[go: up one dir, main page]

GB2261538A - Transaction authentication system - Google Patents

Transaction authentication system Download PDF

Info

Publication number
GB2261538A
GB2261538A GB9124124A GB9124124A GB2261538A GB 2261538 A GB2261538 A GB 2261538A GB 9124124 A GB9124124 A GB 9124124A GB 9124124 A GB9124124 A GB 9124124A GB 2261538 A GB2261538 A GB 2261538A
Authority
GB
United Kingdom
Prior art keywords
transaction
card
pin data
data component
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9124124A
Other versions
GB9124124D0 (en
GB2261538B (en
Inventor
James Carden
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Governor and Co of Bank of Scotland
Governor and Co of Bank of England
Original Assignee
Governor and Co of Bank of Scotland
Governor and Co of Bank of England
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Governor and Co of Bank of Scotland, Governor and Co of Bank of England filed Critical Governor and Co of Bank of Scotland
Priority to GB9124124A priority Critical patent/GB2261538B/en
Publication of GB9124124D0 publication Critical patent/GB9124124D0/en
Publication of GB2261538A publication Critical patent/GB2261538A/en
Application granted granted Critical
Publication of GB2261538B publication Critical patent/GB2261538B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A transaction authentication system comprises a microchip card and a terminal. The card has a memory for storing PIN data and transaction sequence data. A processor increments the transaction sequence data each time the card is used in a transaction, and combines and encrypts the incremented transaction sequence data and a given PIN data component to provide a unique transaction signature. The given PIN data component and the encryption key used in the generation of the transaction signature comprise a secret component personal to the user but concealed from the user and known only to the authoriser. The transaction signature and the incremented transaction sequence data are displayed/printed/transmitted. A transaction may be authenticated by means of the authoriser decoding the transaction signature using the incremented transaction sequence data and an appropriate decryption key so as to extract PIN data component material, then comparing it with that belonging to the card holder.

