[go: up one dir, main page]

WO2001099070A3 - An improved method and system for conducting secure payments over a computer network - Google Patents

An improved method and system for conducting secure payments over a computer network Download PDF

Info

Publication number
WO2001099070A3
WO2001099070A3 PCT/US2001/019753 US0119753W WO0199070A3 WO 2001099070 A3 WO2001099070 A3 WO 2001099070A3 US 0119753 W US0119753 W US 0119753W WO 0199070 A3 WO0199070 A3 WO 0199070A3
Authority
WO
WIPO (PCT)
Prior art keywords
pseudo
key
account number
expiration date
authentication code
Prior art date
Application number
PCT/US2001/019753
Other languages
French (fr)
Other versions
WO2001099070A2 (en
Inventor
Edward J Hogan
Carl M Campbell
Original Assignee
Mastercard International Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/809,367 external-priority patent/US9672515B2/en
Priority claimed from US09/833,049 external-priority patent/US7379919B2/en
Application filed by Mastercard International Inc filed Critical Mastercard International Inc
Priority to EP01948538A priority Critical patent/EP1320839A2/en
Priority to AU70011/01A priority patent/AU781671B2/en
Priority to CA002382696A priority patent/CA2382696A1/en
Priority to JP2002503837A priority patent/JP5093957B2/en
Publication of WO2001099070A2 publication Critical patent/WO2001099070A2/en
Publication of WO2001099070A3 publication Critical patent/WO2001099070A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/14Payment architectures specially adapted for billing systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/122Online card verification

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A secure method of conducting an electronic transaction over a public communications network is provided which utilizes a pseudo-expiration date in the expiration date field of an authorization request. One of the preferred methods comprises: generating a per-card key associated with an account number; generating a message authentication code using the per-card key; converting the message authentication code into a pseudo expiration date; generating an authorization request for the transaction, the request having an expiration date field containing the pseudo expiration date; and verifying the message authentication code based on the pseudo expiration date. Another embodiment of the invention includes a method of conducting an electronic transaction over a public communications network, with a payment account number having an associated pseudo account number, comprising: a) providing the pseudo account number with a control field indicating one of a plurality of key-generation processes to be used to generate an authentication key; b) generating an authentication key associated with the pseudo account number using one of the plurality of key-generation processes indicated in the control field of the pseudo account number; c) using the authentication key to generate a message authentication code specific to the transaction; d) generating an authorization request message including the message authentication code and the pseudo account number; and e) verifying the message authentication code using the indicated key-generation process and the authentication key.
PCT/US2001/019753 2000-06-21 2001-06-21 An improved method and system for conducting secure payments over a computer network WO2001099070A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP01948538A EP1320839A2 (en) 2000-06-21 2001-06-21 An improved method and system for conducting secure payments over a computer network
AU70011/01A AU781671B2 (en) 2000-06-21 2001-06-21 An improved method and system for conducting secure payments over a computer network
CA002382696A CA2382696A1 (en) 2000-06-21 2001-06-21 An improved method and system for conducting secure payments over a computer network
JP2002503837A JP5093957B2 (en) 2000-06-21 2001-06-21 Improved method and system for making secure payments over a computer network

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US21306300P 2000-06-21 2000-06-21
US60/213,063 2000-06-21
US22622700P 2000-08-18 2000-08-18
US60/226,227 2000-08-18
US09/809,367 US9672515B2 (en) 2000-03-15 2001-03-15 Method and system for secure payments over a computer network
US09/809,367 2001-03-15
US09/833,049 US7379919B2 (en) 2000-04-11 2001-04-11 Method and system for conducting secure payments over a computer network
US09/833,049 2001-04-11

Publications (2)

Publication Number Publication Date
WO2001099070A2 WO2001099070A2 (en) 2001-12-27
WO2001099070A3 true WO2001099070A3 (en) 2003-01-16

Family

ID=27498921

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/019753 WO2001099070A2 (en) 2000-06-21 2001-06-21 An improved method and system for conducting secure payments over a computer network

Country Status (5)

Country Link
EP (1) EP1320839A2 (en)
JP (1) JP5093957B2 (en)
AU (1) AU781671B2 (en)
CA (1) CA2382696A1 (en)
WO (1) WO2001099070A2 (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
PT1503308E (en) 2002-01-31 2010-02-19 Servicios Para Medios De Pago Reversible method of generating mutated payment cards using a mathematical algorithm
EP1783708A1 (en) * 2005-10-06 2007-05-09 First Data Corporation Transaction method and system
JP5095740B2 (en) * 2006-09-15 2012-12-12 ヴィザ インターナショナル サーヴィス アソシエイション Method and system for registering transaction cards independent of issuer
FR2914763B1 (en) * 2007-04-06 2013-02-15 Grp Des Cartes Bancaires DYNAMIC CRYPTOGRAM
EP2026267A1 (en) 2007-07-31 2009-02-18 Nederlandse Organisatie voor toegepast- natuurwetenschappelijk onderzoek TNO Issuing electronic vouchers
US8181861B2 (en) 2008-10-13 2012-05-22 Miri Systems, Llc Electronic transaction security system and method
EP2401711A4 (en) * 2009-02-25 2016-12-28 Miri Systems Llc SYSTEM AND METHOD OF PAYMENT
WO2011044161A1 (en) 2009-10-05 2011-04-14 Miri Systems, Llc Electronic transaction security system and method
US8762284B2 (en) * 2010-12-16 2014-06-24 Democracyontheweb, Llc Systems and methods for facilitating secure transactions
US11151561B2 (en) * 2016-07-01 2021-10-19 American Express Travel Related Services Company, Inc. Systems and methods for validating transmissions over communication channels
KR102184807B1 (en) * 2018-05-23 2020-11-30 신한카드 주식회사 Payment apparatus and method of processing user identification based on automatic response service
US20190385160A1 (en) * 2018-06-19 2019-12-19 Mastercard International Incorporated System and process for on-the-fly cardholder verification method selection
US20200097959A1 (en) * 2018-09-21 2020-03-26 Mastercard International Incorporated Payment transaction process employing dynamic account expiry and dynamic token verification code
EP3767569A1 (en) * 2019-07-18 2021-01-20 Mastercard International Incorporated An electronic transaction method and device using a flexible transaction identifier
GB2598108A (en) 2020-08-17 2022-02-23 Mastercard International Inc Card reader, smart card and method for processing a transaction
US12380431B2 (en) 2021-05-24 2025-08-05 Mastercard International Incorporated Systems, methods and computer program products for asynchronous authentication of digital wallet based payment transactions
US12288213B2 (en) 2022-03-16 2025-04-29 Mastercard International Incorporated Systems, methods and computer program products for secure contactless payment transactions

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
US5956699A (en) * 1996-10-03 1999-09-21 Jaesent Inc. System for secured credit card transactions on the internet
EP1028401A2 (en) * 1999-02-12 2000-08-16 Citibank, N.A. Method and system for performing a bankcard transaction

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2708083B2 (en) * 1991-12-27 1998-02-04 国際電信電話株式会社 Credit card billing simple dial operation service device
EP1235177A3 (en) * 1993-12-16 2003-10-08 divine technology ventures Digital active advertising
JPH07231367A (en) * 1994-02-17 1995-08-29 Fujitsu Ltd Credit card charging service device for personal communication
US5826245A (en) * 1995-03-20 1998-10-20 Sandberg-Diment; Erik Providing verification information for a transaction
NL1001863C2 (en) * 1995-12-08 1997-06-10 Nederland Ptt Method for securely writing down an electronic payment method, as well as payment method for implementing the method.
US5953710A (en) * 1996-10-09 1999-09-14 Fleming; Stephen S. Children's credit or debit card system
JPH1139401A (en) * 1997-07-16 1999-02-12 Nippon Shinpan Kk Credit card system and method for using credit card through network
US6000832A (en) * 1997-09-24 1999-12-14 Microsoft Corporation Electronic online commerce card with customer generated transaction proxy number for online transactions
GB2345775A (en) * 1998-10-21 2000-07-19 Ordertrust Llc Analyzing transaction information
US6327578B1 (en) * 1998-12-29 2001-12-04 International Business Machines Corporation Four-party credit/debit payment protocol
US6847953B2 (en) * 2000-02-04 2005-01-25 Kuo James Shaw-Han Process and method for secure online transactions with calculated risk and against fraud

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5956699A (en) * 1996-10-03 1999-09-21 Jaesent Inc. System for secured credit card transactions on the internet
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
EP1028401A2 (en) * 1999-02-12 2000-08-16 Citibank, N.A. Method and system for performing a bankcard transaction

Also Published As

Publication number Publication date
AU7001101A (en) 2002-01-02
AU781671B2 (en) 2005-06-02
WO2001099070A2 (en) 2001-12-27
JP5093957B2 (en) 2012-12-12
JP2003536180A (en) 2003-12-02
EP1320839A2 (en) 2003-06-25
CA2382696A1 (en) 2001-12-27

Similar Documents

Publication Publication Date Title
WO2001099070A3 (en) An improved method and system for conducting secure payments over a computer network
CN105243313B (en) For the method whenever confirmed to verifying token
CN101848090B (en) Authentication device and system and method using same for on-line identity authentication and transaction
US20160241549A1 (en) Method and apparatus for the secure authentication of a web site
WO2006023839A3 (en) Method and system for authorizing a transaction using a dynamic authorization code
CN1831865B (en) Electronic bank safety authorization system and method based on CPK
WO2001091366A3 (en) Cryptographic communications using pseudo-randomly generated cryptography keys
HK1052564A1 (en) Electronic transaction systems and methods therefor
WO2005001635A3 (en) Systems and methods for conducting secure payment transactions using a formatted data structure
WO2002075478A3 (en) Method for performing secure online payment transactions
JPH1079006A (en) Using request considering method for virtual prepaid card capable of reusing continuous number
CA2357792A1 (en) Method and device for performing secure transactions
WO2003065164A3 (en) System and method for conducting secure payment transaction
DK1371255T3 (en) Procedure for activating PKI functions in an intelligent card
MXPA03000402A (en) Method and system for facilitation of wireless e-commerce transactions.
EP1322088A3 (en) Method and apparatus for centralized processing of hardware tokens for PKI solutions
WO2004097598A3 (en) Systems and methods for verifying identities in transactions
CN101013942A (en) System and method for improving the safety of intelligent key equipment
WO2006053191A3 (en) Method and system for performing a transaction using a dynamic authorization code
CN101241572A (en) Electronic signing tool operation method and electronic signing tool
TW431105B (en) Method for strongly authenticating another process in a different address space
CN101620705A (en) Safety certificate method and system for Internet banking
CN101790166A (en) Digital signing method based on mobile phone intelligent card
AU5701901A (en) An improved method and system for conducting secure payments over a computer network
KR20000024445A (en) User Authentication Algorithm Using Digital Signature and/or Wireless Digital Signature with a Portable Device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2002/01382

Country of ref document: ZA

Ref document number: 70011/01

Country of ref document: AU

Ref document number: 200201382

Country of ref document: ZA

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2382696

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2001948538

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 2001948538

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 70011/01

Country of ref document: AU

WWW Wipo information: withdrawn in national office

Ref document number: 2001948538

Country of ref document: EP