CA2267672A1 - Event driven dynamic digital authentication and its applications to internet financial transaction, software installation authentication, routine credit card/bank card user authentication and remote access control - Google Patents
Event driven dynamic digital authentication and its applications to internet financial transaction, software installation authentication, routine credit card/bank card user authentication and remote access control Download PDFInfo
- Publication number
- CA2267672A1 CA2267672A1 CA 2267672 CA2267672A CA2267672A1 CA 2267672 A1 CA2267672 A1 CA 2267672A1 CA 2267672 CA2267672 CA 2267672 CA 2267672 A CA2267672 A CA 2267672A CA 2267672 A1 CA2267672 A1 CA 2267672A1
- Authority
- CA
- Canada
- Prior art keywords
- authentication
- card
- pin
- transaction
- customer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4093—Monitoring of device authentication
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Networks & Wireless Communication (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
New low risk financial transaction protocols suitable to both Internet and routine financial trading are defined. An authentication method using event drive dynamic digital authentication card is used. The payment method on Internet is disclosed. The seller owns an on-line shopping store on a Cyber Shopping Mall.The customer can visit the seller's store via shopping mall's frame. On paying for the transaction, the Cyber Shopping Mall's authentication server will ask the customer for confirmation. The buyer replies with the appropriate PIN
for authentication. The PIN is a combination of event counter and a pseudo random number sequence generated by an authentication card. On each transaction, the customer trigger the card to obtain an distinct random number and the event counter is increased by one.
He then key-in the event counter and the random number sequence as the PIN. By checking the PIN in the authentication server's database, the server can tell if the customer is the true card holder. It can then finish the transaction between the customer and the vendor's account stored in the server's database. Such an authentication method can also be used in the software installation authentication to prevent unauthorized installation of software. To facilitate the key-in of the PIN, an optical card reader is described in this invention. The use of dynamic PIN authentication, furthermore, can be also used in routine financial transaction like direct payment using a bank card or credit card payment on daily shopping to prevent card fraud. The transaction and authentication protocols described in this invention is highly reliable and simple, which makes it a promising solution on secure e-commerce.
for authentication. The PIN is a combination of event counter and a pseudo random number sequence generated by an authentication card. On each transaction, the customer trigger the card to obtain an distinct random number and the event counter is increased by one.
He then key-in the event counter and the random number sequence as the PIN. By checking the PIN in the authentication server's database, the server can tell if the customer is the true card holder. It can then finish the transaction between the customer and the vendor's account stored in the server's database. Such an authentication method can also be used in the software installation authentication to prevent unauthorized installation of software. To facilitate the key-in of the PIN, an optical card reader is described in this invention. The use of dynamic PIN authentication, furthermore, can be also used in routine financial transaction like direct payment using a bank card or credit card payment on daily shopping to prevent card fraud. The transaction and authentication protocols described in this invention is highly reliable and simple, which makes it a promising solution on secure e-commerce.
Description
Background of the Invention As the Internet is exploding at the beginning of the next millennium, e-Commerce is bloom-ing. In 1997, an estimated $ 1.8 billion worldwide online shopping revenues is reported.
Retail revenues of online shopping worldwide are forecasted increase to X200 billion by 2001.
However, with the grow-up of the market, simple, secure online payment method still remains a question. Currently, numerous e-payment methods have been proposed, these include Cy-berWallet, eCash, netCash and PayMe Transfer Protocol, etc. Although most methods provide full security protection, they all have some drawbacks as either too complicated for merchants or customers to install such software or not scalable. This invention will de-fine a new online payment method. Using this method, no credit card information will be
Retail revenues of online shopping worldwide are forecasted increase to X200 billion by 2001.
