TWI229279B - System and method for secure credit and debit card transactions - Google Patents

System and method for secure credit and debit card transactions

Info

Publication number
TWI229279B
TWI229279B TW092107373A TW92107373A TWI229279B TW I229279 B TWI229279 B TW I229279B TW 092107373 A TW092107373 A TW 092107373A TW 92107373 A TW92107373 A TW 92107373A TW I229279 B TWI229279 B TW I229279B
Authority
TW
Taiwan
Prior art keywords
customer
security
merchant
security string
mobile telephone
Prior art date
Application number
TW092107373A
Other languages
Chinese (zh)
Other versions
TW200306483A (en
Inventor
Winston Donald Keech
Original Assignee
Swivel Secure Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB0207705A external-priority patent/GB2387253B/en
Application filed by Swivel Secure Ltd filed Critical Swivel Secure Ltd
Publication of TW200306483A publication Critical patent/TW200306483A/en
Application granted granted Critical
Publication of TWI229279B publication Critical patent/TWI229279B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/023Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] the neutral party being a clearing house
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/388Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

There is disclosed a method and system for conducting secure credit and debit card transactions between a customer and a merchant. The customer is issued with a pseudorandom security string by a host computer, the security string being sent to the customer's mobile telephone. A cryptographic algorithm running in a SIM card of the mobile telephone performs a hash on the security string or the one time code extracted from the security string, a customer PIN and a transaction amount, these last two items being entered by way of a keypad of the mobile telephone. A three-digit response code is generated by the algorithm and then passed to the merchant. The merchant then transmits the response code, transaction amount and a customer account number (card number) to the host computer, where the pseudorandom security string and PIN are retrieved from memory. The host computer then applies the same algorithm to the security string, PIN and transaction amount so as to generate a check code, and if the check code matches the response code transmitted by the merchant, the transaction is authorised. Embodiments of the present invention make use of existing CVV2 security infrastructure, but provide a significantly greater degree of security. Embodiments of the present invention may be used with ordinary face-to-face or telephone transactions, and also in e-commerce (web-based) and m-commerce (mobile telephone-based) transactions.
TW092107373A 2002-04-03 2003-04-01 System and method for secure credit and debit card transactions TWI229279B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0207705A GB2387253B (en) 2002-04-03 2002-04-03 System and method for secure credit and debit card transactions
US10/131,489 US20030191945A1 (en) 2002-04-03 2002-04-25 System and method for secure credit and debit card transactions

Publications (2)

Publication Number Publication Date
TW200306483A TW200306483A (en) 2003-11-16
TWI229279B true TWI229279B (en) 2005-03-11

Family

ID=28676501

Family Applications (1)

Application Number Title Priority Date Filing Date
TW092107373A TWI229279B (en) 2002-04-03 2003-04-01 System and method for secure credit and debit card transactions

Country Status (11)

Country Link
EP (1) EP1490846A2 (en)
JP (1) JP2005521961A (en)
CN (1) CN1672180A (en)
AU (1) AU2003219276A1 (en)
BR (1) BR0308965A (en)
CA (1) CA2505920A1 (en)
EA (1) EA006395B1 (en)
MX (1) MXPA04009725A (en)
NZ (1) NZ535428A (en)
TW (1) TWI229279B (en)
WO (1) WO2003083793A2 (en)

