CN105610865A - Method and device for authenticating identity of user based on transaction data - Google Patents
Method and device for authenticating identity of user based on transaction data Download PDFInfo
- Publication number
- CN105610865A CN105610865A CN201610090879.2A CN201610090879A CN105610865A CN 105610865 A CN105610865 A CN 105610865A CN 201610090879 A CN201610090879 A CN 201610090879A CN 105610865 A CN105610865 A CN 105610865A
- Authority
- CN
- China
- Prior art keywords
- user
- account
- transaction
- authentication
- transaction data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
一种基于交易数据认证用户身份的方法和装置。该方法包括:根据由用户提供的账户信息获得与该账户关联的历史交易数据,根据该历史交易数据产生一个或多个测试问题,向该用户提供所述一个或多个测试问题,接收来自该用户的针对所述一个或多个测试问题的回答,以及根据所述回答判断该用户是否通过认证。
A method and apparatus for authenticating a user's identity based on transaction data. The method includes: obtaining historical transaction data associated with the account according to the account information provided by the user, generating one or more test questions according to the historical transaction data, providing the one or more test questions to the user, and receiving The user's answers to the one or more test questions, and judging whether the user passes the authentication based on the answers.
Description
技术领域technical field
本发明的实施例涉及身份认证,并且具体涉及基于交易数据认证用户身份的方法和装置。Embodiments of the present invention relate to identity authentication, and in particular to methods and devices for authenticating user identities based on transaction data.
背景技术Background technique
目前,在认证用户身份时,认证服务器需要依靠预先准备的数据进行认证。这些数据例如是用户在认证服务器注册时设置的密码、登记的手机号码、诸如指纹等用户的生物特征信息,或者分配给用户的智能卡中的用于认证的数据。Currently, when authenticating a user's identity, the authentication server needs to rely on pre-prepared data for authentication. These data are, for example, the password set by the user when registering with the authentication server, the registered mobile phone number, the biometric information of the user such as fingerprints, or the data used for authentication in the smart card assigned to the user.
在各种场景下,用户可以通过向认证服务器发送所要求的数据来进行身份认证。认证服务器接收来自用户的数据,并且将这些数据与预先准备的数据进行比对来判断用户是否通过认证。In various scenarios, users can perform identity authentication by sending required data to the authentication server. The authentication server receives data from the user, and compares these data with pre-prepared data to determine whether the user is authenticated.
现有技术包括以下几种认证方案:Existing technologies include the following authentication schemes:
使用静态密码的认证方案,其中,包括从用户端接收所要求的数据,然后将接收到的数据与预先存储的由用户设置的密码进行比对来认证用户身份。The authentication scheme using a static password includes receiving the required data from the user end, and then comparing the received data with the pre-stored password set by the user to authenticate the user identity.
使用动态口令的认证方案,其中,包括向用户的终端(例如,手机)发送动态口令,并且从用户端接收所要求的数据,然后将接收到的数据与先前生成的动态口令进行比对来认证用户身份。An authentication scheme using a dynamic password, which includes sending a dynamic password to the user's terminal (for example, a mobile phone), and receiving the required data from the user terminal, and then comparing the received data with the previously generated dynamic password for authentication user ID.
使用生物特征的认证方案,其中,包括从用户端接收所要求的生物特征信息(例如,人脸、声音、虹膜、指纹),然后将接收到的生物特征信息与预先存储的从用户得到的生物特征信息进行比对来认证用户身份。An authentication scheme using biometric features, which includes receiving the required biometric information (for example, face, voice, iris, fingerprint) from the user end, and then combining the received biometric information with the pre-stored biometric information obtained from the user. The feature information is compared to authenticate the user's identity.
然而,上述的认证方案无法对未在认证服务器注册的用户进行身份认证。However, the above-mentioned authentication scheme cannot perform identity authentication on users who are not registered in the authentication server.
发明内容Contents of the invention
一种基于交易数据认证用户身份的方法,包括:根据由用户提供的账户信息获得与该账户关联的历史交易数据,根据该历史交易数据产生一个或多个测试问题,向该用户提供所述一个或多个测试问题,接收来自该用户的针对所述一个或多个测试问题的回答,以及根据所述回答判断该用户是否通过认证。A method for authenticating user identity based on transaction data, comprising: obtaining historical transaction data associated with the account according to account information provided by the user, generating one or more test questions according to the historical transaction data, and providing the user with the one or more test questions. or a plurality of test questions, receiving answers from the user to the one or more test questions, and judging whether the user passes the authentication according to the answers.
基于交易数据认证用户身份的认证服务器,包括:第一装置,用于根据由用户提供的账户信息获得与该账户关联的历史交易数据,第二装置,用于根据该历史交易数据产生一个或多个测试问题,第三装置,用于向该用户提供所述一个或多个测试问题,第四装置,用于接收来自该用户的针对所述一个或多个测试问题的回答,以及第五装置,用于根据所述回答判断该用户是否通过认证。The authentication server for authenticating user identity based on transaction data includes: a first device for obtaining historical transaction data associated with the account according to the account information provided by the user, and a second device for generating one or more transaction data based on the historical transaction data. test questions, a third device for providing the user with the one or more test questions, a fourth device for receiving answers from the user for the one or more test questions, and a fifth device , for judging whether the user has passed the authentication according to the answer.
