WO2012167941A1 - Method to validate a transaction between a user and a service provider - Google Patents

Method to validate a transaction between a user and a service provider Download PDF

Info

Publication number
WO2012167941A1
WO2012167941A1 PCT/EP2012/002436 EP2012002436W WO2012167941A1 WO 2012167941 A1 WO2012167941 A1 WO 2012167941A1 EP 2012002436 W EP2012002436 W EP 2012002436W WO 2012167941 A1 WO2012167941 A1 WO 2012167941A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user
mobile terminal
service provider
text
Prior art date
Application number
PCT/EP2012/002436
Other languages
French (fr)
Inventor
Jorge Marcelo Campos
Original Assignee
Gemalto Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto Sa filed Critical Gemalto Sa
Publication of WO2012167941A1 publication Critical patent/WO2012167941A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Definitions

  • the present invention relates generally to mobile electronic transactions, and more specifically to validate said transaction by authenticating the identity of payer during mobile transactions.
  • Cashless sales transactions such as those occurring online, through mobile devices, through the mail, or over the telephone, involve payments ; that are not guaranteed to the merchant.
  • Online transactions include those that are conducted, for example, over the Internet. No guarantee is provided primarily because the payers are not authenticated in such non face-to-face transactions, thereby allowing many risks to accompany the "card not present" transactions.
  • risks involve issues such as fraud for both merchants and cardholders, and an increased perception that buying goods and services online or through mobile devices is not safe and secure, which may keep some consumers from buying online.
  • Other examples of risks include the unauthorized use of stolen account information to purchase goods and services online, fabrication of card account numbers to make fraudulent online purchases, and extraction of clear text account information from network traffic.
  • OTP one time passwords
  • SMS unstructured supplementary service data
  • USSD unstructured supplementary service data
  • e-mail short messages e-mail short messages
  • data transmitted under form of such text messages may be decoded by third parties with a suitable digital receiver.
  • the messages are usually stored in the mobile terminal's memory. Thus any third party gaining access to the terminal may read the messages.
  • the user of a mobile terminal cannot necessarily be identified in many cases.
  • the identity of the sender of the message may be concealed to the receiving user, or the recipient of the message may not be that intended by the sender.
  • a system for authenticating the identity of the user in an online or mobile transaction would be desirable.
  • Such a validating transaction system should be relatively easy to implement and use, require a minimal investment of resources, and provide a high level of interoperability between the system's participants.
  • various aspects of the present invention provide an authentication method so as to make it possible to establish an encrypted SMS authentication session between an authentication application of the mobile terminal's smart card of the user and a trusted third party in the network side when transaction exchange occurs between the user and a service provider.
  • the authentication method of the invention processedthrough SMS technology, guarantees the security of communication between the mobile terminal and the third party without requiring extra hardware or special client software to be installed on the user mobile terminal nor increasing the existing communication protocols, signaling resources and operation costs.
  • the authentication method of the invention it is not just the identity of the user to guarantee but also that the user is really willing to make the transaction and that no one can trick the user by showing other information. .
  • an object of the invention is a method to validate a transaction between a mobile terminal of the user and a requesting service provider via an authentication server, said method comprising:
  • said mobile terminal comprising a smart card wherein is stored a cryptographic key shared with the authentication server
  • this authentication request comprising a confirmation message of the transaction and a request for entering user authentication information
  • one or more embodiments comprise the features hereinafter fully described and particularly pointed out in the claims.
  • FIG.1 , FIG.2 and FIG.3 schematically illustrate embodiments of a system architecture that supports the transaction validation method of the present invention.
  • FIG.4 illustrates the process through which a transaction between a user and a service provider is validated according to one embodiment of the present invention.
  • connection can refer to a functional connection and not necessary to a physical connection.
  • FIG. 1 shows a block diagram representing a system in which a user is authenticated by an authentication server 12 during a transaction processing with a service provider 11.
  • This transaction processing can be any transaction wherein the identity of the user has to be authenticated like payment transaction, purchase transaction, banking transaction, booking transaction and so on.
  • the transaction processing is a payment transaction.
  • the service provider 11 can access to the authentication server 12 over an appropriate telecommunication network 16 (for example over Internet).
  • the sessions between the service providers 11 and the authentication server 12 are preferably secured.
  • the mobile terminal 10 of the user may be a mobile telephone, a personal digital assistant, a computer (e.g. palmtop or laptop) or any other digital device able to perform data communication with the service provider 11.
  • the mobile terminallO is suitably coupled to the service provider 11 via data links 13.
  • a variety of conventional communications media and protocols may be used for data links 13.
  • Such as, for example, a connection to the service provider 11 via Internet is typically used in connection with standard modem communication, cable modem, Dish networks, ISDN, Digital Subscriber Line (DSL), or various wireless communication methods.
  • the data links 13 is a SMS communication. In another embodiment variant, the data links 13 is an unstructured supplementary service data (USSD) communication.
  • USSD unstructured supplementary service data
  • the USSD technology allows the user of the mobile terminal 10 to communicate with the service provider 11 in a way that is transparent to the user and the service provider.
  • the service provider 11 makes available an offer, for example product, service or information (like a weather report or a list of restaurants in a city). It may be a web e-commerce server, a financial institution, third-party accounts (e.g., PayPal transactions, or the like) and so on.
  • the user would like to order a specific product or service of the service provider 11.
  • the user can have the corresponding offer of the service provider 1 1 displayed by his mobile user 0 by entering the URL address's service provider in a browser of his mobile.
  • the order session between the service provider 1 1 and the mobile terminal 10 can be secured or not.
  • the mobile terminal 10 can use USSD or SMS to enter the information inquiry corresponding to the offer of the service provider 11. After that the offer is selected by the user, the service provider initiates a payment transaction process. During this payment transaction, the service provider initiates an authentication process of the user.
  • the mobile terminal 10 comprises a smart card 15 (like SIM card or a USIM card) which is connected to or inserted into the said mobile terminal
  • Smart card 15 comprises an authentication application which is able to participate to the identification and the authentication of the order's user.
  • the smart card 15 comprises a cryptographic key shared with the authentication server 12.
  • the service provider 11 During this payment transaction process the service provider 11 generates a confirmation message.
  • the service provider 11 transmits to the authentication server 12 an authorization request comprising the confirmation message and identification information of the mobile terminal 10 (like its IMSI) to validate the payment transaction.
  • the authentication server 12 Upon reception, the authentication server 12 establishes an authentication session 18 with the mobile terminal 10.
  • the authentication session 18 is effected by using Short Message Service (SMS) technology without requiring extra hardware or special client software to be installed on the mobile terminal because the Short Message Service (SMS) is a service which is implemented in almost all mobile terminals.
  • SMS Short Message Service
  • the information exchanged between the authentication application and the authentication server 12 through the SMS channels can be protected.
  • cryptography is utilized to transform this information into an unintelligible form.
  • the authentication application and the authentication server 1 2 can use several procedures and protocols of algorithms currently used to encrypt and decrypt data.
  • the service provider 11 comprises the authentication server 12.
  • FIG. 2 illustrates another embodiment in which a user is authenticated by the authentication server 12 during a transaction with a service provider
  • the embodiment illustrated in FIG.2 comprises a gateway router 17 sets between the mobile terminal 10 and the service provider 11 . and the authentication server 12.
  • the gateway router 17 is a software interface, a computer or a network that allows and controls access between the three entities (service providers 11 , authentication server 12 and mobile terminal 10). The communication sessions between the service providers 11 or the authentication server 12 and the gateway router 17 are preferably secured.
  • the gateway router 17 transmits to the authentication server authorization request comprising the confirmation message generated by the service provider 11 to validate the payment transaction.
  • the mobile terminal 10 communicates with the authentication server 12 via the gateway router 17 to authenticate the user by SMS channels.
  • FIG. 3 illustrates another embodiment in which the payment transaction process is initiated by an intermediate application 14 after that the offer is selected by the user.
  • This intermediate process 14 is stored, preferably, into the smart card.
  • the intermediate application is stored into a program memory of the mobile terminal 10.
  • the intermediate application 14 during this payment transaction, generates the confirmation message and sends it to the service provider 11 which transmits to the authentication server 12 the authorization request comprising this confirmation message to validate the payment transaction.
  • FIG. 4 illustrated is an exemplary user authentication processing flow 20.
  • the gateway router 17 is not illustrated. It should be understood that the presence or not of the gateway does not change the working of the invention.
  • a communication is initiated from mobile terminal 10 to select an offer of the service provider 11 , such as by entering a short code like *123# *#123# in a USSD communication.
  • a short code like *123# *#123# in a USSD communication.
  • the communication can be initiated utilizing different communication technologies above described.
  • This confirmation message comprises a content which can be written like:
  • the service provider 11 transmits to the authentication server 12 the authorization request to validate the payment transaction comprising notably a text and the identity of the mobile terminal 10 of the user.
  • the text is a text file structured as a sequence of lines consisting solely of printable characters from a recognized character set.
  • the text corresponds to the content of the confirmation message.
  • the text comprises additional content generated randomly by the service provider 1 1 .
  • a SMS dialog between the mobile terminal 10 and the authentication server 12 is opened when the authentication server 12 received the authorization request.
  • the authentication server 12 computes a hash value from the text according to a well known hash function like SHA, MD5 and so on.
  • the authentication server 12 comprises a hardware security module 12a (HSM) which handles storage of keys and cryptographic functionality able to compute the hash value.
  • HSM hardware security module
  • the authentication server 12 can be also protected both by a firewall and by physical security (not represented) to prevent, reduce or deter unauthorized access.
  • a MAC algorithm is used by the HSM 12a as Hash Function to computes a MacText.
  • the MAC function sometimes called a keyed (cryptographic) hash function, received as input the cryptographic key shared with the smart card 15 and the text to be authenticated.
  • the MAC function provides as output, at step 23, the MacText which protects both the text's data integrity as well as its authenticity, by allowing smart card 15 to detect any changes to the text content.
  • the text can be encrypted according to well known encryption algorithm by the HSM 12a before to set it as input of the MAC function.
  • the authentication server 12 elaborates an authentication request comprising notably the text, the MacText and a request for entering authentication information.
  • the authentication information corresponds to the identity authenticating token of the user which can be a PIN code, a response to a question, and so on.
  • the authentication request is sent to the smart card 15 of the mobile terminal 10 by SMS channels thanks to a telephony service provider 12b of the authentication server 12.
  • the smart card 15 When the smart card 15 receives the authentication request, it performs a checking application for the integrity and the authentication of the text.
  • the checking application runs the received text through the same MAC algorithm using the cryptographic key stored into its database to produce a second MacText.
  • the checking application compares the first MacText received in the transmission to the second generated MacText. If they are identical, the checking application can safely assume that the integrity of the text was not compromised, and the text was not altered or tampered with during transmission. In this case, the smart card 15 performs the authentication application. Otherwise, the authentication process is interrupted and a rejection message is sent to the authentication server 12 in response to the authentication request. This rejection message can contain the reasons of this interruption.
  • the authentication application comprises the checking application.
  • the authentication application transmits, at step 25, the text to the mobile terminal 10 and the request for entering authentication information to submit them to the user.
  • this text and this request are displayed on the screen of the mobile terminal in a humah-readable content.
  • this text and this request can be presented to the user as an audible request or through another technique.
  • the user validates the message confirmation and enters authentication information, for example a PIN code.
  • the validation of the message confirmation and the entering of the authentication information can be entered using a keypad of the mobile terminal 10, through voice recognition, or through another means that are in a format understandable by the authentication application of the smart card 15. If the message confirmation is not validated by the user, the authentication process is interrupted and the rejection message is sent to the authentication server in response to the authentication request.
  • the authentication application encrypts the authentication information entered by the user with the key stored into the smart card 15.
  • the authentication application sends the encrypted authentication information to the authentication server 12 in response to the authentication request through the SMS channels.
  • the authentication application sends the encrypted authentication information with the text and the MacText to the authentication server 12 in response to the authentication request to protect the authenticity of the said response.
  • the authentication application runs a digital signature scheme (well know in the art) on the encrypted authentication information, the text and the MacText using the key stored in the smart card to producing a signature.
  • a digital signature scheme well know in the art
  • the authentication application forwards to the authentication server 12 the signature through the SMS channels as response to the authentication request.
  • the aim of this signature is to give the authentication server 2 reason to believe that the received message is created and sent by the claimed user.
  • the telephony service provider 12b of the authentication server 12 transmits the received response (signature) to the HSM 12a.
  • the HSM 12a translates, at step 28, the signature according ⁇ to standard decryption techniques to obtain the text, MacText and the encrypted authentication information.
  • the HSM 12a performs a checking application for the integrity and the authentication of the text as described above. If the first MacText received is identical to the second generated MacText then the checking application can safely assume that the integrity of the text was not compromised. In this case, the authentication server 12 continues the authentication process. Otherwise, the authentication process is interrupted.
  • the HSM 12a translates, at step 30, the encrypted authentication information according to standard decryption techniques.
  • the TSP 12b transmits, at step 31 , the translated authentication information (and the text or.not) to the service provider 11 in response to its authorization request.
  • the service provider 11 comprises a database containing identifications information about the users already enrolled. These identifications information contains information concerning accou nt information, services authorized to the user, the authentication information such as PIN code etc...
  • the service provider 11 verifies.the authentication information returned by the authentication server 12 during the payment transaction by comparing these data to the identifications information stored into the database. If the information authentication does not fall within the identifications information stored into the database, then the service provider 11 can refuse further service to the user. On the other hand, if the PIN code or the information authentication is determined to be within the database, then the transaction process is ended.
  • the authentication server 12 may comprise the database containing identifications information about the users. In this case, after step 30, the authentication server 12 checks itself that the information authentication falls within the identifications information stored into its database. The authentication server 12 authorizes the payment transaction and provides to the service provider 11 a confirmation code of the payment transaction. If the payment is not authorized, the authentication server 12 can notify the service provider 11 who can determine whether the payment transaction should be resent of if the transaction should not be allowed to proceed (e.g., the user is not the owner of the account).

