TWI685805B - Method and device for authenticating user identity based on transaction data - Google Patents
Method and device for authenticating user identity based on transaction data Download PDFInfo
- Publication number
- TWI685805B TWI685805B TW105143939A TW105143939A TWI685805B TW I685805 B TWI685805 B TW I685805B TW 105143939 A TW105143939 A TW 105143939A TW 105143939 A TW105143939 A TW 105143939A TW I685805 B TWI685805 B TW I685805B
- Authority
- TW
- Taiwan
- Prior art keywords
- user
- transaction data
- account
- test questions
- historical transaction
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
一種基於交易資料認證用戶身份的方法和裝置。該方法包括:根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料,根據該歷史交易資料產生一個或多個測試問題,向該用戶提供所述一個或多個測試問題,接收來自該用戶的針對所述一個或多個測試問題的回答,以及根據所述回答判斷該用戶是否通過認證。 A method and device for authenticating user identity based on transaction data. The method includes: obtaining historical transaction data associated with the account according to the account information provided by the user, generating one or more test questions based on the historical transaction data, providing the user with the one or more test questions, and receiving from the user The user's answer to the one or more test questions, and judging whether the user is authenticated based on the answer.
Description
本發明的實施例涉及身份認證,並且具體涉及基於交易資料認證用戶身份的方法和裝置。 Embodiments of the present invention relate to identity authentication, and in particular to a method and apparatus for authenticating user identity based on transaction data.
目前,在認證用戶身份時,認證伺服器需要依靠預先準備的資料進行認證。這些資料例如是用戶在認證伺服器註冊時設置的密碼、登記的手機號碼、諸如指紋等用戶的生物特徵資訊,或者分配給用戶的智慧卡中的用於認證的資料。 Currently, when authenticating a user's identity, the authentication server needs to rely on pre-prepared data for authentication. These data are, for example, a password set by the user when registering with the authentication server, a registered mobile phone number, biometric information of the user such as a fingerprint, or data used for authentication in a smart card assigned to the user.
在各種場景下,用戶可以通過向認證伺服器發送所要求的資料來進行身份認證。認證伺服器接收來自用戶的資料,並且將這些資料與預先準備的資料進行比對來判斷用戶是否通過認證。 In various scenarios, users can perform identity authentication by sending the requested data to the authentication server. The authentication server receives the data from the user, and compares these data with the previously prepared data to determine whether the user has passed the authentication.
現有技術包括以下幾種認證方案:使用靜態密碼的認證方案,其中,包括從用戶端接收所要求的資料,然後將接收到的資料與預先存儲的由用戶設置的密碼進行比對來認證用戶身份。 The existing technology includes the following authentication schemes: an authentication scheme using a static password, which includes receiving the required data from the user end, and then comparing the received data with a pre-stored password set by the user to authenticate the user's identity .
使用動態口令的認證方案,其中,包括向用 戶的終端(例如,手機)發送動態口令,並且從用戶端接收所要求的資料,然後將接收到的資料與先前生成的動態口令進行比對來認證用戶身份。 Authentication scheme using dynamic passwords, including The user's terminal (for example, a mobile phone) sends a dynamic password and receives the requested data from the user terminal, and then compares the received data with the previously generated dynamic password to authenticate the user's identity.
使用生物特徵的認證方案,其中,包括從用戶端接收所要求的生物特徵資訊(例如,人臉、聲音、虹膜、指紋),然後將接收到的生物特徵資訊與預先存儲的從用戶得到的生物特徵資訊進行比對來認證用戶身份。 Use biometric authentication schemes, which include receiving the required biometric information (eg, face, voice, iris, fingerprint) from the user, and then combining the received biometric information with the pre-stored biometrics obtained from the user The feature information is compared to authenticate the user's identity.
然而,上述的認證方案無法對未在認證伺服器註冊的用戶進行身份認證。 However, the above authentication scheme cannot authenticate users who are not registered in the authentication server.
一種基於交易資料認證用戶身份的方法,包括:根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料,根據該歷史交易資料產生一個或多個測試問題,向該用戶提供所述一個或多個測試問題,接收來自該用戶的針對所述一個或多個測試問題的回答,以及根據所述回答判斷該用戶是否通過認證。 A method for authenticating a user's identity based on transaction data includes: obtaining historical transaction data associated with the account based on account information provided by the user, generating one or more test questions based on the historical transaction data, and providing the user with the one or A plurality of test questions, receiving answers from the user for the one or more test questions, and judging whether the user passes the authentication according to the answers.