However, with the grow-up of the market, simple, secure online payment method still remains a question. Currently, numerous e-payment methods have been proposed, these include Cy-berWallet, eCash, netCash and PayMe Transfer Protocol, etc. Although most methods provide full security protection, they all have some drawbacks as either too complicated for merchants or customers to install such software or not scalable. This invention will de-fine a new online payment method. Using this method, no credit card information will be
2 transferred through the Internet and no complicated software needs to be installed on either customers' or merchants' side. With the use of dynamic digital authentication card, the cus-tomer can virtually go shopping, check the financial statement or write a cybercheque from anywhere via a web browser. Furthermore, this transaction system is not only limited on Internet transaction, it can be used to replace the conventional credit card or direct payment method during our daily routine trade to avoid credit card or bank card fraud.
By using the card reader of the invention, the customer can facilitate the key-in of an authentication card PIN number to the computer. One more application of dynamic digital authentication is in the field of software installation authentication to prevent the software privacy.
Brief Summary of the Invention This invention comprises of one defined dynamic digital authentication system and its ap-plication to several Internet financial transaction protocols and one software installation protocol. The dynamic digital authentication system is defined as a security card with PIN
changing on each event or also known as dynamic PIN hold by a user and a server to certify the PIN entered by the user is correct. The dynamic PIN verification system provides a strong authentication method over open network such as Internet. Using this authentication system, several Internet financial transaction protocols are defined as IFT, which the server is mainly performed as both authentication and financial institute. In the Cyber Shopping Mall (CSM), the authentication server sits between the customer and vendor, and performs more like a virtue shopping mall. Besides, this invention describes an Internet Fund Trans-fer and Cyber Check protocol to provide authentication on Internet fund transfer. This invention further describes an authentication method in replacement of routine credit card transaction authentication method. The last part of the invention is the software installation authentication applied to against unauthorized software piracy. This system can also used
By using the card reader of the invention, the customer can facilitate the key-in of an authentication card PIN number to the computer. One more application of dynamic digital authentication is in the field of software installation authentication to prevent the software privacy.
Brief Summary of the Invention This invention comprises of one defined dynamic digital authentication system and its ap-plication to several Internet financial transaction protocols and one software installation protocol. The dynamic digital authentication system is defined as a security card with PIN
changing on each event or also known as dynamic PIN hold by a user and a server to certify the PIN entered by the user is correct. The dynamic PIN verification system provides a strong authentication method over open network such as Internet. Using this authentication system, several Internet financial transaction protocols are defined as IFT, which the server is mainly performed as both authentication and financial institute. In the Cyber Shopping Mall (CSM), the authentication server sits between the customer and vendor, and performs more like a virtue shopping mall. Besides, this invention describes an Internet Fund Trans-fer and Cyber Check protocol to provide authentication on Internet fund transfer. This invention further describes an authentication method in replacement of routine credit card transaction authentication method. The last part of the invention is the software installation authentication applied to against unauthorized software piracy. This system can also used
3 in remote access control.
Brief Description of Drawings Figure 1 illustrates the Format of PIN;
Figure 2 illustrates Dynamic Digital authentication Card Reader;
Figure 3 illustrates an Internet Financial Transaction Protocol;
Figure 4 illustrates Cyber Shopping Protocol, and Figure 5 illustrates Software Installation Authentication Detailed Description Event Driven Dynamic Digital Authentication System The hardware required by this invention is an event driven dynamic digital authentication system, namely, a dynamic authentication card hold by each user, an optional card reader to facilitate the input of PIN and a sever to perform the authentication. The card is virtually a pseudo random number sequence generator. It can also be installed in watches, electronic address books, palm pilots or home PC in either hardware or software form. The PIN dis-played on the card is as described in Figure 1, it is formed by two parts, a 2 digit event id and a 6 digit random number. On each time of transaction, the event id increased by one according to EventCountern+1 = (EventCountern + 1)mod100. The seed of the random number generator for each individual card is kept privately by the authentication sever so it is the only part that can reproduce the PIN other than the card itself. During the process of authentication, the server queries the account name and the PIN of the user via an open network such as Internet, the server then compute the PIN to see if it matches the number input by the user. If the match is positive, then the server determines the account user is the
Brief Description of Drawings Figure 1 illustrates the Format of PIN;
Figure 2 illustrates Dynamic Digital authentication Card Reader;
Figure 3 illustrates an Internet Financial Transaction Protocol;
Figure 4 illustrates Cyber Shopping Protocol, and Figure 5 illustrates Software Installation Authentication Detailed Description Event Driven Dynamic Digital Authentication System The hardware required by this invention is an event driven dynamic digital authentication system, namely, a dynamic authentication card hold by each user, an optional card reader to facilitate the input of PIN and a sever to perform the authentication. The card is virtually a pseudo random number sequence generator. It can also be installed in watches, electronic address books, palm pilots or home PC in either hardware or software form. The PIN dis-played on the card is as described in Figure 1, it is formed by two parts, a 2 digit event id and a 6 digit random number. On each time of transaction, the event id increased by one according to EventCountern+1 = (EventCountern + 1)mod100. The seed of the random number generator for each individual card is kept privately by the authentication sever so it is the only part that can reproduce the PIN other than the card itself. During the process of authentication, the server queries the account name and the PIN of the user via an open network such as Internet, the server then compute the PIN to see if it matches the number input by the user. If the match is positive, then the server determines the account user is the
4 proper card holder and authentication is completed. Since the PIN is generated by the card and only reproducible by the server, the information transmitted through the open network is secured. That is, even the third party intercepts the PIN on the network, he/she can not reproduce it in the future and thus, becomes useless information to the third party. If the card is lost or stolen, then person who gets the card can't use it without the knowledge of the account name of the card-holder. Meanwhile, the card itself can be password protected, that is, it only displays the PIN when you key in the password. This effectively prevents the malicious steal by someone who is familiar with the card-holder and knows his account name.
As the PIN is formed by 8 digits, an optional card reader described below is preferable to speed up the input of the PIN. The authentication card reader in this invention facili-tates reading in the PIN generated by the card. As key in a string of digits is tedious, the reader provides a faster means to read the PIN. The scheme of the reader is shown in Fig.
2; the authentication card has a sensor switch and an L.E.D. The photo diode or a micro mechanical sensor. The figure shows the sensor as a photo diode. If the card is not in the reader, the switch is off. When we insert the card to the reader, the sensor will detect light from the reader indicator. It then triggers the gate "on" so that the serial PIN signal can pass the gate and modulate the L.E.D to emit light pulses. As the insertion of the card also triggers the sensor of the reader to turn on the photo diode 2 in "read"
state, photo diode 2 then detects the light pulse train and decodes it into digital signal and sends to the computer.
Overall, the authentication process described above has significant improvement over con-ventional password authentication method.
This invention describes several protocols for Internet financial transaction, software in-stallation authentication, remote access control and routine credit card transaction. All the protocols require the dynamic digital authentication systems described above.
The initial stage is to setup the authentication and transaction system. A server should reside in a site maintained by a financial institution known as Credit Processor, and such site should be accessible by any user via Internet. To apply the membership of the authentication system, the user sends out personal information including credit card number, date of birth, etc. to the credit processor. This should be done off line of by sending encrypted message to keep the privacy of such information. Upon reviewing the application, the credit processor then grants the user a specific account name and a dynamic digital authentication card. The user's information will be saved in the secure database maintained by the credit processor.
The card will serve the user as both the personal ID and credit card in the protocols listed as following.
A. Internet Financial Transaction (IFT) Protocol The first protocol is the Internet financial transaction protocol used in on-line shopping, also known as e-commerce. Fig. 3 shows the overall electronic Internet Financial Transaction (IFT) protocol. The Online payment system is described as below:
1. The customer (the buyer) visits a registered cyber store and buys some items. At the stage to pay for the order, the seller posts the total price on the buyer's browser and asks for confirmation and the buyer's account name. The buyer should also have chances to justify or reject the purchase at this point. If the buyer is satisfied with the price, he then replies the confirmation message with his account name attached.
