TWI229279B - System and method for secure credit and debit card transactions - Google Patents
System and method for secure credit and debit card transactionsInfo
- Publication number
- TWI229279B TWI229279B TW092107373A TW92107373A TWI229279B TW I229279 B TWI229279 B TW I229279B TW 092107373 A TW092107373 A TW 092107373A TW 92107373 A TW92107373 A TW 92107373A TW I229279 B TWI229279 B TW I229279B
- Authority
- TW
- Taiwan
- Prior art keywords
- customer
- security
- merchant
- security string
- mobile telephone
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
- G06Q20/023—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] the neutral party being a clearing house
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/388—Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Networks & Wireless Communication (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
Abstract
There is disclosed a method and system for conducting secure credit and debit card transactions between a customer and a merchant. The customer is issued with a pseudorandom security string by a host computer, the security string being sent to the customer's mobile telephone. A cryptographic algorithm running in a SIM card of the mobile telephone performs a hash on the security string or the one time code extracted from the security string, a customer PIN and a transaction amount, these last two items being entered by way of a keypad of the mobile telephone. A three-digit response code is generated by the algorithm and then passed to the merchant. The merchant then transmits the response code, transaction amount and a customer account number (card number) to the host computer, where the pseudorandom security string and PIN are retrieved from memory. The host computer then applies the same algorithm to the security string, PIN and transaction amount so as to generate a check code, and if the check code matches the response code transmitted by the merchant, the transaction is authorised. Embodiments of the present invention make use of existing CVV2 security infrastructure, but provide a significantly greater degree of security. Embodiments of the present invention may be used with ordinary face-to-face or telephone transactions, and also in e-commerce (web-based) and m-commerce (mobile telephone-based) transactions.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0207705A GB2387253B (en) | 2002-04-03 | 2002-04-03 | System and method for secure credit and debit card transactions |
US10/131,489 US20030191945A1 (en) | 2002-04-03 | 2002-04-25 | System and method for secure credit and debit card transactions |
Publications (2)
Publication Number | Publication Date |
---|---|
TW200306483A TW200306483A (en) | 2003-11-16 |
TWI229279B true TWI229279B (en) | 2005-03-11 |
Family
ID=28676501
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW092107373A TWI229279B (en) | 2002-04-03 | 2003-04-01 | System and method for secure credit and debit card transactions |
Country Status (11)
Country | Link |
---|---|
EP (1) | EP1490846A2 (en) |
JP (1) | JP2005521961A (en) |
CN (1) | CN1672180A (en) |
AU (1) | AU2003219276A1 (en) |
BR (1) | BR0308965A (en) |
CA (1) | CA2505920A1 (en) |
EA (1) | EA006395B1 (en) |
MX (1) | MXPA04009725A (en) |
NZ (1) | NZ535428A (en) |
TW (1) | TWI229279B (en) |
WO (1) | WO2003083793A2 (en) |
Families Citing this family (59)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040098315A1 (en) | 2002-11-19 | 2004-05-20 | Haynes Leonard Steven | Apparatus and method for facilitating the selection of products by buyers and the purchase of the selected products from a supplier |