基於交易資料認證用戶身份的認證伺服器,包括:第一裝置,用於根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料,第二裝置,用於根據該歷史交易資料產生一個或多個測試問題,第三裝置,用於向該用戶提供所述一個或多個測試問題,第四裝置,用於接收來自該用戶的針對所述一個或多個測試問題的回答,以及第五裝置,用於根據所述回答判斷該用戶是否通過認證。 An authentication server for authenticating a user's identity based on transaction data, including: a first device for obtaining historical transaction data associated with the account based on account information provided by the user, and a second device for generating one or Multiple test questions, a third device for providing the user with the one or more test questions, a fourth device for receiving answers from the user for the one or more test questions, and a fifth The device is used for judging whether the user has passed the authentication according to the answer.
當結合附圖閱讀以下描述時也將理解本發明的實施例的其他特徵和優勢,其中附圖借助於實例示出了本發明的實施例的原理。 Other features and advantages of embodiments of the present invention will also be understood when reading the following description in conjunction with the accompanying drawings, wherein the drawings illustrate the principles of the embodiments of the present invention by way of examples.
110、120、130、140、150、211、212、213、214、221、222、223、224、225、226、227、228‧‧‧框 110, 120, 130, 140, 150, 211, 212, 213, 214, 221, 222, 223, 224, 225, 226, 227, 228
410‧‧‧用戶端 410‧‧‧Client
420‧‧‧認證伺服器 420‧‧‧ certified server
430‧‧‧後臺系統 430‧‧‧Backstage system
431‧‧‧歷史交易資料庫 431‧‧‧Historical transaction database
圖1是根據本發明的一個實施例的基於交易資料認證用戶身份的方法的示意圖。 FIG. 1 is a schematic diagram of a method for authenticating a user's identity based on transaction data according to an embodiment of the present invention.
圖2是根據本發明的一個實施例的基於交易資料認證用戶身份的方法的實例。 2 is an example of a method for authenticating a user's identity based on transaction data according to an embodiment of the present invention.
圖3是根據本發明的一個實施例的呈現測試問題的介面。 FIG. 3 is an interface for presenting test questions according to an embodiment of the present invention.
圖4是根據本發明的一個實施例的基於交易資料認證用戶身份的系統的示意圖。 4 is a schematic diagram of a system for authenticating a user's identity based on transaction data according to an embodiment of the present invention.
在下文中,將結合實施例描述本發明的原理。應當理解的是,給出的實施例只是為了本領域技術人員更好地理解並且實踐本發明,而不是限制本發明的範圍。因此,本說明書中包含許多具體的實施細節不應被解釋為對發明的範圍或可能被要求保護的範圍的限制,而是應該被視為特定於實施例的描述。 In the following, the principle of the present invention will be described in conjunction with the embodiments. It should be understood that the embodiments given are only for those skilled in the art to better understand and practice the present invention, and do not limit the scope of the present invention. Therefore, many specific implementation details contained in this specification should not be interpreted as limiting the scope of the invention or the scope that may be claimed, but should be regarded as a description specific to the embodiments.
圖1是根據本發明的一個實施例的基於交易資料認證用戶身份的方法的示意圖。該方法包括框110至150中的處理,這些處理可以在認證伺服器端進行。
FIG. 1 is a schematic diagram of a method for authenticating a user's identity based on transaction data according to an embodiment of the present invention. The method includes the processing in
在框110中,根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料。該帳戶是銀行帳戶或者網路支付應用帳戶。帳戶資訊例如可以是銀行卡卡號或者網路支付應用的帳號。與帳戶關聯的歷史交易資料可以從相應的交易資料庫獲得。
In
在框120中,根據該歷史交易資料產生一個或多個測試問題。後文在其他實施例中,將詳細描述產生測試問題的方式和測試問題的形式。
In
在框130中,向該用戶提供所述一個或多個測試問題。可以通過向用戶的終端發送所述一個或多個測試問題的文字資訊、圖片資訊、或者語音資訊,或者其結合,來向該用戶提供所述一個或多個測試問題。用戶的終端可以是能夠與認證伺服器交互的任何電子設備,例如手機、平板電腦、筆記本電腦、自助服務終端(例如,ATM)。
In
在框140中,接收來自該用戶的針對所述一個或多個測試問題的回答。
In
在框150中,根據所述回答判斷該用戶是否通過認證。來自用戶的回答被用來與測試問題的答案進行比對,當比對相一致時,確定該用戶與歷史交易資料所指向的用戶具有相同的身份。
In
根據該實施例的認證方案的一個優勢在於,認證伺服器不需要任何預先準備的資料就可以進行身份認證,這是因為歷史交易資料可以從銀行後臺系統請求獲 得。 An advantage of the authentication scheme according to this embodiment is that the authentication server does not need any pre-prepared data to perform identity authentication, because historical transaction data can be requested from the bank back-end system Get.
根據該實施例的認證方案的另一個優勢在於,認證伺服器僅僅需要帳戶資訊就能進行身份認證,因此用戶不必擔心洩露姓名、身份證號、手機號碼等敏感資訊,因為他/她不需要提供這些資訊。同時,用戶也不需要攜帶任何安裝有智慧晶片的硬體設備。基於用戶的歷史交易資料產生測試問題並且根據測試問題來認證用戶的身份能夠提高認證過程的安全性和便捷性。 Another advantage of the authentication scheme according to this embodiment is that the authentication server only needs account information to perform identity authentication, so the user does not have to worry about leaking sensitive information such as name, ID number, and mobile phone number, because he/she does not need to provide This information. At the same time, users do not need to carry any hardware devices with smart chips installed. Testing problems based on the user's historical transaction data and authenticating the user's identity based on the testing problems can improve the security and convenience of the authentication process.
根據該實施例的認證方案的另一個優勢在於,認證的方式特定於用戶的交易行為,因此,即使他人知曉用戶的帳戶資訊也難以通過認證。與現有技術中的認證方案相比,根據該實施例的認證方案更加可靠。同時,由於交易行為隨時間發生變化,測試問題也可以隨機產生,因此根據該實施例的認證方案可以有效的防止重放攻擊。 Another advantage of the authentication scheme according to this embodiment is that the authentication method is specific to the user's transaction behavior, so it is difficult to pass authentication even if others know the user's account information. Compared with the authentication scheme in the prior art, the authentication scheme according to this embodiment is more reliable. At the same time, since the transaction behavior changes with time, test questions can also be generated randomly, so the authentication scheme according to this embodiment can effectively prevent replay attacks.
根據該實施例的認證方案的另一個優勢在於,當歷史交易資料是銀行帳戶產生的資料時,認證伺服器不需要任何預先準備的資料就對用戶進行實名認證,這是因為銀行帳戶與用戶的真實個人資訊綁定。 Another advantage of the authentication scheme according to this embodiment is that when the historical transaction data is the data generated by the bank account, the authentication server does not need any pre-prepared data to authenticate the user by real name. This is because the bank account and the user’s Real personal information binding.
現在描述產生測試問題的方式和測試問題的形式。 The method of generating test questions and the form of test questions are now described.
在一個實施例中,一個或多個測試問題可以包括選擇題,其中該選擇題要求該用戶從多個選項中選擇與該帳戶關聯的一個或多個交易事件。該選擇題要求該用 戶從多個選項中根據以下因素的一個或者多個選擇與該帳戶關聯的一個或多個交易事件:時間、地點、交易金額。所述多個選項可以包括從該歷史交易資料產生的一個或多個干擾選項。 In one embodiment, one or more test questions may include a multiple choice question, where the multiple choice question requires the user to select one or more transaction events associated with the account from multiple options. The multiple choice question requires the use of The user selects one or more transaction events associated with the account from multiple options according to one or more of the following factors: time, location, transaction amount. The plurality of options may include one or more interference options generated from the historical transaction data.
圖2是根據本發明的一個實施例的基於交易資料認證用戶身份的方法的實例。該實例示出了根據銀行帳戶資訊進行身份認證的流程。 2 is an example of a method for authenticating a user's identity based on transaction data according to an embodiment of the present invention. This example shows the flow of identity authentication based on bank account information.
在框211中,從用戶端提交銀行帳戶資訊。
In
在框221中,在認證伺服器端接收銀行帳戶資訊,並且根據該帳戶資訊查找歷史交易資料。認證伺服器可以向銀行後臺系統發送包含該銀行帳戶資訊的請求,然後從銀行後臺系統接收歷史交易資料。該歷史交易資料可以是特定時間段的歷史交易資料。
In
在框222中,根據歷史交易資料產生包括真實交易選項和干擾選項的多個選項。例如,真實交易選項是歷史交易資料中包含的商戶名稱,而干擾選項可以是與歷史交易資料中包含的商戶相類似的商戶的名稱。
In
在一個示例中,根據用戶的歷史交易資料分析得到可能發生的交易行為,然後根據所述可能發生的交易行為產生干擾選項。例如,根據用戶的歷史交易資料分析得到可能發生的交易行為所指示的一個或多個商戶,然後將該一個或多個商戶作為干擾選項。 In one example, the transaction behavior that may occur is analyzed according to the historical transaction data of the user, and then an interference option is generated according to the transaction behavior that may occur. For example, one or more merchants indicated by possible transaction behaviors are analyzed based on the user's historical transaction data, and then the one or more merchants are used as interference options.
示例性地,干擾選項可以通過以下方式產生:從歷史交易資料提取交易行為的特徵,包括交易類 型、交易地點、商戶類型。然後,根據這些特徵中的一部分或者全部產生不包含在歷史交易資料中的商戶作為干擾選項。交易類型可以包括餐飲、旅遊、購物等。在餐飲的交易類型中,商戶類型可以包括四川料理、日本料理等。如果歷史交易資料表明用戶在地點A的日本料理A商戶進行消費,那麼認證伺服器據此可將以在地點A附近的日本料理B作為干擾項。 Illustratively, the interference option can be generated by: extracting the characteristics of the transaction behavior from the historical transaction data, including the transaction class Type, transaction location, merchant type. Then, based on some or all of these characteristics, merchants not included in the historical transaction data are generated as interference options. Transaction types can include catering, travel, shopping, etc. Among the types of catering transactions, merchant types can include Sichuan cuisine, Japanese cuisine, and so on. If the historical transaction data indicates that the user is spending at the Japanese restaurant A merchant at location A, then the authentication server can use Japanese restaurant B near location A as an interference item accordingly.
在框223中,向用戶端發送多個選項和認證規則。多個選項可以包括真實交易選項和干擾選項。認證規則作為測試問題的一部分被呈現給用戶。這裏,認證規則要求該用戶從多個選項中根據以下因素的一個或者多個選擇與該帳戶關聯的一個或多個交易事件:時間、地點、交易金額。例如,認證規則可以要求用戶按照交易發生時間的順序,從多個選項中選擇商戶。又例如,認證規則可以要求用戶從多個選項中選擇在特定地點進行過交易的商戶。又例如,認證規則可以要求從多個選項中選擇交易金額大於某個數值的進行過交易的商戶。
In
在框212中,呈現多個選項和認證規則。
In
在框213中,根據認證規則選擇選項。
In
在框213中,發送選擇的選項。
In
在框224中,從用戶端接收選擇的選項。
In
在看225中,判斷選擇的選項是否為真實交易選項,即判斷選擇的選項是否符合歷史交易資料,當判斷為是時,進入框226,當判斷為否時,進入框228,認
證通過。
In 225, determine whether the selected option is a real transaction option, that is, determine whether the selected option is consistent with historical transaction data. When the judgment is yes, go to
在框226中,判斷選擇的選項是否符合認認證規則,即選擇的選項是否滿足認證規則限定的條件。當判斷為是時,進入框227,認證通過,當判斷為否時,進入框228,認證通過。
In
圖3是根據本發明的一個實施例的呈現測試問題的示例性的介面。如圖3所示,該測試問題的認證規則(或者答題規則)要求用戶按照時間先後順序,選擇曾經消費過的6個商戶。認證伺服器通過分析歷史交易資料發現該銀行卡的用戶經常在星巴克、港麗餐廳、CHANNEL專賣店、蔔蜂蓮花消費,由此認證伺服器可以根據這樣的交易行為或者消費習慣產生COSTA咖啡、Coach專賣店、麥德龍等干擾選項。由於用戶的歷史交易行為只有他/她自己知道,所以用戶能夠按照規則選出正確的商戶,比如用戶的實際交易發生的順序為:星巴克、CHANNEL、蔔蜂蓮花、港麗餐廳、好樂迪KTV、全家。用戶可以點擊介面上的圖示產生按順序的選項,並且該序列選項被發送至認證伺服器。當認證伺服器判斷用戶選擇的選項是真實的的並且滿足認證規則的交易時間發生順序,則身份認證成功,否則,身份認證失敗。 FIG. 3 is an exemplary interface for presenting test questions according to one embodiment of the invention. As shown in Figure 3, the authentication rules (or answering rules) of the test question require users to select 6 merchants that have been consumed in chronological order. The authentication server analyzes the historical transaction data and finds that the user of the bank card often consumes at Starbucks, Conrad Restaurant, CHANNEL specialty store, and Lotus Lotus. Therefore, the authentication server can generate COSTA coffee and Coach according to such transaction behavior or consumption habits. Interference options such as specialty stores and Metro. Since the user's historical trading behavior is only known to him/herself, the user can select the correct merchant according to the rules. For example, the order in which the user's actual transaction occurs is: Starbucks, CHANNEL, Lotus Lotus, Conrad Restaurant, Holly KTV, the whole family. The user can click the icon on the interface to generate sequential options, and the sequence of options is sent to the authentication server. When the authentication server judges that the option selected by the user is real and meets the order of occurrence of the transaction time of the authentication rule, the identity authentication succeeds; otherwise, the identity authentication fails.
在一個實施例中,一個或多個測試問題可以包括填空題,其中,該填空題向該用戶提供與該帳戶關聯的一個交易事件並且要求該用戶回答與該交易事件相關的以下因素的一個或者多個:時間、地點、交易金額;或者 該填空題向該用戶提供與該帳戶關聯的一個交易事件的以下因素的一個或者多個:時間、地點、交易金額,並且要求該用戶回答該交易事件。例如,測試問題可以是“請輸入上一次在商戶A進行消費的日期”或者“請輸入上一次在商戶A進行消費的金額”。或者測試問題可以是“請輸入昨天在地點A進行消費的商戶名稱”。 In one embodiment, one or more test questions may include a blank question, where the blank question provides the user with a transaction event associated with the account and requires the user to answer one of the following factors related to the transaction event or Multiple: time, place, transaction amount; or The blank question provides the user with one or more of the following factors of a transaction event associated with the account: time, location, transaction amount, and requires the user to answer the transaction event. For example, the test question may be "please enter the date of the last purchase at Merchant A" or "please enter the amount of the last purchase at Merchant A". Or the test question could be "Please enter the name of the merchant who made the purchase at location A yesterday".
在有多個測試問題的情況下,當來自用戶的回答全部正確時,判斷該用戶通過認證。優選地,當來自用戶的回答的正確率在預定值(例如,90%)以上時,判斷該用戶通過認證。如此,用戶不需要記得所有的交易細節。 In the case of multiple test questions, when all the answers from the user are correct, it is determined that the user has passed the authentication. Preferably, when the correct rate of the answer from the user is above a predetermined value (for example, 90%), it is judged that the user has passed the authentication. As such, users do not need to remember all transaction details.
在一些實施例中,在測試問題是填空題的情況下,當來自用戶的回答的字元被包含在正確答案的字元中(即,部分匹配)時,判斷用戶的回答正確,或者當來自用戶的回答的數值與正確答案的數值在一定範圍內時時,判斷用戶的回答正確。如此,用戶不需要記得所有的交易細節。 In some embodiments, in the case where the test question is a blank question, when the character from the user's answer is included in the character of the correct answer (ie, a partial match), the user's answer is judged to be correct, or when the When the value of the user's answer and the value of the correct answer are within a certain range, it is determined that the user's answer is correct. As such, users do not need to remember all transaction details.
在一個實施例中,一個或多個測試問題可以包括判斷題,該判斷題基於交易事件、以及該交易事件的以下因素的一個或者多個:時間、地點、交易金額。 In one embodiment, the one or more test questions may include a judgment question based on the transaction event and one or more of the following factors of the transaction event: time, location, transaction amount.
圖1和圖2所示的各個框可被視為方法步驟、和/或被視為由於運行電腦程式代碼而導致的操作、和/或被視為構建為實施相關功能的多個耦合的邏輯電路元件。儘管操作按特定的順序在圖中被描繪,但這不應被 理解為要求按照所示的特定順序或按依次順序來執行這些操作,或要求所有例示的操作被執行,以達到理想的結果。 The various blocks shown in FIGS. 1 and 2 can be considered as method steps, and/or as operations due to running computer program code, and/or as multiple coupled logic constructed to implement related functions Circuit components. Although the operations are depicted in the figure in a specific order, this should not be It is understood that these operations are required to be performed in the specific order shown or in sequential order, or that all the illustrated operations are required to be performed to achieve the desired result.
圖4是根據本發明的一個實施例的基於交易資料認證用戶身份的系統的示意圖。如圖所示,基於交易資料認證用戶身份的系統包括用戶端410、認證伺服器420、後臺系統430。後臺系統430包括歷史交易資料庫431。在一個典型的實施例中,認證伺服器420從用戶端410接收帳戶資訊,並且根據該帳戶資訊從後臺系統430的歷史交易資料庫431中提取歷史交易資料。然後,認證伺服器420根據提取的歷史交易資料產生測試問題,並且將該測試問題發送至用戶端410。然後,認證伺服器420從用戶端410接收回答,並且根據該回答來認證在用戶端410的用戶的身份與歷史交易資料所指示的用戶的身份是否一致。可以理解的是,認證伺服器420在產生測試問題時,可以同時存儲對應的測試問題的答案,以便快速驗證來自用戶的回答。
4 is a schematic diagram of a system for authenticating a user's identity based on transaction data according to an embodiment of the present invention. As shown in the figure, a system for authenticating a user's identity based on transaction data includes a
示例性實施例可在硬體、軟體或其組合中來實施。例如,本發明的某些方面可在硬體中實施,而其他方面則可在軟體中實施。 Exemplary embodiments may be implemented in hardware, software, or a combination thereof. For example, some aspects of the invention can be implemented in hardware, while other aspects can be implemented in software.
在一個實施例中,基於交易資料認證用戶身份的認證伺服器,包括: 第一裝置,用於根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料, 第二裝置,用於根據該歷史交易資料產生一個或多個測試問題, 第三裝置,用於向該用戶提供所述一個或多個測試問題, 第四裝置,用於接收來自該用戶的針對所述一個或多個測試問題的回答, 第五裝置,用於根據所述回答判斷該用戶是否通過認證。 In one embodiment, the authentication server that authenticates the user's identity based on the transaction data includes: The first device is used to obtain historical transaction data associated with the account based on the account information provided by the user, The second device is used to generate one or more test questions based on the historical transaction data, A third device for providing the user with the one or more test questions, A fourth device for receiving answers from the user to the one or more test questions, The fifth device is used to judge whether the user has passed the authentication according to the answer.
在另一個實施例中,該帳戶是銀行帳戶或者網路支付應用帳戶。由所述第二裝置產生的所述一個或多個測試問題包括選擇題,其中該選擇題要求該用戶從多個選項中選擇與該帳戶關聯的一個或多個交易事件。該選擇題要求該用戶從多個選項中根據以下因素的一個或者多個選擇與該帳戶關聯的一個或多個交易事件:時間、地點、交易金額。所述多個選項包括從該歷史交易資料產生的一個或多個干擾選項。 In another embodiment, the account is a bank account or an online payment application account. The one or more test questions generated by the second device include multiple choice questions, where the multiple choice questions require the user to select one or more transaction events associated with the account from multiple options. The multiple-choice question requires the user to select one or more transaction events associated with the account from multiple options based on one or more of the following factors: time, location, and transaction amount. The plurality of options includes one or more interference options generated from the historical transaction data.
在另一個實施例中,由所述第二裝置產生的所述一個或多個測試問題包括填空題,其中,該填空題向該用戶提供與該帳戶關聯的一個交易事件並且要求該用戶回答與該交易事件相關的以下因素的一個或者多個:時間、地點、交易金額;或者該填空題向該用戶提供與該帳戶關聯的一個交易事件的以下因素的一個或者多個:時間、地點、交易金額,並且要求該用戶回答該交易事件。 In another embodiment, the one or more test questions generated by the second device include a blank question, wherein the blank question provides the user with a transaction event associated with the account and requires the user to answer with One or more of the following factors related to the transaction event: time, location, transaction amount; or the blank fill-in question provides the user with one or more of the following factors of a transaction event associated with the account: time, location, transaction Amount, and the user is required to answer the transaction event.
在另一個實施例中,由所述第二裝置產生的 所述一個或多個測試問題包括判斷題,該判斷題基於交易事件、以及該交易事件的以下因素的一個或者多個:時間、地點、交易金額。 In another embodiment, the second device The one or more test questions include a judgment question based on the transaction event and one or more of the following factors of the transaction event: time, location, and transaction amount.
在另一個實施例中,所述第三裝置通過向用戶的終端發送所述一個或多個測試問題的文字資訊、圖片資訊、或者語音資訊,或者其結合,來向該用戶提供所述一個或多個測試問題。 In another embodiment, the third device provides the user with the one or more by sending text information, picture information, or voice information of the one or more test questions to the user's terminal, or a combination thereof Test questions.
在另一個實施例中,所述第五裝置被配置成當來自用戶的回答全部正確時,判斷該用戶通過認證,或者當來自用戶的回答的正確率在預定值以上時,判斷該用戶通過認證。 In another embodiment, the fifth device is configured to judge that the user passed the authentication when all the answers from the user are correct, or to judge that the user passed the authentication when the accuracy of the answer from the user is above a predetermined value .
儘管本發明的示例性實施例的方面可被示出和描述為框圖、流程圖,但很好理解的是,這裏描述的這些裝置、或方法可在作為非限制性實例的系統中被實現為功能模組。此外,上述裝置不應被理解為要求在所有的實施例中進行這種分離,而應該被理解為所描述的程式元件和系統通常可以被集成在單一的軟體產品中或打包成多個軟體產品。 Although aspects of the exemplary embodiments of the present invention may be shown and described as block diagrams and flowcharts, it is well understood that the devices or methods described herein may be implemented in a system as a non-limiting example It is a functional module. In addition, the above device should not be understood as requiring such separation in all embodiments, but should be understood that the described program elements and systems can generally be integrated into a single software product or packaged into multiple software products .
相關領域的技術人員當結合附圖閱讀前述說明書時,對本發明的前述示例性實施例的各種修改和變形對於相關領域的技術人員會變得明顯。因此,本發明的實施例不限於所公開的特定實施例,並且變形例和其他實施例意在涵蓋在所附權利要求的範圍內。 When those skilled in the relevant art read the foregoing description in conjunction with the accompanying drawings, various modifications and variations to the aforementioned exemplary embodiments of the present invention will become apparent to those skilled in the relevant art. Therefore, the embodiments of the present invention are not limited to the specific embodiments disclosed, and variations and other embodiments are intended to be covered within the scope of the appended claims.
Claims (6)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610090879.2A CN105610865A (en) | 2016-02-18 | 2016-02-18 | Method and device for authenticating identity of user based on transaction data |
CN201610090879.2 | 2016-02-18 |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201730829A TW201730829A (en) | 2017-09-01 |
TWI685805B true TWI685805B (en) | 2020-02-21 |
Family
ID=55990403
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW105143939A TWI685805B (en) | 2016-02-18 | 2016-12-29 | Method and device for authenticating user identity based on transaction data |
Country Status (3)
Country | Link |
---|---|
CN (1) | CN105610865A (en) |
TW (1) | TWI685805B (en) |
WO (1) | WO2017140190A1 (en) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105610865A (en) * | 2016-02-18 | 2016-05-25 | ***股份有限公司 | Method and device for authenticating identity of user based on transaction data |
CN106888201A (en) * | 2016-08-31 | 2017-06-23 | 阿里巴巴集团控股有限公司 | A kind of method of calibration and device |
CN106779716B (en) * | 2016-11-21 | 2021-06-04 | 江苏通付盾区块链科技有限公司 | Authentication method, device and system based on block chain account address |
CN106411950B (en) * | 2016-11-21 | 2019-10-18 | 江苏通付盾科技有限公司 | Authentication method, apparatus and system based on block chain transaction id |
TWI638307B (en) * | 2017-08-04 | 2018-10-11 | 台灣資服科技股份有限公司 | Multi-factor login system and login method |
CN108875514B (en) * | 2017-12-08 | 2021-07-30 | 北京旷视科技有限公司 | Face authentication method and system, authentication device and nonvolatile storage medium |
CN108391141B (en) * | 2018-03-19 | 2020-03-31 | 京东数字科技控股有限公司 | Method and apparatus for outputting information |
CN110473096A (en) * | 2019-07-31 | 2019-11-19 | 阿里巴巴集团控股有限公司 | Data grant method and device based on intelligent contract |
US11252166B2 (en) | 2019-07-31 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Providing data authorization based on blockchain |
US11057189B2 (en) | 2019-07-31 | 2021-07-06 | Advanced New Technologies Co., Ltd. | Providing data authorization based on blockchain |
US11251963B2 (en) | 2019-07-31 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Blockchain-based data authorization method and apparatus |