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

This invention describes a method to validate a transaction between a mobile terminal of the user and a requesting service provider via an authentication server. For that, a SMS authentication session is established between the authentication application of the mobile terminal's smart card of the user and a trusted third party in the network side when transaction exchange occurs between the user and the service provider. The authentication method of the invention, processed through SMS technology, guarantees the security of communication between the mobile terminal and the third party without requiring extra hardware or special client software to be installed on the user mobile terminal nor increasing the existing communication protocols, signaling resources and operation costs. Moreover, with the authentication method of the invention it is not just the identity of the user to guarantee but also that the user is really willing to make the transaction and that no one tricked the user by showing other information.

Description

Method to validate a transaction between a user and a service provider
Field of the Invention
The present invention relates generally to mobile electronic transactions, and more specifically to validate said transaction by authenticating the identity of payer during mobile transactions.
Description of the Prior Art
. Cashless sales transactions, such as those occurring online, through mobile devices, through the mail, or over the telephone, involve payments ; that are not guaranteed to the merchant. Online transactions include those that are conducted, for example, over the Internet. No guarantee is provided primarily because the payers are not authenticated in such non face-to-face transactions, thereby allowing many risks to accompany the "card not present" transactions.
Such risks involve issues such as fraud for both merchants and cardholders, and an increased perception that buying goods and services online or through mobile devices is not safe and secure, which may keep some consumers from buying online. Other examples of risks include the unauthorized use of stolen account information to purchase goods and services online, fabrication of card account numbers to make fraudulent online purchases, and extraction of clear text account information from network traffic.
Given the continued expected high growth of electronic commerce, it is important to provide methods to authenticate payers. This will benefit all payment system participants including cardholders, merchants, and financial institutions. Authenticating the payer during online payment transactions will reduce the levels of fraud, disputes, retrievals and charge-backs, which subsequently will-.reduce the costs associated with each of these events.
Prior systems used to authenticate consumers during online transactions have not been widely adopted because these systems, like wPKI, were difficult to use, had complex designs, required significant up-front investment by system participants and lacked interoperability. Certain prior systems additionally required the creation, distribution and use of certificates by merchants, cardholders, issuers and acquirers. Such use of certificates is known to be quite burdensome.
Other prior systems allow a trusted party to verify the payer's identity using an authentication like one time passwords (OTP) technique. The OTP is packed i n o n e o r mo re text messages, like SMS, unstructured supplementary service data (USSD) or e-mail short messages, and are transmitted to the mobile terminal of the payer. However, data transmitted under form of such text messages may be decoded by third parties with a suitable digital receiver. Moreover, the messages are usually stored in the mobile terminal's memory. Thus any third party gaining access to the terminal may read the messages.
Additionally, the user of a mobile terminal cannot necessarily be identified in many cases. Especially by transmitting a SMS message the delivery known mechanisms, the identity of the sender of the message may be concealed to the receiving user, or the recipient of the message may not be that intended by the sender.
In view of the foregoing, a system for authenticating the identity of the user in an online or mobile transaction would be desirable. Such a validating transaction system should be relatively easy to implement and use, require a minimal investment of resources, and provide a high level of interoperability between the system's participants.
Brief summary of the invention
The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. Its purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is presented later.
In accordance with one or more embodiments and corresponding disclosure thereof, various aspects of the present invention provide an authentication method so as to make it possible to establish an encrypted SMS authentication session between an authentication application of the mobile terminal's smart card of the user and a trusted third party in the network side when transaction exchange occurs between the user and a service provider. The authentication method of the invention, processedthrough SMS technology, guarantees the security of communication between the mobile terminal and the third party without requiring extra hardware or special client software to be installed on the user mobile terminal nor increasing the existing communication protocols, signaling resources and operation costs.
With the authentication method of the invention it is not just the identity of the user to guarantee but also that the user is really willing to make the transaction and that no one can trick the user by showing other information. .
In a preferred embodiment, an object of the invention is a method to validate a transaction between a mobile terminal of the user and a requesting service provider via an authentication server, said method comprising:
- establishing a SMS channel between the mobile terminal and the authentication server, said mobile terminal comprising a smart card wherein is stored a cryptographic key shared with the authentication server,
- transmitting to the smart card an authentication request from the authentication server, this authentication request comprising a confirmation message of the transaction and a request for entering user authentication information,
- performing an authentication application supported by the smart card to challenge the user for a validation of the message confirmation and an authentication information entered by the user, said authentication information being encrypted by the key,
- transmitting the encrypted authentication information from the mobile terminal through the SMS channel to the authentication server, in response to the authentication request,
- validating the transaction if the authentication information matches identifications information stored in users identifications information database.
To the accomplishment of the foregoing and related ends, one or more embodiments comprise the features hereinafter fully described and particularly pointed out in the claims.
Brief description of the drawings
The following description and the annexed drawings set forth in detail certain illustrative aspects and are indicative of but a few of the various ways in which the principles of the embodiments may be employed. Other advantages and novel features will become apparent from the following detailed description when considered in conjunction with the drawings and the disclosed embodiments are intended'to include all such aspects and their equivalents.
FIG.1 , FIG.2 and FIG.3 schematically illustrate embodiments of a system architecture that supports the transaction validation method of the present invention.
FIG.4 illustrates the process through which a transaction between a user and a service provider is validated according to one embodiment of the present invention.
Detailed description of the invention
The present invention will now be described in detail with reference to a few preferred embodiments as illustrated in the accompanying drawings. In the following description, numerous specific details are set forth in order to provide a thorough u nderstandi ng of the present invention. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without some or all of these specific details. In other instances, well known operations have not been described in detail so not to unnecessarily obscure the present invention.
The invention will now be described with reference to the figures. I n the drawings, like or similar elements are designated with identical reference numerals throughout the several views. The depicted lines between the elements represent connections between these elements. The arrows represent connections wherein a direction of a message from one element to another element is .shown. The term connection can refer to a functional connection and not necessary to a physical connection.
It may be recalled that, in the description, when an action is attributed to a microprocessor, an application or to a device comprising a microprocessor, this action is performed by the microprocessor controlled by instruction codes recorded in a memory of this device.
FIG. 1 shows a block diagram representing a system in which a user is authenticated by an authentication server 12 during a transaction processing with a service provider 11. This transaction processing can be any transaction wherein the identity of the user has to be authenticated like payment transaction, purchase transaction, banking transaction, booking transaction and so on. In the embodiments illustrated by the drawings, the transaction processing is a payment transaction.
The service provider 11 can access to the authentication server 12 over an appropriate telecommunication network 16 (for example over Internet). The sessions between the service providers 11 and the authentication server 12 are preferably secured.
The mobile terminal 10 of the user may be a mobile telephone, a personal digital assistant, a computer (e.g. palmtop or laptop) or any other digital device able to perform data communication with the service provider 11.
The mobile terminallO is suitably coupled to the service provider 11 via data links 13. A variety of conventional communications media and protocols may be used for data links 13. Such as, for example, a connection to the service provider 11 via Internet is typically used in connection with standard modem communication, cable modem, Dish networks, ISDN, Digital Subscriber Line (DSL), or various wireless communication methods.
In one embodiment variant, the data links 13 is a SMS communication. In another embodiment variant, the data links 13 is an unstructured supplementary service data (USSD) communication. The USSD technology allows the user of the mobile terminal 10 to communicate with the service provider 11 in a way that is transparent to the user and the service provider.
The service provider 11 makes available an offer, for example product, service or information (like a weather report or a list of restaurants in a city). It may be a web e-commerce server, a financial institution, third-party accounts (e.g., PayPal transactions, or the like) and so on.
In a first step well known, the user would like to order a specific product or service of the service provider 11. In a embodiment, the user can have the corresponding offer of the service provider 1 1 displayed by his mobile user 0 by entering the URL address's service provider in a browser of his mobile. The order session between the service provider 1 1 and the mobile terminal 10 can be secured or not.
In another embodiment, the mobile terminal 10 can use USSD or SMS to enter the information inquiry corresponding to the offer of the service provider 11. After that the offer is selected by the user, the service provider initiates a payment transaction process. During this payment transaction, the service provider initiates an authentication process of the user.
The mobile terminal 10 comprises a smart card 15 (like SIM card or a USIM card) which is connected to or inserted into the said mobile terminal
10. Smart card 15 comprises an authentication application which is able to participate to the identification and the authentication of the order's user. The smart card 15 comprises a cryptographic key shared with the authentication server 12.
During this payment transaction process the service provider 11 generates a confirmation message. The service provider 11 transmits to the authentication server 12 an authorization request comprising the confirmation message and identification information of the mobile terminal 10 (like its IMSI) to validate the payment transaction.
Upon reception, the authentication server 12 establishes an authentication session 18 with the mobile terminal 10. The authentication session 18 is effected by using Short Message Service (SMS) technology without requiring extra hardware or special client software to be installed on the mobile terminal because the Short Message Service (SMS) is a service which is implemented in almost all mobile terminals. I n an embodiment, the information exchanged between the authentication application and the authentication server 12 through the SMS channels can be protected. In this case, cryptography is utilized to transform this information into an unintelligible form. For that, the authentication application and the authentication server 1 2 can use several procedures and protocols of algorithms currently used to encrypt and decrypt data.
In an embodiment variant, the service provider 11 comprises the authentication server 12.
FIG. 2 illustrates another embodiment in which a user is authenticated by the authentication server 12 during a transaction with a service provider
11. The embodiment illustrated in FIG.2 comprises a gateway router 17 sets between the mobile terminal 10 and the service provider 11 .and the authentication server 12.
The gateway router 17 is a software interface, a computer or a network that allows and controls access between the three entities (service providers 11 , authentication server 12 and mobile terminal 10).The communication sessions between the service providers 11 or the authentication server 12 and the gateway router 17 are preferably secured.
According to the embodiment illustrated in FIG.2, during the payment transaction processing initiated by the service provider 1 1 , the gateway router 17 transmits to the authentication server authorization request comprising the confirmation message generated by the service provider 11 to validate the payment transaction.
The mobile terminal 10 communicates with the authentication server 12 via the gateway router 17 to authenticate the user by SMS channels.
FIG. 3 illustrates another embodiment in which the payment transaction process is initiated by an intermediate application 14 after that the offer is selected by the user. This intermediate process 14 is stored, preferably, into the smart card. In an embodiment, the intermediate application is stored into a program memory of the mobile terminal 10.
The intermediate application 14, during this payment transaction, generates the confirmation message and sends it to the service provider 11 which transmits to the authentication server 12 the authorization request comprising this confirmation message to validate the payment transaction.
With reference now to FIG. 4, illustrated is an exemplary user authentication processing flow 20. In the example of FIG 4, the gateway router 17 is not illustrated. It should be understood that the presence or not of the gateway does not change the working of the invention.
On a first step, a communication is initiated from mobile terminal 10 to select an offer of the service provider 11 , such as by entering a short code like *123# *#123# in a USSD communication. However, it should be understood that the communication can be initiated utilizing different communication technologies above described.
When an offer is selected by the user, the service provider 11 respectively the intermediate application 14 initiates a payment transaction. During this payment transaction, the service provider 11 respectively the intermediate application 14 generates, at step 21 , the confirmation message. This confirmation message comprises a content which can be written like:
"You are on the point of validating the service provider's offer amounting xxxx, - could you confirm the transaction by entering or pressing the button yes or no."
Next, the service provider 11 transmits to the authentication server 12 the authorization request to validate the payment transaction comprising notably a text and the identity of the mobile terminal 10 of the user. The text is a text file structured as a sequence of lines consisting solely of printable characters from a recognized character set. In a preferred embodiment, the text corresponds to the content of the confirmation message. In a variant embodiment, further of the content of the confirmation message, the text comprises additional content generated randomly by the service provider 1 1 .
Next, a SMS dialog between the mobile terminal 10 and the authentication server 12 is opened when the authentication server 12 received the authorization request.
At step 22, the authentication server 12 computes a hash value from the text according to a well known hash function like SHA, MD5 and so on.
The authentication server 12 comprises a hardware security module 12a (HSM) which handles storage of keys and cryptographic functionality able to compute the hash value. The authentication server 12 can be also protected both by a firewall and by physical security (not represented) to prevent, reduce or deter unauthorized access.
In a preferred embodiment, a MAC algorithm is used by the HSM 12a as Hash Function to computes a MacText. The MAC function, sometimes called a keyed (cryptographic) hash function, received as input the cryptographic key shared with the smart card 15 and the text to be authenticated. The MAC function provides as output, at step 23, the MacText which protects both the text's data integrity as well as its authenticity, by allowing smart card 15 to detect any changes to the text content.
In an embodiment, the text can be encrypted according to well known encryption algorithm by the HSM 12a before to set it as input of the MAC function.
At step 24, the authentication server 12 elaborates an authentication request comprising notably the text, the MacText and a request for entering authentication information. The authentication information corresponds to the identity authenticating token of the user which can be a PIN code, a response to a question, and so on. Next, the authentication request is sent to the smart card 15 of the mobile terminal 10 by SMS channels thanks to a telephony service provider 12b of the authentication server 12.
When the smart card 15 receives the authentication request, it performs a checking application for the integrity and the authentication of the text. The checking application runs the received text through the same MAC algorithm using the cryptographic key stored into its database to produce a second MacText The checking application then compares the first MacText received in the transmission to the second generated MacText. If they are identical, the checking application can safely assume that the integrity of the text was not compromised, and the text was not altered or tampered with during transmission. In this case, the smart card 15 performs the authentication application. Otherwise, the authentication process is interrupted and a rejection message is sent to the authentication server 12 in response to the authentication request. This rejection message can contain the reasons of this interruption.
In an embodiment, the authentication application comprises the checking application.
The authentication application transmits, at step 25, the text to the mobile terminal 10 and the request for entering authentication information to submit them to the user. In an embodiment, this text and this request are displayed on the screen of the mobile terminal in a humah-readable content. In a variant, this text and this request can be presented to the user as an audible request or through another technique.
At step 26, the user validates the message confirmation and enters authentication information, for example a PIN code. The validation of the message confirmation and the entering of the authentication information can be entered using a keypad of the mobile terminal 10, through voice recognition, or through another means that are in a format understandable by the authentication application of the smart card 15. If the message confirmation is not validated by the user, the authentication process is interrupted and the rejection message is sent to the authentication server in response to the authentication request.
At step 27, the authentication application encrypts the authentication information entered by the user with the key stored into the smart card 15. In one embodiment, the authentication application sends the encrypted authentication information to the authentication server 12 in response to the authentication request through the SMS channels.
In another embodiment, the authentication application sends the encrypted authentication information with the text and the MacText to the authentication server 12 in response to the authentication request to protect the authenticity of the said response.
In another embodiment, as illustrated at FIG.4, to reinforce the protection of the authenticity of the response, the authentication application runs a digital signature scheme (well know in the art) on the encrypted authentication information, the text and the MacText using the key stored in the smart card to producing a signature.
The authentication application forwards to the authentication server 12 the signature through the SMS channels as response to the authentication request. The aim of this signature is to give the authentication server 2 reason to believe that the received message is created and sent by the claimed user.
The telephony service provider 12b of the authentication server 12 transmits the received response (signature) to the HSM 12a. The HSM 12a translates, at step 28, the signature according^to standard decryption techniques to obtain the text, MacText and the encrypted authentication information.
At step 29, the HSM 12a performs a checking application for the integrity and the authentication of the text as described above. If the first MacText received is identical to the second generated MacText then the checking application can safely assume that the integrity of the text was not compromised. In this case, the authentication server 12 continues the authentication process. Otherwise, the authentication process is interrupted.
Next, the HSM 12a translates, at step 30, the encrypted authentication information according to standard decryption techniques. The TSP 12b transmits, at step 31 , the translated authentication information (and the text or.not) to the service provider 11 in response to its authorization request.
The service provider 11 comprises a database containing identifications information about the users already enrolled. These identifications information contains information concerning accou nt information, services authorized to the user, the authentication information such as PIN code etc...
The service provider 11 verifies.the authentication information returned by the authentication server 12 during the payment transaction by comparing these data to the identifications information stored into the database. If the information authentication does not fall within the identifications information stored into the database, then the service provider 11 can refuse further service to the user. On the other hand, if the PIN code or the information authentication is determined to be within the database, then the transaction process is ended.
In one embodiment variant, the authentication server 12 may comprise the database containing identifications information about the users. In this case, after step 30, the authentication server 12 checks itself that the information authentication falls within the identifications information stored into its database. The authentication server 12 authorizes the payment transaction and provides to the service provider 11 a confirmation code of the payment transaction. If the payment is not authorized, the authentication server 12 can notify the service provider 11 who can determine whether the payment transaction should be resent of if the transaction should not be allowed to proceed (e.g., the user is not the owner of the account).
With the invention, what the user sees is what he validates because the user is able to check the transaction before to validate it.

Claims

1. A method to validate a transaction between a mobile terminal of the user and a requesting service provider via an authentication server, said method comprising:
- establishing a SMS channel between the mobile terminal and the authentication server, said mobile terminal comprising a smart card wherein is stored a cryptographic key shared with the authentication server,
- transmitting to the smart card an authentication request from the authentication server, this authentication request comprising a confirmation message of the transaction and a request for entering user authentication information,
- performing an authentication application supported by the smart card to challenge the user for a validation of the message confirmation and an authentication information entered by the user, said authentication information being encrypted by the key,
- transmitting the encrypted authentication information from the mobile terminal through the SMS channel to the authentication server, in response to the authentication request,
- validating the transaction if the authentication information matches identifications information stored in users identifications information database.
2. Method as recited in claim 1 , wherein before the transmission of the authentication request to the smart card:
- transmitting an authorization request from the requesting service provider to the authentication server, said authentication request comprising the identity of the mobile terminal and a text file comprising the confirmation message of the transaction,
- computing a MacText of the text according to a hash function, - elaborating the authentication request comprising the text, the
MacText and the request for entering user authentication information.
3. Method as recited in claim 2, wherein the hash function is a MAC algorithm which receives as inputs the key and the text to provide as output the MacText.
4. Method as recited in claims 2 to 3, wherein before user challenging step:
- performing a checking application for the integrity and the authentication of the text, when the authentication request is received, thank to the MacText.
5. Method as recited in claim 4, wherein during user challenging step:
- displaying on the screen of the mobile terminal or in an audible form the text and the request for entering authentication information.
6. Method as recited in claims 1 to 5, wherein the authentication information is a PIN code or a response to a question.
7. Method as recited in claims 2 to 6, wherein the authentication request comprises also the text and the MacText.
8. Method as recited in claims 2 to 6, wherein the authentication request comprises a digital signature of the text, the MacText and the encrypted authentication information according to a digital signature scheme using the key.
9. Method as recited in claim 8, wherein during the validating step:
- performing a checking application for the integrity and the authentication of the text, when the signature is received, thank to the MacText.
10. Method as recited in claim 1 to 9, wherein during the validating step:
- the service provider or the authentication server verifies authentication information by comparing it to the identifications information stored into the database of the service provider or the authentication server,
- If the authentication information does not fall within the identifications information stored into the database, then further service is refused to the user or the transaction is resent.
11. Method as recited in claims 1 to 10 wherein the service provider or an intermediate application of the smart card or the mobile terminal generates the confirmation message when a service provider offer is selected by the user.
12. Method as recited in claim 1 to 11 wherein the mobile terminal is a mobile telephone a personal digital assistant or a computer.
PCT/EP2012/002436 2011-06-09 2012-06-08 Method to validate a transaction between a user and a service provider WO2012167941A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP11205723.6 2011-06-09
EP11205723 2011-06-09

Publications (1)

Publication Number Publication Date
WO2012167941A1 true WO2012167941A1 (en) 2012-12-13

Family

ID=47295503

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/002436 WO2012167941A1 (en) 2011-06-09 2012-06-08 Method to validate a transaction between a user and a service provider

Country Status (1)

Country Link
WO (1) WO2012167941A1 (en)