Families Citing this family (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040098315A1 (en) 2002-11-19 2004-05-20 Haynes Leonard Steven Apparatus and method for facilitating the selection of products by buyers and the purchase of the selected products from a supplier
GB2416892B (en) * 2004-07-30 2008-02-27 Robert Kaplan Method and apparatus to enable validating entitlement to VoIP services
WO2008037116A1 (en) * 2006-09-27 2008-04-03 Kamfu Wong Method and system for encrypting transfer that the transfer code adding the user-defined arithmetic equal to the bank password
US8205793B2 (en) * 2007-03-31 2012-06-26 Dror Oved Banking transaction processing system
US7739169B2 (en) 2007-06-25 2010-06-15 Visa U.S.A. Inc. Restricting access to compromised account information
KR101961052B1 (en) 2007-09-24 2019-03-21 애플 인크. Embedded authentication systems in an electronic device
JP2009130882A (en) * 2007-11-28 2009-06-11 Oki Electric Ind Co Ltd Check value confirming method and apparatus
US8799069B2 (en) * 2007-12-21 2014-08-05 Yahoo! Inc. Mobile click fraud prevention
US8600120B2 (en) 2008-01-03 2013-12-03 Apple Inc. Personal computing device control using face detection and recognition
GB2457445A (en) * 2008-02-12 2009-08-19 Vidicom Ltd Verifying payment transactions
JP4656458B1 (en) 2009-11-09 2011-03-23 Necインフロンティア株式会社 Handy terminal and payment method by handy terminal
CN102096968A (en) * 2009-12-09 2011-06-15 ***股份有限公司 Method for verifying accuracy of PIN (Personal Identification Number) in agent authorization service
US8649766B2 (en) 2009-12-30 2014-02-11 Securenvoy Plc Authentication apparatus
EP2355028B1 (en) * 2009-12-30 2018-09-05 SecurEnvoy Ltd Authentication apparatus
CA2704864A1 (en) 2010-06-07 2010-08-16 S. Bhinder Mundip Method and system for controlling access to a monetary valued account
US8769624B2 (en) 2011-09-29 2014-07-01 Apple Inc. Access control utilizing indirect authentication
US9002322B2 (en) 2011-09-29 2015-04-07 Apple Inc. Authentication with secondary approver
US10769627B2 (en) 2013-04-05 2020-09-08 Visa International Service Association Systems, methods and devices for transacting
US9898642B2 (en) 2013-09-09 2018-02-20 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
KR101952928B1 (en) 2013-10-30 2019-02-27 애플 인크. Displaying relevant user interface objects
TWI494880B (en) * 2013-11-14 2015-08-01 Nat Univ Tsing Hua Method for preventing misappropriation of plastic money and plastic money
CN204650596U (en) * 2014-05-29 2015-09-16 苹果公司 Electronic equipment
US10482461B2 (en) 2014-05-29 2019-11-19 Apple Inc. User interface for payments
US9967401B2 (en) 2014-05-30 2018-05-08 Apple Inc. User interface for phone call routing among devices
US9336523B2 (en) 2014-07-28 2016-05-10 International Business Machines Corporation Managing a secure transaction
US10339293B2 (en) 2014-08-15 2019-07-02 Apple Inc. Authenticated device used to unlock another device
WO2016036603A1 (en) 2014-09-02 2016-03-10 Apple Inc. Reduced size configuration interface
US10066959B2 (en) 2014-09-02 2018-09-04 Apple Inc. User interactions for a mapping application
FR3028639B1 (en) * 2014-11-17 2016-12-23 Oberthur Technologies METHOD FOR SECURING A PAYMENT TOKEN
WO2016100965A1 (en) * 2014-12-19 2016-06-23 Diebold, Incorporated Pre-staged atm transactions
US20160224973A1 (en) 2015-02-01 2016-08-04 Apple Inc. User interface for payments
US9574896B2 (en) 2015-02-13 2017-02-21 Apple Inc. Navigation user interface
US10254911B2 (en) 2015-03-08 2019-04-09 Apple Inc. Device configuration user interface
US20160358133A1 (en) 2015-06-05 2016-12-08 Apple Inc. User interface for loyalty accounts and private label accounts for a wearable device
US9940637B2 (en) 2015-06-05 2018-04-10 Apple Inc. User interface for loyalty accounts and private label accounts
GB201522762D0 (en) * 2015-12-23 2016-02-03 Sdc As Data security
DK179186B1 (en) 2016-05-19 2018-01-15 Apple Inc REMOTE AUTHORIZATION TO CONTINUE WITH AN ACTION
US10776780B2 (en) * 2016-05-27 2020-09-15 Visa International Service Association Automated reissuance system for prepaid devices
CN114693289A (en) 2016-06-11 2022-07-01 苹果公司 User interface for transactions
US10621581B2 (en) 2016-06-11 2020-04-14 Apple Inc. User interface for transactions
DK201670622A1 (en) 2016-06-12 2018-02-12 Apple Inc User interfaces for transactions
US9842330B1 (en) 2016-09-06 2017-12-12 Apple Inc. User interfaces for stored-value accounts
US10860199B2 (en) 2016-09-23 2020-12-08 Apple Inc. Dynamically adjusting touch hysteresis based on contextual data
US10496808B2 (en) 2016-10-25 2019-12-03 Apple Inc. User interface for managing access to credentials for use in an operation
KR102301599B1 (en) 2017-09-09 2021-09-10 애플 인크. Implementation of biometric authentication
KR102185854B1 (en) 2017-09-09 2020-12-02 애플 인크. Implementation of biometric authentication
US11170085B2 (en) 2018-06-03 2021-11-09 Apple Inc. Implementation of biometric authentication
US10860096B2 (en) 2018-09-28 2020-12-08 Apple Inc. Device control using gaze information
US11100349B2 (en) 2018-09-28 2021-08-24 Apple Inc. Audio assisted enrollment
CA3062211A1 (en) * 2018-11-26 2020-05-26 Mir Limited Dynamic verification method and system for card transactions
US11328352B2 (en) 2019-03-24 2022-05-10 Apple Inc. User interfaces for managing an account
US11477609B2 (en) 2019-06-01 2022-10-18 Apple Inc. User interfaces for location-related communications
US11481094B2 (en) 2019-06-01 2022-10-25 Apple Inc. User interfaces for location-related communications
US11169830B2 (en) 2019-09-29 2021-11-09 Apple Inc. Account management user interfaces
CN114365073A (en) 2019-09-29 2022-04-15 苹果公司 Account management user interface
DK180985B1 (en) 2020-04-10 2022-09-02 Apple Inc User interfaces for enabling an activity
US11816194B2 (en) 2020-06-21 2023-11-14 Apple Inc. User interfaces for managing secure operations
JP7429819B1 (en) 2023-04-05 2024-02-08 株式会社セブン銀行 Trading systems, trading devices, trading methods, and programs
CN116092623B (en) * 2023-04-12 2023-07-28 四川执象网络有限公司 Health data management method based on basic medical quality control

