[go: up one dir, main page]

TWI229279B - System and method for secure credit and debit card transactions - Google Patents

System and method for secure credit and debit card transactions

Info

Publication number
TWI229279B
TWI229279B TW092107373A TW92107373A TWI229279B TW I229279 B TWI229279 B TW I229279B TW 092107373 A TW092107373 A TW 092107373A TW 92107373 A TW92107373 A TW 92107373A TW I229279 B TWI229279 B TW I229279B
Authority
TW
Taiwan
Prior art keywords
customer
security
merchant
security string
mobile telephone
Prior art date
Application number
TW092107373A
Other languages
Chinese (zh)
Other versions
TW200306483A (en
Inventor
Winston Donald Keech
Original Assignee
Swivel Secure Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB0207705A external-priority patent/GB2387253B/en
Application filed by Swivel Secure Ltd filed Critical Swivel Secure Ltd
Publication of TW200306483A publication Critical patent/TW200306483A/en
Application granted granted Critical
Publication of TWI229279B publication Critical patent/TWI229279B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/023Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] the neutral party being a clearing house
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/388Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

There is disclosed a method and system for conducting secure credit and debit card transactions between a customer and a merchant. The customer is issued with a pseudorandom security string by a host computer, the security string being sent to the customer's mobile telephone. A cryptographic algorithm running in a SIM card of the mobile telephone performs a hash on the security string or the one time code extracted from the security string, a customer PIN and a transaction amount, these last two items being entered by way of a keypad of the mobile telephone. A three-digit response code is generated by the algorithm and then passed to the merchant. The merchant then transmits the response code, transaction amount and a customer account number (card number) to the host computer, where the pseudorandom security string and PIN are retrieved from memory. The host computer then applies the same algorithm to the security string, PIN and transaction amount so as to generate a check code, and if the check code matches the response code transmitted by the merchant, the transaction is authorised. Embodiments of the present invention make use of existing CVV2 security infrastructure, but provide a significantly greater degree of security. Embodiments of the present invention may be used with ordinary face-to-face or telephone transactions, and also in e-commerce (web-based) and m-commerce (mobile telephone-based) transactions.
TW092107373A 2002-04-03 2003-04-01 System and method for secure credit and debit card transactions TWI229279B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0207705A GB2387253B (en) 2002-04-03 2002-04-03 System and method for secure credit and debit card transactions
US10/131,489 US20030191945A1 (en) 2002-04-03 2002-04-25 System and method for secure credit and debit card transactions

Publications (2)

Publication Number Publication Date
TW200306483A TW200306483A (en) 2003-11-16
TWI229279B true TWI229279B (en) 2005-03-11

Family

ID=28676501

Family Applications (1)

Application Number Title Priority Date Filing Date
TW092107373A TWI229279B (en) 2002-04-03 2003-04-01 System and method for secure credit and debit card transactions

Country Status (11)

Country Link
EP (1) EP1490846A2 (en)
JP (1) JP2005521961A (en)
CN (1) CN1672180A (en)
AU (1) AU2003219276A1 (en)
BR (1) BR0308965A (en)
CA (1) CA2505920A1 (en)
EA (1) EA006395B1 (en)
MX (1) MXPA04009725A (en)
NZ (1) NZ535428A (en)
TW (1) TWI229279B (en)
WO (1) WO2003083793A2 (en)

