TWI685805B - Method and device for authenticating user identity based on transaction data - Google Patents

Method and device for authenticating user identity based on transaction data Download PDF

Info

Publication number
TWI685805B
TWI685805B TW105143939A TW105143939A TWI685805B TW I685805 B TWI685805 B TW I685805B TW 105143939 A TW105143939 A TW 105143939A TW 105143939 A TW105143939 A TW 105143939A TW I685805 B TWI685805 B TW I685805B
Authority
TW
Taiwan
Prior art keywords
user
transaction data
account
test questions
historical transaction
Prior art date
Application number
TW105143939A
Other languages
Chinese (zh)
Other versions
TW201730829A (en
Inventor
萬四爽
徐燕軍
何朔
尹亞偉
Original Assignee
大陸商中國銀聯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商中國銀聯股份有限公司 filed Critical 大陸商中國銀聯股份有限公司
Publication of TW201730829A publication Critical patent/TW201730829A/en
Application granted granted Critical
Publication of TWI685805B publication Critical patent/TWI685805B/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

一種基於交易資料認證用戶身份的方法和裝置。該方法包括:根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料,根據該歷史交易資料產生一個或多個測試問題,向該用戶提供所述一個或多個測試問題,接收來自該用戶的針對所述一個或多個測試問題的回答,以及根據所述回答判斷該用戶是否通過認證。 A method and device for authenticating user identity based on transaction data. The method includes: obtaining historical transaction data associated with the account according to the account information provided by the user, generating one or more test questions based on the historical transaction data, providing the user with the one or more test questions, and receiving from the user The user's answer to the one or more test questions, and judging whether the user is authenticated based on the answer.

Description

一種基於交易資料認證用戶身份的方法和裝置 Method and device for authenticating user identity based on transaction data

本發明的實施例涉及身份認證,並且具體涉及基於交易資料認證用戶身份的方法和裝置。 Embodiments of the present invention relate to identity authentication, and in particular to a method and apparatus for authenticating user identity based on transaction data.

目前,在認證用戶身份時,認證伺服器需要依靠預先準備的資料進行認證。這些資料例如是用戶在認證伺服器註冊時設置的密碼、登記的手機號碼、諸如指紋等用戶的生物特徵資訊,或者分配給用戶的智慧卡中的用於認證的資料。 Currently, when authenticating a user's identity, the authentication server needs to rely on pre-prepared data for authentication. These data are, for example, a password set by the user when registering with the authentication server, a registered mobile phone number, biometric information of the user such as a fingerprint, or data used for authentication in a smart card assigned to the user.

在各種場景下,用戶可以通過向認證伺服器發送所要求的資料來進行身份認證。認證伺服器接收來自用戶的資料,並且將這些資料與預先準備的資料進行比對來判斷用戶是否通過認證。 In various scenarios, users can perform identity authentication by sending the requested data to the authentication server. The authentication server receives the data from the user, and compares these data with the previously prepared data to determine whether the user has passed the authentication.

現有技術包括以下幾種認證方案:使用靜態密碼的認證方案,其中,包括從用戶端接收所要求的資料,然後將接收到的資料與預先存儲的由用戶設置的密碼進行比對來認證用戶身份。 The existing technology includes the following authentication schemes: an authentication scheme using a static password, which includes receiving the required data from the user end, and then comparing the received data with a pre-stored password set by the user to authenticate the user's identity .

使用動態口令的認證方案,其中,包括向用 戶的終端(例如,手機)發送動態口令,並且從用戶端接收所要求的資料,然後將接收到的資料與先前生成的動態口令進行比對來認證用戶身份。 Authentication scheme using dynamic passwords, including The user's terminal (for example, a mobile phone) sends a dynamic password and receives the requested data from the user terminal, and then compares the received data with the previously generated dynamic password to authenticate the user's identity.

使用生物特徵的認證方案,其中,包括從用戶端接收所要求的生物特徵資訊(例如,人臉、聲音、虹膜、指紋),然後將接收到的生物特徵資訊與預先存儲的從用戶得到的生物特徵資訊進行比對來認證用戶身份。 Use biometric authentication schemes, which include receiving the required biometric information (eg, face, voice, iris, fingerprint) from the user, and then combining the received biometric information with the pre-stored biometrics obtained from the user The feature information is compared to authenticate the user's identity.

然而,上述的認證方案無法對未在認證伺服器註冊的用戶進行身份認證。 However, the above authentication scheme cannot authenticate users who are not registered in the authentication server.

一種基於交易資料認證用戶身份的方法,包括:根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料,根據該歷史交易資料產生一個或多個測試問題,向該用戶提供所述一個或多個測試問題,接收來自該用戶的針對所述一個或多個測試問題的回答,以及根據所述回答判斷該用戶是否通過認證。 A method for authenticating a user's identity based on transaction data includes: obtaining historical transaction data associated with the account based on account information provided by the user, generating one or more test questions based on the historical transaction data, and providing the user with the one or A plurality of test questions, receiving answers from the user for the one or more test questions, and judging whether the user passes the authentication according to the answers.