当结合附图阅读以下描述时也将理解本发明的实施例的其它特征和优势,其中附图借助于实例示出了本发明的实施例的原理。Other features and advantages of embodiments of the invention will also be understood when read in the following description when taken in conjunction with the accompanying drawings, illustrating by way of example the principles of embodiments of the invention.
附图说明Description of drawings
图1是根据本发明的一个实施例的基于交易数据认证用户身份的方法的示意图。Fig. 1 is a schematic diagram of a method for authenticating user identity based on transaction data according to an embodiment of the present invention.
图2是根据本发明的一个实施例的基于交易数据认证用户身份的方法的实例。FIG. 2 is an example of a method for authenticating user identity based on transaction data according to an embodiment of the present invention.
图3是根据本发明的一个实施例的呈现测试问题的界面。Fig. 3 is an interface presenting test questions according to one embodiment of the present invention.
图4是根据本发明的一个实施例的基于交易数据认证用户身份的系统的示意图。Fig. 4 is a schematic diagram of a system for authenticating user identity based on transaction data according to an embodiment of the present invention.
具体实施方式detailed description
在下文中,将结合实施例描述本发明的原理。应当理解的是,给出的实施例只是为了本领域技术人员更好地理解并且实践本发明,而不是限制本发明的范围。因此,本说明书中包含许多具体的实施细节不应被解释为对发明的范围或可能被要求保护的范围的限制,而是应该被视为特定于实施例的描述。Hereinafter, the principle of the present invention will be described with reference to the embodiments. It should be understood that the given examples are only for those skilled in the art to better understand and practice the present invention, rather than limiting the scope of the present invention. Therefore, the inclusion of many specific implementation details in this specification should not be construed as limitations on the scope of the invention or of what may be claimed, but rather as descriptions specific to the embodiments.
图1是根据本发明的一个实施例的基于交易数据认证用户身份的方法的示意图。该方法包括框110至150中的处理,这些处理可以在认证服务器端进行。Fig. 1 is a schematic diagram of a method for authenticating user identity based on transaction data according to an embodiment of the present invention. The method includes the processing in blocks 110 to 150, which may be performed at the authentication server side.
在框110中,根据由用户提供的账户信息获得与该账户关联的历史交易数据。该账户是银行账户或者网络支付应用账户。账户信息例如可以是银行卡卡号或者网络支付应用的账号。与账户关联的历史交易数据可以从相应的交易数据库获得。In block 110, historical transaction data associated with the account is obtained from the account information provided by the user. The account is a bank account or an online payment application account. The account information may be, for example, a bank card number or an account number of a network payment application. Historical transaction data associated with an account may be obtained from a corresponding transaction database.
在框120中,根据该历史交易数据产生一个或多个测试问题。后文在其它实施例中,将详细描述产生测试问题的方式和测试问题的形式。In block 120, one or more test questions are generated based on the historical transaction data. In other embodiments below, the method of generating test questions and the form of test questions will be described in detail.
在框130中,向该用户提供所述一个或多个测试问题。可以通过向用户的终端发送所述一个或多个测试问题的文字信息、图片信息、或者语音信息,或者其结合,来向该用户提供所述一个或多个测试问题。用户的终端可以是能够与认证服务器交互的任何电子设备,例如手机、平板电脑、笔记本电脑、自助服务终端(例如,ATM)。In block 130, the one or more test questions are provided to the user. The one or more test questions may be provided to the user by sending text information, picture information, or voice information of the one or more test questions to the user's terminal, or a combination thereof. The user's terminal may be any electronic device capable of interacting with the authentication server, such as a mobile phone, a tablet computer, a notebook computer, a self-service terminal (eg, an ATM).
在框140中,接收来自该用户的针对所述一个或多个测试问题的回答。In block 140, responses to the one or more test questions are received from the user.
在框150中,根据所述回答判断该用户是否通过认证。来自用户的回答被用来与测试问题的答案进行比对,当比对相一致时,确定该用户与历史交易数据所指向的用户具有相同的身份。In block 150, it is determined whether the user is authenticated according to the answer. The answer from the user is compared with the answer to the test question, and when the comparison is consistent, it is determined that the user has the same identity as the user pointed to by the historical transaction data.
根据该实施例的认证方案的一个优势在于,认证服务器不需要任何预先准备的数据就可以进行身份认证,这是因为历史交易数据可以从银行后台系统请求获得。An advantage of the authentication scheme according to this embodiment is that the authentication server can perform identity authentication without any pre-prepared data, because historical transaction data can be requested from the bank's background system.