Description

TRANSACTION AUTHENTICATION SYSTEM The present invention relates to security systems for transaction cards, and in particular to a system for authenticating individual transactions.
Transaction cards are very widely used as an alternative to cash and invariably contain various features to counteract fraudulent use thereof. The card issuers and transaction authorisors however continue to suffer substantial losses due to by counterfeiting of security features whether they be cardholder signatures, holographic devices or magnetic stripes on transaction documentation or invalid cards as appropriate. The PIN (Personal Identification Number) number is acknowledged as a useful way of reducing such losses but its usage is generally limited to Automated Teller Machines (ATMs) designed to hold securely, sensitive data such as encryption keys. PINs are not widely used at Point of Sale terminals because of the complexity of managing them adequately in such a potentially insecure environment.Various increasingly sophisticated and complex, not to mention expensive, features continue to be added to transaction cards to minimise the possibility of tampering therewith but there remains a major technical problem in finding an effective way to authenticate individual transactions, that is, to identify and distinguish valid transactions from unauthorised ones.
The present invention provides a transaction authentication system comprising a microchip card, a terminal means having card interface means for transferring data between said card and said terminal means, said microchip card having memory means for storing PIN data, at least one of said card and said terminal means having a user input interface for user entry of a PIN data component known to the user, at least one of said card and terminal means having processor means formed and arranged for comparing the stored user-known input PIN data component with the user entered PIN data component and producing an output validation signal in response to entry of a valid user PIN data component, at least one of said card and said terminal means including validation signal output means directly or indirectly drivable by said validation output signal so as to provide user-sensible confirmation of valid PIN data component entry, characterised by said microchip card having memory means for storing transaction sequence data and said processor means being further formed and arranged for incrementing the transaction sequence data in a predictable manner each time the card is used in a transaction, and for combining the incremented transaction sequence data and a given PIN data component, at least one of said card and said terminal means including memory means holding an encryption key for encryption of the combined transaction sequence data and given PIN data component in a predictable manner so as to provide a unique transaction signature, at least one of said given PIN data component and the encryption key used in the generation of the transaction signature comprising a secret component personal to the user but concealed from the user and known only to the authorisor, at least one of said card and terminal means having transaction signal output means formed and arranged for providing an output signal containing the encoded transaction signature and the incremented transaction sequence data, whereby in use of the system a transaction may be authenticated by means of the authorisor decoding the encoded transaction signature using the incremented transaction sequence data and an appropriate decryption key so as to extract PIN data component material contained therein, and comparing the extracted PIN data component material with that belonging to the card holder.
Thus with a transaction authentication system of the present invention the microchip card is effectively modified in a predictable but secure manner each time it is used so that for each transaction it will function as a "new" card and generate not only an incremented transaction sequence data but also a substantially unique encoded transaction signature which can subsequently be decoded by the authorisor with the aid of an appropriate decryption key.The corresponding incremented transaction sequence data, and appropriate PIN data component material, are distinguished from transaction signatures generated by "unauthorised" cards, that is, forged cards having an incorrect personal secret PIN data component or encryption key, or stolen or misused cards in which the incremented transaction sequence data does not relate in an acceptable manner to the transaction sequence data of any properly used card held by the user. Thus the present invention provides a particularly high degree of security to the Authorisor, without requiring any change in operation by the user, and necessitating only, in the case of off-line transactions, recordal of the incremented transaction sequence data and encoded transaction signature which can in any event be automated if desired.Moreover, by means of incorporating magnetic stripe emulation in the card (e.g. in a form such as that previously known from and described in EP-A-0 203 683) it is possible to use substantially conventional magnetic reader transaction terminals. It will be appreciated though that other suitable forms of card interface means may also be employed in accordance with the present invention including suitable direct electrical contact means as will be further explained hereinbelow.
In one embodiment of the present invention the given PIN data component used in generating the transaction signature is simply the PIN data component known to the user and used by him/her in the normal way. In this case the secret personal encryption key will of course have to be stored on the card. In another, preferred, embodiment though there is used a secret personal PIN data component, stored on the card in addition to the user-known PIN data component, in the generation of the transaction signature. In this latter case, there may be used a "public" encryption key common to all users and possibly also common to different authorisors, and this may be stored either on the card or in the transaction card terminal means.If desired though a secret personal PIN data component system could be used in combination with a secret personal encryption key system to provide even greater security (both the secret personal PIN data component and encryption key being stored on the card).
Any suitable type of encryption key may be used including, for example, an RSA encryption key. Moreover there may be used an encryption of the type which can be used for both encoding and decoding or a more complex type which required the use of a separate decryption key for decoding of the transaction signature.