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0691526B2 (en) * 1985-03-08 1994-11-14 株式会社東芝 Communications system
AU1390395A (en) * 1994-01-14 1995-08-01 Michael Jeremy Kew A computer security system
GB2328310B (en) * 1996-05-15 1999-12-08 Ho Keung Tse Electronic transaction apparatus and method therefor
SE508844C2 (en) * 1997-02-19 1998-11-09 Postgirot Bank Ab Procedure for access control with SIM card
DE19820422A1 (en) * 1998-05-07 1999-11-11 Giesecke & Devrient Gmbh Method for authenticating a chip card within a message transmission network
FI115355B (en) * 2000-06-22 2005-04-15 Icl Invia Oyj Arrangement for the authentication and authentication of a secure system user
US7392388B2 (en) * 2000-09-07 2008-06-24 Swivel Secure Limited Systems and methods for identity verification for secure transactions
WO2002082387A1 (en) * 2001-04-04 2002-10-17 Microcell I5 Inc. Method and system for effecting an electronic transaction

Also Published As

Publication number Publication date
TW200306483A (en) 2003-11-16
EA200401187A1 (en) 2005-04-28
WO2003083793A3 (en) 2003-12-31
JP2005521961A (en) 2005-07-21
BR0308965A (en) 2005-02-01
AU2003219276A1 (en) 2003-10-13
MXPA04009725A (en) 2005-07-14
CA2505920A1 (en) 2003-10-09
EP1490846A2 (en) 2004-12-29
EA006395B1 (en) 2005-12-29
NZ535428A (en) 2006-08-31
CN1672180A (en) 2005-09-21
WO2003083793A2 (en) 2003-10-09

Similar Documents

Publication Publication Date Title
TWI229279B (en) System and method for secure credit and debit card transactions
US9911117B1 (en) Systems and methods for time variable financial authentication
US6755341B1 (en) Method for storing data in payment card transaction
EA200301199A1 (en) SAFE SYSTEM ONLINE PAYMENT
US8200978B2 (en) Security device and method incorporating multiple varying password generator
US20070170247A1 (en) Payment card authentication system and method
PH12015500674A1 (en) Secure financial transactions
WO2008067160A3 (en) Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value
WO2002086826A8 (en) Financial information input method using symmetrical key security algorithm and commercial transaction system for mobile communications
WO2003065164A3 (en) System and method for conducting secure payment transaction
WO2002075478A3 (en) Method for performing secure online payment transactions
WO2001092989A3 (en) Methods and systems for network based electronic purchasing system
WO2002005224A3 (en) System and method for verifying a financial instrument
TWI235934B (en) Secure electronic commerce system
CA2747920C (en) Technique for performing financial transactions over a network
HUP0003227A2 (en) Payment process and system
KR20070006942A (en) Method of anti-fraud for credit card
US7516885B2 (en) Transaction instruments with enhanced security PIN and expiration date generation
WO2003054655A3 (en) Public network privacy protection tool and method
WO2006036363A3 (en) Highly secure and low-cost dialogic enciphered dynamic pin system for credit card and login
WO2004031908A3 (en) Method and system for secure person to person payment
WO2003027798A3 (en) Method for providing cardless payment
CY1107827T1 (en) ON-LINE TRANSACTION PROCEDURE
TH71291A (en) Systems and methods For stabilization of credit and debit card changes
KR20010078902A (en) Non Card System: NCS

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees