WO2017140190A1 - Method and device for authenticating user identity based on transaction data - Google Patents

Method and device for authenticating user identity based on transaction data Download PDF

Info

Publication number
WO2017140190A1
WO2017140190A1 PCT/CN2017/070223 CN2017070223W WO2017140190A1 WO 2017140190 A1 WO2017140190 A1 WO 2017140190A1 CN 2017070223 W CN2017070223 W CN 2017070223W WO 2017140190 A1 WO2017140190 A1 WO 2017140190A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
account
transaction data
authentication
test questions
Prior art date
Application number
PCT/CN2017/070223
Other languages
French (fr)
Chinese (zh)
Inventor
万四爽
徐燕军
何朔
尹亚伟
Original Assignee
***股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ***股份有限公司 filed Critical ***股份有限公司
Publication of WO2017140190A1 publication Critical patent/WO2017140190A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • Embodiments of the present invention relate to identity authentication and, in particular, to methods and apparatus for authenticating a user identity based on transaction data.
  • the authentication server needs to rely on pre-prepared data for authentication.
  • data are, for example, a password set by the user at the time of registration of the authentication server, a registered mobile phone number, biometric information of the user such as a fingerprint, or data for authentication in the smart card assigned to the user.
  • the user can authenticate by sending the required data to the authentication server.
  • the authentication server receives data from the user and compares the data with data prepared in advance to determine whether the user has passed the authentication.
  • An authentication scheme using a static password which includes receiving the required data from the client, and then comparing the received data with a pre-stored password set by the user to authenticate the user.
  • An authentication scheme using a dynamic password including transmitting a dynamic password to a user's terminal (eg, a mobile phone), and receiving the required data from the client, and then authenticating the received data against the previously generated dynamic password for authentication user ID.
  • a user's terminal eg, a mobile phone
  • a biometric authentication scheme includes receiving required biometric information (eg, face, sound, iris, fingerprint) from a client, and then receiving the biometric information and pre-stored bio-derived creatures The feature information is compared to authenticate the user.
  • required biometric information eg, face, sound, iris, fingerprint
  • the above authentication scheme cannot authenticate users who are not registered with the authentication server.
  • a method for authenticating a user identity based on transaction data comprising: based on an account letter provided by a user Obtaining historical transaction data associated with the account, generating one or more test questions based on the historical transaction data, providing the one or more test questions to the user, receiving the one or more tests from the user The answer to the question, and based on the answer, determine whether the user has passed the authentication.
  • An authentication server for authenticating a user identity based on the transaction data, comprising: a first device, configured to obtain historical transaction data associated with the account according to account information provided by the user, and a second device, configured to generate one or more according to the historical transaction data a test problem, a third device for providing the one or more test questions to the user, a fourth device for receiving an answer from the user for the one or more test questions, and a fifth device And determining, according to the answer, whether the user passes the authentication.
  • FIG. 1 is a schematic diagram of a method of authenticating a user identity based on transaction data, in accordance with one embodiment of the present invention.
  • FIG. 2 is an example of a method of authenticating a user identity based on transaction data, in accordance with one embodiment of the present invention.
  • FIG 3 is an interface for presenting test questions in accordance with one embodiment of the present invention.
  • FIG. 4 is a schematic diagram of a system for authenticating a user identity based on transaction data, in accordance with one embodiment of the present invention.
  • FIG. 1 is a schematic diagram of a method of authenticating a user identity based on transaction data, in accordance with one embodiment of the present invention.
  • the method includes the processing in blocks 110 through 150, which can be performed on the authentication server side.
  • historical transaction data associated with the account is obtained based on account information provided by the user.
  • the account is a bank account or a web payment application account.
  • the account information can be, for example, a bank card number Or the account of the online payment application.
  • Historical transaction data associated with the account can be obtained from the corresponding transaction database.
  • test questions are generated based on the historical transaction data.
  • the manner in which the test problem is generated and the form of the test problem will be described in detail.
  • the one or more test questions are provided to the user.
  • the one or more test questions may be provided to the user by transmitting textual information, picture information, or voice information of the one or more test questions to the user's terminal, or a combination thereof.
  • the user's terminal can be any electronic device capable of interacting with the authentication server, such as a cell phone, tablet, laptop, self-service terminal (eg, ATM).
  • the answer from the user is used to compare against the answer to the test question, and when the match is consistent, it is determined that the user has the same identity as the user to whom the historical transaction data points.
  • One advantage of the authentication scheme according to this embodiment is that the authentication server can perform identity authentication without any pre-prepared data, since historical transaction data can be obtained from the bank backend system.
  • Another advantage of the authentication scheme according to this embodiment is that the authentication server only needs account information to perform identity authentication, so the user does not have to worry about revealing sensitive information such as name, ID number, mobile number, etc. because he/she does not need to provide these information. At the same time, users do not need to carry any hardware devices with smart chips installed. Generating test questions based on the user's historical transaction data and authenticating the user's identity based on the test questions can improve the security and convenience of the authentication process.
  • Another advantage of the authentication scheme according to this embodiment is that the manner of authentication is specific to the transaction behavior of the user, and therefore it is difficult to pass authentication even if the other person knows the account information of the user.
  • the authentication scheme according to this embodiment is more reliable than the authentication scheme in the prior art.
  • the test problem can also be randomly generated, so the authentication scheme according to this embodiment can effectively prevent the replay attack.
  • Another advantage of the authentication scheme according to this embodiment is that when the historical transaction data is data generated by the bank account, the authentication server performs real-name authentication on the user without any pre-prepared data, because the bank account and the user's real Personal information binding.
  • the one or more test questions may include a multiple choice question, wherein the multiple choice question requires the user to select one or more transaction events associated with the account from among a plurality of options.
  • the multiple choice question asks the user to select one or more transaction events associated with the account from among a plurality of options based on one or more of the following factors: time, location, transaction amount.
  • the plurality of options can include one or more interference options generated from the historical transaction data.
  • FIG. 2 is an example of a method of authenticating a user identity based on transaction data, in accordance with one embodiment of the present invention. This example shows the flow of identity authentication based on bank account information.
  • bank account information is submitted from the client.
  • bank account information is received at the authentication server and the historical transaction data is looked up based on the account information.
  • the authentication server can send a request containing the bank account information to the bank backend system, and then receive historical transaction data from the bank backend system.
  • the historical transaction data may be historical transaction data for a specific time period.
  • a plurality of options including real transaction options and interference options are generated based on historical transaction data.
  • the real trading option is the business name included in the historical transaction data
  • the interference option may be the name of the merchant similar to the merchant included in the historical transaction data.