Further preferred features and advantages of the invention will appear from the following detailed description given by way of example of a preferred embodiment illustrated with reference to the accompanying drawings, in which: Fig. 1 is a generally schematic representation of a transaction authentication system of the invention in use in on-line mode; Fig. 2 is a more detailed view of the transaction card of the system of Fig. 1; and Fig. 3 is a detailed block diagram of the input/output device of the terminal means of the system of Fig. 1.
Fig. 1 shows a transaction authentication system 1 comprising a microchip card 2 and a terminal means 3 connected (e.g. via a telephone line) 4 to a remote main-frame computer 5. In more detail the terminal means 3 comprises a generally conventional transaction card reader and communications unit 6 for reading data stored in the magnetic stripes of conventional transaction cards and communicating with a remote main-frame 5, said unit 6 having an external signal input connection 6a to a transaction card input/output device 7 for reading from and writing to the transaction card 2 of the present invention.
The I/O device 7 has a card receiving slot 8 provided with complementary electrical contact means 9a (see Fig.
3) for coupling with direct electrical contact means 9b on the card 2. Desirably the electrical contact means 9a, 9b are formed and arranged in accordance with a suitable ISO standard for microchip card readers. In addition the I/O device 7 has a visual display means conveniently in the form of an LCD device 10 and a keyboard 11 for allowing user entry of PIN data etc. As shown in Fig. 3, the keyboard 11 and display device 10 are connected to an I/O device processor 13 which is also connected to a "hard copy" printer device 14, and to the communications unit 6.
The card 2 as shown in Fig. 2 has a processor 15 connected to the card contact means 9b and also to memory storage means comprising a first memory (conveniently E2PROM type) 16 for storing both user-known and secret personal PIN data components, second memory means conveniently (in the form of ROM type memory) 17 for storing encryption and other programs used in the operation of the card (see below), and third memory means (conveniently of RAM type) 18 for holding transaction sequence data.
The processor means 13,15 and programs used are formed and arranged so that in use when a card 2 is inserted in the card receiving slot 8 of the I/O device 7 and the card user enters his/her (user-known) PIN data component via the keyboard 11, the I/O device processor 13 transmits this to the card processor 15 which compares it with the value stored in the first card memory 16 and then sends back to the I/O device processor 15, a suitable signal which generates a "VALID" or "INVALID" output signal on the I/O device display 10.
The merchandisor or other operator of the terminal means 13 can then enter details of the transaction in the terminal means 3 in generally known manner and activates the I/O device processor 13 to send a signal to the card processor 15 to increment the transaction sequence data in the third memory means 18. The incrementation could be simply linear but more desirably would be controlled by a more or less complex algorithm in order to frustrate to a greater or lesser extent fraudulent generation of transaction sequence data.
The card processor 15 then combines the newly incremented transaction sequence data with the secret PIN data component (which may also conveniently be referred to as a secondary card reference value or SCRV) held in the first memory means 16 and encodes it by means of the encryption key (which may be of any suitable kind e.g. an RSA type key) held in the second memory means 17 so as to generate a transaction signature in a suitable format such as a 512 bit string of cyphertext. Again the combination of the transaction sequence data with the SCRV may be in a simple arithmetical manner or, more desirably, in accordance with a more or less complex algorithm in order to increase the overall security of the process.
The card processor 15 then sends the incremented transaction sequence data and the encoded transaction signature to the I/O device processor 13 which then displays these on the I/O device display 10 for transcription by the terminal means operator and subsequent return to the card authorisor as and when required to authenticate the transaction concerned. In view of the length and complexity of the transaction signature, in practice only part, e.g the first 8 characters. i.e. the hexadecimal representation of the first 32 bits of the cyphertext would normally be used in this type of operational mode.Alternatively or additionally the incremented transaction sequence number and the encoded transaction signature are output to the printer 14 for recording with other conventional transaction data on the till receipt 19 or other transaction documentation, with conveniently one copy going to the card holder and one being retained by the operator for return to the card authorisor again as and when required for authentication purposes. In this case normally the full 64 character form of the transaction signature would be recorded in the above example of transaction signature format.Advantageously though the terminal means is operated on on-line mode so that the incremented transaction sequence data and encoded transaction signature are transmitted immediately to the card authorisor's main computer 5 for comparison of the transaction sequence data with earlier authentic transaction sequence data to judge whether the newly incremented transaction sequence data is within the range of reasonably expected values for an authentic incremented transaction sequence data for that particular card (allowing of course for the fact that certain off-line transactions may not yet have been logged on the main computer 5).Also the encoded transaction signature 13 decoded using the associated transaction sequence data and an appropriate decryption key in order to extract an SCRV which can then be compared with the value held on the main computer 5 for the card holder whose identity will also have been entered at the terminal means 3 by the operator and transmitted to the authorisor's main computer 5 in conventional manner. The main computer 5 will then send back to the terminal means 3 a suitable signal for display of a message on the display means 7 acknowledging or rejecting the authenticity of the transaction.
Various modifications may be made to the above system without departing from the scope of the present invention. Thus other conventional security features such as holograms may be employed on the surface of the card. Also the microchip should desirably be embedded in the card in such a way as to substantially prevent the possibility of replacement of the card without serious damage to the card. Furthermore there could be used an encryption key which would allow subsequent decryption of the encoded transaction signature at different levels, e.g. decryption of the full signature with a simplified public or general decryption key and decryption of part (only) of the signature using a full secret decryption key which may moreover be personal to the individual card holder.