2. Upon receiving the confirmation message, the seller then composes and sends a format ted message to the credit processor to validate the transaction. The message should include both buyer's and seller's account name, the amount of the transaction and the IP address the buyer is logging on.
3. The credit processor after receiving the message posts the transaction to the buyer's browser directly and asks for confirmation and authentication. The buyer then trigger the authentication card to generate a new PIN and sends the confirmation back to the credit processor with the authentication PIN attached. If the credit processor does not receive the confirmation within a time window or the authentication PIN
does not match the PIN generated by the credit processor server after several trials, this transaction will be discarded and the invalidated confirmation will be sent to the seller.
The transaction should also be discarded if the buyer's account is over-limited.
4. On the other hand, if the confirmation is received with the proper PIN, the credit processor will confirm the transaction with the seller. After knowing that the seller has received the confirmation, the credit processor then update the database to complete the transaction with the two accounts.
As the PIN is formed by 8 digits, an optional card reader described below is preferable to speed up the input of the PIN. The authentication card reader in this invention facili-tates reading in the PIN generated by the card. As key in a string of digits is tedious, the reader provides a faster means to read the PIN. The scheme of the reader is shown in Fig.
2; the authentication card has a sensor switch and an L.E.D. The photo diode or a micro mechanical sensor. The figure shows the sensor as a photo diode. If the card is not in the reader, the switch is off. When we insert the card to the reader, the sensor will detect light from the reader indicator. It then triggers the gate "on" so that the serial PIN signal can pass the gate and modulate the L.E.D to emit light pulses. As the insertion of the card also triggers the sensor of the reader to turn on the photo diode 2 in "read"
state, photo diode 2 then detects the light pulse train and decodes it into digital signal and sends to the computer.
Overall, the authentication process described above has significant improvement over con-ventional password authentication method.
This invention describes several protocols for Internet financial transaction, software in-stallation authentication, remote access control and routine credit card transaction. All the protocols require the dynamic digital authentication systems described above.
The initial stage is to setup the authentication and transaction system. A server should reside in a site maintained by a financial institution known as Credit Processor, and such site should be accessible by any user via Internet. To apply the membership of the authentication system, the user sends out personal information including credit card number, date of birth, etc. to the credit processor. This should be done off line of by sending encrypted message to keep the privacy of such information. Upon reviewing the application, the credit processor then grants the user a specific account name and a dynamic digital authentication card. The user's information will be saved in the secure database maintained by the credit processor.
The card will serve the user as both the personal ID and credit card in the protocols listed as following.
A. Internet Financial Transaction (IFT) Protocol The first protocol is the Internet financial transaction protocol used in on-line shopping, also known as e-commerce. Fig. 3 shows the overall electronic Internet Financial Transaction (IFT) protocol. The Online payment system is described as below:
1. The customer (the buyer) visits a registered cyber store and buys some items. At the stage to pay for the order, the seller posts the total price on the buyer's browser and asks for confirmation and the buyer's account name. The buyer should also have chances to justify or reject the purchase at this point. If the buyer is satisfied with the price, he then replies the confirmation message with his account name attached.
2. Upon receiving the confirmation message, the seller then composes and sends a format ted message to the credit processor to validate the transaction. The message should include both buyer's and seller's account name, the amount of the transaction and the IP address the buyer is logging on.
3. The credit processor after receiving the message posts the transaction to the buyer's browser directly and asks for confirmation and authentication. The buyer then trigger the authentication card to generate a new PIN and sends the confirmation back to the credit processor with the authentication PIN attached. If the credit processor does not receive the confirmation within a time window or the authentication PIN
does not match the PIN generated by the credit processor server after several trials, this transaction will be discarded and the invalidated confirmation will be sent to the seller.
The transaction should also be discarded if the buyer's account is over-limited.
4. On the other hand, if the confirmation is received with the proper PIN, the credit processor will confirm the transaction with the seller. After knowing that the seller has received the confirmation, the credit processor then update the database to complete the transaction with the two accounts.
5. After receiving the confirmation from the credit processor, the seller can then finalize the transaction by sending out the items ordered to the buyer.