Cited By (135)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103840944A (en) * 2014-03-18 2014-06-04 昆明理工大学 Short message authentication method, server and system
WO2014089682A1 (en) * 2012-12-14 2014-06-19 Caledon Computer Systems Inc. Apparatus configured to facilitate secure financial transactions
US8827154B2 (en) 2009-05-15 2014-09-09 Visa International Service Association Verification of portable consumer devices
FR3011964A1 (en) * 2013-10-14 2015-04-17 Keydentify AUTOMATED METHOD OF STRONG MULTIFACTOR AUTHENTICATION
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US9256871B2 (en) 2012-07-26 2016-02-09 Visa U.S.A. Inc. Configurable payment tokens
US9280765B2 (en) 2011-04-11 2016-03-08 Visa International Service Association Multiple tokenization for authentication
US9317848B2 (en) 2009-05-15 2016-04-19 Visa International Service Association Integration of verification tokens with mobile communication devices
EP3009972A1 (en) * 2014-10-14 2016-04-20 Gemalto SA A method for ensuring the genuine user has approved a payment transaction
WO2016075390A1 (en) * 2014-11-14 2016-05-19 Orange Method for connecting a mobile terminal with a server of a service provider via an operator platform
US9372971B2 (en) 2009-05-15 2016-06-21 Visa International Service Association Integration of verification tokens with portable computing devices
EP3040924A1 (en) * 2014-12-30 2016-07-06 Telefonica Digital España, S.L.U. Method and system for providing device based authentication, integrity and confidentiality for transactions performed by mobile device users
US9424413B2 (en) 2010-02-24 2016-08-23 Visa International Service Association Integration of payment capability into secure elements of computers
US9516487B2 (en) 2013-11-19 2016-12-06 Visa International Service Association Automated account provisioning
US9524501B2 (en) 2012-06-06 2016-12-20 Visa International Service Association Method and system for correlating diverse transaction data
US9530131B2 (en) 2008-07-29 2016-12-27 Visa U.S.A. Inc. Transaction processing using a global unique identifier
US9547769B2 (en) 2012-07-03 2017-01-17 Visa International Service Association Data protection hub
US9582801B2 (en) 2009-05-15 2017-02-28 Visa International Service Association Secure communication of payment information to merchants using a verification token
EP3136758A1 (en) * 2015-08-28 2017-03-01 Orange Method and system for anonymous and secure social mapping during an event
US9646303B2 (en) 2013-08-15 2017-05-09 Visa International Service Association Secure remote payment transaction processing using a secure element
US9665722B2 (en) 2012-08-10 2017-05-30 Visa International Service Association Privacy firewall
US9680942B2 (en) 2014-05-01 2017-06-13 Visa International Service Association Data verification using access device
US9704155B2 (en) 2011-07-29 2017-07-11 Visa International Service Association Passing payment tokens through an hop/sop
US9715681B2 (en) 2009-04-28 2017-07-25 Visa International Service Association Verification of portable consumer devices
US9741051B2 (en) 2013-01-02 2017-08-22 Visa International Service Association Tokenization and third-party interaction
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US9780953B2 (en) 2014-07-23 2017-10-03 Visa International Service Association Systems and methods for secure detokenization
US9792611B2 (en) 2009-05-15 2017-10-17 Visa International Service Association Secure authentication system and method
US9830595B2 (en) 2012-01-26 2017-11-28 Visa International Service Association System and method of providing tokenization as a service
US9848052B2 (en) 2014-05-05 2017-12-19 Visa International Service Association System and method for token domain control
US9846861B2 (en) 2012-07-25 2017-12-19 Visa International Service Association Upstream and downstream data conversion
US9846878B2 (en) 2014-01-14 2017-12-19 Visa International Service Association Payment account identifier system
US9898740B2 (en) 2008-11-06 2018-02-20 Visa International Service Association Online challenge-response
US9911118B2 (en) 2012-11-21 2018-03-06 Visa International Service Association Device pairing via trusted intermediary
US9922322B2 (en) 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
US9942043B2 (en) 2014-04-23 2018-04-10 Visa International Service Association Token security on a communication device
US9959531B2 (en) 2011-08-18 2018-05-01 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US9972005B2 (en) 2013-12-19 2018-05-15 Visa International Service Association Cloud-based transactions methods and systems
US9978062B2 (en) 2013-05-15 2018-05-22 Visa International Service Association Mobile tokenization hub
US9978094B2 (en) 2013-10-11 2018-05-22 Visa International Service Association Tokenization revocation list
US9996835B2 (en) 2013-07-24 2018-06-12 Visa International Service Association Systems and methods for communicating token attributes associated with a token vault
US10015147B2 (en) 2014-10-22 2018-07-03 Visa International Service Association Token enrollment system and method
US10026087B2 (en) 2014-04-08 2018-07-17 Visa International Service Association Data passed in an interaction
US10043178B2 (en) 2007-06-25 2018-08-07 Visa International Service Association Secure mobile payment system
US10078832B2 (en) 2011-08-24 2018-09-18 Visa International Service Association Method for using barcodes and mobile devices to conduct payment transactions
US10096009B2 (en) 2015-01-20 2018-10-09 Visa International Service Association Secure payment processing using authorization request
US10121129B2 (en) 2011-07-05 2018-11-06 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US10140615B2 (en) 2014-09-22 2018-11-27 Visa International Service Association Secure mobile device credential provisioning using risk decision non-overrides
US10147089B2 (en) 2012-01-05 2018-12-04 Visa International Service Association Data protection with translation
US10154084B2 (en) 2011-07-05 2018-12-11 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US10164996B2 (en) 2015-03-12 2018-12-25 Visa International Service Association Methods and systems for providing a low value token buffer
US10176478B2 (en) 2012-10-23 2019-01-08 Visa International Service Association Transaction initiation determination system utilizing transaction data elements
US10187363B2 (en) 2014-12-31 2019-01-22 Visa International Service Association Hybrid integration of software development kit with secure execution environment
US10192216B2 (en) 2012-09-11 2019-01-29 Visa International Service Association Cloud-based virtual wallet NFC apparatuses, methods and systems
US10223710B2 (en) 2013-01-04 2019-03-05 Visa International Service Association Wearable intelligent vision device apparatuses, methods and systems
US10223730B2 (en) 2011-09-23 2019-03-05 Visa International Service Association E-wallet store injection search apparatuses, methods and systems
US10223691B2 (en) 2011-02-22 2019-03-05 Visa International Service Association Universal electronic payment apparatuses, methods and systems
US10242358B2 (en) 2011-08-18 2019-03-26 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US10243958B2 (en) 2016-01-07 2019-03-26 Visa International Service Association Systems and methods for device push provisoning
US10255601B2 (en) 2010-02-25 2019-04-09 Visa International Service Association Multifactor authentication using a directory server
US10255456B2 (en) 2014-09-26 2019-04-09 Visa International Service Association Remote server encrypted data provisioning system and methods
US10255591B2 (en) 2009-12-18 2019-04-09 Visa International Service Association Payment channel returning limited use proxy dynamic value
US10257185B2 (en) 2014-12-12 2019-04-09 Visa International Service Association Automated access data provisioning
US10262001B2 (en) 2012-02-02 2019-04-16 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia merchant analytics database platform apparatuses, methods and systems
US10262308B2 (en) 2007-06-25 2019-04-16 Visa U.S.A. Inc. Cardless challenge systems and methods
US10282724B2 (en) 2012-03-06 2019-05-07 Visa International Service Association Security system incorporating mobile device
US10289999B2 (en) 2005-09-06 2019-05-14 Visa U.S.A. Inc. System and method for secured account numbers in proximity devices
US10304047B2 (en) 2012-12-07 2019-05-28 Visa International Service Association Token generating component
US10313321B2 (en) 2016-04-07 2019-06-04 Visa International Service Association Tokenization of co-network accounts
US10325261B2 (en) 2014-11-25 2019-06-18 Visa International Service Association Systems communications with non-sensitive identifiers
US10333921B2 (en) 2015-04-10 2019-06-25 Visa International Service Association Browser integration with Cryptogram
US10361856B2 (en) 2016-06-24 2019-07-23 Visa International Service Association Unique token authentication cryptogram
US10366387B2 (en) 2013-10-29 2019-07-30 Visa International Service Association Digital wallet system and method
US10373133B2 (en) 2010-03-03 2019-08-06 Visa International Service Association Portable account number for consumer payment account
US10433128B2 (en) 2014-01-07 2019-10-01 Visa International Service Association Methods and systems for provisioning multiple devices
US10484345B2 (en) 2014-07-31 2019-11-19 Visa International Service Association System and method for identity verification across mobile applications
US10491389B2 (en) 2017-07-14 2019-11-26 Visa International Service Association Token provisioning utilizing a secure authentication system
US10489779B2 (en) 2013-10-21 2019-11-26 Visa International Service Association Multi-network token bin routing with defined verification parameters
US10496986B2 (en) 2013-08-08 2019-12-03 Visa International Service Association Multi-network tokenization processing
US10509779B2 (en) 2016-09-14 2019-12-17 Visa International Service Association Self-cleaning token vault
US10510073B2 (en) 2013-08-08 2019-12-17 Visa International Service Association Methods and systems for provisioning mobile devices with payment credentials
US10515358B2 (en) 2013-10-18 2019-12-24 Visa International Service Association Contextual transaction token methods and systems
US10552834B2 (en) 2015-04-30 2020-02-04 Visa International Service Association Tokenization capable authentication framework
US10568016B2 (en) 2015-04-16 2020-02-18 Visa International Service Association Systems and methods for processing dormant virtual access devices
US10586227B2 (en) 2011-02-16 2020-03-10 Visa International Service Association Snap mobile payment apparatuses, methods and systems
US10586229B2 (en) 2010-01-12 2020-03-10 Visa International Service Association Anytime validation tokens
US10607212B2 (en) 2013-07-15 2020-03-31 Visa International Services Association Secure remote payment transaction processing
EP3651489A1 (en) * 2018-11-08 2020-05-13 Thales Dis France SA Method for authenticating a secure element cooperating with a terminal, corresponding applet, system and server
CN111161092A (en) * 2019-11-27 2020-05-15 国网山东省电力公司阳信县供电公司 Electric power marketing inspection mobile application system
US10664843B2 (en) 2015-12-04 2020-05-26 Visa International Service Association Unique code for token verification
US10726413B2 (en) 2010-08-12 2020-07-28 Visa International Service Association Securing external systems with account token substitution
US10733604B2 (en) 2007-09-13 2020-08-04 Visa U.S.A. Inc. Account permanence
US10740731B2 (en) 2013-01-02 2020-08-11 Visa International Service Association Third party settlement
US10769628B2 (en) 2014-10-24 2020-09-08 Visa Europe Limited Transaction messaging
US10817875B2 (en) 2013-09-20 2020-10-27 Visa International Service Association Secure remote payment transaction processing including consumer authentication
US10825001B2 (en) 2011-08-18 2020-11-03 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10846683B2 (en) 2009-05-15 2020-11-24 Visa International Service Association Integration of verification tokens with mobile communication devices
US10846694B2 (en) 2014-05-21 2020-11-24 Visa International Service Association Offline authentication
US10878422B2 (en) 2013-06-17 2020-12-29 Visa International Service Association System and method using merchant token
US10891610B2 (en) 2013-10-11 2021-01-12 Visa International Service Association Network token system
US10902418B2 (en) 2017-05-02 2021-01-26 Visa International Service Association System and method using interaction token
US10902421B2 (en) 2013-07-26 2021-01-26 Visa International Service Association Provisioning payment credentials to a consumer
US10915899B2 (en) 2017-03-17 2021-02-09 Visa International Service Association Replacing token on a multi-token user device
US10937031B2 (en) 2012-05-04 2021-03-02 Visa International Service Association System and method for local data conversion
US10977657B2 (en) 2015-02-09 2021-04-13 Visa International Service Association Token processing utilizing multiple authorizations
US10990967B2 (en) 2016-07-19 2021-04-27 Visa International Service Association Method of distributing tokens and managing token relationships
US11004043B2 (en) 2009-05-20 2021-05-11 Visa International Service Association Device including encrypted data for expiration date and verification value creation
US11023890B2 (en) 2014-06-05 2021-06-01 Visa International Service Association Identification and verification for provisioning mobile application
US11037138B2 (en) 2011-08-18 2021-06-15 Visa International Service Association Third-party value added wallet features and interfaces apparatuses, methods, and systems
US11055710B2 (en) 2013-05-02 2021-07-06 Visa International Service Association Systems and methods for verifying and processing transactions using virtual currency
US11068889B2 (en) 2015-10-15 2021-07-20 Visa International Service Association Instant token issuance
US11068899B2 (en) 2016-06-17 2021-07-20 Visa International Service Association Token aggregation for multi-party transactions
US11068578B2 (en) 2016-06-03 2021-07-20 Visa International Service Association Subtoken management system for connected devices
US11080696B2 (en) 2016-02-01 2021-08-03 Visa International Service Association Systems and methods for code display and use
CN113473458A (en) * 2021-05-10 2021-10-01 厦门市思芯微科技有限公司 Equipment access method, data transmission method and computer readable storage medium
US11176554B2 (en) 2015-02-03 2021-11-16 Visa International Service Association Validation identity tokens for transactions
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system
US11238140B2 (en) 2016-07-11 2022-02-01 Visa International Service Association Encryption key exchange process using access device
US11250391B2 (en) 2015-01-30 2022-02-15 Visa International Service Association Token check offline
US11250424B2 (en) 2016-05-19 2022-02-15 Visa International Service Association Systems and methods for creating subtokens using primary tokens
US11257074B2 (en) 2014-09-29 2022-02-22 Visa International Service Association Transaction risk based token
US11256789B2 (en) 2018-06-18 2022-02-22 Visa International Service Association Recurring token transactions
US11288661B2 (en) 2011-02-16 2022-03-29 Visa International Service Association Snap mobile payment apparatuses, methods and systems
US11323443B2 (en) 2016-11-28 2022-05-03 Visa International Service Association Access identifier provisioning to application
US11356257B2 (en) 2018-03-07 2022-06-07 Visa International Service Association Secure remote token release with online authentication
US11386421B2 (en) 2016-04-19 2022-07-12 Visa International Service Association Systems and methods for performing push transactions
CN115102795A (en) * 2022-08-26 2022-09-23 北京盈泽世纪科技发展有限公司 Communication security verification method and system
US11494765B2 (en) 2017-05-11 2022-11-08 Visa International Service Association Secure remote transaction system using mobile devices
US11563727B2 (en) 2020-09-14 2023-01-24 International Business Machines Corporation Multi-factor authentication for non-internet applications
US11580519B2 (en) 2014-12-12 2023-02-14 Visa International Service Association Provisioning platform for machine-to-machine devices
US11620643B2 (en) 2014-11-26 2023-04-04 Visa International Service Association Tokenization request via access device
US11849042B2 (en) 2019-05-17 2023-12-19 Visa International Service Association Virtual access credential interaction system and method
US11900361B2 (en) 2016-02-09 2024-02-13 Visa International Service Association Resource provider account token provisioning and processing
US12028337B2 (en) 2018-10-08 2024-07-02 Visa International Service Association Techniques for token proximity transactions
US12137088B2 (en) 2022-01-27 2024-11-05 Visa International Service Association Browser integration with cryptogram

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040019564A1 (en) * 2002-07-26 2004-01-29 Scott Goldthwaite System and method for payment transaction authentication
WO2006079145A1 (en) * 2004-10-20 2006-08-03 Salt Group Pty Ltd Authentication method
US20060206709A1 (en) * 2002-08-08 2006-09-14 Fujitsu Limited Authentication services using mobile device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040019564A1 (en) * 2002-07-26 2004-01-29 Scott Goldthwaite System and method for payment transaction authentication
US20060206709A1 (en) * 2002-08-08 2006-09-14 Fujitsu Limited Authentication services using mobile device
WO2006079145A1 (en) * 2004-10-20 2006-08-03 Salt Group Pty Ltd Authentication method

Cited By (263)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11605074B2 (en) 2005-09-06 2023-03-14 Visa U.S.A. Inc. System and method for secured account numbers in proximily devices
US10922686B2 (en) 2005-09-06 2021-02-16 Visa U.S.A. Inc. System and method for secured account numbers in proximity devices
US10289999B2 (en) 2005-09-06 2019-05-14 Visa U.S.A. Inc. System and method for secured account numbers in proximity devices
US12045812B2 (en) 2005-09-06 2024-07-23 Visa U.S.A. Inc. System and method for secured account numbers in wireless devices
US10043178B2 (en) 2007-06-25 2018-08-07 Visa International Service Association Secure mobile payment system
US10726416B2 (en) 2007-06-25 2020-07-28 Visa International Service Association Secure mobile payment system
US11481742B2 (en) 2007-06-25 2022-10-25 Visa U.S.A. Inc. Cardless challenge systems and methods
US10262308B2 (en) 2007-06-25 2019-04-16 Visa U.S.A. Inc. Cardless challenge systems and methods
US10733604B2 (en) 2007-09-13 2020-08-04 Visa U.S.A. Inc. Account permanence
US9530131B2 (en) 2008-07-29 2016-12-27 Visa U.S.A. Inc. Transaction processing using a global unique identifier
US9898740B2 (en) 2008-11-06 2018-02-20 Visa International Service Association Online challenge-response
US9715681B2 (en) 2009-04-28 2017-07-25 Visa International Service Association Verification of portable consumer devices
US10572864B2 (en) 2009-04-28 2020-02-25 Visa International Service Association Verification of portable consumer devices
US10997573B2 (en) 2009-04-28 2021-05-04 Visa International Service Association Verification of portable consumer devices
US9904919B2 (en) 2009-05-15 2018-02-27 Visa International Service Association Verification of portable consumer devices
US12086787B2 (en) 2009-05-15 2024-09-10 Visa International Service Association Integration of verification tokens with mobile communication devices
US9317848B2 (en) 2009-05-15 2016-04-19 Visa International Service Association Integration of verification tokens with mobile communication devices
US10387871B2 (en) 2009-05-15 2019-08-20 Visa International Service Association Integration of verification tokens with mobile communication devices
US10049360B2 (en) 2009-05-15 2018-08-14 Visa International Service Association Secure communication of payment information to merchants using a verification token
US10043186B2 (en) 2009-05-15 2018-08-07 Visa International Service Association Secure authentication system and method
US9582801B2 (en) 2009-05-15 2017-02-28 Visa International Service Association Secure communication of payment information to merchants using a verification token
US10009177B2 (en) 2009-05-15 2018-06-26 Visa International Service Association Integration of verification tokens with mobile communication devices
US10846683B2 (en) 2009-05-15 2020-11-24 Visa International Service Association Integration of verification tokens with mobile communication devices
US9792611B2 (en) 2009-05-15 2017-10-17 Visa International Service Association Secure authentication system and method
US9372971B2 (en) 2009-05-15 2016-06-21 Visa International Service Association Integration of verification tokens with portable computing devices
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US8827154B2 (en) 2009-05-15 2014-09-09 Visa International Service Association Verification of portable consumer devices
US11574312B2 (en) 2009-05-15 2023-02-07 Visa International Service Association Secure authentication system and method
US11004043B2 (en) 2009-05-20 2021-05-11 Visa International Service Association Device including encrypted data for expiration date and verification value creation
US11941591B2 (en) 2009-05-20 2024-03-26 Visa International Service Association Device including encrypted data for expiration date and verification value creation
US10255591B2 (en) 2009-12-18 2019-04-09 Visa International Service Association Payment channel returning limited use proxy dynamic value
US10586229B2 (en) 2010-01-12 2020-03-10 Visa International Service Association Anytime validation tokens
US9589268B2 (en) 2010-02-24 2017-03-07 Visa International Service Association Integration of payment capability into secure elements of computers
US9424413B2 (en) 2010-02-24 2016-08-23 Visa International Service Association Integration of payment capability into secure elements of computers
US10657528B2 (en) 2010-02-24 2020-05-19 Visa International Service Association Integration of payment capability into secure elements of computers
US10255601B2 (en) 2010-02-25 2019-04-09 Visa International Service Association Multifactor authentication using a directory server
US11900343B2 (en) 2010-03-03 2024-02-13 Visa International Service Association Portable account number for consumer payment account
US10373133B2 (en) 2010-03-03 2019-08-06 Visa International Service Association Portable account number for consumer payment account
US11803846B2 (en) 2010-08-12 2023-10-31 Visa International Service Association Securing external systems with account token substitution
US10726413B2 (en) 2010-08-12 2020-07-28 Visa International Service Association Securing external systems with account token substitution
US11847645B2 (en) 2010-08-12 2023-12-19 Visa International Service Association Securing external systems with account token substitution
US11288661B2 (en) 2011-02-16 2022-03-29 Visa International Service Association Snap mobile payment apparatuses, methods and systems
US10586227B2 (en) 2011-02-16 2020-03-10 Visa International Service Association Snap mobile payment apparatuses, methods and systems
US11023886B2 (en) 2011-02-22 2021-06-01 Visa International Service Association Universal electronic payment apparatuses, methods and systems
US10223691B2 (en) 2011-02-22 2019-03-05 Visa International Service Association Universal electronic payment apparatuses, methods and systems
US9280765B2 (en) 2011-04-11 2016-03-08 Visa International Service Association Multiple tokenization for authentication
US10552828B2 (en) 2011-04-11 2020-02-04 Visa International Service Association Multiple tokenization for authentication
US11900359B2 (en) 2011-07-05 2024-02-13 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US11010753B2 (en) 2011-07-05 2021-05-18 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US10154084B2 (en) 2011-07-05 2018-12-11 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US10121129B2 (en) 2011-07-05 2018-11-06 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US10419529B2 (en) 2011-07-05 2019-09-17 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US9704155B2 (en) 2011-07-29 2017-07-11 Visa International Service Association Passing payment tokens through an hop/sop
US10839374B2 (en) 2011-07-29 2020-11-17 Visa International Service Association Passing payment tokens through an HOP / SOP
US11397931B2 (en) 2011-08-18 2022-07-26 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US11010756B2 (en) 2011-08-18 2021-05-18 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US11763294B2 (en) 2011-08-18 2023-09-19 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US10354240B2 (en) 2011-08-18 2019-07-16 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10242358B2 (en) 2011-08-18 2019-03-26 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US11803825B2 (en) 2011-08-18 2023-10-31 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US11037138B2 (en) 2011-08-18 2021-06-15 Visa International Service Association Third-party value added wallet features and interfaces apparatuses, methods, and systems
US10825001B2 (en) 2011-08-18 2020-11-03 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US9959531B2 (en) 2011-08-18 2018-05-01 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10078832B2 (en) 2011-08-24 2018-09-18 Visa International Service Association Method for using barcodes and mobile devices to conduct payment transactions
US10402815B2 (en) 2011-08-24 2019-09-03 Visa International Service Association Method for using barcodes and mobile devices to conduct payment transactions
US10223730B2 (en) 2011-09-23 2019-03-05 Visa International Service Association E-wallet store injection search apparatuses, methods and systems
US11354723B2 (en) 2011-09-23 2022-06-07 Visa International Service Association Smart shopping cart with E-wallet store injection search
US10147089B2 (en) 2012-01-05 2018-12-04 Visa International Service Association Data protection with translation
US10685379B2 (en) 2012-01-05 2020-06-16 Visa International Service Association Wearable intelligent vision device apparatuses, methods and systems
US11276058B2 (en) 2012-01-05 2022-03-15 Visa International Service Association Data protection with translation
US9830595B2 (en) 2012-01-26 2017-11-28 Visa International Service Association System and method of providing tokenization as a service
US10607217B2 (en) 2012-01-26 2020-03-31 Visa International Service Association System and method of providing tokenization as a service
US10262001B2 (en) 2012-02-02 2019-04-16 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia merchant analytics database platform apparatuses, methods and systems
US11074218B2 (en) 2012-02-02 2021-07-27 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia merchant analytics database platform apparatuses, methods and systems
US11036681B2 (en) 2012-02-02 2021-06-15 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia analytical model sharing database platform apparatuses, methods and systems
US10983960B2 (en) 2012-02-02 2021-04-20 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia centralized personal information database platform apparatuses, methods and systems
US10430381B2 (en) 2012-02-02 2019-10-01 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia centralized personal information database platform apparatuses, methods and systems
US11995633B2 (en) 2012-03-06 2024-05-28 Visa International Service Association Security system incorporating mobile device
US10282724B2 (en) 2012-03-06 2019-05-07 Visa International Service Association Security system incorporating mobile device
US10937031B2 (en) 2012-05-04 2021-03-02 Visa International Service Association System and method for local data conversion
US10296904B2 (en) 2012-06-06 2019-05-21 Visa International Service Association Method and system for correlating diverse transaction data
US11037140B2 (en) 2012-06-06 2021-06-15 Visa International Service Association Method and system for correlating diverse transaction data
US9524501B2 (en) 2012-06-06 2016-12-20 Visa International Service Association Method and system for correlating diverse transaction data
US9547769B2 (en) 2012-07-03 2017-01-17 Visa International Service Association Data protection hub
US9846861B2 (en) 2012-07-25 2017-12-19 Visa International Service Association Upstream and downstream data conversion
US9256871B2 (en) 2012-07-26 2016-02-09 Visa U.S.A. Inc. Configurable payment tokens
US9727858B2 (en) 2012-07-26 2017-08-08 Visa U.S.A. Inc. Configurable payment tokens
US9665722B2 (en) 2012-08-10 2017-05-30 Visa International Service Association Privacy firewall
US10586054B2 (en) 2012-08-10 2020-03-10 Visa International Service Association Privacy firewall
US10204227B2 (en) 2012-08-10 2019-02-12 Visa International Service Association Privacy firewall
US10853797B2 (en) 2012-09-11 2020-12-01 Visa International Service Association Cloud-based virtual wallet NFC apparatuses, methods and systems
US10192216B2 (en) 2012-09-11 2019-01-29 Visa International Service Association Cloud-based virtual wallet NFC apparatuses, methods and systems
US11715097B2 (en) 2012-09-11 2023-08-01 Visa International Service Association Cloud-based virtual wallet NFC apparatuses, methods and systems
US10614460B2 (en) 2012-10-23 2020-04-07 Visa International Service Association Transaction initiation determination system utilizing transaction data elements
US10176478B2 (en) 2012-10-23 2019-01-08 Visa International Service Association Transaction initiation determination system utilizing transaction data elements
US10692076B2 (en) 2012-11-21 2020-06-23 Visa International Service Association Device pairing via trusted intermediary
US9911118B2 (en) 2012-11-21 2018-03-06 Visa International Service Association Device pairing via trusted intermediary
US10304047B2 (en) 2012-12-07 2019-05-28 Visa International Service Association Token generating component
WO2014089682A1 (en) * 2012-12-14 2014-06-19 Caledon Computer Systems Inc. Apparatus configured to facilitate secure financial transactions
US9741051B2 (en) 2013-01-02 2017-08-22 Visa International Service Association Tokenization and third-party interaction
US10740731B2 (en) 2013-01-02 2020-08-11 Visa International Service Association Third party settlement
US10223710B2 (en) 2013-01-04 2019-03-05 Visa International Service Association Wearable intelligent vision device apparatuses, methods and systems
US11055710B2 (en) 2013-05-02 2021-07-06 Visa International Service Association Systems and methods for verifying and processing transactions using virtual currency
US11341491B2 (en) 2013-05-15 2022-05-24 Visa International Service Association Mobile tokenization hub using dynamic identity information
US11861607B2 (en) 2013-05-15 2024-01-02 Visa International Service Association Mobile tokenization hub using dynamic identity information
US9978062B2 (en) 2013-05-15 2018-05-22 Visa International Service Association Mobile tokenization hub
US11017402B2 (en) 2013-06-17 2021-05-25 Visa International Service Association System and method using authorization and direct credit messaging
US10878422B2 (en) 2013-06-17 2020-12-29 Visa International Service Association System and method using merchant token
US11055694B2 (en) 2013-07-15 2021-07-06 Visa International Service Association Secure remote payment transaction processing
US10607212B2 (en) 2013-07-15 2020-03-31 Visa International Services Association Secure remote payment transaction processing
US11915235B2 (en) 2013-07-24 2024-02-27 Visa International Service Association Systems and methods for communicating token attributes associated with a token vault
US9996835B2 (en) 2013-07-24 2018-06-12 Visa International Service Association Systems and methods for communicating token attributes associated with a token vault
US11093936B2 (en) 2013-07-24 2021-08-17 Visa International Service Association Systems and methods for communicating token attributes associated with a token vault
US10902421B2 (en) 2013-07-26 2021-01-26 Visa International Service Association Provisioning payment credentials to a consumer
US10510073B2 (en) 2013-08-08 2019-12-17 Visa International Service Association Methods and systems for provisioning mobile devices with payment credentials
US11676138B2 (en) 2013-08-08 2023-06-13 Visa International Service Association Multi-network tokenization processing
US11392939B2 (en) 2013-08-08 2022-07-19 Visa International Service Association Methods and systems for provisioning mobile devices with payment credentials
US10496986B2 (en) 2013-08-08 2019-12-03 Visa International Service Association Multi-network tokenization processing
US11188901B2 (en) 2013-08-15 2021-11-30 Visa International Service Association Secure remote payment transaction processing using a secure element
US11062306B2 (en) 2013-08-15 2021-07-13 Visa International Service Association Secure remote payment transaction processing using a secure element
US11847643B2 (en) 2013-08-15 2023-12-19 Visa International Service Association Secure remote payment transaction processing using a secure element
US9646303B2 (en) 2013-08-15 2017-05-09 Visa International Service Association Secure remote payment transaction processing using a secure element
US11710120B2 (en) 2013-09-20 2023-07-25 Visa International Service Association Secure remote payment transaction processing including consumer authentication
US10817875B2 (en) 2013-09-20 2020-10-27 Visa International Service Association Secure remote payment transaction processing including consumer authentication
US11710119B2 (en) 2013-10-11 2023-07-25 Visa International Service Association Network token system
US10891610B2 (en) 2013-10-11 2021-01-12 Visa International Service Association Network token system
US9978094B2 (en) 2013-10-11 2018-05-22 Visa International Service Association Tokenization revocation list
FR3011964A1 (en) * 2013-10-14 2015-04-17 Keydentify AUTOMATED METHOD OF STRONG MULTIFACTOR AUTHENTICATION
US10515358B2 (en) 2013-10-18 2019-12-24 Visa International Service Association Contextual transaction token methods and systems
US10489779B2 (en) 2013-10-21 2019-11-26 Visa International Service Association Multi-network token bin routing with defined verification parameters
US10366387B2 (en) 2013-10-29 2019-07-30 Visa International Service Association Digital wallet system and method
US9516487B2 (en) 2013-11-19 2016-12-06 Visa International Service Association Automated account provisioning
US10248952B2 (en) 2013-11-19 2019-04-02 Visa International Service Association Automated account provisioning
US9922322B2 (en) 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
US10402814B2 (en) 2013-12-19 2019-09-03 Visa International Service Association Cloud-based transactions methods and systems
US11875344B2 (en) 2013-12-19 2024-01-16 Visa International Service Association Cloud-based transactions with magnetic secure transmission
US11164176B2 (en) 2013-12-19 2021-11-02 Visa International Service Association Limited-use keys and cryptograms
US11017386B2 (en) 2013-12-19 2021-05-25 Visa International Service Association Cloud-based transactions with magnetic secure transmission
US9972005B2 (en) 2013-12-19 2018-05-15 Visa International Service Association Cloud-based transactions methods and systems
US10433128B2 (en) 2014-01-07 2019-10-01 Visa International Service Association Methods and systems for provisioning multiple devices
US10062079B2 (en) 2014-01-14 2018-08-28 Visa International Service Association Payment account identifier system
US9846878B2 (en) 2014-01-14 2017-12-19 Visa International Service Association Payment account identifier system
US10269018B2 (en) 2014-01-14 2019-04-23 Visa International Service Association Payment account identifier system
CN103840944B (en) * 2014-03-18 2017-12-22 昆明理工大学 A kind of short message authentication method, server and system
CN103840944A (en) * 2014-03-18 2014-06-04 昆明理工大学 Short message authentication method, server and system
US10026087B2 (en) 2014-04-08 2018-07-17 Visa International Service Association Data passed in an interaction
US11100507B2 (en) 2014-04-08 2021-08-24 Visa International Service Association Data passed in an interaction
US10404461B2 (en) 2014-04-23 2019-09-03 Visa International Service Association Token security on a communication device
US10904002B2 (en) 2014-04-23 2021-01-26 Visa International Service Association Token security on a communication device
US9942043B2 (en) 2014-04-23 2018-04-10 Visa International Service Association Token security on a communication device
US11470164B2 (en) 2014-05-01 2022-10-11 Visa International Service Association Data verification using access device
US9680942B2 (en) 2014-05-01 2017-06-13 Visa International Service Association Data verification using access device
US9848052B2 (en) 2014-05-05 2017-12-19 Visa International Service Association System and method for token domain control
US11122133B2 (en) 2014-05-05 2021-09-14 Visa International Service Association System and method for token domain control
US11842350B2 (en) 2014-05-21 2023-12-12 Visa International Service Association Offline authentication
US10846694B2 (en) 2014-05-21 2020-11-24 Visa International Service Association Offline authentication
US11023890B2 (en) 2014-06-05 2021-06-01 Visa International Service Association Identification and verification for provisioning mobile application
US11568405B2 (en) 2014-06-05 2023-01-31 Visa International Service Association Identification and verification for provisioning mobile application
US10652028B2 (en) 2014-07-23 2020-05-12 Visa International Service Association Systems and methods for secure detokenization
US10038563B2 (en) 2014-07-23 2018-07-31 Visa International Service Association Systems and methods for secure detokenization
US9780953B2 (en) 2014-07-23 2017-10-03 Visa International Service Association Systems and methods for secure detokenization
US11252136B2 (en) 2014-07-31 2022-02-15 Visa International Service Association System and method for identity verification across mobile applications
US10484345B2 (en) 2014-07-31 2019-11-19 Visa International Service Association System and method for identity verification across mobile applications
US11770369B2 (en) 2014-07-31 2023-09-26 Visa International Service Association System and method for identity verification across mobile applications
US10477393B2 (en) 2014-08-22 2019-11-12 Visa International Service Association Embedding cloud-based functionalities in a communication device
US11783061B2 (en) 2014-08-22 2023-10-10 Visa International Service Association Embedding cloud-based functionalities in a communication device
US11036873B2 (en) 2014-08-22 2021-06-15 Visa International Service Association Embedding cloud-based functionalities in a communication device
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US10049353B2 (en) 2014-08-22 2018-08-14 Visa International Service Association Embedding cloud-based functionalities in a communication device
US11574311B2 (en) 2014-09-22 2023-02-07 Visa International Service Association Secure mobile device credential provisioning using risk decision non-overrides
US10140615B2 (en) 2014-09-22 2018-11-27 Visa International Service Association Secure mobile device credential provisioning using risk decision non-overrides
US11087328B2 (en) 2014-09-22 2021-08-10 Visa International Service Association Secure mobile device credential provisioning using risk decision non-overrides
US10643001B2 (en) 2014-09-26 2020-05-05 Visa International Service Association Remote server encrypted data provisioning system and methods
US10255456B2 (en) 2014-09-26 2019-04-09 Visa International Service Association Remote server encrypted data provisioning system and methods
US11257074B2 (en) 2014-09-29 2022-02-22 Visa International Service Association Transaction risk based token
US11734679B2 (en) 2014-09-29 2023-08-22 Visa International Service Association Transaction risk based token
