[go: up one dir, main page]

WO2007003939A2 - Procede et systeme pour authentification - Google Patents

Procede et systeme pour authentification Download PDF

Info

Publication number
WO2007003939A2
WO2007003939A2 PCT/GB2006/002476 GB2006002476W WO2007003939A2 WO 2007003939 A2 WO2007003939 A2 WO 2007003939A2 GB 2006002476 W GB2006002476 W GB 2006002476W WO 2007003939 A2 WO2007003939 A2 WO 2007003939A2
Authority
WO
WIPO (PCT)
Prior art keywords
data set
authentication device
user authentication
user
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/GB2006/002476
Other languages
English (en)
Other versions
WO2007003939A3 (fr
Inventor
Christopher Knowles
John Murphy
Brian O'connor
Edward John Butters
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2007003939A2 publication Critical patent/WO2007003939A2/fr
Publication of WO2007003939A3 publication Critical patent/WO2007003939A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code

Definitions

  • the invention relates to a method of and a system for authentication, and especially (but not solely) for authentication of a transaction, such as a bank card or credit card transaction.
  • PIN personal identification number
  • a method of authentication comprising providing a first data set stored on a user authentication device and a second data set stored on a central database, selecting a portion of the first data set and reading the portion of the first data set from the user authentication device, comparing the portion of the first data set with the second data set, and authenticating the user authentication device if the selected portion of the first data set matches a portion of the second data set.
  • a system for authentication comprising a number of user authentication devices, a central processor and a number of user authentication device readers coupled to the central processor, each user authentication device having a first data set stored thereon and the central processor having a number of second data sets stored thereon, wherein each first data set stored on a user authentication device corresponds to a second data set stored on the central computer, and when a user authentication device is read by an authentication device reader, a portion of the first data set is selected and compared with a second data set, and the computer authenticating the user authentication device if the portion of the first data set matches a portion of the second data set corresponding to the read user authentication device.
  • the method further comprises tagging the matched portion of the second data set.
  • the user authentication device is only authenticated if the selected portion of the first data set matches a non-tagged portion of the second data set.
  • the first and second data sets are a digitised image, and preferably, a watermarked digitised image.
  • the digitised image may be an image of a user associated with the user authentication device.
  • the digitized image may be, for example, a digitised photograph of any subject matter or a digitized image of any subject matter such as a printed page of text.
  • the portion of the first data set is selected pseudo randomly.
  • the selected portion of the first data set may be transferred from the user authentication device to a transaction device and the device reader reads the selected portion of the first data set from the transaction device and transmits the read selected portion of the first data set to the central computer for comparison with the second data set.
  • the method of and system for authentication may be for authentication of a transaction.
  • the method of and system of authentication may be used to authenticate a user and this could be used for any security identification purposes, for example, for access to a secure area, for passport identification or cheque validation.
  • Figure 1 is a schematic view of a portion of a system for authenticating a
  • Figure 2 is a perspective view of an electronic wallet for use with the system shown in Figure 1 with a transaction card inserted into the electronic wallet.
  • FIG 1 shows an authentication system I which includes a retailer card reader 1 , an automatic teller machine (ATM) 2, transaction card 3, a users mobile phone 4 and a user's electronic wallet 5.
  • ATM automatic teller machine
  • FIG 2 shows the electronic wallet 5 in more detail. As can be seen from Figure 2, it is in the form of a calculator type device with an alphanumeric keypad 11 , an LCD screen 12 and a solar panel 13.
  • the solar panel 13 is used to provide power to the wallet 5 and the wallet 5 can partially powered by the solar panel 13 or wholly powered by the solar panel 13. If the wallet is only partially powered by the solar panel 13, the remaining power could be supplied by batteries of by a mains electricity supply, typically through an adapter.
  • the wallet 5 is provided with an infrared port 14 and in addition, or alternatively, may include other wireless communication devices, such as Bluetooth.
  • the wallet also includes a card port 15 to permit a transaction card 3 or other data card to be inserted into the wallet 5 and to communicate with the wallet 5.
  • the wallet also includes a processor and memory device (not shown).
  • a data set is stored in the user's mobile phone 4 or electronic wallet 5.
  • An identical data set is stored with a transaction authentication organisation that operates a central computer 6.
  • the data set is a watermarked digitised photograph.
  • the photograph may be supplied by a user to a bank or credit card authority with an application for an account or an application to have a wallet 5.
  • the photograph is then digitised and one copy of the digitised photograph forms the data set stored in the central computer 6 and an other copy of the digitised photograph forms the data set stored in the electronic wallet before it is issued to a user.
  • the user may already have an electronic wallet 5 or obtain an electronic wallet independently from the bank or credit card authority.
  • the account details and data set may be sent to a user loaded onto a smart card, magnetic strip card or any other suitable data card.
  • the smart card, magnetic strip card or other suitable data card can be inserted into the port 15 to transfer the account details and data set to the electronic wallet 15. Transfer of the data from the card to the wallet 5 may require a PIN, which would typically, be sent to a user separately from the card.
  • the central computer 6 is coupled, typically by land lines 7, to a number of ATMs 2 (only one shown).
  • the central computer 6 is also coupled, typically by land lines 7, to a network of retailers' transaction equipment 1 (only one shown) via a card issuer's computer server 8 and a transaction server 9 that obtains authentication for the transaction for the transaction equipment 1.
  • a card issuer's computer server 8 and a transaction server 9 that obtains authentication for the transaction for the transaction equipment 1.
  • the transaction server and card issuer's server may be the same server.
  • the user When a user wishes to perform a transaction, such as withdrawing cash from the ATM 2 or buying goods at a retailer, the user first accesses the mobile phone 4 or wallet 5. Typically, the access would be controlled by a PIN known only to the user. After selecting the relevant account (if there is more than one account stored in the phone 4 or wallet 5) the user may then download a portion of the data from the data set on his mobile phone 4 or electronic wallet 5 to a transaction card 3. Therefore, the transaction card 3 only stores the selected portion of the data set. Typically, the selected portion of the data set is selected pseudo-randomly by the electronic wallet 5 or mobile phone 4 in response to a request entered by the user.
  • the transaction card 3 can be used to perform a transaction by being inserted and read by the ATM 2 or the retailer's transaction equipment 1.
  • the selected portion of the data set on the transaction card 3 is transmitted by the ATM 2 or the transaction equipment I via the land line 7 to the central computer 6.
  • a portion of the data set may be manually transferred 10 to the retailer's transaction equipment 1 or the ATM 2.
  • the central computer 6 compares the selected portion of the data set with the corresponding data set for that user on the central computer 6 and if the selected portion of the data set from the user matches a portion of the data set stored on the computer 6 the computer 6 authenticates the transaction and sends an appropriate message back to the ATM 2 or the retailer's transaction equipment 1 to enable the transaction to proceed.
  • the portion of the data set stored on the computer that matched with the data set sent from the transaction card 3, is tagged by the computer to show that it has been used to authenticate a transaction.
  • the central computer 6 will detect that the portion of the user's data set transmitted to it has already been used to perform a transaction, by virtue of the tagging of the corresponding portion of the data set on the central computer 6, and the central computer 6 will reject the second transaction request.
  • the transaction card 3 If the user wishes to perform a further transaction, it is necessary for the transaction card 3 to be wiped or another transaction card 3 to be used to receive a second selected portion of the user's data set from the mobile phone 4 or the wallet 5. Alternatively, the second data set may be transmitted manually. This second selected data set can then be used to perform a second transaction, provided that it has not already been used to authenticate a previous transaction.
  • the electronic wallet 5 may be used to wipe the data on the transaction card 3.
  • the user may select the number of transactions permitted using the transaction card 3 over a predetermined time period, such as one day. This may be achieved by inserting the transaction card 3 into the port 15 and activating the wallet 5 to wipe the previously stored transaction data on the card 3.
  • a PIN may then be entered by the user using the alphanumeric keypad 11 on the electronic wallet 5, to initiate the transfer of new data to the card 3 through the wallet 5.
  • a request for the user to enter the number of desired transactions to be permitted either before the card needs to be reactivated and/or over the selected time period may be displayed on the LCD screen 12.
  • a code for the time period may then be requested by the wallet 5 through a message displayed on the LCD screen 12.
  • the user may then enter a selected code for use over the predetermined time period using the keypad 11.
  • the code may be, for example, a number of letters, numerals or a mixture of both and may be used in the predetermined time period when authentication of/for the card is required, for example in transactions.
  • the wallet 5 is then ready for use as described above.
  • the invention minimises the risk of data being skimmed from a transaction card and being used to perform transactions not authorised by the user, as the information sent to the central computer 6 to authenticate a transaction is only used once.
  • the invention also helps to protect retailers and card issuers from liability arising from unauthorised use.

Landscapes

  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Système d'authentification comprenant un certain nombre de dispositifs d'authentification d'utilisateur, un processeur central et un certain nombre de lecteurs de dispositif d'authentification d'utilisateur couplés au processeur. Chaque dispositif comporte une première série de données enregistrées et le processeur comporte une seconde série de données enregistrées. Chaque première série enregistrée sur un dispositif d'authentification correspond à une seconde série de données enregistrée sur l'ordinateur central, et lorsqu'un dispositif d'authentification est lu par un lecteur de dispositif d'authentification, une partie de la première série est choisie et comparée à une seconde série. L'ordinateur authentifie le dispositif d'authentification si la partie de la première série concorde avec une partie de la seconde série correspondant au dispositif d'authentification d'utilisateur lu. On décrit également, un procédé d'authentification.
PCT/GB2006/002476 2005-07-05 2006-07-04 Procede et systeme pour authentification Ceased WO2007003939A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0513767.4 2005-07-05
GBGB0513767.4A GB0513767D0 (en) 2005-07-05 2005-07-05 A method of and a system for authentication

Publications (2)

Publication Number Publication Date
WO2007003939A2 true WO2007003939A2 (fr) 2007-01-11
WO2007003939A3 WO2007003939A3 (fr) 2007-05-31

Family

ID=34856698

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2006/002476 Ceased WO2007003939A2 (fr) 2005-07-05 2006-07-04 Procede et systeme pour authentification

Country Status (2)

Country Link
GB (1) GB0513767D0 (fr)
WO (1) WO2007003939A2 (fr)

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE68918724T2 (de) * 1988-02-17 1995-05-24 Nippon Denso Co Fingerabdruck-Prüfungsverfahren mit Verwendung mehrerer Korrelierungsentscheidungspegel und aufeinanderfolgenden Entscheidungsstufen.
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
US7089214B2 (en) * 1998-04-27 2006-08-08 Esignx Corporation Method for utilizing a portable electronic authorization device to approve transactions between a user and an electronic transaction system
US6131811A (en) * 1998-05-29 2000-10-17 E-Micro Corporation Wallet consolidator
US6321981B1 (en) * 1998-12-22 2001-11-27 Eastman Kodak Company Method and apparatus for transaction card security utilizing embedded image data
EP1020811A2 (fr) * 1999-01-15 2000-07-19 Citicorp Development Center, Inc. Systèmes et méthodes à comparaison rapide pour l'identification de personnes
WO2001071671A2 (fr) * 2000-03-21 2001-09-27 Widcomm, Inc. Systeme et procede d'identification sure d'utilisateur au moyen d'un emetteur-recepteur active par bluetooth et d'un capteur biometrique implantes dans un ordinateur de poche
US20020060243A1 (en) * 2000-11-13 2002-05-23 Janiak Martin J. Biometric authentication device for use in mobile telecommunications
US6816058B2 (en) * 2001-04-26 2004-11-09 Mcgregor Christopher M Bio-metric smart card, bio-metric smart card reader and method of use

Also Published As

Publication number Publication date
GB0513767D0 (en) 2005-08-10
WO2007003939A3 (fr) 2007-05-31

Similar Documents

Publication Publication Date Title
US6817521B1 (en) Credit card application automation system
US20070131759A1 (en) Smartcard and magnetic stripe emulator with biometric authentication
CN1892711B (zh) 生物认证方法和生物认证系统
US8678294B2 (en) Federated ID secure virtual terminal emulation smartcard
US6726100B2 (en) Method for spreading parameters in offline chip-card terminals as well as corresponding chip-card terminals and user chip-cards
US20080126260A1 (en) Point Of Sale Transaction Device With Magnetic Stripe Emulator And Biometric Authentication
US20090050689A1 (en) Electronic wallet device and method of using electronic value
EP2287783A1 (fr) Carte de crédit électronique
AU2007354267A1 (en) Point0f sale transaction device with magnetic stripe emulator and biometric authentication
CA2490208C (fr) Systeme et procede servant a verifier automatiquement le detenteur d'un document d'autorisation
JP5480817B2 (ja) 携帯電子装置のメモリゾーンへのアクセス等の通信を許可する方法、対応する電子装置及びシステム
JPH0514298B2 (fr)
CN100578558C (zh) 交易处理系统
AU2013260541B2 (en) Method and system for authentication and payment by using portable terminal
US20060174134A1 (en) Secure steganographic biometric identification
CN101501736B (zh) 文件阅读器、数据对象阅读方法
JP2001344544A (ja) 携帯端末およびそれを用いた電子決済システム
US6829597B1 (en) Method, apparatus and computer program product for processing cashless payments
WO2012151486A2 (fr) Système et procédé d'utilisation de dispositifs mobiles pour personnaliser et émettre des documents d'identification personnalisés
US20120271764A1 (en) Financial trade method and trade system using mobile device for the same
EP3399490B1 (fr) Terminal d'utilisateur et procédé exécuté par un système de règlement de paiement, dispositif de règlement et procédé exécuté par ce dernier et programme
WO2007003939A2 (fr) Procede et systeme pour authentification
CN1321389C (zh) 支付交易的系统及方法
JP2003296691A (ja) 記録媒体、本人確認方法、金融取引方法及び装置
JP6845888B2 (ja) 電子財布媒体の認証方法

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06764898

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 06764898

Country of ref document: EP

Kind code of ref document: A2