6. The messages communicating between the parties are encrypted by standard means (SSL) to have a first level protection. Since the account information is stored in private database of the credit processor, no sensitive information will propagate over the Internet. It virtually eliminates the possibility that information like date of birth, credit card number etc., be intercepted by the unanticipated party or even by the seller.
The risk of credit card or bank-card fraud will even be much lower than conventional credit card payment method in our daily life. Also, we assume prohibiting the reuse of one PIN, that is, after one purchase, the buyer shouldn't make another purchase before updating the PIN. Even the third party intercepts the account name and PIN, it becomes impossible for him to use this information to perform a fraudulent use since his false transaction is always check in late than the true one. In the worst case that
The risk of credit card or bank-card fraud will even be much lower than conventional credit card payment method in our daily life. Also, we assume prohibiting the reuse of one PIN, that is, after one purchase, the buyer shouldn't make another purchase before updating the PIN. Even the third party intercepts the account name and PIN, it becomes impossible for him to use this information to perform a fraudulent use since his false transaction is always check in late than the true one. In the worst case that
7 the unanticipated party does succeed in a fraud, it is easy to trace him out since all the transaction are done within the registered accounts.
B. Cyber Shopping Mall (CSM) Protocol An alternative protocol called Cyber Shopping Mall (CSM) Protocol is shown in Fig. 4.
The authentication server now resides in a cyber shopping mall site. The customer can land on the site and visit vendor's store via shopping mall's frame. The payment transaction is directly performed between the server and the buyer, and thus simplify the steps described by the IFT protocol.
C. Internet end Transfer and Cyber Check Although the above description is for Internet shopping, this payment system is also suitable for other e-commerce transactions; namely, a customer can transfer fund to another registered customer's account on the Internet using authentication card. Also it's possible to generate a cyber check to an unregistered customer. For example, a person A can issue or register a check payable to person B at the credit processor authenticated by his PIN.
Then he can print a copy of the check out and hand it to B. Person B can then deposit it to his bank account as a real check. The check can then be cleared between the bank and the credit processor.
D. Replacement of Routine Credit Card Use of the dynamic authentication system is also a good replacement of conventional credit card and direct payment method. Conventionally, the credit card number or bank card number is statically read into merchant's <:ard reader, and the bank card holder may then key in his/her password to authenticate. However, the merchant may intercept the card number
B. Cyber Shopping Mall (CSM) Protocol An alternative protocol called Cyber Shopping Mall (CSM) Protocol is shown in Fig. 4.
The authentication server now resides in a cyber shopping mall site. The customer can land on the site and visit vendor's store via shopping mall's frame. The payment transaction is directly performed between the server and the buyer, and thus simplify the steps described by the IFT protocol.
C. Internet end Transfer and Cyber Check Although the above description is for Internet shopping, this payment system is also suitable for other e-commerce transactions; namely, a customer can transfer fund to another registered customer's account on the Internet using authentication card. Also it's possible to generate a cyber check to an unregistered customer. For example, a person A can issue or register a check payable to person B at the credit processor authenticated by his PIN.
Then he can print a copy of the check out and hand it to B. Person B can then deposit it to his bank account as a real check. The check can then be cleared between the bank and the credit processor.
D. Replacement of Routine Credit Card Use of the dynamic authentication system is also a good replacement of conventional credit card and direct payment method. Conventionally, the credit card number or bank card number is statically read into merchant's <:ard reader, and the bank card holder may then key in his/her password to authenticate. However, the merchant may intercept the card number
8 and/or password. This is the main source of credit card fraud. By using the authentication card, the PIN now becomes dynamic, that means, even the merchant intercept the PIN, he/she can not reuse it unless he/she can decipher the cryptology. This will significantly lower the risk as using the conventional means of credit card transaction. In the case the digital authentication card is lost by the customer, the person who finds it unless he knows the card owner's account name can not use it.
E. Software Installation Authentication Protocol Another application of the dynamic authentication system is in software installation authen-tication. As the current protection against software piracy is poor, anyone with a hard copy of CD key can easily install pirated software with little difficulty. In this new protocol, a customer is assumed to own an authentication card and each software CD is distinguished by a serial code. The software in the CD is encrypted by conventional cryptography method.
The key can be stored in the CD or obtained from the manufacturer. At the first installation of the software, the installation program will query the customer's account name and the dynamic PIN displayed on the card. The setup program then sends the information to man-ufacturer's server via a modem. The manufacturer's server then forwards the information to authentication server for validation. After received the positive confirmation, the manu-facturer's server will then grant the access of private key for the CD to the setup program and register the CD according to its serial number. The setup program can then decrypted the CD and install the software. In the case the authentication result is negative or some other users previously register the CD, the CD will be considered as pirated and the setup program will stop installing the software.
E. Software Installation Authentication Protocol Another application of the dynamic authentication system is in software installation authen-tication. As the current protection against software piracy is poor, anyone with a hard copy of CD key can easily install pirated software with little difficulty. In this new protocol, a customer is assumed to own an authentication card and each software CD is distinguished by a serial code. The software in the CD is encrypted by conventional cryptography method.
The key can be stored in the CD or obtained from the manufacturer. At the first installation of the software, the installation program will query the customer's account name and the dynamic PIN displayed on the card. The setup program then sends the information to man-ufacturer's server via a modem. The manufacturer's server then forwards the information to authentication server for validation. After received the positive confirmation, the manu-facturer's server will then grant the access of private key for the CD to the setup program and register the CD according to its serial number. The setup program can then decrypted the CD and install the software. In the case the authentication result is negative or some other users previously register the CD, the CD will be considered as pirated and the setup program will stop installing the software.
9 F. Remote Access Control The event driven dynamic digital PIN authentication can also be used in remote access control. Similar product is available from Security Dynamics' remote access control card.
Such card update the PIN every 6 seconds, which is inconvenient for the user to keyin the PIN. Using event driven PIN, the user trigger a new PIN only when he attemps to login his account. It's much more convenient than the formerly described method since the PIN
won't change in a short time window.
Such card update the PIN every 6 seconds, which is inconvenient for the user to keyin the PIN. Using event driven PIN, the user trigger a new PIN only when he attemps to login his account. It's much more convenient than the formerly described method since the PIN
won't change in a short time window.
Claims
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA 2267672 CA2267672A1 (en) | 1999-02-15 | 1999-02-15 | Event driven dynamic digital authentication and its applications to internet financial transaction, software installation authentication, routine credit card/bank card user authentication and remote access control |
| CA 2291430 CA2291430A1 (en) | 1999-01-28 | 1999-12-01 | Internet transaction security system |
| CN 00102265 CN1268721A (en) | 1999-02-15 | 2000-02-15 | International internet business safety system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA 2267672 CA2267672A1 (en) | 1999-02-15 | 1999-02-15 | Event driven dynamic digital authentication and its applications to internet financial transaction, software installation authentication, routine credit card/bank card user authentication and remote access control |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2267672A1 true CA2267672A1 (en) | 2000-08-15 |
Family
ID=4163426
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA 2267672 Abandoned CA2267672A1 (en) | 1999-01-28 | 1999-02-15 | Event driven dynamic digital authentication and its applications to internet financial transaction, software installation authentication, routine credit card/bank card user authentication and remote access control |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN1268721A (en) |