EP3009972A1 (en) * 2014-10-14 2016-04-20 Gemalto SA A method for ensuring the genuine user has approved a payment transaction
WO2016058839A1 (en) * 2014-10-14 2016-04-21 Gemalto Sa A method for ensuring the genuine user has approved a payment transaction
US10412060B2 (en) 2014-10-22 2019-09-10 Visa International Service Association Token enrollment system and method
US10015147B2 (en) 2014-10-22 2018-07-03 Visa International Service Association Token enrollment system and method
US10769628B2 (en) 2014-10-24 2020-09-08 Visa Europe Limited Transaction messaging
US12051064B2 (en) 2014-10-24 2024-07-30 Visa Europe Limited Transaction messaging
WO2016075390A1 (en) * 2014-11-14 2016-05-19 Orange Method for connecting a mobile terminal with a server of a service provider via an operator platform
FR3028638A1 (en) * 2014-11-14 2016-05-20 Orange METHOD FOR CONNECTING A MOBILE TERMINAL TO A SERVER OF A SERVICE PROVIDER
US10992661B2 (en) 2014-11-14 2021-04-27 Orange Method for connecting a mobile terminal with a server of a service provider via an operator platform
US12002049B2 (en) 2014-11-25 2024-06-04 Visa International Service Association System communications with non-sensitive identifiers
US10990977B2 (en) 2014-11-25 2021-04-27 Visa International Service Association System communications with non-sensitive identifiers
US10325261B2 (en) 2014-11-25 2019-06-18 Visa International Service Association Systems communications with non-sensitive identifiers
US11620643B2 (en) 2014-11-26 2023-04-04 Visa International Service Association Tokenization request via access device
US12112316B2 (en) 2014-11-26 2024-10-08 Visa International Service Association Tokenization request via access device
US10257185B2 (en) 2014-12-12 2019-04-09 Visa International Service Association Automated access data provisioning
US11580519B2 (en) 2014-12-12 2023-02-14 Visa International Service Association Provisioning platform for machine-to-machine devices
US10785212B2 (en) 2014-12-12 2020-09-22 Visa International Service Association Automated access data provisioning
EP3040924A1 (en) * 2014-12-30 2016-07-06 Telefonica Digital España, S.L.U. Method and system for providing device based authentication, integrity and confidentiality for transactions performed by mobile device users
EP3040922A1 (en) * 2014-12-30 2016-07-06 Telefonica Digital España, S.L.U. Method and system for providing authentication, integrity and confidentiality for transactions performed by mobile device users
US10187363B2 (en) 2014-12-31 2019-01-22 Visa International Service Association Hybrid integration of software development kit with secure execution environment
US10511583B2 (en) 2014-12-31 2019-12-17 Visa International Service Association Hybrid integration of software development kit with secure execution environment
US11240219B2 (en) 2014-12-31 2022-02-01 Visa International Service Association Hybrid integration of software development kit with secure execution environment
US10096009B2 (en) 2015-01-20 2018-10-09 Visa International Service Association Secure payment processing using authorization request
US10496965B2 (en) 2015-01-20 2019-12-03 Visa International Service Association Secure payment processing using authorization request
US11010734B2 (en) 2015-01-20 2021-05-18 Visa International Service Association Secure payment processing using authorization request
US11250391B2 (en) 2015-01-30 2022-02-15 Visa International Service Association Token check offline
US11915243B2 (en) 2015-02-03 2024-02-27 Visa International Service Association Validation identity tokens for transactions
US11176554B2 (en) 2015-02-03 2021-11-16 Visa International Service Association Validation identity tokens for transactions
US10977657B2 (en) 2015-02-09 2021-04-13 Visa International Service Association Token processing utilizing multiple authorizations
US10164996B2 (en) 2015-03-12 2018-12-25 Visa International Service Association Methods and systems for providing a low value token buffer
US11271921B2 (en) 2015-04-10 2022-03-08 Visa International Service Association Browser integration with cryptogram
US10333921B2 (en) 2015-04-10 2019-06-25 Visa International Service Association Browser integration with Cryptogram
US10568016B2 (en) 2015-04-16 2020-02-18 Visa International Service Association Systems and methods for processing dormant virtual access devices
US10552834B2 (en) 2015-04-30 2020-02-04 Visa International Service Association Tokenization capable authentication framework
FR3040579A1 (en) * 2015-08-28 2017-03-03 Orange METHOD AND SYSTEM FOR SOCIAL RELATIONSHIP ANONYMOUS AND SECURE AT EVENT
EP3136758A1 (en) * 2015-08-28 2017-03-01 Orange Method and system for anonymous and secure social mapping during an event
US10447630B2 (en) 2015-08-28 2019-10-15 Orange Method and system for anonymous and secure social linking during an event
US11068889B2 (en) 2015-10-15 2021-07-20 Visa International Service Association Instant token issuance
US10664844B2 (en) 2015-12-04 2020-05-26 Visa International Service Association Unique code for token verification
US10664843B2 (en) 2015-12-04 2020-05-26 Visa International Service Association Unique code for token verification
US11127016B2 (en) 2015-12-04 2021-09-21 Visa International Service Association Unique code for token verification
US10243958B2 (en) 2016-01-07 2019-03-26 Visa International Service Association Systems and methods for device push provisoning
US10911456B2 (en) 2016-01-07 2021-02-02 Visa International Service Association Systems and methods for device push provisioning
US11080696B2 (en) 2016-02-01 2021-08-03 Visa International Service Association Systems and methods for code display and use
US11720893B2 (en) 2016-02-01 2023-08-08 Visa International Service Association Systems and methods for code display and use
US11900361B2 (en) 2016-02-09 2024-02-13 Visa International Service Association Resource provider account token provisioning and processing
US10313321B2 (en) 2016-04-07 2019-06-04 Visa International Service Association Tokenization of co-network accounts
US11386421B2 (en) 2016-04-19 2022-07-12 Visa International Service Association Systems and methods for performing push transactions
US11250424B2 (en) 2016-05-19 2022-02-15 Visa International Service Association Systems and methods for creating subtokens using primary tokens
US11995649B2 (en) 2016-05-19 2024-05-28 Visa International Service Association Systems and methods for creating subtokens using primary tokens
US11068578B2 (en) 2016-06-03 2021-07-20 Visa International Service Association Subtoken management system for connected devices
US11783343B2 (en) 2016-06-17 2023-10-10 Visa International Service Association Token aggregation for multi-party transactions
US11068899B2 (en) 2016-06-17 2021-07-20 Visa International Service Association Token aggregation for multi-party transactions
US10361856B2 (en) 2016-06-24 2019-07-23 Visa International Service Association Unique token authentication cryptogram
US11329822B2 (en) 2016-06-24 2022-05-10 Visa International Service Association Unique token authentication verification value
US11714885B2 (en) 2016-07-11 2023-08-01 Visa International Service Association Encryption key exchange process using access device
US11238140B2 (en) 2016-07-11 2022-02-01 Visa International Service Association Encryption key exchange process using access device
US10990967B2 (en) 2016-07-19 2021-04-27 Visa International Service Association Method of distributing tokens and managing token relationships
US12067558B2 (en) 2016-07-19 2024-08-20 Visa International Service Association Method of distributing tokens and managing token relationships
US10942918B2 (en) 2016-09-14 2021-03-09 Visa International Service Association Self-cleaning token vault
US10509779B2 (en) 2016-09-14 2019-12-17 Visa International Service Association Self-cleaning token vault
US11799862B2 (en) 2016-11-28 2023-10-24 Visa International Service Association Access identifier provisioning to application
US11323443B2 (en) 2016-11-28 2022-05-03 Visa International Service Association Access identifier provisioning to application
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system
US10915899B2 (en) 2017-03-17 2021-02-09 Visa International Service Association Replacing token on a multi-token user device
US11900371B2 (en) 2017-03-17 2024-02-13 Visa International Service Association Replacing token on a multi-token user device
US10902418B2 (en) 2017-05-02 2021-01-26 Visa International Service Association System and method using interaction token
US11449862B2 (en) 2017-05-02 2022-09-20 Visa International Service Association System and method using interaction token
US12067562B2 (en) 2017-05-11 2024-08-20 Visa International Service Association Secure remote transaction system using mobile devices
US11494765B2 (en) 2017-05-11 2022-11-08 Visa International Service Association Secure remote transaction system using mobile devices
US10491389B2 (en) 2017-07-14 2019-11-26 Visa International Service Association Token provisioning utilizing a secure authentication system
US11398910B2 (en) 2017-07-14 2022-07-26 Visa International Service Association Token provisioning utilizing a secure authentication system
US11743042B2 (en) 2018-03-07 2023-08-29 Visa International Service Association Secure remote token release with online authentication
US11356257B2 (en) 2018-03-07 2022-06-07 Visa International Service Association Secure remote token release with online authentication
US12008088B2 (en) 2018-06-18 2024-06-11 Visa International Service Association Recurring token transactions
US11256789B2 (en) 2018-06-18 2022-02-22 Visa International Service Association Recurring token transactions
US12028337B2 (en) 2018-10-08 2024-07-02 Visa International Service Association Techniques for token proximity transactions
EP3651489A1 (en) * 2018-11-08 2020-05-13 Thales Dis France SA Method for authenticating a secure element cooperating with a terminal, corresponding applet, system and server
WO2020094790A1 (en) * 2018-11-08 2020-05-14 Thales Dis France Sa Method for authenticating a secure element cooperating with a terminal, corresponding applet, system and server
US11849042B2 (en) 2019-05-17 2023-12-19 Visa International Service Association Virtual access credential interaction system and method
CN111161092A (en) * 2019-11-27 2020-05-15 国网山东省电力公司阳信县供电公司 Electric power marketing inspection mobile application system
US11563727B2 (en) 2020-09-14 2023-01-24 International Business Machines Corporation Multi-factor authentication for non-internet applications
US12141800B2 (en) 2021-02-12 2024-11-12 Visa International Service Association Interaction account tokenization system and method
CN113473458A (en) * 2021-05-10 2021-10-01 厦门市思芯微科技有限公司 Equipment access method, data transmission method and computer readable storage medium
CN113473458B (en) * 2021-05-10 2023-11-17 厦门市思芯微科技有限公司 Device access method, data transmission method and computer readable storage medium
US12137088B2 (en) 2022-01-27 2024-11-05 Visa International Service Association Browser integration with cryptogram
CN115102795A (en) * 2022-08-26 2022-09-23 北京盈泽世纪科技发展有限公司 Communication security verification method and system