根据该实施例的认证方案的另一个优势在于,认证服务器仅仅需要账户信息就能进行身份认证,因此用户不必担心泄露姓名、身份证号、手机号码等敏感信息,因为他/她不需要提供这些信息。同时,用户也不需要携带任何安装有智能芯片的硬件设备。基于用户的历史交易数据产生测试问题并且根据测试问题来认证用户的身份能够提高认证过程的安全性和便捷性。Another advantage of the authentication scheme according to this embodiment is that the authentication server only needs account information to perform identity authentication, so the user does not have to worry about leaking sensitive information such as name, ID number, mobile phone number, etc., because he/she does not need to provide these information. At the same time, users do not need to carry any hardware devices equipped with smart chips. Generating test questions based on the user's historical transaction data and authenticating the user's identity according to the test questions can improve the security and convenience of the authentication process.
根据该实施例的认证方案的另一个优势在于,认证的方式特定于用户的交易行为,因此,即使他人知晓用户的账户信息也难以通过认证。与现有技术中的认证方案相比,根据该实施例的认证方案更加可靠。同时,由于交易行为随时间发生变化,测试问题也可以随机产生,因此根据该实施例的认证方案可以有效的防止重放攻击。Another advantage of the authentication scheme according to this embodiment is that the authentication method is specific to the user's transaction behavior, so even if others know the user's account information, it is difficult to pass the authentication. Compared with the authentication schemes in the prior art, the authentication scheme according to this embodiment is more reliable. At the same time, since transaction behavior changes with time, test questions can also be randomly generated, so the authentication scheme according to this embodiment can effectively prevent replay attacks.
根据该实施例的认证方案的另一个优势在于,当历史交易数据是银行账户产生的数据时,认证服务器不需要任何预先准备的数据就对用户进行实名认证,这是因为银行账户与用户的真实个人信息绑定。Another advantage of the authentication scheme according to this embodiment is that when the historical transaction data is the data generated by the bank account, the authentication server does not need any pre-prepared data to perform real-name authentication on the user, because the real-name authentication of the bank account and the user Binding of personal information.
现在描述产生测试问题的方式和测试问题的形式。The manner in which the test questions are generated and the form of the test questions are now described.
在一个实施例中,一个或多个测试问题可以包括选择题,其中该选择题要求该用户从多个选项中选择与该账户关联的一个或多个交易事件。该选择题要求该用户从多个选项中根据以下因素的一个或者多个选择与该账户关联的一个或多个交易事件:时间、地点、交易金额。所述多个选项可以包括从该历史交易数据产生的一个或多个干扰选项。In one embodiment, the one or more test questions may include a multiple choice question, wherein the multiple choice question requires the user to select from a plurality of options one or more transaction events associated with the account. The multiple-choice question requires the user to select one or more transaction events associated with the account from multiple options according to one or more of the following factors: time, location, transaction amount. The plurality of options may include one or more distraction options generated from the historical transaction data.
图2是根据本发明的一个实施例的基于交易数据认证用户身份的方法的实例。该实例示出了根据银行账户信息进行身份认证的流程。FIG. 2 is an example of a method for authenticating user identity based on transaction data according to an embodiment of the present invention. This example shows the flow of identity authentication based on bank account information.
在框211中,从用户端提交银行账户信息。In block 211, bank account information is submitted from the client.
在框221中,在认证服务器端接收银行账户信息,并且根据该账户信息查找历史交易数据。认证服务器可以向银行后台系统发送包含该银行账户信息的请求,然后从银行后台系统接收历史交易数据。该历史交易数据可以是特定时间段的历史交易数据。In block 221, bank account information is received at the authentication server side, and historical transaction data is searched according to the account information. The authentication server can send a request containing the bank account information to the bank background system, and then receive historical transaction data from the bank background system. The historical transaction data may be historical transaction data of a specific time period.
在框222中,根据历史交易数据产生包括真实交易选项和干扰选项的多个选项。例如,真实交易选项是历史交易数据中包含的商户名称,而干扰选项可以是与历史交易数据中包含的商户相类似的商户的名称。In block 222, a plurality of options including real trade options and noise options are generated based on the historical trade data. For example, the real transaction option is the name of a merchant included in the historical transaction data, and the noise option may be the name of a merchant similar to the merchant included in the historical transaction data.
在一个示例中,根据用户的历史交易数据分析得到可能发生的交易行为,然后根据所述可能发生的交易行为产生干扰选项。例如,根据用户的历史交易数据分析得到可能发生的交易行为所指示的一个或多个商户,然后将该一个或多个商户作为干扰选项。In an example, possible transaction behaviors are obtained by analyzing the user's historical transaction data, and then interference options are generated according to the possible transaction behaviors. For example, one or more merchants indicated by possible transaction behaviors are obtained by analyzing the user's historical transaction data, and then the one or more merchants are used as interference options.
示例性地,干扰选项可以通过以下方式产生:从历史交易数据提取交易行为的特征,包括交易类型、交易地点、商户类型。然后,根据这些特征中的一部分或者全部产生不包含在历史交易数据中的商户作为干扰选项。交易类型可以包括餐饮、旅游、购物等。在餐饮的交易类型中,商户类型可以包括四川料理、日本料理等。如果历史交易数据表明用户在地点A的日本料理A商户进行消费,那么认证服务器据此可将以在地点A附近的日本料理B作为干扰项。Exemplarily, the interference option can be generated in the following manner: extracting transaction behavior features from historical transaction data, including transaction type, transaction location, and merchant type. Then, according to some or all of these features, merchants not included in the historical transaction data are generated as interference options. Transaction types can include dining, travel, shopping, and more. In the catering transaction type, the merchant type may include Sichuan cuisine, Japanese cuisine, etc. If the historical transaction data shows that the user made consumption at the Japanese restaurant A merchant in location A, then the authentication server can use the Japanese restaurant B near location A as an interference item.
在框223中,向用户端发送多个选项和认证规则。多个选项可以包括真实交易选项和干扰选项。认证规则作为测试问题的一部分被呈现给用户。这里,认证规则要求该用户从多个选项中根据以下因素的一个或者多个选择与该账户关联的一个或多个交易事件:时间、地点、交易金额。例如,认证规则可以要求用户按照交易发生时间的顺序,从多个选项中选择商户。又例如,认证规则可以要求用户从多个选项中选择在特定地点进行过交易的商户。又例如,认证规则可以要求从多个选项中选择交易金额大于某个数值的进行过交易的商户。In block 223, a plurality of options and authentication rules are sent to the client. The plurality of options may include a real deal option and a distraction option. Authentication rules are presented to the user as part of the test questions. Here, the authentication rule requires the user to select one or more transaction events associated with the account from a plurality of options according to one or more of the following factors: time, place, transaction amount. For example, an authentication rule may require the user to select a merchant from several options in order of time when the transaction occurred. As another example, authentication rules may require the user to select from a number of options merchants who have conducted transactions at a particular location. For another example, the authentication rule may require selecting merchants who have conducted transactions with a transaction amount greater than a certain value from multiple options.
在框212中,呈现多个选项和认证规则。In block 212, a number of options and authentication rules are presented.
在框213中,根据认证规则选择选项。In block 213, options are selected according to authentication rules.
在框213中,发送选择的选项。In block 213, the selected option is sent.
在框224中,从用户端接收选择的选项。In block 224, a selected option is received from the client.
在看225中,判断选择的选项是否为真实交易选项,即判断选择的选项是否符合历史交易数据,当判断为是时,进入框226,当判断为否时,进入框228,认证通过。In 225, judge whether the selected option is a real transaction option, that is, judge whether the selected option conforms to the historical transaction data, when it is judged to be yes, enter frame 226, when judged to be no, enter frame 228, and the authentication is passed.
在框226中,判断选择的选项是否符合认认证规则,即选择的选项是否满足认证规则限定的条件。当判断为是时,进入框227,认证通过,当判断为否时,进入框228,认证通过。In block 226, it is judged whether the selected option complies with the authentication rule, that is, whether the selected option satisfies the conditions defined by the authentication rule. When the judgment is yes, enter block 227, the authentication is passed, and when the judgment is no, enter block 228, the authentication is passed.
图3是根据本发明的一个实施例的呈现测试问题的示例性的界面。如图3所示,该测试问题的认证规则(或者答题规则)要求用户按照时间先后顺序,选择曾经消费过的6个商户。认证服务器通过分析历史交易数据发现该银行卡的用户经常在星巴克、港丽餐厅、CHANNEL专卖店、卜蜂莲花消费,由此认证服务器可以根据这样的交易行为或者消费习惯产生COSTA咖啡、Coach专卖店、麦德龙等干扰选项。由于用户的历史交易行为只有他/她自己知道,所以用户能够按照规则选出正确的商户,比如用户的实际交易发生的顺序为:星巴克、CHANNEL、卜蜂莲花、港丽餐厅、好乐迪KTV、全家。用户可以点击界面上的图标产生按顺序的选项,并且该序列选项被发送至认证服务器。当认证服务器判断用户选择的选项是真实的的并且满足认证规则的交易时间发生顺序,则身份认证成功,否则,身份认证失败。FIG. 3 is an exemplary interface presenting test questions according to an embodiment of the present invention. As shown in FIG. 3 , the authentication rules (or answering rules) of the test questions require the user to select 6 merchants who have consumed in the past in chronological order. Through the analysis of historical transaction data, the authentication server finds that the user of the bank card often spends in Starbucks, Conrad Restaurant, CHANNEL store, and Carpenter Lotus, so the authentication server can generate COSTA coffee and Coach stores based on such transaction behavior or consumption habits. , Metro and other interference options. Since the user's historical transaction behavior is only known to him/her, the user can select the correct merchant according to the rules. For example, the order in which the user's actual transactions occur is: Starbucks, CHANNEL, Lotus, Conrad Restaurant, Haoledi KTV, Family Mart . The user can click on the icons on the interface to generate a sequence of options, and the sequence of options is sent to the authentication server. When the authentication server judges that the option selected by the user is real and meets the order of transaction time of the authentication rules, the identity authentication is successful; otherwise, the identity authentication fails.
在一个实施例中,一个或多个测试问题可以包括填空题,其中,该填空题向该用户提供与该账户关联的一个交易事件并且要求该用户回答与该交易事件相关的以下因素的一个或者多个:时间、地点、交易金额;或者该填空题向该用户提供与该账户关联的一个交易事件的以下因素的一个或者多个:时间、地点、交易金额,并且要求该用户回答该交易事件。例如,测试问题可以是“请输入上一次在商户A进行消费的日期”或者“请输入上一次在商户A进行消费的金额”。或者测试问题可以是“请输入昨天在地点A进行消费的商户名称”。In one embodiment, the one or more test questions may include a fill-in-the-blank question, wherein the fill-in-the-blank question provides the user with a transaction event associated with the account and requires the user to answer one or Multiple: time, location, transaction amount; or the fill-in-the-blank question provides the user with one or more of the following factors of a transaction event associated with the account: time, location, transaction amount, and requires the user to answer the transaction event . For example, the test question may be "please enter the date of the last consumption at merchant A" or "please enter the amount of the last consumption at merchant A". Or the test question can be "please enter the name of the merchant that made purchases at location A yesterday".
在有多个测试问题的情况下,当来自用户的回答全部正确时,判断该用户通过认证。优选地,当来自用户的回答的正确率在预定值(例如,90%)以上时,判断该用户通过认证。如此,用户不需要记得所有的交易细节。In the case of a plurality of test questions, when all answers from the user are correct, it is judged that the user has passed the authentication. Preferably, when the correct rate of answers from the user is above a predetermined value (for example, 90%), it is judged that the user has passed the authentication. As such, the user does not need to remember all transaction details.
在一些实施例中,在测试问题是填空题的情况下,当来自用户的回答的字符被包含在正确答案的字符中(即,部分匹配)时,判断用户的回答正确,或者当来自用户的回答的数值与正确答案的数值在一定范围内时时,判断用户的回答正确。如此,用户不需要记得所有的交易细节。In some embodiments, where the test question is a fill-in-the-blank question, the user's answer is judged to be correct when characters from the user's answer are contained within characters of the correct answer (i.e., a partial match), or when characters from the user's answer When the numerical value of the answer and the numerical value of the correct answer are within a certain range, it is determined that the user's answer is correct. As such, the user does not need to remember all transaction details.
在一个实施例中,一个或多个测试问题可以包括判断题,该判断题基于交易事件、以及该交易事件的以下因素的一个或者多个:时间、地点、交易金额。In one embodiment, the one or more test questions may include true or false questions based on the transaction event and one or more of the following factors of the transaction event: time, location, transaction amount.
图1和图2所示的各个框可被视为方法步骤、和/或被视为由于运行计算机程序代码而导致的操作、和/或被视为构建为实施相关功能的多个耦合的逻辑电路元件。尽管操作按特定的顺序在图中被描绘,但这不应被理解为要求按照所示的特定顺序或按依次顺序来执行这些操作,或要求所有例示的操作被执行,以达到理想的结果。The various blocks shown in FIGS. 1 and 2 may be viewed as method steps, and/or as operations resulting from running computer program code, and/or as multiple coupled logic constructed to implement related functions. circuit components. Although operations are depicted in the figures in a particular order, this should not be construed as requiring that these operations be performed in the particular order shown, or in sequential order, or that all illustrated operations be performed, to achieve desirable results.
图4是根据本发明的一个实施例的基于交易数据认证用户身份的系统的示意图。如图所示,基于交易数据认证用户身份的系统包括客户端410、认证服务器420、后台系统430。后台系统430包括历史交易数据库431。在一个典型的实施例中,认证服务器420从客户端410接收账户信息,并且根据该账户信息从后台系统430的历史交易数据库431中提取历史交易数据。然后,认证服务器420根据提取的历史交易数据产生测试问题,并且将该测试问题发送至客户端410。然后,认证服务器420从客户端410接收回答,并且根据该回答来认证在客户端410的用户的身份与历史交易数据所指示的用户的身份是否一致。可以理解的是,认证服务器420在产生测试问题时,可以同时存储对应的测试问题的答案,以便快速验证来自用户的回答。Fig. 4 is a schematic diagram of a system for authenticating user identity based on transaction data according to an embodiment of the present invention. As shown in the figure, the system for authenticating user identities based on transaction data includes a client 410 , an authentication server 420 , and a background system 430 . The backend system 430 includes a historical transaction database 431 . In a typical embodiment, the authentication server 420 receives account information from the client 410, and extracts historical transaction data from the historical transaction database 431 of the background system 430 according to the account information. Then, the authentication server 420 generates a test question according to the extracted historical transaction data, and sends the test question to the client 410 . Then, the authentication server 420 receives the answer from the client 410, and according to the answer, authenticates whether the identity of the user at the client 410 is consistent with the identity of the user indicated by the historical transaction data. It can be understood that, when the authentication server 420 generates the test questions, it can simultaneously store the answers to the corresponding test questions, so as to quickly verify the answers from the users.
示例性实施例可在硬件、软件或其组合中来实施。例如,本发明的某些方面可在硬件中实施,而其它方面则可在软件中实施。Exemplary embodiments may be implemented in hardware, software or a combination thereof. For example, some aspects of the invention may be implemented in hardware, while other aspects may be implemented in software.