GB2416892B (en) * | 2004-07-30 | 2008-02-27 | Robert Kaplan | Method and apparatus to enable validating entitlement to VoIP services |
WO2008037116A1 (en) * | 2006-09-27 | 2008-04-03 | Kamfu Wong | Method and system for encrypting transfer that the transfer code adding the user-defined arithmetic equal to the bank password |
US8205793B2 (en) * | 2007-03-31 | 2012-06-26 | Dror Oved | Banking transaction processing system |
US7739169B2 (en) | 2007-06-25 | 2010-06-15 | Visa U.S.A. Inc. | Restricting access to compromised account information |
KR101961052B1 (en) | 2007-09-24 | 2019-03-21 | 애플 인크. | Embedded authentication systems in an electronic device |
JP2009130882A (en) * | 2007-11-28 | 2009-06-11 | Oki Electric Ind Co Ltd | Check value confirming method and apparatus |
US8799069B2 (en) * | 2007-12-21 | 2014-08-05 | Yahoo! Inc. | Mobile click fraud prevention |
US8600120B2 (en) | 2008-01-03 | 2013-12-03 | Apple Inc. | Personal computing device control using face detection and recognition |
GB2457445A (en) * | 2008-02-12 | 2009-08-19 | Vidicom Ltd | Verifying payment transactions |
JP4656458B1 (en) | 2009-11-09 | 2011-03-23 | Necインフロンティア株式会社 | Handy terminal and payment method by handy terminal |
CN102096968A (en) * | 2009-12-09 | 2011-06-15 | ***股份有限公司 | Method for verifying accuracy of PIN (Personal Identification Number) in agent authorization service |
US8649766B2 (en) | 2009-12-30 | 2014-02-11 | Securenvoy Plc | Authentication apparatus |
EP2355028B1 (en) * | 2009-12-30 | 2018-09-05 | SecurEnvoy Ltd | Authentication apparatus |
CA2704864A1 (en) | 2010-06-07 | 2010-08-16 | S. Bhinder Mundip | Method and system for controlling access to a monetary valued account |
US8769624B2 (en) | 2011-09-29 | 2014-07-01 | Apple Inc. | Access control utilizing indirect authentication |
US9002322B2 (en) | 2011-09-29 | 2015-04-07 | Apple Inc. | Authentication with secondary approver |
US10769627B2 (en) | 2013-04-05 | 2020-09-08 | Visa International Service Association | Systems, methods and devices for transacting |
US9898642B2 (en) | 2013-09-09 | 2018-02-20 | Apple Inc. | Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs |
KR101952928B1 (en) | 2013-10-30 | 2019-02-27 | 애플 인크. | Displaying relevant user interface objects |
TWI494880B (en) * | 2013-11-14 | 2015-08-01 | Nat Univ Tsing Hua | Method for preventing misappropriation of plastic money and plastic money |
CN204650596U (en) * | 2014-05-29 | 2015-09-16 | 苹果公司 | Electronic equipment |
US10482461B2 (en) | 2014-05-29 | 2019-11-19 | Apple Inc. | User interface for payments |
US9967401B2 (en) | 2014-05-30 | 2018-05-08 | Apple Inc. | User interface for phone call routing among devices |
US9336523B2 (en) | 2014-07-28 | 2016-05-10 | International Business Machines Corporation | Managing a secure transaction |
US10339293B2 (en) | 2014-08-15 | 2019-07-02 | Apple Inc. | Authenticated device used to unlock another device |
WO2016036603A1 (en) | 2014-09-02 | 2016-03-10 | Apple Inc. | Reduced size configuration interface |
US10066959B2 (en) | 2014-09-02 | 2018-09-04 | Apple Inc. | User interactions for a mapping application |
FR3028639B1 (en) * | 2014-11-17 | 2016-12-23 | Oberthur Technologies | METHOD FOR SECURING A PAYMENT TOKEN |
WO2016100965A1 (en) * | 2014-12-19 | 2016-06-23 | Diebold, Incorporated | Pre-staged atm transactions |
US20160224973A1 (en) | 2015-02-01 | 2016-08-04 | Apple Inc. | User interface for payments |
US9574896B2 (en) | 2015-02-13 | 2017-02-21 | Apple Inc. | Navigation user interface |
US10254911B2 (en) | 2015-03-08 | 2019-04-09 | Apple Inc. | Device configuration user interface |