| CA (1) | CA2267672A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2007261072B2 (en) * | 2006-06-19 | 2011-07-07 | Visa U.S.A. Inc. | Consumer authentication system and method |
| US8380629B2 (en) | 2007-06-25 | 2013-02-19 | Visa U.S.A. Inc. | Seeding challenges for payment transactions |
| US8601277B2 (en) | 2002-05-29 | 2013-12-03 | Sony Corporation | Information processing system |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE10353853A1 (en) * | 2003-11-18 | 2005-06-30 | Giesecke & Devrient Gmbh | Authorization of a transaction |
| JP4257277B2 (en) * | 2004-08-25 | 2009-04-22 | 株式会社東芝 | Wireless tag device, tag identification device, and wireless communication system |
| CN101197667B (en) * | 2007-12-26 | 2010-07-14 | 北京飞天诚信科技有限公司 | Dynamic password authentication method |
| CN105046492B (en) * | 2015-07-10 | 2022-04-05 | 苏州海博智能系统有限公司 | Authorized consumption method and system |
-
1999
- 1999-02-15 CA CA 2267672 patent/CA2267672A1/en not_active Abandoned
-
2000
- 2000-02-15 CN CN 00102265 patent/CN1268721A/en active Pending
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8601277B2 (en) | 2002-05-29 | 2013-12-03 | Sony Corporation | Information processing system |
| US8909935B2 (en) | 2002-05-29 | 2014-12-09 | Sony Corporation | Information processing system |
| US9858456B2 (en) | 2002-05-29 | 2018-01-02 | Sony Corporation | Information processing system |
| US10521624B2 (en) | 2002-05-29 | 2019-12-31 | Sony Corporation | Object device including an IC chip |
| AU2007261072B2 (en) * | 2006-06-19 | 2011-07-07 | Visa U.S.A. Inc. | Consumer authentication system and method |
| US8135647B2 (en) | 2006-06-19 | 2012-03-13 | Visa U.S.A. Inc. | Consumer authentication system and method |
| US10089624B2 (en) | 2006-06-19 | 2018-10-02 | Visa U.S.A. Inc. | Consumer authentication system and method |
| US11107069B2 (en) | 2006-06-19 | 2021-08-31 | Visa U.S.A. Inc. | Transaction authentication using network |
| US11488150B2 (en) | 2006-06-19 | 2022-11-01 | Visa U.S.A. Inc. | Consumer authentication system and method |
| US12002037B2 (en) | 2006-06-19 | 2024-06-04 | Visa U.S.A. Inc. | Consumer authentication system and method |
| US8380629B2 (en) | 2007-06-25 | 2013-02-19 | Visa U.S.A. Inc. | Seeding challenges for payment transactions |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1268721A (en) | 2000-10-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7003501B2 (en) | Method for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites | |
| US6748367B1 (en) | Method and system for effecting financial transactions over a public network without submission of sensitive information | |
| ES2748847T3 (en) | Secure payment card transactions | |
| US8744938B1 (en) | Secure single-use transaction numbers | |
| US7770789B2 (en) | Secure payment card transactions | |
| US7891563B2 (en) | Secure payment card transactions | |
| US7841523B2 (en) | Secure payment card transactions | |
| RU2145439C1 (en) | Trusted agents for open distribution of electronic cash | |
| US5956699A (en) | System for secured credit card transactions on the internet | |
| CN101299255B (en) | Online transaction processing system | |
| US20060190412A1 (en) | Method and system for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites | |
| US20070170247A1 (en) | Payment card authentication system and method | |
| US20040107163A1 (en) | Technique for securely conducting online transactions | |
| JP2002508552A (en) | System and method for providing confidential presentation and payment through an open network | |
| PT1316076E (en) | Code identification method and system | |
| CN103282923A (en) | Integration of verification tokens with portable computing devices | |
| JP2004524605A (en) | Authentication system | |
| HU221396B1 (en) | A method for exchanging currencies | |
| GB2546740A (en) | Electronic payment system and method | |
| US20020032662A1 (en) | System and method for servicing secure credit/debit card transactions | |
| KR20000012391A (en) | Method and system for electronic payment via internet | |
| EP0848343A2 (en) | Shopping system | |
| JPH09297789A (en) | System and method for electronic transaction settlement management | |
| GB2352861A (en) | Payment transaction system | |
| CA2267672A1 (en) | Event driven dynamic digital authentication and its applications to internet financial transaction, software installation authentication, routine credit card/bank card user authentication and remote access control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Dead |