Families Citing this family (64)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040098315A1 (en) 2002-11-19 2004-05-20 Haynes Leonard Steven Apparatus and method for facilitating the selection of products by buyers and the purchase of the selected products from a supplier
GB2416892B (en) * 2004-07-30 2008-02-27 Robert Kaplan Method and apparatus to enable validating entitlement to VoIP services
CN101523449B (en) * 2006-09-27 2011-04-13 黄金富 Encryption transmission method and system for transmitting code and self-definite arithmetic equal to bank password
US8205793B2 (en) * 2007-03-31 2012-06-26 Dror Oved Banking transaction processing system
US7739169B2 (en) 2007-06-25 2010-06-15 Visa U.S.A. Inc. Restricting access to compromised account information
KR101615472B1 (en) 2007-09-24 2016-04-25 애플 인크. Embedded authentication systems in an electronic device
JP2009130882A (en) * 2007-11-28 2009-06-11 Oki Electric Ind Co Ltd Check value confirming method and apparatus
US8799069B2 (en) * 2007-12-21 2014-08-05 Yahoo! Inc. Mobile click fraud prevention
US8600120B2 (en) 2008-01-03 2013-12-03 Apple Inc. Personal computing device control using face detection and recognition
GB2457445A (en) * 2008-02-12 2009-08-19 Vidicom Ltd Verifying payment transactions
JP4656458B1 (en) 2009-11-09 2011-03-23 Necインフロンティア株式会社 Handy terminal and payment method by handy terminal
CN102096968A (en) * 2009-12-09 2011-06-15 中国银联股份有限公司 Method for verifying accuracy of PIN (Personal Identification Number) in agent authorization service
EP2355028B1 (en) * 2009-12-30 2018-09-05 SecurEnvoy Ltd Authentication apparatus
US8649766B2 (en) 2009-12-30 2014-02-11 Securenvoy Plc Authentication apparatus
CA2704864A1 (en) 2010-06-07 2010-08-16 S. Bhinder Mundip Method and system for controlling access to a monetary valued account
US11165963B2 (en) 2011-06-05 2021-11-02 Apple Inc. Device, method, and graphical user interface for accessing an application in a locked device
US8769624B2 (en) 2011-09-29 2014-07-01 Apple Inc. Access control utilizing indirect authentication
US9002322B2 (en) 2011-09-29 2015-04-07 Apple Inc. Authentication with secondary approver
WO2014162294A1 (en) 2013-04-05 2014-10-09 Visa International Service Association Systems, methods and devices for transacting
US9898642B2 (en) 2013-09-09 2018-02-20 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
WO2015065402A1 (en) 2013-10-30 2015-05-07 Bodhi Technology Ventures Llc Displaying relevant use interface objects
TWI494880B (en) * 2013-11-14 2015-08-01 Nat Univ Tsing Hua Method for preventing misappropriation of plastic money and plastic money
CN110807631A (en) * 2014-05-29 2020-02-18 苹果公司 User interface for payment
US9483763B2 (en) 2014-05-29 2016-11-01 Apple Inc. User interface for payments
US9967401B2 (en) 2014-05-30 2018-05-08 Apple Inc. User interface for phone call routing among devices
US9336523B2 (en) 2014-07-28 2016-05-10 International Business Machines Corporation Managing a secure transaction
US10339293B2 (en) 2014-08-15 2019-07-02 Apple Inc. Authenticated device used to unlock another device
WO2016036603A1 (en) 2014-09-02 2016-03-10 Apple Inc. Reduced size configuration interface
WO2016036552A1 (en) 2014-09-02 2016-03-10 Apple Inc. User interactions for a mapping application
FR3028639B1 (en) * 2014-11-17 2016-12-23 Oberthur Technologies METHOD FOR SECURING A PAYMENT TOKEN
US11042851B2 (en) * 2014-12-19 2021-06-22 Diebold Nixdorf, Incorporated Token based transactions
US20160224973A1 (en) 2015-02-01 2016-08-04 Apple Inc. User interface for payments
US9574896B2 (en) 2015-02-13 2017-02-21 Apple Inc. Navigation user interface
US10254911B2 (en) 2015-03-08 2019-04-09 Apple Inc. Device configuration user interface
US9940637B2 (en) 2015-06-05 2018-04-10 Apple Inc. User interface for loyalty accounts and private label accounts
US20160358133A1 (en) 2015-06-05 2016-12-08 Apple Inc. User interface for loyalty accounts and private label accounts for a wearable device
GB201522762D0 (en) * 2015-12-23 2016-02-03 Sdc As Data security
DK179186B1 (en) 2016-05-19 2018-01-15 Apple Inc REMOTE AUTHORIZATION TO CONTINUE WITH AN ACTION
US10776780B2 (en) * 2016-05-27 2020-09-15 Visa International Service Association Automated reissuance system for prepaid devices
CN114693289A (en) 2016-06-11 2022-07-01 苹果公司 User interface for trading
US10621581B2 (en) 2016-06-11 2020-04-14 Apple Inc. User interface for transactions
DK201670622A1 (en) 2016-06-12 2018-02-12 Apple Inc User interfaces for transactions
US9842330B1 (en) 2016-09-06 2017-12-12 Apple Inc. User interfaces for stored-value accounts
DK179471B1 (en) 2016-09-23 2018-11-26 Apple Inc. Image data for enhanced user interactions
US10860199B2 (en) 2016-09-23 2020-12-08 Apple Inc. Dynamically adjusting touch hysteresis based on contextual data
US10496808B2 (en) 2016-10-25 2019-12-03 Apple Inc. User interface for managing access to credentials for use in an operation
KR102185854B1 (en) 2017-09-09 2020-12-02 애플 인크. Implementation of biometric authentication
JP6736686B1 (en) 2017-09-09 2020-08-05 アップル インコーポレイテッドApple Inc. Implementation of biometrics
US11170085B2 (en) 2018-06-03 2021-11-09 Apple Inc. Implementation of biometric authentication
US10860096B2 (en) 2018-09-28 2020-12-08 Apple Inc. Device control using gaze information
US11100349B2 (en) 2018-09-28 2021-08-24 Apple Inc. Audio assisted enrollment
CA3062211A1 (en) * 2018-11-26 2020-05-26 Mir Limited Dynamic verification method and system for card transactions
US11328352B2 (en) 2019-03-24 2022-05-10 Apple Inc. User interfaces for managing an account
US11481094B2 (en) 2019-06-01 2022-10-25 Apple Inc. User interfaces for location-related communications
US11477609B2 (en) 2019-06-01 2022-10-18 Apple Inc. User interfaces for location-related communications
EP4300277A3 (en) 2019-09-29 2024-03-13 Apple Inc. Account management user interfaces
US11169830B2 (en) 2019-09-29 2021-11-09 Apple Inc. Account management user interfaces
DK202070633A1 (en) 2020-04-10 2021-11-12 Apple Inc User interfaces for enabling an activity
US11816194B2 (en) 2020-06-21 2023-11-14 Apple Inc. User interfaces for managing secure operations
EP4264460B1 (en) 2021-01-25 2025-12-24 Apple Inc. Implementation of biometric authentication
US12210603B2 (en) 2021-03-04 2025-01-28 Apple Inc. User interface for enrolling a biometric feature
US12216754B2 (en) 2021-05-10 2025-02-04 Apple Inc. User interfaces for authenticating to perform secure operations
JP7429819B1 (en) 2023-04-05 2024-02-08 株式会社セブン銀行 Trading systems, trading devices, trading methods, and programs
CN116092623B (en) * 2023-04-12 2023-07-28 四川执象网络有限公司 Health data management method based on basic medical quality control

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0691526B2 (en) * 1985-03-08 1994-11-14 株式会社東芝 Communications system
WO1995019593A1 (en) * 1994-01-14 1995-07-20 Michael Jeremy Kew A computer security system
GB2328310B (en) * 1996-05-15 1999-12-08 Ho Keung Tse Electronic transaction apparatus and method therefor
SE508844C2 (en) * 1997-02-19 1998-11-09 Postgirot Bank Ab Procedure for access control with SIM card
DE19820422A1 (en) * 1998-05-07 1999-11-11 Giesecke & Devrient Gmbh Method for authenticating a chip card within a message transmission network
FI115355B (en) * 2000-06-22 2005-04-15 Icl Invia Oyj Arrangements for identification and verification of a user in a protected system
US7392388B2 (en) * 2000-09-07 2008-06-24 Swivel Secure Limited Systems and methods for identity verification for secure transactions
US20030055738A1 (en) * 2001-04-04 2003-03-20 Microcell I5 Inc. Method and system for effecting an electronic transaction

Also Published As

Publication number Publication date
CN1672180A (en) 2005-09-21
AU2003219276A1 (en) 2003-10-13
EP1490846A2 (en) 2004-12-29
CA2505920A1 (en) 2003-10-09
MXPA04009725A (en) 2005-07-14
EA200401187A1 (en) 2005-04-28
WO2003083793A3 (en) 2003-12-31
TW200306483A (en) 2003-11-16
NZ535428A (en) 2006-08-31
EA006395B1 (en) 2005-12-29
JP2005521961A (en) 2005-07-21
WO2003083793A2 (en) 2003-10-09
BR0308965A (en) 2005-02-01

Similar Documents

Publication Publication Date Title
TWI229279B (en) System and method for secure credit and debit card transactions
US9911117B1 (en) Systems and methods for time variable financial authentication
EA200301199A1 (en) SAFE SYSTEM ONLINE PAYMENT
US20070170247A1 (en) Payment card authentication system and method
PH12015500674A1 (en) Secure financial transactions
WO2008067160A3 (en) Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value
NZ535529A (en) Electronic transfer systemusing a single use transaction identification number
WO2002086826A8 (en) Financial information input method using symmetrical key security algorithm and commercial transaction system for mobile communications
WO2003065164A3 (en) System and method for conducting secure payment transaction
WO2004044822A3 (en) Time-of-transaction foreign currency conversion
WO2002075478A3 (en) Method for performing secure online payment transactions
WO2001092989A3 (en) Methods and systems for network based electronic purchasing system
WO2002005224A3 (en) System and method for verifying a financial instrument
PL351167A1 (en) System for carrying on financial operation in person vs. person, person vs. company, company vs. person and company vs. company relationships
GB2377806B (en) Secure electronic commerce system
AU5701901A (en) An improved method and system for conducting secure payments over a computer network
CA2747920C (en) Technique for performing financial transactions over a network
NO996488D0 (en) Payment process and system
US20010007132A1 (en) CLT (Close Loop Transaction)
WO2003054655A3 (en) Public network privacy protection tool and method
NZ574076A (en) Transaction instruments with enhanced security pin and expiration date generation
HK1056033A1 (en) System and method for secure credit and debit card transactions
KR20070006942A (en) How to prevent credit card theft
WO2004031908A3 (en) Method and system for secure person to person payment
WO2003027798A3 (en) Method for providing cardless payment

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees