116, receives the customer account of the communication software 112, opens a browser and generates an authentication webpage for the customer to input a plurality of customer identity information, and sends a telecommunication code for verification For the identity of the client, the client identity information is bound to the client account of the communication software 112, and an authentication string is stored in a storage space of the browser. The authentication string is composed of the characteristic value of the user device, the client identification information and the time when the authentication webpage is clicked.

根據本發明之另一實施例,上述綁定模組122將該通訊軟體112的客戶帳號傳送至該認證網頁。According to another embodiment of the present invention, the above-mentioned binding module 122 transmits the client account of the communication software 112 to the authentication webpage.

根據本發明之另一實施例,上述客戶身分資料包括該身分證字號以及一網路銀行的使用者代號和密碼。According to another embodiment of the present invention, the above-mentioned customer identity information includes the identity card number and an online banking user ID and password.

上述驗證模組124,連接該輸入模組118,驗證該客戶輸入之該身分證字號是否已與該通訊軟體112的客戶帳號綁定,產生帶有一組一次性參數之一超連結登入網址並傳送至對應之該通訊軟體112的客戶帳號,待該客戶開啟該超連結登入網址後,驗證該超連結登入網址之該瀏覽器是否留存該客戶之該些客戶身分資料。The above-mentioned verification module 124 is connected to the input module 118 to verify whether the ID number input by the customer has been bound to the customer account of the communication software 112, and generates a hyperlink login URL with a set of one-time parameters and transmits it To the corresponding client account of the communication software 112 , after the client opens the hyperlink login site, verify whether the browser of the hyperlink login site retains the client identity information of the client.

根據本發明之另一實施例,上述超連結登入網址包括一生日欄位,以供該客戶輸入並驗證該客戶之身分。上述超連結登入網址具有時效性。According to another embodiment of the present invention, the above-mentioned hyperlink login website includes a birthday field for the customer to input and verify the identity of the customer. The above hyperlink login URL is time-sensitive.

根據本發明之另一實施例,上述驗證模組124,接收客戶於輸入模組118輸入之身分證字號,送至銀行伺服器120驗證時即記住此身分證字號,驗證無誤回傳之超連結登入網址為此身分證字號專屬之登入網址,故另開之超連結登入網址無須再輸入身分證字號,可達到避免重複輸入繁多客戶資料之功效。此外,驗證模組124於客戶點選超連結登入網址之「確認登入」時,會驗證超連結登入網址之OTP(一次性密碼)參數是否留存該客戶之該些客戶身分資料。According to another embodiment of the present invention, the above-mentioned verification module 124 receives the ID card number input by the customer in the input module 118, and sends the ID card number to the bank server 120 for verification. The linked login URL is the dedicated login URL for the ID card number, so there is no need to enter the ID card number for the hyperlink login URL opened separately, which can achieve the effect of avoiding repeated input of a lot of customer information. In addition, the verification module 124 verifies whether the OTP (one-time password) parameter of the hyperlink login website retains the client identity information of the client when the client clicks "Confirm Login" of the hyperlink login website.

根據本發明之另一實施例,上述驗證模組124,若接收到客戶輸入之身分證字號並未申請通訊軟體推播登入,或已申請但與通訊軟體112的客戶帳號不符時,即於通訊軟體112之銀行的官方帳號114回應錯誤訊息。如此,便可有效避免遭駭客測試身分證字號以致帳號遭鎖定之情況。According to another embodiment of the present invention, if the above-mentioned verification module 124 receives the ID number input by the customer and has not applied for the push login of the communication software, or has applied for but does not match the customer account of the communication software 112, the communication The bank's official account 114 of the software 112 responds with an error message. In this way, it can effectively avoid the situation that the ID number is tested by hackers and the account is locked.

根據本發明之另一實施例,上述驗證模組124,另開之超連結登入網址之瀏覽器會檢核儲存空間是否有留存該客戶之身分證字號、使用者裝置110之特徵值及點擊該認證網頁之時間所產生之字串(憑證)且與銀行伺服器120留存相符,即可判斷是否為與銀行約定之使用者裝置110。如客戶之使用者裝置110有安裝數個瀏覽器,則一定要使用當初使用於銀行的官方帳號114進行身分認證綁定之瀏覽器,其他瀏覽器視為非與銀行約定之使用者裝置。According to another embodiment of the present invention, the above-mentioned verification module 124, the browser of the separately opened hyperlink login website will check whether the storage space has the ID number of the customer, the characteristic value of the user device 110, and click the If the string (certificate) generated at the time of the authentication page is consistent with that stored in the bank server 120, it can be determined whether it is the user device 110 agreed with the bank. If the client's user device 110 has several browsers installed, it must use the browser originally used for the bank's official account 114 for authentication and binding, and other browsers are regarded as non-user devices agreed with the bank.

上述登入模組130,連接該銀行伺服器120,當該超連結登入網址之該瀏覽器有留存該客戶之該些客戶身分資料時,發動登入網路銀行。The above-mentioned login module 130 is connected to the bank server 120, and when the browser of the hyperlink login website has stored the client's identity information of the client, it starts to log in to the online bank.

根據本發明之另一實施例,駭客如偽冒銀行的官方帳號114,因客戶只輸入身分證字號及生日,如上述資訊遭竊取仍無法正常登入網路銀行,故駭客無法竊取帳號、密碼,藉此可有效防範釣魚網站攻擊。According to another embodiment of the present invention, if a hacker fakes the bank's official account number 114, since the customer only enters the ID number and birthday, if the above information is stolen, he still cannot log in to the online bank normally, so the hacker cannot steal the account number, password, which can effectively prevent phishing attacks.

綜上所述,本發明提供一種網路銀行結合通訊軟體推播登入系統及其方法,藉由驗證身分證字號與通訊軟體是否與資料庫留存之對應資料是否一致才會推播登入之超連結網址,可有效解可有效防範駭客測試身分證字號以致帳號遭鎖定之問題。藉以達到同時兼顧安全性高以及便利性高的網路銀行登入之願景。To sum up, the present invention provides an online bank combined with a communication software push login system and a method thereof. The hyperlinks for push login are only available after verifying whether the ID card number and the communication software are consistent with the corresponding data stored in the database. URL, which can effectively solve the problem of account lockout caused by hacker test ID number. In order to achieve the vision of online banking login with high security and high convenience at the same time.

此外,本發明提供之一種網路銀行結合通訊軟體推播登入系統及其方法僅需通訊軟體搭配瀏覽器即可,不需安裝額外銀行專屬應用程式(App)。對於銀行而言,銀行不需建置專屬安控應用程式(App),瀏覽器只需連結至網路銀行手機版即可,不需額外開發應用程式(App)版的網路銀行,可達到節省開發成本之功效。對於客戶而言,不需安裝額外銀行專屬應用程式(App),使用平常通訊軟體即可,藉此可達到減省手機容量之功效。In addition, the present invention provides an online bank combined with a communication software push broadcast login system and a method thereof, which only requires the communication software to be matched with a browser, and does not need to install an additional bank-specific application program (App). For banks, the bank does not need to build an exclusive security control application (App), the browser only needs to connect to the mobile version of the Internet banking, and there is no need to develop an additional application (App) version of the Internet banking, which can achieve The effect of saving development costs. For customers, there is no need to install additional bank-specific applications (App), just use the usual communication software, which can achieve the effect of reducing the capacity of the mobile phone.

雖然本發明已實施方式揭露如上,然其並非用以限定本發明,凡熟悉該項技藝之人士其所依本發明之精神,在不脫離本發明之精神和範圍內,當可作各種之更動與潤飾,因此本發明之保護範圍當視後之申請專利範圍所界定者為準。Although the embodiments of the present invention are disclosed as above, they are not intended to limit the present invention. Those who are familiar with the art can make various changes according to the spirit of the present invention without departing from the spirit and scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the patent application later.

100:網路銀行結合通訊軟體推播登入系統 110:使用者裝置 112:通訊軟體 114:銀行的官方帳號 116:身分認證模組 118:輸入模組 120:銀行伺服器 122:綁定模組 124:驗證模組 130:登入模組 200-211:步驟 100: Online banking combined with communication software push broadcast login system 110: User device 112: Communication software 114: Official account number of the bank 116: Identity authentication module 118: Input module 120: Bank Server 122: Binding modules 124: Verification Module 130: Login module 200-211: Steps

為了讓本發明之上述和其他目的、特徵、優點與實施例能更明顯易懂,所附附圖之說明如下: 圖1係繪示依據本發明之一實施例之一種網路銀行結合通訊軟體推播登入方法的流程示意圖。 圖2係繪示依據本發明之一實施例之一網路銀行結合通訊軟體推播登入系統之各模組的關係架構圖。 In order to make the above and other objects, features, advantages and embodiments of the present invention more clearly understood, the accompanying drawings are described as follows: FIG. 1 is a schematic flow chart illustrating a method for online banking combined with communication software push broadcast login according to an embodiment of the present invention. FIG. 2 is a diagram showing the relationship structure of each module of an online bank combined with a communication software push broadcast login system according to an embodiment of the present invention.

200-211:步驟 200-211: Steps

Claims (10)

一種網路銀行結合通訊軟體推播登入方法,該方法包括: 於一使用者裝置上,一客戶於一通訊軟體之一銀行的官方帳號中發出網路銀行的登入請求; 該銀行的官方帳號開啟一瀏覽器並產生一認證網頁以及將該通訊軟體的客戶帳號傳送至該認證網頁,以供該客戶輸入複數個客戶身分資料,其中該些客戶身分資料包括一身分證字號; 該銀行發送一電信代碼至該使用者裝置以驗證該客戶之身分; 該銀行綁定該些客戶身分資料與該通訊軟體的客戶帳號; 該認證網頁儲存一認證字串至該瀏覽器之一儲存空間中,其中該認證字串係由該使用者裝置之特徵值、該些客戶身分資料以及點擊該認證網頁之時間所組成; 於該銀行的官方帳號輸入該身分證字號以驗證該身分證字號是否已與該通訊軟體的客戶帳號綁定; 該銀行的官方帳號產生帶有一組一次性參數之一超連結登入網址,並傳送至該通訊軟體的客戶帳號; 待該客戶開啟該超連結登入網址後,驗證該超連結登入網址之該瀏覽器是否留存該客戶之該些客戶身分資料;以及 當該超連結登入網址之該瀏覽器有留存該客戶之該些客戶身分資料時,發動登入網路銀行。 An online bank combined with a communication software push broadcast login method, the method includes: On a user device, a customer sends an online banking login request in an official account of a bank in a communication software; The official account of the bank opens a browser and generates an authentication web page and transmits the client account of the communication software to the authentication web page for the client to input a plurality of client identification information, wherein the client identification information includes an identification number ; the bank sends a telecommunication code to the user device to verify the identity of the customer; the bank binds the customer identity information to the customer account of the communication software; the authentication webpage stores an authentication string in a storage space of the browser, wherein the authentication string is composed of the characteristic value of the user device, the client identity information and the time when the authentication webpage is clicked; Enter the ID number in the official account of the bank to verify whether the ID number has been bound with the client account of the communication software; The official account number of the bank generates a hyperlink login URL with a set of one-time parameters and transmits it to the client account of the communication software; After the client opens the hyperlink login URL, verify whether the browser of the hyperlink login URL retains the client identity information of the client; and When the browser of the hyperlink login website has stored the customer identity information of the customer, the Internet Banking is activated. 根據請求項1所述之網路銀行結合通訊軟體推播登入方法,更包括開啟一身分認證功能以開啟該瀏覽器之該認證網頁。The online banking combined with the communication software push login method according to claim 1, further comprising enabling an identity authentication function to open the authentication webpage of the browser. 根據請求項1所述之網路銀行結合通訊軟體推播登入方法,其中該些客戶身分資料包括一網路銀行的使用者代號和密碼。According to the online banking combined with the communication software push broadcast login method according to claim 1, wherein the customer identity information includes an online banking user ID and password. 根據請求項1所述之網路銀行結合通訊軟體推播登入方法,其中該超連結登入網址包括一生日欄位,以供該客戶輸入並驗證該客戶之身分。The online banking combined with the communication software push login method according to claim 1, wherein the hyperlink login URL includes a birthday field for the customer to input and verify the identity of the customer. 根據請求項1所述之網路銀行結合通訊軟體推播登入方法,其中該超連結登入網址具有時效性。According to the online banking combined with the communication software push broadcast login method according to claim 1, wherein the hyperlink login URL is time-sensitive. 一種網路銀行結合通訊軟體推播登入系統,包括: 一使用者裝置之一通訊軟體之一銀行的官方帳號,包括: 一身分認證模組,用以對一客戶進行身分認證;以及 一輸入模組,供該客戶輸入一身分證字號以登入網路銀行; 一銀行伺服器,通訊連接該使用者裝置,包括: 一綁定模組,連接該身分認證模組,接收該通訊軟體的客戶帳號,開啟一瀏覽器並產生一認證網頁以供該客戶輸入複數個客戶身分資料,發送一電信代碼以驗證該客戶之身分,將該些客戶身分資料與該通訊軟體的客戶帳號進行綁定,並儲存一認證字串至該瀏覽器之一儲存空間中,其中該認證字串係由該使用者裝置之特徵值、該些客戶身分資料以及點擊該認證網頁之時間所組成;以及 一驗證模組,連接該輸入模組,驗證該客戶輸入之該身分證字號是否已與該通訊軟體的客戶帳號綁定,產生帶有一組一次性參數之一超連結登入網址並傳送至對應之該通訊軟體的客戶帳號,待該客戶開啟該超連結登入網址後,驗證該超連結登入網址之該瀏覽器是否留存該客戶之該些客戶身分資料;以及 一登入模組,連接該銀行伺服器,當該超連結登入網址之該瀏覽器有留存該客戶之該些客戶身分資料時,發動登入網路銀行。 An online bank combined with a communication software push broadcast login system, comprising: An official account number of a bank in a communication software on a user device, including: an identity authentication module for authenticating a client; and an input module for the customer to input an identity card number to log on to the Internet Banking; A bank server, communicatively connected to the user device, including: A binding module is connected to the identity authentication module, receives the customer account of the communication software, opens a browser and generates an authentication webpage for the customer to input a plurality of customer identity information, and sends a telecommunication code to verify the customer's identity identity, bind the client identity data with the client account of the communication software, and store an authentication string in a storage space of the browser, wherein the authentication string is determined by the feature value of the user device, the customer identification information and the time when the authentication page was clicked; and a verification module, connected to the input module, to verify whether the ID number input by the customer has been bound to the customer account of the communication software, to generate a hyperlink login URL with a set of one-time parameters and send it to the corresponding For the client account of the communication software, after the client opens the hyperlink login URL, verify whether the browser of the hyperlink login URL retains the client identity information of the client; and A log-in module is connected to the bank server, and when the browser of the hyperlink log-in website has saved the client's identity information of the client, the log-in to the online bank is activated. 根據請求項6所述之網路銀行結合通訊軟體推播登入系統,其中該綁定模組將該通訊軟體的客戶帳號傳送至該認證網頁。According to the online banking integrated communication software push login system according to claim 6, wherein the binding module transmits the client account of the communication software to the authentication webpage. 根據請求項7所述之網路銀行結合通訊軟體推播登入系統,其中該些客戶身分資料包括該身分證字號以及一網路銀行的使用者代號和密碼。According to the online banking integrated communication software push login system according to claim 7, the customer identification information includes the identification number and an online banking user ID and password. 根據請求項7所述之網路銀行結合通訊軟體推播登入系統,其中該超連結登入網址包括一生日欄位,以供該客戶輸入並驗證該客戶之身分。The online banking integrated communication software push login system according to claim 7, wherein the hyperlink login URL includes a birthday field for the customer to input and verify the identity of the customer. 根據請求項7所述之網路銀行結合通訊軟體推播登入系統,其中該超連結登入網址具有時效性。According to the online banking integrated communication software push login system according to claim 7, wherein the hyperlink login URL is time-sensitive.
TW109144828A 2020-12-18 2020-12-18 Online banking combined with communication software login system and method TW202226123A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109144828A TW202226123A (en) 2020-12-18 2020-12-18 Online banking combined with communication software login system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109144828A TW202226123A (en) 2020-12-18 2020-12-18 Online banking combined with communication software login system and method

Publications (1)

Publication Number Publication Date
TW202226123A true TW202226123A (en) 2022-07-01

Family

ID=83436785

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109144828A TW202226123A (en) 2020-12-18 2020-12-18 Online banking combined with communication software login system and method

Country Status (1)

Country Link
TW (1) TW202226123A (en)

Similar Documents

Publication Publication Date Title
US11405380B2 (en) Systems and methods for using imaging to authenticate online users
US10122715B2 (en) Enhanced multi factor authentication
CN108804906B (en) System and method for application login
US9923876B2 (en) Secure randomized input
JP5719871B2 (en) Method and apparatus for preventing phishing attacks
CN104200152B (en) System and method for risk-based authentication
CN105323253B (en) Identity verification method and device
US8151326B2 (en) Using audio in N-factor authentication
US8429730B2 (en) Authenticating users and on-line sites
US20130297513A1 (en) Multi factor user authentication
US20110154459A1 (en) Method and system for securing electronic transactions
JP2009508189A (en) Extended one-time password method and apparatus
JP6034995B2 (en) Method and system for authenticating services
TWM595792U (en) Authorization system for cross-platform authorizing access to resources
US8656468B2 (en) Method and system for validating authenticity of identity claims
US8261328B2 (en) Trusted electronic communication through shared vulnerability
US20220239689A1 (en) Protecting computer system end-points using activators
TW202226123A (en) Online banking combined with communication software login system and method
TWI695608B (en) Mobile network address based verification system and method thereof
TWM611303U (en) Online banking combined with communication software login system
KR20150104667A (en) Authentication method
TWI778319B (en) Method for cross-platform authorizing access to resources and authorization system thereof
KR20080087475A (en) Method for authenticating website(or server) and program recording medium, server for providing website(or server) authenticating information
US20230379321A1 (en) Systems and methods for multi-stage, identity-based, digital authentication
US20230125547A1 (en) Authorization code for access