Similar Documents

Publication Publication Date Title
WO2012167941A1 (en) Method to validate a transaction between a user and a service provider
US11895491B2 (en) Method and system for provisioning access data to mobile device
US20200336315A1 (en) Validation cryptogram for transaction
JP6713081B2 (en) Authentication device, authentication system and authentication method
US10959093B2 (en) Method and system for provisioning access data to mobile device
US8342392B2 (en) Method and apparatus for providing secure document distribution
US9112842B1 (en) Secure authentication and transaction system and method
US7021534B1 (en) Method and apparatus for providing secure document distribution
US7379921B1 (en) Method and apparatus for providing authentication
US7380708B1 (en) Method and apparatus for providing secure document distribution
CN113168635A (en) System and method for password authentication of contactless cards
US11804964B2 (en) Systems and methods for cryptographic authentication of contactless cards
US9137242B2 (en) Method and system using a cyber ID to provide secure transactions
Raina Overview of mobile payment: technologies and security
CN112116344A (en) Secure remote payment transaction processing
EP2533486A1 (en) Method to validate a transaction between a user and a service provider
US20240202722A1 (en) Secure authentication and transaction system and method
EP3712792B1 (en) Method and system for provisioning access data to mobile device
US9137241B2 (en) Method and system using a cyber ID to provide secure transactions
TW201305935A (en) One time password generation and application method and system using the same
Kyrillidis et al. Card-present transactions on the internet using the smart card web server
WO2016178780A1 (en) Method and system for provisioning access data to mobile device
Bajpai Impact of M-Commerce in Mobile Transaction’s Security
Siddiqui M-commerce: security in mobile transaction

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12728980

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12728980

Country of ref document: EP

Kind code of ref document: A1