基於交易資料認證用戶身份的認證伺服器,包括:第一裝置,用於根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料,第二裝置,用於根據該歷史交易資料產生一個或多個測試問題,第三裝置,用於向該用戶提供所述一個或多個測試問題,第四裝置,用於接收來自該用戶的針對所述一個或多個測試問題的回答,以及第五裝置,用於根據所述回答判斷該用戶是否通過認證。 An authentication server for authenticating a user's identity based on transaction data, including: a first device for obtaining historical transaction data associated with the account based on account information provided by the user, and a second device for generating one or Multiple test questions, a third device for providing the user with the one or more test questions, a fourth device for receiving answers from the user for the one or more test questions, and a fifth The device is used for judging whether the user has passed the authentication according to the answer.

當結合附圖閱讀以下描述時也將理解本發明的實施例的其他特徵和優勢,其中附圖借助於實例示出了本發明的實施例的原理。 Other features and advantages of embodiments of the present invention will also be understood when reading the following description in conjunction with the accompanying drawings, wherein the drawings illustrate the principles of the embodiments of the present invention by way of examples.

110、120、130、140、150、211、212、213、214、221、222、223、224、225、226、227、228‧‧‧框 110, 120, 130, 140, 150, 211, 212, 213, 214, 221, 222, 223, 224, 225, 226, 227, 228

410‧‧‧用戶端 410‧‧‧Client

420‧‧‧認證伺服器 420‧‧‧ certified server

430‧‧‧後臺系統 430‧‧‧Backstage system

431‧‧‧歷史交易資料庫 431‧‧‧Historical transaction database

圖1是根據本發明的一個實施例的基於交易資料認證用戶身份的方法的示意圖。 FIG. 1 is a schematic diagram of a method for authenticating a user's identity based on transaction data according to an embodiment of the present invention.

圖2是根據本發明的一個實施例的基於交易資料認證用戶身份的方法的實例。 2 is an example of a method for authenticating a user's identity based on transaction data according to an embodiment of the present invention.

圖3是根據本發明的一個實施例的呈現測試問題的介面。 FIG. 3 is an interface for presenting test questions according to an embodiment of the present invention.

圖4是根據本發明的一個實施例的基於交易資料認證用戶身份的系統的示意圖。 4 is a schematic diagram of a system for authenticating a user's identity based on transaction data according to an embodiment of the present invention.

在下文中,將結合實施例描述本發明的原理。應當理解的是,給出的實施例只是為了本領域技術人員更好地理解並且實踐本發明,而不是限制本發明的範圍。因此,本說明書中包含許多具體的實施細節不應被解釋為對發明的範圍或可能被要求保護的範圍的限制,而是應該被視為特定於實施例的描述。 In the following, the principle of the present invention will be described in conjunction with the embodiments. It should be understood that the embodiments given are only for those skilled in the art to better understand and practice the present invention, and do not limit the scope of the present invention. Therefore, many specific implementation details contained in this specification should not be interpreted as limiting the scope of the invention or the scope that may be claimed, but should be regarded as a description specific to the embodiments.

圖1是根據本發明的一個實施例的基於交易資料認證用戶身份的方法的示意圖。該方法包括框110至150中的處理,這些處理可以在認證伺服器端進行。 FIG. 1 is a schematic diagram of a method for authenticating a user's identity based on transaction data according to an embodiment of the present invention. The method includes the processing in blocks 110 to 150, which may be performed on the authentication server side.

在框110中,根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料。該帳戶是銀行帳戶或者網路支付應用帳戶。帳戶資訊例如可以是銀行卡卡號或者網路支付應用的帳號。與帳戶關聯的歷史交易資料可以從相應的交易資料庫獲得。 In block 110, historical transaction data associated with the account is obtained based on the account information provided by the user. The account is a bank account or an online payment application account. The account information may be, for example, a bank card number or an account number of an online payment application. The historical transaction data associated with the account can be obtained from the corresponding transaction database.

在框120中,根據該歷史交易資料產生一個或多個測試問題。後文在其他實施例中,將詳細描述產生測試問題的方式和測試問題的形式。 In block 120, one or more test questions are generated based on the historical transaction data. Hereinafter, in other embodiments, the manner of generating test questions and the form of test questions will be described in detail.

在框130中,向該用戶提供所述一個或多個測試問題。可以通過向用戶的終端發送所述一個或多個測試問題的文字資訊、圖片資訊、或者語音資訊,或者其結合,來向該用戶提供所述一個或多個測試問題。用戶的終端可以是能夠與認證伺服器交互的任何電子設備,例如手機、平板電腦、筆記本電腦、自助服務終端(例如,ATM)。 In block 130, the user is provided with the one or more test questions. The one or more test questions may be provided to the user by sending text information, picture information, or voice information of the one or more test questions to the user's terminal, or a combination thereof. The user's terminal may be any electronic device capable of interacting with the authentication server, such as a mobile phone, a tablet computer, a notebook computer, and a self-service terminal (for example, ATM).

在框140中,接收來自該用戶的針對所述一個或多個測試問題的回答。 In block 140, an answer to the one or more test questions from the user is received.

在框150中,根據所述回答判斷該用戶是否通過認證。來自用戶的回答被用來與測試問題的答案進行比對,當比對相一致時,確定該用戶與歷史交易資料所指向的用戶具有相同的身份。 In block 150, it is determined whether the user is authenticated based on the answer. The answer from the user is used to compare with the answer to the test question. When the comparison is consistent, it is determined that the user has the same identity as the user pointed to by the historical transaction data.

根據該實施例的認證方案的一個優勢在於,認證伺服器不需要任何預先準備的資料就可以進行身份認證,這是因為歷史交易資料可以從銀行後臺系統請求獲 得。 An advantage of the authentication scheme according to this embodiment is that the authentication server does not need any pre-prepared data to perform identity authentication, because historical transaction data can be requested from the bank back-end system Get.

根據該實施例的認證方案的另一個優勢在於,認證伺服器僅僅需要帳戶資訊就能進行身份認證,因此用戶不必擔心洩露姓名、身份證號、手機號碼等敏感資訊,因為他/她不需要提供這些資訊。同時,用戶也不需要攜帶任何安裝有智慧晶片的硬體設備。基於用戶的歷史交易資料產生測試問題並且根據測試問題來認證用戶的身份能夠提高認證過程的安全性和便捷性。 Another advantage of the authentication scheme according to this embodiment is that the authentication server only needs account information to perform identity authentication, so the user does not have to worry about leaking sensitive information such as name, ID number, and mobile phone number, because he/she does not need to provide This information. At the same time, users do not need to carry any hardware devices with smart chips installed. Testing problems based on the user's historical transaction data and authenticating the user's identity based on the testing problems can improve the security and convenience of the authentication process.

根據該實施例的認證方案的另一個優勢在於,認證的方式特定於用戶的交易行為,因此,即使他人知曉用戶的帳戶資訊也難以通過認證。與現有技術中的認證方案相比,根據該實施例的認證方案更加可靠。同時,由於交易行為隨時間發生變化,測試問題也可以隨機產生,因此根據該實施例的認證方案可以有效的防止重放攻擊。 Another advantage of the authentication scheme according to this embodiment is that the authentication method is specific to the user's transaction behavior, so it is difficult to pass authentication even if others know the user's account information. Compared with the authentication scheme in the prior art, the authentication scheme according to this embodiment is more reliable. At the same time, since the transaction behavior changes with time, test questions can also be generated randomly, so the authentication scheme according to this embodiment can effectively prevent replay attacks.

根據該實施例的認證方案的另一個優勢在於,當歷史交易資料是銀行帳戶產生的資料時,認證伺服器不需要任何預先準備的資料就對用戶進行實名認證,這是因為銀行帳戶與用戶的真實個人資訊綁定。 Another advantage of the authentication scheme according to this embodiment is that when the historical transaction data is the data generated by the bank account, the authentication server does not need any pre-prepared data to authenticate the user by real name. This is because the bank account and the user’s Real personal information binding.

現在描述產生測試問題的方式和測試問題的形式。 The method of generating test questions and the form of test questions are now described.

在一個實施例中,一個或多個測試問題可以包括選擇題,其中該選擇題要求該用戶從多個選項中選擇與該帳戶關聯的一個或多個交易事件。該選擇題要求該用 戶從多個選項中根據以下因素的一個或者多個選擇與該帳戶關聯的一個或多個交易事件:時間、地點、交易金額。所述多個選項可以包括從該歷史交易資料產生的一個或多個干擾選項。 In one embodiment, one or more test questions may include a multiple choice question, where the multiple choice question requires the user to select one or more transaction events associated with the account from multiple options. The multiple choice question requires the use of The user selects one or more transaction events associated with the account from multiple options according to one or more of the following factors: time, location, transaction amount. The plurality of options may include one or more interference options generated from the historical transaction data.

圖2是根據本發明的一個實施例的基於交易資料認證用戶身份的方法的實例。該實例示出了根據銀行帳戶資訊進行身份認證的流程。 2 is an example of a method for authenticating a user's identity based on transaction data according to an embodiment of the present invention. This example shows the flow of identity authentication based on bank account information.

在框211中,從用戶端提交銀行帳戶資訊。 In block 211, bank account information is submitted from the client.

在框221中,在認證伺服器端接收銀行帳戶資訊,並且根據該帳戶資訊查找歷史交易資料。認證伺服器可以向銀行後臺系統發送包含該銀行帳戶資訊的請求,然後從銀行後臺系統接收歷史交易資料。該歷史交易資料可以是特定時間段的歷史交易資料。 In block 221, bank account information is received on the authentication server side, and historical transaction data is searched based on the account information. The authentication server can send a request containing the bank account information to the bank back-end system, and then receive historical transaction data from the bank back-end system. The historical transaction data may be historical transaction data in a specific time period.

在框222中,根據歷史交易資料產生包括真實交易選項和干擾選項的多個選項。例如,真實交易選項是歷史交易資料中包含的商戶名稱,而干擾選項可以是與歷史交易資料中包含的商戶相類似的商戶的名稱。 In block 222, multiple options including real transaction options and interference options are generated based on historical transaction data. For example, the real transaction option is the name of the merchant included in the historical transaction data, and the interference option may be the name of a merchant similar to the merchant included in the historical transaction data.

在一個示例中,根據用戶的歷史交易資料分析得到可能發生的交易行為,然後根據所述可能發生的交易行為產生干擾選項。例如,根據用戶的歷史交易資料分析得到可能發生的交易行為所指示的一個或多個商戶,然後將該一個或多個商戶作為干擾選項。 In one example, the transaction behavior that may occur is analyzed according to the historical transaction data of the user, and then an interference option is generated according to the transaction behavior that may occur. For example, one or more merchants indicated by possible transaction behaviors are analyzed based on the user's historical transaction data, and then the one or more merchants are used as interference options.

示例性地,干擾選項可以通過以下方式產生:從歷史交易資料提取交易行為的特徵,包括交易類 型、交易地點、商戶類型。然後,根據這些特徵中的一部分或者全部產生不包含在歷史交易資料中的商戶作為干擾選項。交易類型可以包括餐飲、旅遊、購物等。在餐飲的交易類型中,商戶類型可以包括四川料理、日本料理等。如果歷史交易資料表明用戶在地點A的日本料理A商戶進行消費,那麼認證伺服器據此可將以在地點A附近的日本料理B作為干擾項。 Illustratively, the interference option can be generated by: extracting the characteristics of the transaction behavior from the historical transaction data, including the transaction class Type, transaction location, merchant type. Then, based on some or all of these characteristics, merchants not included in the historical transaction data are generated as interference options. Transaction types can include catering, travel, shopping, etc. Among the types of catering transactions, merchant types can include Sichuan cuisine, Japanese cuisine, and so on. If the historical transaction data indicates that the user is spending at the Japanese restaurant A merchant at location A, then the authentication server can use Japanese restaurant B near location A as an interference item accordingly.

在框223中,向用戶端發送多個選項和認證規則。多個選項可以包括真實交易選項和干擾選項。認證規則作為測試問題的一部分被呈現給用戶。這裏,認證規則要求該用戶從多個選項中根據以下因素的一個或者多個選擇與該帳戶關聯的一個或多個交易事件:時間、地點、交易金額。例如,認證規則可以要求用戶按照交易發生時間的順序,從多個選項中選擇商戶。又例如,認證規則可以要求用戶從多個選項中選擇在特定地點進行過交易的商戶。又例如,認證規則可以要求從多個選項中選擇交易金額大於某個數值的進行過交易的商戶。 In block 223, multiple options and authentication rules are sent to the client. Multiple options may include real trading options and interference options. The authentication rules are presented to the user as part of the test question. Here, the authentication rule requires the user to select one or more transaction events associated with the account from multiple options based on one or more of the following factors: time, location, and transaction amount. For example, authentication rules may require users to select merchants from multiple options in the order in which transactions occur. For another example, the authentication rule may require the user to select a merchant who has conducted a transaction at a specific location from multiple options. For another example, the authentication rule may require that a merchant who has conducted a transaction with a transaction amount greater than a certain value be selected from multiple options.

在框212中,呈現多個選項和認證規則。 In block 212, multiple options and authentication rules are presented.

在框213中,根據認證規則選擇選項。 In block 213, the options are selected according to the authentication rules.

在框213中,發送選擇的選項。 In block 213, the selected option is sent.

在框224中,從用戶端接收選擇的選項。 In block 224, the selected option is received from the user terminal.

在看225中,判斷選擇的選項是否為真實交易選項,即判斷選擇的選項是否符合歷史交易資料,當判斷為是時,進入框226,當判斷為否時,進入框228,認 證通過。 In 225, determine whether the selected option is a real transaction option, that is, determine whether the selected option is consistent with historical transaction data. When the judgment is yes, go to box 226, when the judgment is no, go to box 228, recognize Pass.

在框226中,判斷選擇的選項是否符合認認證規則,即選擇的選項是否滿足認證規則限定的條件。當判斷為是時,進入框227,認證通過,當判斷為否時,進入框228,認證通過。 In block 226, it is determined whether the selected option meets the authentication and certification rules, that is, whether the selected option meets the conditions defined by the authentication rules. When it is judged as yes, it goes to block 227 and the authentication is passed, when it is judged as no, it goes to block 228 and the authentication is passed.

圖3是根據本發明的一個實施例的呈現測試問題的示例性的介面。如圖3所示,該測試問題的認證規則(或者答題規則)要求用戶按照時間先後順序,選擇曾經消費過的6個商戶。認證伺服器通過分析歷史交易資料發現該銀行卡的用戶經常在星巴克、港麗餐廳、CHANNEL專賣店、蔔蜂蓮花消費,由此認證伺服器可以根據這樣的交易行為或者消費習慣產生COSTA咖啡、Coach專賣店、麥德龍等干擾選項。由於用戶的歷史交易行為只有他/她自己知道,所以用戶能夠按照規則選出正確的商戶,比如用戶的實際交易發生的順序為:星巴克、CHANNEL、蔔蜂蓮花、港麗餐廳、好樂迪KTV、全家。用戶可以點擊介面上的圖示產生按順序的選項,並且該序列選項被發送至認證伺服器。當認證伺服器判斷用戶選擇的選項是真實的的並且滿足認證規則的交易時間發生順序,則身份認證成功,否則,身份認證失敗。 FIG. 3 is an exemplary interface for presenting test questions according to one embodiment of the invention. As shown in Figure 3, the authentication rules (or answering rules) of the test question require users to select 6 merchants that have been consumed in chronological order. The authentication server analyzes the historical transaction data and finds that the user of the bank card often consumes at Starbucks, Conrad Restaurant, CHANNEL specialty store, and Lotus Lotus. Therefore, the authentication server can generate COSTA coffee and Coach according to such transaction behavior or consumption habits. Interference options such as specialty stores and Metro. Since the user's historical trading behavior is only known to him/herself, the user can select the correct merchant according to the rules. For example, the order in which the user's actual transaction occurs is: Starbucks, CHANNEL, Lotus Lotus, Conrad Restaurant, Holly KTV, the whole family. The user can click the icon on the interface to generate sequential options, and the sequence of options is sent to the authentication server. When the authentication server judges that the option selected by the user is real and meets the order of occurrence of the transaction time of the authentication rule, the identity authentication succeeds; otherwise, the identity authentication fails.

在一個實施例中,一個或多個測試問題可以包括填空題,其中,該填空題向該用戶提供與該帳戶關聯的一個交易事件並且要求該用戶回答與該交易事件相關的以下因素的一個或者多個:時間、地點、交易金額;或者 該填空題向該用戶提供與該帳戶關聯的一個交易事件的以下因素的一個或者多個:時間、地點、交易金額,並且要求該用戶回答該交易事件。例如,測試問題可以是“請輸入上一次在商戶A進行消費的日期”或者“請輸入上一次在商戶A進行消費的金額”。或者測試問題可以是“請輸入昨天在地點A進行消費的商戶名稱”。 In one embodiment, one or more test questions may include a blank question, where the blank question provides the user with a transaction event associated with the account and requires the user to answer one of the following factors related to the transaction event or Multiple: time, place, transaction amount; or The blank question provides the user with one or more of the following factors of a transaction event associated with the account: time, location, transaction amount, and requires the user to answer the transaction event. For example, the test question may be "please enter the date of the last purchase at Merchant A" or "please enter the amount of the last purchase at Merchant A". Or the test question could be "Please enter the name of the merchant who made the purchase at location A yesterday".

在有多個測試問題的情況下,當來自用戶的回答全部正確時,判斷該用戶通過認證。優選地,當來自用戶的回答的正確率在預定值(例如,90%)以上時,判斷該用戶通過認證。如此,用戶不需要記得所有的交易細節。 In the case of multiple test questions, when all the answers from the user are correct, it is determined that the user has passed the authentication. Preferably, when the correct rate of the answer from the user is above a predetermined value (for example, 90%), it is judged that the user has passed the authentication. As such, users do not need to remember all transaction details.

在一些實施例中,在測試問題是填空題的情況下,當來自用戶的回答的字元被包含在正確答案的字元中(即,部分匹配)時,判斷用戶的回答正確,或者當來自用戶的回答的數值與正確答案的數值在一定範圍內時時,判斷用戶的回答正確。如此,用戶不需要記得所有的交易細節。 In some embodiments, in the case where the test question is a blank question, when the character from the user's answer is included in the character of the correct answer (ie, a partial match), the user's answer is judged to be correct, or when the When the value of the user's answer and the value of the correct answer are within a certain range, it is determined that the user's answer is correct. As such, users do not need to remember all transaction details.

在一個實施例中,一個或多個測試問題可以包括判斷題,該判斷題基於交易事件、以及該交易事件的以下因素的一個或者多個:時間、地點、交易金額。 In one embodiment, the one or more test questions may include a judgment question based on the transaction event and one or more of the following factors of the transaction event: time, location, transaction amount.

圖1和圖2所示的各個框可被視為方法步驟、和/或被視為由於運行電腦程式代碼而導致的操作、和/或被視為構建為實施相關功能的多個耦合的邏輯電路元件。儘管操作按特定的順序在圖中被描繪,但這不應被 理解為要求按照所示的特定順序或按依次順序來執行這些操作,或要求所有例示的操作被執行,以達到理想的結果。 The various blocks shown in FIGS. 1 and 2 can be considered as method steps, and/or as operations due to running computer program code, and/or as multiple coupled logic constructed to implement related functions Circuit components. Although the operations are depicted in the figure in a specific order, this should not be It is understood that these operations are required to be performed in the specific order shown or in sequential order, or that all the illustrated operations are required to be performed to achieve the desired result.

圖4是根據本發明的一個實施例的基於交易資料認證用戶身份的系統的示意圖。如圖所示,基於交易資料認證用戶身份的系統包括用戶端410、認證伺服器420、後臺系統430。後臺系統430包括歷史交易資料庫431。在一個典型的實施例中,認證伺服器420從用戶端410接收帳戶資訊,並且根據該帳戶資訊從後臺系統430的歷史交易資料庫431中提取歷史交易資料。然後,認證伺服器420根據提取的歷史交易資料產生測試問題,並且將該測試問題發送至用戶端410。然後,認證伺服器420從用戶端410接收回答,並且根據該回答來認證在用戶端410的用戶的身份與歷史交易資料所指示的用戶的身份是否一致。可以理解的是,認證伺服器420在產生測試問題時,可以同時存儲對應的測試問題的答案,以便快速驗證來自用戶的回答。 4 is a schematic diagram of a system for authenticating a user's identity based on transaction data according to an embodiment of the present invention. As shown in the figure, a system for authenticating a user's identity based on transaction data includes a user terminal 410, an authentication server 420, and a background system 430. The background system 430 includes a historical transaction database 431. In a typical embodiment, the authentication server 420 receives account information from the client 410 and extracts historical transaction data from the historical transaction database 431 of the backend system 430 according to the account information. Then, the authentication server 420 generates a test question based on the extracted historical transaction data, and sends the test question to the user terminal 410. Then, the authentication server 420 receives the answer from the user terminal 410, and authenticates whether the identity of the user at the user terminal 410 is consistent with the identity of the user indicated by the historical transaction data according to the answer. It can be understood that when the authentication server 420 generates a test question, the answer of the corresponding test question can be stored at the same time, so as to quickly verify the answer from the user.

示例性實施例可在硬體、軟體或其組合中來實施。例如,本發明的某些方面可在硬體中實施,而其他方面則可在軟體中實施。 Exemplary embodiments may be implemented in hardware, software, or a combination thereof. For example, some aspects of the invention can be implemented in hardware, while other aspects can be implemented in software.

在一個實施例中,基於交易資料認證用戶身份的認證伺服器,包括: 第一裝置,用於根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料, 第二裝置,用於根據該歷史交易資料產生一個或多個測試問題, 第三裝置,用於向該用戶提供所述一個或多個測試問題, 第四裝置,用於接收來自該用戶的針對所述一個或多個測試問題的回答, 第五裝置,用於根據所述回答判斷該用戶是否通過認證。 In one embodiment, the authentication server that authenticates the user's identity based on the transaction data includes: The first device is used to obtain historical transaction data associated with the account based on the account information provided by the user, The second device is used to generate one or more test questions based on the historical transaction data, A third device for providing the user with the one or more test questions, A fourth device for receiving answers from the user to the one or more test questions, The fifth device is used to judge whether the user has passed the authentication according to the answer.

在另一個實施例中,該帳戶是銀行帳戶或者網路支付應用帳戶。由所述第二裝置產生的所述一個或多個測試問題包括選擇題,其中該選擇題要求該用戶從多個選項中選擇與該帳戶關聯的一個或多個交易事件。該選擇題要求該用戶從多個選項中根據以下因素的一個或者多個選擇與該帳戶關聯的一個或多個交易事件:時間、地點、交易金額。所述多個選項包括從該歷史交易資料產生的一個或多個干擾選項。 In another embodiment, the account is a bank account or an online payment application account. The one or more test questions generated by the second device include multiple choice questions, where the multiple choice questions require the user to select one or more transaction events associated with the account from multiple options. The multiple-choice question requires the user to select one or more transaction events associated with the account from multiple options based on one or more of the following factors: time, location, and transaction amount. The plurality of options includes one or more interference options generated from the historical transaction data.

在另一個實施例中,由所述第二裝置產生的所述一個或多個測試問題包括填空題,其中,該填空題向該用戶提供與該帳戶關聯的一個交易事件並且要求該用戶回答與該交易事件相關的以下因素的一個或者多個:時間、地點、交易金額;或者該填空題向該用戶提供與該帳戶關聯的一個交易事件的以下因素的一個或者多個:時間、地點、交易金額,並且要求該用戶回答該交易事件。 In another embodiment, the one or more test questions generated by the second device include a blank question, wherein the blank question provides the user with a transaction event associated with the account and requires the user to answer with One or more of the following factors related to the transaction event: time, location, transaction amount; or the blank fill-in question provides the user with one or more of the following factors of a transaction event associated with the account: time, location, transaction Amount, and the user is required to answer the transaction event.

在另一個實施例中,由所述第二裝置產生的 所述一個或多個測試問題包括判斷題,該判斷題基於交易事件、以及該交易事件的以下因素的一個或者多個:時間、地點、交易金額。 In another embodiment, the second device The one or more test questions include a judgment question based on the transaction event and one or more of the following factors of the transaction event: time, location, and transaction amount.

在另一個實施例中,所述第三裝置通過向用戶的終端發送所述一個或多個測試問題的文字資訊、圖片資訊、或者語音資訊,或者其結合,來向該用戶提供所述一個或多個測試問題。 In another embodiment, the third device provides the user with the one or more by sending text information, picture information, or voice information of the one or more test questions to the user's terminal, or a combination thereof Test questions.

在另一個實施例中,所述第五裝置被配置成當來自用戶的回答全部正確時,判斷該用戶通過認證,或者當來自用戶的回答的正確率在預定值以上時,判斷該用戶通過認證。 In another embodiment, the fifth device is configured to judge that the user passed the authentication when all the answers from the user are correct, or to judge that the user passed the authentication when the accuracy of the answer from the user is above a predetermined value .

儘管本發明的示例性實施例的方面可被示出和描述為框圖、流程圖,但很好理解的是,這裏描述的這些裝置、或方法可在作為非限制性實例的系統中被實現為功能模組。此外,上述裝置不應被理解為要求在所有的實施例中進行這種分離,而應該被理解為所描述的程式元件和系統通常可以被集成在單一的軟體產品中或打包成多個軟體產品。 Although aspects of the exemplary embodiments of the present invention may be shown and described as block diagrams and flowcharts, it is well understood that the devices or methods described herein may be implemented in a system as a non-limiting example It is a functional module. In addition, the above device should not be understood as requiring such separation in all embodiments, but should be understood that the described program elements and systems can generally be integrated into a single software product or packaged into multiple software products .

相關領域的技術人員當結合附圖閱讀前述說明書時,對本發明的前述示例性實施例的各種修改和變形對於相關領域的技術人員會變得明顯。因此,本發明的實施例不限於所公開的特定實施例,並且變形例和其他實施例意在涵蓋在所附權利要求的範圍內。 When those skilled in the relevant art read the foregoing description in conjunction with the accompanying drawings, various modifications and variations to the aforementioned exemplary embodiments of the present invention will become apparent to those skilled in the relevant art. Therefore, the embodiments of the present invention are not limited to the specific embodiments disclosed, and variations and other embodiments are intended to be covered within the scope of the appended claims.

Claims (6)

一種基於交易資料認證用戶身份的方法,包括:根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料,根據該歷史交易資料產生一個或多個測試問題,向該用戶提供所述一個或多個測試問題,接收來自該用戶的針對所述一個或多個測試問題的同答,以及根據所述回答判斷該用戶是否通過認證,其中,在有多個測試問題的情況下,當來自使用者的回答的正確率在預定值以上時,判斷該使用者通過認證,所述一個或多個測試問題包括包含在該歷史交易資料中的商戶圖片資訊與不包含在該歷史交易資料中的其他商戶圖片資訊或者語音資訊,其中,所述一個或多個測試問題包括選擇題,其中該選擇題要求該使用者從多個選項中選擇與該帳戶關聯的一個或多個交易事件,所述多個選項包括從該歷史交易資料產生的一個或多個干擾選項。 A method for authenticating a user's identity based on transaction data includes: obtaining historical transaction data associated with the account based on account information provided by the user, generating one or more test questions based on the historical transaction data, and providing the user with the one or Multiple test questions, receiving the same answer from the user for the one or more test questions, and judging whether the user is authenticated based on the answers, where, in the case of multiple test questions, When the correct rate of the answer of the author is above a predetermined value, it is judged that the user has passed the authentication. The one or more test questions include the business picture information included in the historical transaction data and others not included in the historical transaction data Merchant picture information or voice information, wherein the one or more test questions include multiple choice questions, where the multiple choice questions require the user to select one or more transaction events associated with the account from multiple options, the multiple The options include one or more interference options generated from the historical transaction data. 如請求項1所述的方法,其中,該帳戶是銀行帳戶或者網路支付應用帳戶。 The method according to claim 1, wherein the account is a bank account or an online payment application account. 如請求項1所述的方法,其中,該選擇題要求該用戶從多個選項中根據以下因素的一個或者多個選擇與該帳戶關聯的一個或多個交易事件:時間、地點、交易金額。 The method of claim 1, wherein the multiple-choice question requires the user to select one or more transaction events associated with the account from multiple options based on one or more of the following factors: time, location, and transaction amount. 一種根據交易資料來認證用戶身份的認證伺服器,包括:根據由用戶提供的帳戶資訊獲得與該帳戶關聯的歷史交易資料,根據該歷史交易資料產生一個或多個測試問題,向該用戶提供所述一個或多個測試問題,接收來自該用戶的針對所述一個或多個測試問題的回答,以及根據所述回答判斷該用戶是否通過認證,其中,在有多個測試問題的情況下,當來自使用者的回答的正確率在預定值以上時或者當來自使用者的回答的數值與正確答案的數值在一定範圍內時,判斷該使用者通過認證,所述一個或多個測試問題包括包含在該歷史交易資料中的商戶圖片資訊與不包含在該歷史交易資料中的其他商戶圖片資訊或者語音資訊,所述一個或多個測試問題包括選擇題,其中該選擇題要求該使用者從多個選項中選擇與該帳戶關聯的一個或多個交易事件,所述多個選項包括從該歷史交易資料產生的一個或多個干擾選項。 An authentication server for authenticating a user's identity based on transaction data, including: obtaining historical transaction data associated with the account based on account information provided by the user, generating one or more test questions based on the historical transaction data, and providing the user with all The one or more test questions, receive answers from the user for the one or more test questions, and determine whether the user is authenticated based on the answers, where, when there are multiple test questions, when When the correct rate of the answer from the user is above a predetermined value or when the value of the answer from the user and the value of the correct answer are within a certain range, the user is judged to be authenticated, and the one or more test questions include including The business picture information in the historical transaction data and other business picture information or voice information not included in the historical transaction data, the one or more test questions include multiple choice questions, where the multiple choice questions require the user One option selects one or more transaction events associated with the account. The multiple options include one or more interference options generated from the historical transaction data. 如請求項4所述的認證伺服器,其中,該帳戶是銀行帳戶或者網路支付應用帳戶。 The authentication server according to claim 4, wherein the account is a bank account or an online payment application account. 如請求項4所述的認證伺服器,其中,該選擇題要求該用戶從多個選項中根據以下因素的一 個或者多個選擇與該帳戶關聯的一個或多個交易事件:時間、地點、交易金額。 The authentication server according to claim 4, wherein the multiple-choice question requires the user to select from multiple options based on one of the following factors One or more selected one or more transaction events associated with the account: time, location, transaction amount.
TW105143939A 2016-02-18 2016-12-29 Method and device for authenticating user identity based on transaction data TWI685805B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610090879.2A CN105610865A (en) 2016-02-18 2016-02-18 Method and device for authenticating identity of user based on transaction data
CN201610090879.2 2016-02-18

Publications (2)

Publication Number Publication Date
TW201730829A TW201730829A (en) 2017-09-01
TWI685805B true TWI685805B (en) 2020-02-21

Family

ID=55990403

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105143939A TWI685805B (en) 2016-02-18 2016-12-29 Method and device for authenticating user identity based on transaction data

Country Status (3)

Country Link
CN (1) CN105610865A (en)
TW (1) TWI685805B (en)
WO (1) WO2017140190A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610865A (en) * 2016-02-18 2016-05-25 ***股份有限公司 Method and device for authenticating identity of user based on transaction data
CN106888201A (en) * 2016-08-31 2017-06-23 阿里巴巴集团控股有限公司 A kind of method of calibration and device
CN106779716B (en) * 2016-11-21 2021-06-04 江苏通付盾区块链科技有限公司 Authentication method, device and system based on block chain account address
CN106411950B (en) * 2016-11-21 2019-10-18 江苏通付盾科技有限公司 Authentication method, apparatus and system based on block chain transaction id
TWI638307B (en) * 2017-08-04 2018-10-11 台灣資服科技股份有限公司 Multi-factor login system and login method
CN108875514B (en) * 2017-12-08 2021-07-30 北京旷视科技有限公司 Face authentication method and system, authentication device and nonvolatile storage medium
CN108391141B (en) * 2018-03-19 2020-03-31 京东数字科技控股有限公司 Method and apparatus for outputting information
CN110473096A (en) * 2019-07-31 2019-11-19 阿里巴巴集团控股有限公司 Data grant method and device based on intelligent contract
US11252166B2 (en) 2019-07-31 2022-02-15 Advanced New Technologies Co., Ltd. Providing data authorization based on blockchain
US11057189B2 (en) 2019-07-31 2021-07-06 Advanced New Technologies Co., Ltd. Providing data authorization based on blockchain
US11251963B2 (en) 2019-07-31 2022-02-15 Advanced New Technologies Co., Ltd. Blockchain-based data authorization method and apparatus
CN110517021A (en) * 2019-08-27 2019-11-29 出门问问信息科技有限公司 A kind of data processing method, device, storage medium and electronic equipment
US11310051B2 (en) 2020-01-15 2022-04-19 Advanced New Technologies Co., Ltd. Blockchain-based data authorization method and apparatus
CN112767593B (en) * 2020-12-31 2022-02-22 深圳市深圳通有限公司 Traffic card owner identification method, device, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1776755A (en) * 2005-07-05 2006-05-24 淘宝控股有限公司 Method for identify user identity for Internet service provider
CN101473344A (en) * 2006-06-19 2009-07-01 维萨美国股份有限公司 Consumer authentication system and method
US20150186880A1 (en) * 2013-12-26 2015-07-02 Tencent Technology (Shenzhen) Company Limited Systems and Methods for Safe Payments

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004511028A (en) * 2000-06-28 2004-04-08 パテンテック,インコーポレイティド Method and system for securely collecting, storing and transmitting information
CN1910592A (en) * 2004-01-23 2007-02-07 运通卡国际股份有限公司 System and method for secure telephone and computer transactions
CN101447051A (en) * 2007-11-27 2009-06-03 联想(北京)有限公司 Payment method and payment device
US9928358B2 (en) * 2013-12-09 2018-03-27 Mastercard International Incorporated Methods and systems for using transaction data to authenticate a user of a computing device
CN105610865A (en) * 2016-02-18 2016-05-25 ***股份有限公司 Method and device for authenticating identity of user based on transaction data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1776755A (en) * 2005-07-05 2006-05-24 淘宝控股有限公司 Method for identify user identity for Internet service provider
CN101473344A (en) * 2006-06-19 2009-07-01 维萨美国股份有限公司 Consumer authentication system and method
US20150186880A1 (en) * 2013-12-26 2015-07-02 Tencent Technology (Shenzhen) Company Limited Systems and Methods for Safe Payments

Also Published As

Publication number Publication date
WO2017140190A1 (en) 2017-08-24
CN105610865A (en) 2016-05-25
TW201730829A (en) 2017-09-01

Similar Documents

Publication Publication Date Title
TWI685805B (en) Method and device for authenticating user identity based on transaction data
US11847199B2 (en) Remote usage of locally stored biometric authentication data
US10440019B2 (en) Method, computer program, and system for identifying multiple users based on their behavior
US10200364B1 (en) Enhanced secure authentication
CA2945703C (en) Systems, apparatus and methods for improved authentication
US20230045378A1 (en) Non-repeatable challenge-response authentication
US20160005038A1 (en) Enhanced user authentication platform
US11743267B2 (en) Location identification in multi-factor authentication
US20220215398A1 (en) Systems and methods for use in authenticating consumers in connection with payment account transactions
US11188913B2 (en) Systems and methods for securely verifying a subset of personally identifiable information
JP2006504167A (en) Method for performing secure electronic transactions using portable data storage media
US11902275B2 (en) Context-based authentication of a user
US9202035B1 (en) User authentication based on biometric handwriting aspects of a handwritten code
US20230020600A1 (en) System, Method, and Computer Program Product for Authenticating a Transaction
US20230185898A1 (en) Systems and methods for authentication code entry using mobile electronic devices
US11615421B2 (en) Methods, system and computer program product for selectively responding to presentation of payment card information
US20220335426A1 (en) Method for Determining the Likelihood for Someone to Remember a Particular Transaction
US20240095740A1 (en) Multi-factor authentication using location data
Sreelekha et al. The Abundant User Verification and Authentication for Ensured Internet Services