在一个实施例中,基于交易数据认证用户身份的认证服务器,包括:In one embodiment, the authentication server for authenticating user identity based on transaction data includes:
第一装置,用于根据由用户提供的账户信息获得与该账户关联的历史交易数据,The first device is used to obtain historical transaction data associated with the account according to the account information provided by the user,
第二装置,用于根据该历史交易数据产生一个或多个测试问题,a second means for generating one or more test questions based on the historical transaction data,
第三装置,用于向该用户提供所述一个或多个测试问题,a third means for providing said one or more test questions to the user,
第四装置,用于接收来自该用户的针对所述一个或多个测试问题的回答,fourth means for receiving responses from the user to the one or more test questions,
第五装置,用于根据所述回答判断该用户是否通过认证。The fifth device is configured to judge whether the user has passed the authentication according to the answer.
在另一个实施例中,该账户是银行账户或者网络支付应用账户。由所述第二装置产生的所述一个或多个测试问题包括选择题,其中该选择题要求该用户从多个选项中选择与该账户关联的一个或多个交易事件。该选择题要求该用户从多个选项中根据以下因素的一个或者多个选择与该账户关联的一个或多个交易事件:时间、地点、交易金额。所述多个选项包括从该历史交易数据产生的一个或多个干扰选项。In another embodiment, the account is a bank account or a web payment application account. The one or more test questions generated by the second device include multiple choice questions, wherein the multiple choice questions require the user to select from a plurality of options one or more transaction events associated with the account. The multiple-choice question requires the user to select one or more transaction events associated with the account from multiple options according to one or more of the following factors: time, location, transaction amount. The plurality of options includes one or more distracting options generated from the historical transaction data.
在另一个实施例中,由所述第二装置产生的所述一个或多个测试问题包括填空题,其中,该填空题向该用户提供与该账户关联的一个交易事件并且要求该用户回答与该交易事件相关的以下因素的一个或者多个:时间、地点、交易金额;或者该填空题向该用户提供与该账户关联的一个交易事件的以下因素的一个或者多个:时间、地点、交易金额,并且要求该用户回答该交易事件。In another embodiment, said one or more test questions generated by said second device comprise fill-in-the-blank questions, wherein the fill-in-the-blank questions provide the user with a transaction event associated with the account and require the user to answer questions related to One or more of the following factors related to the transaction event: time, place, transaction amount; or the fill-in-the-blank question provides the user with one or more of the following factors of a transaction event associated with the account: time, place, transaction amount, and the user is required to answer the transaction event.
在另一个实施例中,由所述第二装置产生的所述一个或多个测试问题包括判断题,该判断题基于交易事件、以及该交易事件的以下因素的一个或者多个:时间、地点、交易金额。In another embodiment, said one or more test questions generated by said second device comprise true or false questions based on a transaction event and one or more of the following factors of the transaction event: time, location ,Transaction amount.
在另一个实施例中,所述第三装置通过向用户的终端发送所述一个或多个测试问题的文字信息、图片信息、或者语音信息,或者其结合,来向该用户提供所述一个或多个测试问题。In another embodiment, the third device provides the user with the one or more test questions by sending text information, picture information, or voice information, or a combination thereof, to the user's terminal. Multiple test questions.
在另一个实施例中,所述第五装置被配置成当来自用户的回答全部正确时,判断该用户通过认证,或者当来自用户的回答的正确率在预定值以上时,判断该用户通过认证。In another embodiment, the fifth device is configured to judge that the user has passed the authentication when all the answers from the user are correct, or judge that the user has passed the authentication when the correct rate of the answers from the user is above a predetermined value .
尽管本发明的示例性实施例的方面可被示出和描述为框图、流程图,但很好理解的是,这里描述的这些装置、或方法可在作为非限制性实例的系统中被实现为功能模块。此外,上述装置不应被理解为要求在所有的实施例中进行这种分离,而应该被理解为所描述的程序组件和系统通常可以被集成在单一的软件产品中或打包成多个软件产品。Although aspects of the exemplary embodiments of the present invention may be shown and described as block diagrams, flowcharts, it is well understood that these apparatuses, or methods described herein may be implemented in a system as a non-limiting example functional module. Furthermore, the above-described arrangements should not be understood as requiring such separation in all embodiments, but rather that the described program components and systems may generally be integrated in a single software product or packaged into multiple software products .
相关领域的技术人员当结合附图阅读前述说明书时,对本发明的前述示例性实施例的各种修改和变形对于相关领域的技术人员会变得明显。因此,本发明的实施例不限于所公开的特定实施例,并且变形例和其它实施例意在涵盖在所附权利要求的范围内。Various modifications and alterations to the foregoing exemplary embodiments of this invention may become apparent to those skilled in the relevant arts to those skilled in the relevant arts, when the foregoing specification is read in conjunction with the accompanying drawings. Therefore, the embodiments of the invention are not to be limited to the particular embodiments disclosed and modifications and other embodiments are intended to be covered within the scope of the appended claims.