CN110517021A (en) * | 2019-08-27 | 2019-11-29 | 出门问问信息科技有限公司 | A kind of data processing method, device, storage medium and electronic equipment |
US11310051B2 (en) | 2020-01-15 | 2022-04-19 | Advanced New Technologies Co., Ltd. | Blockchain-based data authorization method and apparatus |
CN112767593B (en) * | 2020-12-31 | 2022-02-22 | 深圳市深圳通有限公司 | Traffic card owner identification method, device, equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1776755A (en) * | 2005-07-05 | 2006-05-24 | 淘宝控股有限公司 | Method for identify user identity for Internet service provider |
CN101473344A (en) * | 2006-06-19 | 2009-07-01 | 维萨美国股份有限公司 | Consumer authentication system and method |
US20150186880A1 (en) * | 2013-12-26 | 2015-07-02 | Tencent Technology (Shenzhen) Company Limited | Systems and Methods for Safe Payments |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004511028A (en) * | 2000-06-28 | 2004-04-08 | パテンテック,インコーポレイティド | Method and system for securely collecting, storing and transmitting information |
CN1910592A (en) * | 2004-01-23 | 2007-02-07 | 运通卡国际股份有限公司 | System and method for secure telephone and computer transactions |
CN101447051A (en) * | 2007-11-27 | 2009-06-03 | 联想(北京)有限公司 | Payment method and payment device |
US9928358B2 (en) * | 2013-12-09 | 2018-03-27 | Mastercard International Incorporated | Methods and systems for using transaction data to authenticate a user of a computing device |
CN105610865A (en) * | 2016-02-18 | 2016-05-25 | ***股份有限公司 | Method and device for authenticating identity of user based on transaction data |
-
2016
- 2016-02-18 CN CN201610090879.2A patent/CN105610865A/en active Pending
- 2016-12-29 TW TW105143939A patent/TWI685805B/en active
-
2017
- 2017-01-05 WO PCT/CN2017/070223 patent/WO2017140190A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1776755A (en) * | 2005-07-05 | 2006-05-24 | 淘宝控股有限公司 | Method for identify user identity for Internet service provider |
CN101473344A (en) * | 2006-06-19 | 2009-07-01 | 维萨美国股份有限公司 | Consumer authentication system and method |
US20150186880A1 (en) * | 2013-12-26 | 2015-07-02 | Tencent Technology (Shenzhen) Company Limited | Systems and Methods for Safe Payments |
Also Published As
Publication number | Publication date |
---|---|
WO2017140190A1 (en) | 2017-08-24 |
CN105610865A (en) | 2016-05-25 |
TW201730829A (en) | 2017-09-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI685805B (en) | Method and device for authenticating user identity based on transaction data | |
US11847199B2 (en) | Remote usage of locally stored biometric authentication data | |
US10440019B2 (en) | Method, computer program, and system for identifying multiple users based on their behavior | |
US10200364B1 (en) | Enhanced secure authentication | |
CA2945703C (en) | Systems, apparatus and methods for improved authentication | |
US20230045378A1 (en) | Non-repeatable challenge-response authentication | |
US20160005038A1 (en) | Enhanced user authentication platform | |
US11743267B2 (en) | Location identification in multi-factor authentication | |
US20220215398A1 (en) | Systems and methods for use in authenticating consumers in connection with payment account transactions | |
US11188913B2 (en) | Systems and methods for securely verifying a subset of personally identifiable information | |
JP2006504167A (en) | Method for performing secure electronic transactions using portable data storage media | |
US11902275B2 (en) | Context-based authentication of a user | |
US9202035B1 (en) | User authentication based on biometric handwriting aspects of a handwritten code | |
US20230020600A1 (en) | System, Method, and Computer Program Product for Authenticating a Transaction | |
US20230185898A1 (en) | Systems and methods for authentication code entry using mobile electronic devices | |
US11615421B2 (en) | Methods, system and computer program product for selectively responding to presentation of payment card information | |
US20220335426A1 (en) | Method for Determining the Likelihood for Someone to Remember a Particular Transaction | |
US20240095740A1 (en) | Multi-factor authentication using location data | |
Sreelekha et al. | The Abundant User Verification and Authentication for Ensured Internet Services |