US20160358133A1 (en) | 2015-06-05 | 2016-12-08 | Apple Inc. | User interface for loyalty accounts and private label accounts for a wearable device |
US9940637B2 (en) | 2015-06-05 | 2018-04-10 | Apple Inc. | User interface for loyalty accounts and private label accounts |
GB201522762D0 (en) * | 2015-12-23 | 2016-02-03 | Sdc As | Data security |
DK179186B1 (en) | 2016-05-19 | 2018-01-15 | Apple Inc | REMOTE AUTHORIZATION TO CONTINUE WITH AN ACTION |
US10776780B2 (en) * | 2016-05-27 | 2020-09-15 | Visa International Service Association | Automated reissuance system for prepaid devices |
CN114693289A (en) | 2016-06-11 | 2022-07-01 | 苹果公司 | User interface for transactions |
US10621581B2 (en) | 2016-06-11 | 2020-04-14 | Apple Inc. | User interface for transactions |
DK201670622A1 (en) | 2016-06-12 | 2018-02-12 | Apple Inc | User interfaces for transactions |
US9842330B1 (en) | 2016-09-06 | 2017-12-12 | Apple Inc. | User interfaces for stored-value accounts |
US10860199B2 (en) | 2016-09-23 | 2020-12-08 | Apple Inc. | Dynamically adjusting touch hysteresis based on contextual data |
US10496808B2 (en) | 2016-10-25 | 2019-12-03 | Apple Inc. | User interface for managing access to credentials for use in an operation |
KR102301599B1 (en) | 2017-09-09 | 2021-09-10 | 애플 인크. | Implementation of biometric authentication |
KR102185854B1 (en) | 2017-09-09 | 2020-12-02 | 애플 인크. | Implementation of biometric authentication |
US11170085B2 (en) | 2018-06-03 | 2021-11-09 | Apple Inc. | Implementation of biometric authentication |
US10860096B2 (en) | 2018-09-28 | 2020-12-08 | Apple Inc. | Device control using gaze information |
US11100349B2 (en) | 2018-09-28 | 2021-08-24 | Apple Inc. | Audio assisted enrollment |
CA3062211A1 (en) * | 2018-11-26 | 2020-05-26 | Mir Limited | Dynamic verification method and system for card transactions |
US11328352B2 (en) | 2019-03-24 | 2022-05-10 | Apple Inc. | User interfaces for managing an account |
US11477609B2 (en) | 2019-06-01 | 2022-10-18 | Apple Inc. | User interfaces for location-related communications |
US11481094B2 (en) | 2019-06-01 | 2022-10-25 | Apple Inc. | User interfaces for location-related communications |
US11169830B2 (en) | 2019-09-29 | 2021-11-09 | Apple Inc. | Account management user interfaces |
CN114365073A (en) | 2019-09-29 | 2022-04-15 | 苹果公司 | Account management user interface |
DK180985B1 (en) | 2020-04-10 | 2022-09-02 | Apple Inc | User interfaces for enabling an activity |
US11816194B2 (en) | 2020-06-21 | 2023-11-14 | Apple Inc. | User interfaces for managing secure operations |
JP7429819B1 (en) | 2023-04-05 | 2024-02-08 | 株式会社セブン銀行 | Trading systems, trading devices, trading methods, and programs |
CN116092623B (en) * | 2023-04-12 | 2023-07-28 | 四川执象网络有限公司 | Health data management method based on basic medical quality control |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0691526B2 (en) * | 1985-03-08 | 1994-11-14 | 株式会社東芝 | Communications system |
AU1390395A (en) * | 1994-01-14 | 1995-08-01 | Michael Jeremy Kew | A computer security system |
GB2328310B (en) * | 1996-05-15 | 1999-12-08 | Ho Keung Tse | Electronic transaction apparatus and method therefor |
SE508844C2 (en) * | 1997-02-19 | 1998-11-09 | Postgirot Bank Ab | Procedure for access control with SIM card |
DE19820422A1 (en) * | 1998-05-07 | 1999-11-11 | Giesecke & Devrient Gmbh | Method for authenticating a chip card within a message transmission network |
FI115355B (en) * | 2000-06-22 | 2005-04-15 | Icl Invia Oyj | Arrangement for the authentication and authentication of a secure system user |
US7392388B2 (en) * | 2000-09-07 | 2008-06-24 | Swivel Secure Limited | Systems and methods for identity verification for secure transactions |
WO2002082387A1 (en) * | 2001-04-04 | 2002-10-17 | Microcell I5 Inc. | Method and system for effecting an electronic transaction |
-
2003
- 2003-03-14 EA EA200401187A patent/EA006395B1/en not_active IP Right Cessation
- 2003-03-14 AU AU2003219276A patent/AU2003219276A1/en not_active Abandoned
- 2003-03-14 CA CA002505920A patent/CA2505920A1/en not_active Abandoned
- 2003-03-14 BR BR0308965-7A patent/BR0308965A/en not_active IP Right Cessation
- 2003-03-14 JP JP2003581137A patent/JP2005521961A/en not_active Abandoned
- 2003-03-14 MX MXPA04009725A patent/MXPA04009725A/en unknown
- 2003-03-14 WO PCT/GB2003/001075 patent/WO2003083793A2/en active Application Filing
- 2003-03-14 CN CN03807792.2A patent/CN1672180A/en active Pending
- 2003-03-14 EP EP03715081A patent/EP1490846A2/en not_active Withdrawn
- 2003-03-14 NZ NZ535428A patent/NZ535428A/en unknown
- 2003-04-01 TW TW092107373A patent/TWI229279B/en not_active IP Right Cessation
Also Published As
Publication number | Publication date |
---|---|
TW200306483A (en) | 2003-11-16 |
EA200401187A1 (en) | 2005-04-28 |
WO2003083793A3 (en) | 2003-12-31 |
JP2005521961A (en) | 2005-07-21 |
BR0308965A (en) | 2005-02-01 |
AU2003219276A1 (en) | 2003-10-13 |
MXPA04009725A (en) | 2005-07-14 |
CA2505920A1 (en) | 2003-10-09 |
EP1490846A2 (en) | 2004-12-29 |
EA006395B1 (en) | 2005-12-29 |
NZ535428A (en) | 2006-08-31 |
CN1672180A (en) | 2005-09-21 |
WO2003083793A2 (en) | 2003-10-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI229279B (en) | System and method for secure credit and debit card transactions | |
US9911117B1 (en) | Systems and methods for time variable financial authentication | |
US6755341B1 (en) | Method for storing data in payment card transaction | |
EA200301199A1 (en) | SAFE SYSTEM ONLINE PAYMENT | |
US8200978B2 (en) | Security device and method incorporating multiple varying password generator | |
US20070170247A1 (en) | Payment card authentication system and method | |
PH12015500674A1 (en) | Secure financial transactions | |
WO2008067160A3 (en) | Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value | |
WO2002086826A8 (en) | Financial information input method using symmetrical key security algorithm and commercial transaction system for mobile communications | |
WO2003065164A3 (en) | System and method for conducting secure payment transaction | |
WO2002075478A3 (en) | Method for performing secure online payment transactions | |
WO2001092989A3 (en) | Methods and systems for network based electronic purchasing system | |
WO2002005224A3 (en) | System and method for verifying a financial instrument | |
TWI235934B (en) | Secure electronic commerce system | |
CA2747920C (en) | Technique for performing financial transactions over a network | |
HUP0003227A2 (en) | Payment process and system | |
KR20070006942A (en) | Method of anti-fraud for credit card | |
US7516885B2 (en) | Transaction instruments with enhanced security PIN and expiration date generation | |
WO2003054655A3 (en) | Public network privacy protection tool and method | |
WO2006036363A3 (en) | Highly secure and low-cost dialogic enciphered dynamic pin system for credit card and login | |
WO2004031908A3 (en) | Method and system for secure person to person payment | |
WO2003027798A3 (en) | Method for providing cardless payment | |
CY1107827T1 (en) | ON-LINE TRANSACTION PROCEDURE | |
TH71291A (en) | Systems and methods For stabilization of credit and debit card changes | |
KR20010078902A (en) | Non Card System: NCS |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM4A | Annulment or lapse of patent due to non-payment of fees |