Claims (10)
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610090879.2A CN105610865A (en) | 2016-02-18 | 2016-02-18 | Method and device for authenticating identity of user based on transaction data |
| TW105143939A TWI685805B (en) | 2016-02-18 | 2016-12-29 | Method and device for authenticating user identity based on transaction data |
| PCT/CN2017/070223 WO2017140190A1 (en) | 2016-02-18 | 2017-01-05 | Method and device for authenticating user identity based on transaction data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610090879.2A CN105610865A (en) | 2016-02-18 | 2016-02-18 | Method and device for authenticating identity of user based on transaction data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105610865A true CN105610865A (en) | 2016-05-25 |
Family
ID=55990403
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610090879.2A Pending CN105610865A (en) | 2016-02-18 | 2016-02-18 | Method and device for authenticating identity of user based on transaction data |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN105610865A (en) |
| TW (1) | TWI685805B (en) |
| WO (1) | WO2017140190A1 (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106411950A (en) * | 2016-11-21 | 2017-02-15 | 江苏通付盾科技有限公司 | Block-chain transaction ID based authentication method, device and system |
| CN106779716A (en) * | 2016-11-21 | 2017-05-31 | 江苏通付盾科技有限公司 | Authentication method, apparatus and system based on block chain account address |
| CN106888201A (en) * | 2016-08-31 | 2017-06-23 | 阿里巴巴集团控股有限公司 | A kind of method of calibration and device |
| WO2017140190A1 (en) * | 2016-02-18 | 2017-08-24 | 中国银联股份有限公司 | Method and device for authenticating user identity based on transaction data |
| CN108391141A (en) * | 2018-03-19 | 2018-08-10 | 北京京东金融科技控股有限公司 | Method and apparatus for output information |
| TWI638307B (en) * | 2017-08-04 | 2018-10-11 | 台灣資服科技股份有限公司 | Multi-factor login system and login method |
| CN108875514A (en) * | 2017-12-08 | 2018-11-23 | 北京旷视科技有限公司 | Face authentication method and system and authenticating device and non-volatile memory medium |
| CN110517021A (en) * | 2019-08-27 | 2019-11-29 | 出门问问信息科技有限公司 | A kind of data processing method, device, storage medium and electronic equipment |
| CN112767593A (en) * | 2020-12-31 | 2021-05-07 | 深圳市深圳通有限公司 | Traffic card owner identification method, device, equipment and storage medium |
| CN118797619A (en) * | 2024-09-11 | 2024-10-18 | 合肥珑驰量子科技有限公司 | An application terminal authentication system |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11251963B2 (en) | 2019-07-31 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Blockchain-based data authorization method and apparatus |
| US11252166B2 (en) | 2019-07-31 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Providing data authorization based on blockchain |
| CN110473096A (en) * | 2019-07-31 | 2019-11-19 | 阿里巴巴集团控股有限公司 | Data grant method and device based on intelligent contract |
| US11057189B2 (en) | 2019-07-31 | 2021-07-06 | Advanced New Technologies Co., Ltd. | Providing data authorization based on blockchain |
| US11310051B2 (en) | 2020-01-15 | 2022-04-19 | Advanced New Technologies Co., Ltd. | Blockchain-based data authorization method and apparatus |
| CN113868608A (en) * | 2021-09-17 | 2021-12-31 | 支付宝(杭州)信息技术有限公司 | Identity verification method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1449540A (en) * | 2000-06-28 | 2003-10-15 | 帕滕泰克公司 | Method and system for securely collecting, storing and transmitting information |
| CN1776755A (en) * | 2005-07-05 | 2006-05-24 | 淘宝控股有限公司 | Method for identify user identity for Internet service provider |
| CN1910592A (en) * | 2004-01-23 | 2007-02-07 | 运通卡国际股份有限公司 | System and method for secure telephone and computer transactions |
| CN101447051A (en) * | 2007-11-27 | 2009-06-03 | 联想(北京)有限公司 | Payment method and payment device |
| CN101473344A (en) * | 2006-06-19 | 2009-07-01 | 维萨美国股份有限公司 | Consumer authentication system and method |
| CN104616137A (en) * | 2013-12-26 | 2015-05-13 | 腾讯科技(深圳)有限公司 | Security payment method, server and system |
| US20150161375A1 (en) * | 2013-12-09 | 2015-06-11 | Mastercard International Incorporated | Methods and systems for using transaction data to authenticate a user of a computing device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105610865A (en) * | 2016-02-18 | 2016-05-25 | 中国银联股份有限公司 | Method and device for authenticating identity of user based on transaction data |
-
2016
- 2016-02-18 CN CN201610090879.2A patent/CN105610865A/en active Pending
- 2016-12-29 TW TW105143939A patent/TWI685805B/en active
-
2017
- 2017-01-05 WO PCT/CN2017/070223 patent/WO2017140190A1/en not_active Ceased
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1449540A (en) * | 2000-06-28 | 2003-10-15 | 帕滕泰克公司 | Method and system for securely collecting, storing and transmitting information |
| CN1910592A (en) * | 2004-01-23 | 2007-02-07 | 运通卡国际股份有限公司 | System and method for secure telephone and computer transactions |
| CN1776755A (en) * | 2005-07-05 | 2006-05-24 | 淘宝控股有限公司 | Method for identify user identity for Internet service provider |
| CN101473344A (en) * | 2006-06-19 | 2009-07-01 | 维萨美国股份有限公司 | Consumer authentication system and method |
| CN101447051A (en) * | 2007-11-27 | 2009-06-03 | 联想(北京)有限公司 | Payment method and payment device |
| US20150161375A1 (en) * | 2013-12-09 | 2015-06-11 | Mastercard International Incorporated | Methods and systems for using transaction data to authenticate a user of a computing device |
| CN104616137A (en) * | 2013-12-26 | 2015-05-13 | 腾讯科技(深圳)有限公司 | Security payment method, server and system |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017140190A1 (en) * | 2016-02-18 | 2017-08-24 | 中国银联股份有限公司 | Method and device for authenticating user identity based on transaction data |
| TWI670620B (en) * | 2016-08-31 | 2019-09-01 | 香港商阿里巴巴集團服務有限公司 | Calibration method and device |
| WO2018040942A1 (en) * | 2016-08-31 | 2018-03-08 | 阿里巴巴集团控股有限公司 | Verification method and device |
| CN106888201A (en) * | 2016-08-31 | 2017-06-23 | 阿里巴巴集团控股有限公司 | A kind of method of calibration and device |
| US11301556B2 (en) | 2016-08-31 | 2022-04-12 | Advanced New Technologies Co., Ltd. | Verification method and device |
| CN106411950A (en) * | 2016-11-21 | 2017-02-15 | 江苏通付盾科技有限公司 | Block-chain transaction ID based authentication method, device and system |
| CN106779716A (en) * | 2016-11-21 | 2017-05-31 | 江苏通付盾科技有限公司 | Authentication method, apparatus and system based on block chain account address |
| CN106411950B (en) * | 2016-11-21 | 2019-10-18 | 江苏通付盾科技有限公司 | Authentication method, apparatus and system based on block chain transaction id |
| CN106779716B (en) * | 2016-11-21 | 2021-06-04 | 江苏通付盾区块链科技有限公司 | Authentication method, device and system based on block chain account address |
| TWI638307B (en) * | 2017-08-04 | 2018-10-11 | 台灣資服科技股份有限公司 | Multi-factor login system and login method |
| CN108875514A (en) * | 2017-12-08 | 2018-11-23 | 北京旷视科技有限公司 | Face authentication method and system and authenticating device and non-volatile memory medium |
| CN108391141A (en) * | 2018-03-19 | 2018-08-10 | 北京京东金融科技控股有限公司 | Method and apparatus for output information |
| CN110517021A (en) * | 2019-08-27 | 2019-11-29 | 出门问问信息科技有限公司 | A kind of data processing method, device, storage medium and electronic equipment |
| CN112767593B (en) * | 2020-12-31 | 2022-02-22 | 深圳市深圳通有限公司 | Traffic card owner identification method, device, equipment and storage medium |
| CN112767593A (en) * | 2020-12-31 | 2021-05-07 | 深圳市深圳通有限公司 | Traffic card owner identification method, device, equipment and storage medium |
| CN118797619A (en) * | 2024-09-11 | 2024-10-18 | 合肥珑驰量子科技有限公司 | An application terminal authentication system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017140190A1 (en) | 2017-08-24 |
| TWI685805B (en) | 2020-02-21 |
| TW201730829A (en) | 2017-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI685805B (en) | Method and device for authenticating user identity based on transaction data | |
| US12231415B2 (en) | Non-repeatable challenge-response authentication | |
| CA2945703C (en) | Systems, apparatus and methods for improved authentication | |
| US12309145B2 (en) | User-level token for user authentication via a user device | |
| US8768837B2 (en) | Method and system for controlling risk in a payment transaction | |
| US20160005038A1 (en) | Enhanced user authentication platform | |
| US20170372304A1 (en) | Systems, devices and methods for remote authentication of a user | |
| US20150161613A1 (en) | Methods and systems for authentications and online transactions | |
| US20170345003A1 (en) | Enhancing electronic information security by conducting risk profile analysis to confirm user identity | |
| US10726113B2 (en) | Systems and methods of verifying an authenticated document biosignature glyph containing a selected image | |
| US11615421B2 (en) | Methods, system and computer program product for selectively responding to presentation of payment card information | |
| US20170186014A1 (en) | Method and system for cross-authorisation of a financial transaction made from a joint account | |
| AU2015328759A1 (en) | Methods and systems for secure online payment | |
| KR101874174B1 (en) | Method and apparatus for personal authentication on business transaction based on network | |
| KR20230050366A (en) | System and method for user verification via short-range transceiver | |
| US10068072B1 (en) | Identity verification | |
| KR20180073538A (en) | Method and apparatus for personal authentication on business transaction based on network | |
| HK1225527A1 (en) | A method and apparatus for authenticating a user's identity based on transaction data | |
| HK1225527A (en) | A method and apparatus for authenticating a user's identity based on transaction data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1225527 Country of ref document: HK |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160525 |
|
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: WD Ref document number: 1225527 Country of ref document: HK |