  • a transaction behavior that may occur is analyzed based on historical transaction data of the user, and then an interference option is generated based on the transaction behavior that may occur. For example, one or more merchants indicated by the possible transaction behavior are analyzed based on the user's historical transaction data, and then the one or more merchants are used as interference options.
  • the interference option can be generated by extracting characteristics of the transaction behavior from historical transaction data, including transaction type, transaction location, and merchant type. Then, merchants not included in the historical transaction data are generated as interference options based on some or all of these features.
  • the type of transaction can include dining, travel, shopping, and the like.
  • the merchant type may include Sichuan cuisine, Japanese cuisine, and the like. If the historical transaction data indicates that the user is spending at the Japanese cuisine A merchant at the location A, the authentication server can accordingly use the Japanese cuisine B near the location A as the interference item.
  • a plurality of options and authentication rules are sent to the client. Multiple options can include real trading options and interference options.
  • the authentication rules are presented to the user as part of the testing question.
  • the authentication rule requires the user to select from the plurality of options according to one or more of the following factors: One or more trading events of the joint: time, place, transaction amount.
  • an authentication rule may require a user to select a merchant from among a plurality of options in the order in which the transaction occurred.
  • the authentication rules may require the user to select a merchant that has traded at a particular location from among a plurality of options.
  • an authentication rule may require a merchant that has selected a transaction value greater than a certain value from among a plurality of options.
  • an option is selected in accordance with the authentication rules.
  • the selected option is received from the client.
  • block 226 it is determined whether the selected option conforms to the authentication rule, that is, whether the selected option satisfies the conditions defined by the authentication rule.
  • the process proceeds to block 227, the authentication is passed, and if the determination is no, the process proceeds to block 228 where the authentication is passed.
  • the authentication rule (or the answer rule) of the test question requires the user to select the six merchants that have been consumed in chronological order.
  • the authentication server finds that the users of the bank card are often consumed in Starbucks, Conrad restaurants, CHANNEL stores, and CP Lotus, whereby the authentication server can generate COSTA coffee and Coach stores according to such transaction behavior or consumption habits. , Metro and other interference options. Since the user's historical trading behavior is only known by him/herself, the user can select the correct merchant according to the rules.
  • the actual transaction sequence of the user occurs: Starbucks, CHANNEL, CP Lotus, Gangli Restaurant, Hao Ledi KTV, the whole family .
  • the user can click on the icon on the interface to generate an orderly option, and the sequence option is sent to the authentication server.
  • the authentication server determines that the option selected by the user is authentic and the transaction time of the authentication rule occurs, the identity authentication succeeds, otherwise, the identity authentication fails.
  • the one or more test questions may include a fill-in-the-blank question, wherein the fill-in-the-blank question provides the user with a transaction event associated with the account and asks the user to answer one of the following factors related to the transaction event or Multiple: time, location, transaction amount; or the fill-in-the-blank question provides the user with one or more of the following factors of a transaction event associated with the account: time, location, The transaction amount and the user is required to answer the transaction event.
  • the test question can be "Please enter the date of the last purchase at Merchant A" or "Please enter the amount of the last purchase at Merchant A”.
  • the test question can be "Please enter the name of the business that was consumed at location A yesterday.”
  • test question is a fill-in-the-blank question
  • the character from the user's answer is included in the character of the correct answer (ie, a partial match)
  • the user's answer is determined to be correct, or when from the user's
  • the value of the answer and the value of the correct answer are within a certain range, the user's answer is judged to be correct. In this way, the user does not need to remember all the transaction details.
  • the one or more test questions may include a judgment question based on the transaction event, and one or more of the following factors of the transaction event: time, location, transaction amount.
  • the system for authenticating a user identity based on transaction data includes a client 410, an authentication server 420, and a background system 430.
  • the backend system 430 includes a historical transaction database 431.
  • the authentication server 420 receives account information from the client 410 and extracts historical transaction data from the historical transaction database 431 of the background system 430 based on the account information. The authentication server 420 then generates a test question based on the extracted historical transaction data and sends the test question to the client 410.
  • the authentication server 420 then receives an answer from the client 410 and, based on the answer, authenticates whether the identity of the user at the client 410 is consistent with the identity of the user indicated by the historical transaction data. It can be understood that the authentication server 420 can simultaneously store the answers of the corresponding test questions when generating the test questions, so as to quickly verify the answers from the users.
  • the exemplary embodiments can be implemented in hardware, software, or a combination thereof.
  • some aspects of the invention may be implemented in hardware, while other aspects may be implemented in software.
  • the authentication server that authenticates the user based on the transaction data includes:
  • a first device configured to obtain historical transaction data associated with the account according to account information provided by the user
  • a second device for generating one or more test questions based on the historical transaction data
  • a third device for providing the one or more test questions to the user
  • a fourth device for receiving an answer from the user for the one or more test questions
  • a fifth device configured to determine, according to the answer, whether the user passes the authentication.
  • the account is a bank account or a web payment application account.
  • the one or more test questions generated by the second device include a multiple choice question, wherein the multiple choice question requires the user to select one or more transaction events associated with the account from among a plurality of options.
  • the multiple choice question asks the user to select one or more transaction events associated with the account from among a plurality of options based on one or more of the following factors: time, location, transaction amount.
  • the plurality of options includes one or more interference options generated from the historical transaction data.
  • the one or more test questions generated by the second device include a fill-in-the-blank question, wherein the fill-in-the-blank question provides the user with a transaction event associated with the account and asks the user to answer One or more of the following factors related to the transaction event: time, location, transaction amount; or the fill-in-the-money question provides the user with one or more of the following factors of a transaction event associated with the account: time, place, transaction Amount and ask the user to answer the transaction event.
  • the one or more test questions generated by the second device include a decision question based on one or more of a transaction event and the following factors of the transaction event: time, location ,Amount of the transaction.
  • the third device provides the one or the user with the text information, the picture information, or the voice information of the one or more test questions, or a combination thereof, to the user's terminal. Multiple test questions.
  • the fifth device is configured to determine that the user is authenticated when the answer from the user is all correct, or to determine that the user is authenticated when the correct rate of the answer from the user is above a predetermined value .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A method and device for authenticating a user identity based on transaction data. The method comprises: obtaining historical transaction data associated with an account according to account information provided by a user; generating one or more test questions according to the historical transaction data; providing the one or more test questions for the user; receiving an answer to the one or more test questions from the user; and judging whether the user passes authentication according to the answer.

Description

一种基于交易数据认证用户身份的方法和装置Method and device for authenticating user identity based on transaction data
技术领域Technical field
本发明的实施例涉及身份认证,并且具体涉及基于交易数据认证用户身份的方法和装置。Embodiments of the present invention relate to identity authentication and, in particular, to methods and apparatus for authenticating a user identity based on transaction data.
背景技术Background technique
目前,在认证用户身份时,认证服务器需要依靠预先准备的数据进行认证。这些数据例如是用户在认证服务器注册时设置的密码、登记的手机号码、诸如指纹等用户的生物特征信息,或者分配给用户的智能卡中的用于认证的数据。Currently, when authenticating a user, the authentication server needs to rely on pre-prepared data for authentication. These data are, for example, a password set by the user at the time of registration of the authentication server, a registered mobile phone number, biometric information of the user such as a fingerprint, or data for authentication in the smart card assigned to the user.
在各种场景下,用户可以通过向认证服务器发送所要求的数据来进行身份认证。认证服务器接收来自用户的数据,并且将这些数据与预先准备的数据进行比对来判断用户是否通过认证。In various scenarios, the user can authenticate by sending the required data to the authentication server. The authentication server receives data from the user and compares the data with data prepared in advance to determine whether the user has passed the authentication.
现有技术包括以下几种认证方案:The prior art includes the following authentication schemes:
使用静态密码的认证方案,其中,包括从用户端接收所要求的数据,然后将接收到的数据与预先存储的由用户设置的密码进行比对来认证用户身份。An authentication scheme using a static password, which includes receiving the required data from the client, and then comparing the received data with a pre-stored password set by the user to authenticate the user.
使用动态口令的认证方案,其中,包括向用户的终端(例如,手机)发送动态口令,并且从用户端接收所要求的数据,然后将接收到的数据与先前生成的动态口令进行比对来认证用户身份。An authentication scheme using a dynamic password, including transmitting a dynamic password to a user's terminal (eg, a mobile phone), and receiving the required data from the client, and then authenticating the received data against the previously generated dynamic password for authentication user ID.
使用生物特征的认证方案,其中,包括从用户端接收所要求的生物特征信息(例如,人脸、声音、虹膜、指纹),然后将接收到的生物特征信息与预先存储的从用户得到的生物特征信息进行比对来认证用户身份。A biometric authentication scheme is used, which includes receiving required biometric information (eg, face, sound, iris, fingerprint) from a client, and then receiving the biometric information and pre-stored bio-derived creatures The feature information is compared to authenticate the user.
然而,上述的认证方案无法对未在认证服务器注册的用户进行身份认证。However, the above authentication scheme cannot authenticate users who are not registered with the authentication server.
发明内容Summary of the invention
一种基于交易数据认证用户身份的方法,包括:根据由用户提供的账户信 息获得与该账户关联的历史交易数据,根据该历史交易数据产生一个或多个测试问题,向该用户提供所述一个或多个测试问题,接收来自该用户的针对所述一个或多个测试问题的回答,以及根据所述回答判断该用户是否通过认证。A method for authenticating a user identity based on transaction data, comprising: based on an account letter provided by a user Obtaining historical transaction data associated with the account, generating one or more test questions based on the historical transaction data, providing the one or more test questions to the user, receiving the one or more tests from the user The answer to the question, and based on the answer, determine whether the user has passed the authentication.
基于交易数据认证用户身份的认证服务器,包括:第一装置,用于根据由用户提供的账户信息获得与该账户关联的历史交易数据,第二装置,用于根据该历史交易数据产生一个或多个测试问题,第三装置,用于向该用户提供所述一个或多个测试问题,第四装置,用于接收来自该用户的针对所述一个或多个测试问题的回答,以及第五装置,用于根据所述回答判断该用户是否通过认证。An authentication server for authenticating a user identity based on the transaction data, comprising: a first device, configured to obtain historical transaction data associated with the account according to account information provided by the user, and a second device, configured to generate one or more according to the historical transaction data a test problem, a third device for providing the one or more test questions to the user, a fourth device for receiving an answer from the user for the one or more test questions, and a fifth device And determining, according to the answer, whether the user passes the authentication.
当结合附图阅读以下描述时也将理解本发明的实施例的其它特征和优势,其中附图借助于实例示出了本发明的实施例的原理。Other features and advantages of the embodiments of the present invention will be understood from the description of the appended claims.
附图说明DRAWINGS
图1是根据本发明的一个实施例的基于交易数据认证用户身份的方法的示意图。1 is a schematic diagram of a method of authenticating a user identity based on transaction data, in accordance with one embodiment of the present invention.
图2是根据本发明的一个实施例的基于交易数据认证用户身份的方法的实例。2 is an example of a method of authenticating a user identity based on transaction data, in accordance with one embodiment of the present invention.
图3是根据本发明的一个实施例的呈现测试问题的界面。3 is an interface for presenting test questions in accordance with one embodiment of the present invention.
图4是根据本发明的一个实施例的基于交易数据认证用户身份的***的示意图。4 is a schematic diagram of a system for authenticating a user identity based on transaction data, in accordance with one embodiment of the present invention.
具体实施方式detailed description
在下文中,将结合实施例描述本发明的原理。应当理解的是,给出的实施例只是为了本领域技术人员更好地理解并且实践本发明,而不是限制本发明的范围。因此,本说明书中包含许多具体的实施细节不应被解释为对发明的范围或可能被要求保护的范围的限制,而是应该被视为特定于实施例的描述。Hereinafter, the principles of the present invention will be described in conjunction with the embodiments. It is to be understood that the present invention is not limited by the scope of the invention. Therefore, the specific details of the invention are not to be construed as limiting the scope of the invention or the scope of the invention.
图1是根据本发明的一个实施例的基于交易数据认证用户身份的方法的示意图。该方法包括框110至150中的处理,这些处理可以在认证服务器端进行。1 is a schematic diagram of a method of authenticating a user identity based on transaction data, in accordance with one embodiment of the present invention. The method includes the processing in blocks 110 through 150, which can be performed on the authentication server side.
在框110中,根据由用户提供的账户信息获得与该账户关联的历史交易数据。该账户是银行账户或者网络支付应用账户。账户信息例如可以是银行卡*** 或者网络支付应用的账号。与账户关联的历史交易数据可以从相应的交易数据库获得。In block 110, historical transaction data associated with the account is obtained based on account information provided by the user. The account is a bank account or a web payment application account. The account information can be, for example, a bank card number Or the account of the online payment application. Historical transaction data associated with the account can be obtained from the corresponding transaction database.
在框120中,根据该历史交易数据产生一个或多个测试问题。后文在其它实施例中,将详细描述产生测试问题的方式和测试问题的形式。In block 120, one or more test questions are generated based on the historical transaction data. In the other embodiments, the manner in which the test problem is generated and the form of the test problem will be described in detail.
在框130中,向该用户提供所述一个或多个测试问题。可以通过向用户的终端发送所述一个或多个测试问题的文字信息、图片信息、或者语音信息,或者其结合,来向该用户提供所述一个或多个测试问题。用户的终端可以是能够与认证服务器交互的任何电子设备,例如手机、平板电脑、笔记本电脑、自助服务终端(例如,ATM)。In block 130, the one or more test questions are provided to the user. The one or more test questions may be provided to the user by transmitting textual information, picture information, or voice information of the one or more test questions to the user's terminal, or a combination thereof. The user's terminal can be any electronic device capable of interacting with the authentication server, such as a cell phone, tablet, laptop, self-service terminal (eg, ATM).
在框140中,接收来自该用户的针对所述一个或多个测试问题的回答。In block 140, an answer from the user for the one or more test questions is received.
在框150中,根据所述回答判断该用户是否通过认证。来自用户的回答被用来与测试问题的答案进行比对,当比对相一致时,确定该用户与历史交易数据所指向的用户具有相同的身份。In block 150, a determination is made as to whether the user has passed the authentication based on the answer. The answer from the user is used to compare against the answer to the test question, and when the match is consistent, it is determined that the user has the same identity as the user to whom the historical transaction data points.
根据该实施例的认证方案的一个优势在于,认证服务器不需要任何预先准备的数据就可以进行身份认证,这是因为历史交易数据可以从银行后台***请求获得。One advantage of the authentication scheme according to this embodiment is that the authentication server can perform identity authentication without any pre-prepared data, since historical transaction data can be obtained from the bank backend system.
根据该实施例的认证方案的另一个优势在于,认证服务器仅仅需要账户信息就能进行身份认证,因此用户不必担心泄露姓名、身份证号、手机号码等敏感信息,因为他/她不需要提供这些信息。同时,用户也不需要携带任何安装有智能芯片的硬件设备。基于用户的历史交易数据产生测试问题并且根据测试问题来认证用户的身份能够提高认证过程的安全性和便捷性。Another advantage of the authentication scheme according to this embodiment is that the authentication server only needs account information to perform identity authentication, so the user does not have to worry about revealing sensitive information such as name, ID number, mobile number, etc. because he/she does not need to provide these information. At the same time, users do not need to carry any hardware devices with smart chips installed. Generating test questions based on the user's historical transaction data and authenticating the user's identity based on the test questions can improve the security and convenience of the authentication process.
根据该实施例的认证方案的另一个优势在于,认证的方式特定于用户的交易行为,因此,即使他人知晓用户的账户信息也难以通过认证。与现有技术中的认证方案相比,根据该实施例的认证方案更加可靠。同时,由于交易行为随时间发生变化,测试问题也可以随机产生,因此根据该实施例的认证方案可以有效的防止重放攻击。Another advantage of the authentication scheme according to this embodiment is that the manner of authentication is specific to the transaction behavior of the user, and therefore it is difficult to pass authentication even if the other person knows the account information of the user. The authentication scheme according to this embodiment is more reliable than the authentication scheme in the prior art. At the same time, since the transaction behavior changes over time, the test problem can also be randomly generated, so the authentication scheme according to this embodiment can effectively prevent the replay attack.
根据该实施例的认证方案的另一个优势在于,当历史交易数据是银行账户产生的数据时,认证服务器不需要任何预先准备的数据就对用户进行实名认证,这是因为银行账户与用户的真实个人信息绑定。 Another advantage of the authentication scheme according to this embodiment is that when the historical transaction data is data generated by the bank account, the authentication server performs real-name authentication on the user without any pre-prepared data, because the bank account and the user's real Personal information binding.
现在描述产生测试问题的方式和测试问题的形式。The manner in which the test problem is generated and the form of the test problem are now described.
在一个实施例中,一个或多个测试问题可以包括选择题,其中该选择题要求该用户从多个选项中选择与该账户关联的一个或多个交易事件。该选择题要求该用户从多个选项中根据以下因素的一个或者多个选择与该账户关联的一个或多个交易事件:时间、地点、交易金额。所述多个选项可以包括从该历史交易数据产生的一个或多个干扰选项。In one embodiment, the one or more test questions may include a multiple choice question, wherein the multiple choice question requires the user to select one or more transaction events associated with the account from among a plurality of options. The multiple choice question asks the user to select one or more transaction events associated with the account from among a plurality of options based on one or more of the following factors: time, location, transaction amount. The plurality of options can include one or more interference options generated from the historical transaction data.
图2是根据本发明的一个实施例的基于交易数据认证用户身份的方法的实例。该实例示出了根据银行账户信息进行身份认证的流程。2 is an example of a method of authenticating a user identity based on transaction data, in accordance with one embodiment of the present invention. This example shows the flow of identity authentication based on bank account information.
在框211中,从用户端提交银行账户信息。In block 211, bank account information is submitted from the client.
在框221中,在认证服务器端接收银行账户信息,并且根据该账户信息查找历史交易数据。认证服务器可以向银行后台***发送包含该银行账户信息的请求,然后从银行后台***接收历史交易数据。该历史交易数据可以是特定时间段的历史交易数据。In block 221, bank account information is received at the authentication server and the historical transaction data is looked up based on the account information. The authentication server can send a request containing the bank account information to the bank backend system, and then receive historical transaction data from the bank backend system. The historical transaction data may be historical transaction data for a specific time period.
在框222中,根据历史交易数据产生包括真实交易选项和干扰选项的多个选项。例如,真实交易选项是历史交易数据中包含的商户名称,而干扰选项可以是与历史交易数据中包含的商户相类似的商户的名称。In block 222, a plurality of options including real transaction options and interference options are generated based on historical transaction data. For example, the real trading option is the business name included in the historical transaction data, and the interference option may be the name of the merchant similar to the merchant included in the historical transaction data.
在一个示例中,根据用户的历史交易数据分析得到可能发生的交易行为,然后根据所述可能发生的交易行为产生干扰选项。例如,根据用户的历史交易数据分析得到可能发生的交易行为所指示的一个或多个商户,然后将该一个或多个商户作为干扰选项。In one example, a transaction behavior that may occur is analyzed based on historical transaction data of the user, and then an interference option is generated based on the transaction behavior that may occur. For example, one or more merchants indicated by the possible transaction behavior are analyzed based on the user's historical transaction data, and then the one or more merchants are used as interference options.
示例性地,干扰选项可以通过以下方式产生:从历史交易数据提取交易行为的特征,包括交易类型、交易地点、商户类型。然后,根据这些特征中的一部分或者全部产生不包含在历史交易数据中的商户作为干扰选项。交易类型可以包括餐饮、旅游、购物等。在餐饮的交易类型中,商户类型可以包括四川料理、日本料理等。如果历史交易数据表明用户在地点A的日本料理A商户进行消费,那么认证服务器据此可将以在地点A附近的日本料理B作为干扰项。Illustratively, the interference option can be generated by extracting characteristics of the transaction behavior from historical transaction data, including transaction type, transaction location, and merchant type. Then, merchants not included in the historical transaction data are generated as interference options based on some or all of these features. The type of transaction can include dining, travel, shopping, and the like. Among the types of catering transactions, the merchant type may include Sichuan cuisine, Japanese cuisine, and the like. If the historical transaction data indicates that the user is spending at the Japanese cuisine A merchant at the location A, the authentication server can accordingly use the Japanese cuisine B near the location A as the interference item.
在框223中,向用户端发送多个选项和认证规则。多个选项可以包括真实交易选项和干扰选项。认证规则作为测试问题的一部分被呈现给用户。这里,认证规则要求该用户从多个选项中根据以下因素的一个或者多个选择与该账户关 联的一个或多个交易事件:时间、地点、交易金额。例如,认证规则可以要求用户按照交易发生时间的顺序,从多个选项中选择商户。又例如,认证规则可以要求用户从多个选项中选择在特定地点进行过交易的商户。又例如,认证规则可以要求从多个选项中选择交易金额大于某个数值的进行过交易的商户。In block 223, a plurality of options and authentication rules are sent to the client. Multiple options can include real trading options and interference options. The authentication rules are presented to the user as part of the testing question. Here, the authentication rule requires the user to select from the plurality of options according to one or more of the following factors: One or more trading events of the joint: time, place, transaction amount. For example, an authentication rule may require a user to select a merchant from among a plurality of options in the order in which the transaction occurred. As another example, the authentication rules may require the user to select a merchant that has traded at a particular location from among a plurality of options. As another example, an authentication rule may require a merchant that has selected a transaction value greater than a certain value from among a plurality of options.
在框212中,呈现多个选项和认证规则。In block 212, a plurality of options and authentication rules are presented.
在框213中,根据认证规则选择选项。In block 213, an option is selected in accordance with the authentication rules.
在框213中,发送选择的选项。In block 213, the selected option is sent.
在框224中,从用户端接收选择的选项。In block 224, the selected option is received from the client.
在看225中,判断选择的选项是否为真实交易选项,即判断选择的选项是否符合历史交易数据,当判断为是时,进入框226,当判断为否时,进入框228,认证通过。In look at 225, it is determined whether the selected option is a real transaction option, that is, whether the selected option conforms to the historical transaction data, and if the determination is yes, the process proceeds to block 226, and if the determination is no, the process proceeds to block 228 where the authentication is passed.
在框226中,判断选择的选项是否符合认认证规则,即选择的选项是否满足认证规则限定的条件。当判断为是时,进入框227,认证通过,当判断为否时,进入框228,认证通过。In block 226, it is determined whether the selected option conforms to the authentication rule, that is, whether the selected option satisfies the conditions defined by the authentication rule. When the determination is yes, the process proceeds to block 227, the authentication is passed, and if the determination is no, the process proceeds to block 228 where the authentication is passed.
图3是根据本发明的一个实施例的呈现测试问题的示例性的界面。如图3所示,该测试问题的认证规则(或者答题规则)要求用户按照时间先后顺序,选择曾经消费过的6个商户。认证服务器通过分析历史交易数据发现该银行卡的用户经常在星巴克、港丽餐厅、CHANNEL专卖店、卜蜂莲花消费,由此认证服务器可以根据这样的交易行为或者消费习惯产生COSTA咖啡、Coach专卖店、麦德龙等干扰选项。由于用户的历史交易行为只有他/她自己知道,所以用户能够按照规则选出正确的商户,比如用户的实际交易发生的顺序为:星巴克、CHANNEL、卜蜂莲花、港丽餐厅、好乐迪KTV、全家。用户可以点击界面上的图标产生按顺序的选项,并且该序列选项被发送至认证服务器。当认证服务器判断用户选择的选项是真实的的并且满足认证规则的交易时间发生顺序,则身份认证成功,否则,身份认证失败。3 is an exemplary interface for presenting test questions in accordance with one embodiment of the present invention. As shown in FIG. 3, the authentication rule (or the answer rule) of the test question requires the user to select the six merchants that have been consumed in chronological order. By analyzing the historical transaction data, the authentication server finds that the users of the bank card are often consumed in Starbucks, Conrad restaurants, CHANNEL stores, and CP Lotus, whereby the authentication server can generate COSTA coffee and Coach stores according to such transaction behavior or consumption habits. , Metro and other interference options. Since the user's historical trading behavior is only known by him/herself, the user can select the correct merchant according to the rules. For example, the actual transaction sequence of the user occurs: Starbucks, CHANNEL, CP Lotus, Gangli Restaurant, Hao Ledi KTV, the whole family . The user can click on the icon on the interface to generate an orderly option, and the sequence option is sent to the authentication server. When the authentication server determines that the option selected by the user is authentic and the transaction time of the authentication rule occurs, the identity authentication succeeds, otherwise, the identity authentication fails.
在一个实施例中,一个或多个测试问题可以包括填空题,其中,该填空题向该用户提供与该账户关联的一个交易事件并且要求该用户回答与该交易事件相关的以下因素的一个或者多个:时间、地点、交易金额;或者该填空题向该用户提供与该账户关联的一个交易事件的以下因素的一个或者多个:时间、地点、 交易金额,并且要求该用户回答该交易事件。例如,测试问题可以是“请输入上一次在商户A进行消费的日期”或者“请输入上一次在商户A进行消费的金额”。或者测试问题可以是“请输入昨天在地点A进行消费的商户名称”。In one embodiment, the one or more test questions may include a fill-in-the-blank question, wherein the fill-in-the-blank question provides the user with a transaction event associated with the account and asks the user to answer one of the following factors related to the transaction event or Multiple: time, location, transaction amount; or the fill-in-the-blank question provides the user with one or more of the following factors of a transaction event associated with the account: time, location, The transaction amount and the user is required to answer the transaction event. For example, the test question can be "Please enter the date of the last purchase at Merchant A" or "Please enter the amount of the last purchase at Merchant A". Or the test question can be "Please enter the name of the business that was consumed at location A yesterday."
在有多个测试问题的情况下,当来自用户的回答全部正确时,判断该用户通过认证。优选地,当来自用户的回答的正确率在预定值(例如,90%)以上时,判断该用户通过认证。如此,用户不需要记得所有的交易细节。In the case where there are multiple test questions, when the answers from the user are all correct, it is judged that the user passes the authentication. Preferably, when the correct rate of the answer from the user is above a predetermined value (for example, 90%), it is judged that the user passes the authentication. In this way, the user does not need to remember all the transaction details.
在一些实施例中,在测试问题是填空题的情况下,当来自用户的回答的字符被包含在正确答案的字符中(即,部分匹配)时,判断用户的回答正确,或者当来自用户的回答的数值与正确答案的数值在一定范围内时时,判断用户的回答正确。如此,用户不需要记得所有的交易细节。In some embodiments, where the test question is a fill-in-the-blank question, when the character from the user's answer is included in the character of the correct answer (ie, a partial match), the user's answer is determined to be correct, or when from the user's When the value of the answer and the value of the correct answer are within a certain range, the user's answer is judged to be correct. In this way, the user does not need to remember all the transaction details.
在一个实施例中,一个或多个测试问题可以包括判断题,该判断题基于交易事件、以及该交易事件的以下因素的一个或者多个:时间、地点、交易金额。In one embodiment, the one or more test questions may include a judgment question based on the transaction event, and one or more of the following factors of the transaction event: time, location, transaction amount.
图1和图2所示的各个框可被视为方法步骤、和/或被视为由于运行计算机程序代码而导致的操作、和/或被视为构建为实施相关功能的多个耦合的逻辑电路元件。尽管操作按特定的顺序在图中被描绘,但这不应被理解为要求按照所示的特定顺序或按依次顺序来执行这些操作,或要求所有例示的操作被执行,以达到理想的结果。The various blocks shown in Figures 1 and 2 can be considered as method steps, and/or as operations resulting from running computer program code, and/or as multiple coupled logics constructed to implement related functions. Circuit component. Although the operations are depicted in the figures in a particular order, this should not be construed as requiring that the operations are performed in the particular order shown or in the order of the order, or that all illustrated operations are performed to achieve the desired results.
图4是根据本发明的一个实施例的基于交易数据认证用户身份的***的示意图。如图所示,基于交易数据认证用户身份的***包括客户端410、认证服务器420、后台***430。后台***430包括历史交易数据库431。在一个典型的实施例中,认证服务器420从客户端410接收账户信息,并且根据该账户信息从后台***430的历史交易数据库431中提取历史交易数据。然后,认证服务器420根据提取的历史交易数据产生测试问题,并且将该测试问题发送至客户端410。然后,认证服务器420从客户端410接收回答,并且根据该回答来认证在客户端410的用户的身份与历史交易数据所指示的用户的身份是否一致。可以理解的是,认证服务器420在产生测试问题时,可以同时存储对应的测试问题的答案,以便快速验证来自用户的回答。4 is a schematic diagram of a system for authenticating a user identity based on transaction data, in accordance with one embodiment of the present invention. As shown, the system for authenticating a user identity based on transaction data includes a client 410, an authentication server 420, and a background system 430. The backend system 430 includes a historical transaction database 431. In a typical embodiment, the authentication server 420 receives account information from the client 410 and extracts historical transaction data from the historical transaction database 431 of the background system 430 based on the account information. The authentication server 420 then generates a test question based on the extracted historical transaction data and sends the test question to the client 410. The authentication server 420 then receives an answer from the client 410 and, based on the answer, authenticates whether the identity of the user at the client 410 is consistent with the identity of the user indicated by the historical transaction data. It can be understood that the authentication server 420 can simultaneously store the answers of the corresponding test questions when generating the test questions, so as to quickly verify the answers from the users.
示例性实施例可在硬件、软件或其组合中来实施。例如,本发明的某些方面可在硬件中实施,而其它方面则可在软件中实施。 The exemplary embodiments can be implemented in hardware, software, or a combination thereof. For example, some aspects of the invention may be implemented in hardware, while other aspects may be implemented in software.
在一个实施例中,基于交易数据认证用户身份的认证服务器,包括:In one embodiment, the authentication server that authenticates the user based on the transaction data includes:
第一装置,用于根据由用户提供的账户信息获得与该账户关联的历史交易数据,a first device, configured to obtain historical transaction data associated with the account according to account information provided by the user,
第二装置,用于根据该历史交易数据产生一个或多个测试问题,a second device for generating one or more test questions based on the historical transaction data,
第三装置,用于向该用户提供所述一个或多个测试问题,a third device for providing the one or more test questions to the user,
第四装置,用于接收来自该用户的针对所述一个或多个测试问题的回答,a fourth device for receiving an answer from the user for the one or more test questions,
第五装置,用于根据所述回答判断该用户是否通过认证。And a fifth device, configured to determine, according to the answer, whether the user passes the authentication.
在另一个实施例中,该账户是银行账户或者网络支付应用账户。由所述第二装置产生的所述一个或多个测试问题包括选择题,其中该选择题要求该用户从多个选项中选择与该账户关联的一个或多个交易事件。该选择题要求该用户从多个选项中根据以下因素的一个或者多个选择与该账户关联的一个或多个交易事件:时间、地点、交易金额。所述多个选项包括从该历史交易数据产生的一个或多个干扰选项。In another embodiment, the account is a bank account or a web payment application account. The one or more test questions generated by the second device include a multiple choice question, wherein the multiple choice question requires the user to select one or more transaction events associated with the account from among a plurality of options. The multiple choice question asks the user to select one or more transaction events associated with the account from among a plurality of options based on one or more of the following factors: time, location, transaction amount. The plurality of options includes one or more interference options generated from the historical transaction data.
在另一个实施例中,由所述第二装置产生的所述一个或多个测试问题包括填空题,其中,该填空题向该用户提供与该账户关联的一个交易事件并且要求该用户回答与该交易事件相关的以下因素的一个或者多个:时间、地点、交易金额;或者该填空题向该用户提供与该账户关联的一个交易事件的以下因素的一个或者多个:时间、地点、交易金额,并且要求该用户回答该交易事件。In another embodiment, the one or more test questions generated by the second device include a fill-in-the-blank question, wherein the fill-in-the-blank question provides the user with a transaction event associated with the account and asks the user to answer One or more of the following factors related to the transaction event: time, location, transaction amount; or the fill-in-the-money question provides the user with one or more of the following factors of a transaction event associated with the account: time, place, transaction Amount and ask the user to answer the transaction event.
在另一个实施例中,由所述第二装置产生的所述一个或多个测试问题包括判断题,该判断题基于交易事件、以及该交易事件的以下因素的一个或者多个:时间、地点、交易金额。In another embodiment, the one or more test questions generated by the second device include a decision question based on one or more of a transaction event and the following factors of the transaction event: time, location ,Amount of the transaction.
在另一个实施例中,所述第三装置通过向用户的终端发送所述一个或多个测试问题的文字信息、图片信息、或者语音信息,或者其结合,来向该用户提供所述一个或多个测试问题。In another embodiment, the third device provides the one or the user with the text information, the picture information, or the voice information of the one or more test questions, or a combination thereof, to the user's terminal. Multiple test questions.
在另一个实施例中,所述第五装置被配置成当来自用户的回答全部正确时,判断该用户通过认证,或者当来自用户的回答的正确率在预定值以上时,判断该用户通过认证。In another embodiment, the fifth device is configured to determine that the user is authenticated when the answer from the user is all correct, or to determine that the user is authenticated when the correct rate of the answer from the user is above a predetermined value .
尽管本发明的示例性实施例的方面可被示出和描述为框图、流程图,但很好理解的是,这里描述的这些装置、或方法可在作为非限制性实例的***中被实现为功能模块。此外,上述装置不应被理解为要求在所有的实施例中进行这种分 离,而应该被理解为所描述的程序组件和***通常可以被集成在单一的软件产品中或打包成多个软件产品。Although aspects of the exemplary embodiments of the present invention may be shown and described as a block diagram, a flowchart, it is well understood that the devices or methods described herein may be implemented in a system as a non-limiting example as functional module. Moreover, the above means should not be construed as requiring that such a division be performed in all embodiments. It should be understood that the described program components and systems can generally be integrated into a single software product or packaged into multiple software products.
相关领域的技术人员当结合附图阅读前述说明书时,对本发明的前述示例性实施例的各种修改和变形对于相关领域的技术人员会变得明显。因此,本发明的实施例不限于所公开的特定实施例,并且变形例和其它实施例意在涵盖在所附权利要求的范围内。 Various modifications and variations of the above-described exemplary embodiments of the present invention will become apparent to those skilled in Therefore, the embodiments of the invention are not limited to the specific embodiments disclosed, and the modifications and other embodiments are intended to be included within the scope of the appended claims.

Claims (10)

  1. 一种基于交易数据认证用户身份的方法,其特征在于,包括:A method for authenticating a user identity based on transaction data, comprising:
    根据由用户提供的账户信息获得与该账户关联的历史交易数据,Obtaining historical transaction data associated with the account based on the account information provided by the user,
    根据该历史交易数据产生一个或多个测试问题,Generate one or more test questions based on the historical transaction data,
    向该用户提供所述一个或多个测试问题,Providing the one or more test questions to the user,
    接收来自该用户的针对所述一个或多个测试问题的回答,以及Receiving an answer from the user for the one or more test questions, and
    根据所述回答判断该用户是否通过认证。Based on the answer, it is determined whether the user has passed the authentication.
  2. 如权利要求1所述的方法,其特征在于,The method of claim 1 wherein
    该账户是银行账户或者网络支付应用账户。The account is a bank account or a web payment application account.
  3. 如权利要求1所述的方法,其特征在于,The method of claim 1 wherein
    所述一个或多个测试问题包括选择题,其中该选择题要求该用户从多个选项中选择与该账户关联的一个或多个交易事件。The one or more test questions include a multiple choice question, wherein the multiple choice question requires the user to select one or more transaction events associated with the account from among a plurality of options.
  4. 如权利要求3所述的方法,其特征在于,The method of claim 3 wherein:
    该选择题要求该用户从多个选项中根据以下因素的一个或者多个选择与该账户关联的一个或多个交易事件:时间、地点、交易金额。The multiple choice question asks the user to select one or more transaction events associated with the account from among a plurality of options based on one or more of the following factors: time, location, transaction amount.
  5. 如权利要求3所述的方法,其特征在于,The method of claim 3 wherein:
    所述多个选项包括从该历史交易数据产生的一个或多个干扰选项。The plurality of options includes one or more interference options generated from the historical transaction data.
  6. 一种基于交易数据认证用户身份的认证服务器,其特征在于,包括:An authentication server for authenticating a user identity based on transaction data, comprising:
    根据由用户提供的账户信息获得与该账户关联的历史交易数据, Obtaining historical transaction data associated with the account based on the account information provided by the user,
    根据该历史交易数据产生一个或多个测试问题,Generate one or more test questions based on the historical transaction data,
    向该用户提供所述一个或多个测试问题,Providing the one or more test questions to the user,
    接收来自该用户的针对所述一个或多个测试问题的回答,以及Receiving an answer from the user for the one or more test questions, and
    根据所述回答判断该用户是否通过认证。Based on the answer, it is determined whether the user has passed the authentication.
  7. 如权利要求6所述的认证服务器,其特征在于,The authentication server according to claim 6, wherein
    该账户是银行账户或者网络支付应用账户。The account is a bank account or a web payment application account.
  8. 如权利要求6所述的认证服务器,其特征在于,The authentication server according to claim 6, wherein
    所述一个或多个测试问题包括选择题,其中该选择题要求该用户从多个选项中选择与该账户关联的一个或多个交易事件。The one or more test questions include a multiple choice question, wherein the multiple choice question requires the user to select one or more transaction events associated with the account from among a plurality of options.
  9. 如权利要求8所述的认证服务器,其特征在于,The authentication server according to claim 8, wherein
    该选择题要求该用户从多个选项中根据以下因素的一个或者多个选择与该账户关联的一个或多个交易事件:时间、地点、交易金额。The multiple choice question asks the user to select one or more transaction events associated with the account from among a plurality of options based on one or more of the following factors: time, location, transaction amount.
  10. 如权利要求8所述的认证服务器,其特征在于,The authentication server according to claim 8, wherein
    所述多个选项包括从该历史交易数据产生的一个或多个干扰选项。 The plurality of options includes one or more interference options generated from the historical transaction data.
PCT/CN2017/070223 2016-02-18 2017-01-05 Method and device for authenticating user identity based on transaction data WO2017140190A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610090879.2A CN105610865A (en) 2016-02-18 2016-02-18 Method and device for authenticating identity of user based on transaction data
CN201610090879.2 2016-02-18

Publications (1)

Publication Number Publication Date
WO2017140190A1 true WO2017140190A1 (en) 2017-08-24

Family

ID=55990403

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/070223 WO2017140190A1 (en) 2016-02-18 2017-01-05 Method and device for authenticating user identity based on transaction data

Country Status (3)

Country Link
CN (1) CN105610865A (en)
TW (1) TWI685805B (en)
WO (1) WO2017140190A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610865A (en) * 2016-02-18 2016-05-25 ***股份有限公司 Method and device for authenticating identity of user based on transaction data
CN106888201A (en) * 2016-08-31 2017-06-23 阿里巴巴集团控股有限公司 A kind of method of calibration and device
CN106411950B (en) * 2016-11-21 2019-10-18 江苏通付盾科技有限公司 Authentication method, apparatus and system based on block chain transaction id
CN106779716B (en) * 2016-11-21 2021-06-04 江苏通付盾区块链科技有限公司 Authentication method, device and system based on block chain account address
TWI638307B (en) * 2017-08-04 2018-10-11 台灣資服科技股份有限公司 Multi-factor login system and login method
CN108875514B (en) * 2017-12-08 2021-07-30 北京旷视科技有限公司 Face authentication method and system, authentication device and nonvolatile storage medium
CN108391141B (en) * 2018-03-19 2020-03-31 京东数字科技控股有限公司 Method and apparatus for outputting information
US11252166B2 (en) 2019-07-31 2022-02-15 Advanced New Technologies Co., Ltd. Providing data authorization based on blockchain
US11057189B2 (en) 2019-07-31 2021-07-06 Advanced New Technologies Co., Ltd. Providing data authorization based on blockchain
US11251963B2 (en) 2019-07-31 2022-02-15 Advanced New Technologies Co., Ltd. Blockchain-based data authorization method and apparatus
CN110473096A (en) * 2019-07-31 2019-11-19 阿里巴巴集团控股有限公司 Data grant method and device based on intelligent contract
CN110517021A (en) * 2019-08-27 2019-11-29 出门问问信息科技有限公司 A kind of data processing method, device, storage medium and electronic equipment
US11310051B2 (en) 2020-01-15 2022-04-19 Advanced New Technologies Co., Ltd. Blockchain-based data authorization method and apparatus
CN112767593B (en) * 2020-12-31 2022-02-22 深圳市深圳通有限公司 Traffic card owner identification method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1776755A (en) * 2005-07-05 2006-05-24 淘宝控股有限公司 Method for identify user identity for Internet service provider
CN101447051A (en) * 2007-11-27 2009-06-03 联想(北京)有限公司 Payment method and payment device
CN101473344A (en) * 2006-06-19 2009-07-01 维萨美国股份有限公司 Consumer authentication system and method
US20150186880A1 (en) * 2013-12-26 2015-07-02 Tencent Technology (Shenzhen) Company Limited Systems and Methods for Safe Payments
CN105610865A (en) * 2016-02-18 2016-05-25 ***股份有限公司 Method and device for authenticating identity of user based on transaction data

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002001462A2 (en) * 2000-06-28 2002-01-03 Patentek, Inc. Method and system of securely collecting, storing, and transmitting information
CN1910592A (en) * 2004-01-23 2007-02-07 运通卡国际股份有限公司 System and method for secure telephone and computer transactions
US9928358B2 (en) * 2013-12-09 2018-03-27 Mastercard International Incorporated Methods and systems for using transaction data to authenticate a user of a computing device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1776755A (en) * 2005-07-05 2006-05-24 淘宝控股有限公司 Method for identify user identity for Internet service provider
CN101473344A (en) * 2006-06-19 2009-07-01 维萨美国股份有限公司 Consumer authentication system and method
CN101447051A (en) * 2007-11-27 2009-06-03 联想(北京)有限公司 Payment method and payment device
US20150186880A1 (en) * 2013-12-26 2015-07-02 Tencent Technology (Shenzhen) Company Limited Systems and Methods for Safe Payments
CN105610865A (en) * 2016-02-18 2016-05-25 ***股份有限公司 Method and device for authenticating identity of user based on transaction data

Also Published As

Publication number Publication date
TW201730829A (en) 2017-09-01
CN105610865A (en) 2016-05-25
TWI685805B (en) 2020-02-21

Similar Documents

Publication Publication Date Title
WO2017140190A1 (en) Method and device for authenticating user identity based on transaction data
CA2945703C (en) Systems, apparatus and methods for improved authentication
EP3374953B1 (en) Server based biometric authentication
US20230045378A1 (en) Non-repeatable challenge-response authentication
US11301765B2 (en) Processing machine learning attributes
US20180075438A1 (en) Systems and Methods for Transacting at an ATM Using a Mobile Device
CN105991590B (en) A kind of method, system, client and server for verifying user identity
US20170201518A1 (en) Method and system for real-time authentication of user access to a resource
US20160005038A1 (en) Enhanced user authentication platform
US20170372304A1 (en) Systems, devices and methods for remote authentication of a user
US20150161613A1 (en) Methods and systems for authentications and online transactions
US20170345003A1 (en) Enhancing electronic information security by conducting risk profile analysis to confirm user identity
US8752144B1 (en) Targeted biometric challenges
US11902275B2 (en) Context-based authentication of a user
CN104200366A (en) Voice payment authentication method and system
US20170243224A1 (en) Methods and systems for browser-based mobile device and user authentication
US11037146B2 (en) Managing product returns associated with a user device
KR101874174B1 (en) Method and apparatus for personal authentication on business transaction based on network
US11961071B2 (en) Secure transactions over communications sessions
Kulat et al. Prevention of online transaction frauds using OTP generation based on dual layer security mechanism
US11544702B2 (en) Provisioning of secure application
KR20180073538A (en) Method and apparatus for personal authentication on business transaction based on network
CA2982061A1 (en) Managing product returns associated with a user device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17752622

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17752622

Country of ref document: EP

Kind code of ref document: A1