Claims (11)

1. A transaction authentication system comprising a microchip card, a terminal means having card interface means for transferring data between said card and said terminal means, said microchip card having memory means for storing PIN data, at least one of said card and said terminal means having a user input interface for user entry of a PIN data component known to the user, at least one of said card and terminal means having processor means formed and arranged for comparing the stored user-known input PIN data component with the user entered PIN data component and producing an output validation signal in response to entry of a valid user PIN data component, at least one of said card and said terminal means including validation signal output means directly or indirectly drivable by said validation output signal so as to provide user-sensible confirmation of valid PIN data component entry, characterised by said microchip card having memory means for storing transaction sequence data and said processor means being further formed and arranged for incrementing the transaction sequence data in a predictable manner each time the card is used in a transaction, and for combining the incremented transaction sequence data and a given PIN data component, at least one of said card and said terminal means including memory means holding an encryption key for encryption of the combined transaction sequence data and given PIN data component in a predictable manner so as to provide a unique transaction signature, at least one of said given PIN data component and the encryption key used in the generation of the transaction signature comprising a secret component personal to the user but concealed from the user and known only to the authorisor, at least one of said card and terminal means having transaction signal output means formed and arranged for providing an output signal containing the encoded transaction signature and the incremented transaction sequence data, whereby in use of the system a transaction may be authenticated by means of the authorisor decoding the encoded transaction signature using the incremented transaction sequence data and an appropriate decryption key so as to extract PIN data component material contained therein, and comparing the extracted PIN data component material with that belonging to the card holder.
2. A system according to claim 1 wherein said terminal card interface means is in the form of direct electrical contact means.
3. A system according to claim 1 or claim 2 wherein said PIN data component is the PIN data component known to the user.
4. A system according to claim 1 or claim 2 wherein said PIN data component is a secret personal PIN data component, stored on the card in addition to the user-known PIN data component.
5. As system according to any one of claims 1 to 4 wherein said encryption key is common to all users and is stored on the card.
6. A system according to any one of claims 1 to 4 wherein said encryption key is stored in the terminal means.
7. A system according to any one of claims 1 to 6 wherein said encryption key is an RSA type encryption key.
8. A system according to any one of claims 1 to 6 wherein said encryption key is of the encoding and decoding type.
9. A system according to any one of claims 1 to 6 wherein said encryption key is of the type requiring a separate decryption key for decoding of the transaction signature.
10. A system as claimed in claim 1 wherein said card has incorporated therein magnetic stripe emulation usable in a substantially conventional magnetic reader transaction terminal.
11. A transaction authentication system substantially as described hereinbefore with particular reference to Figs. 1 to 3 of the accompanying drawings.
GB9124124A 1991-11-13 1991-11-13 Transaction authentication system Expired - Fee Related GB2261538B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB9124124A GB2261538B (en) 1991-11-13 1991-11-13 Transaction authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB9124124A GB2261538B (en) 1991-11-13 1991-11-13 Transaction authentication system

Publications (3)

Publication Number Publication Date
GB9124124D0 GB9124124D0 (en) 1992-01-02
GB2261538A true GB2261538A (en) 1993-05-19
GB2261538B GB2261538B (en) 1995-05-24

Family

ID=10704576

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9124124A Expired - Fee Related GB2261538B (en) 1991-11-13 1991-11-13 Transaction authentication system

Country Status (1)

Country Link
GB (1) GB2261538B (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1995010823A1 (en) * 1993-10-15 1995-04-20 British Telecommunications Public Limited Company Personal identification systems
GB2283349A (en) * 1993-10-29 1995-05-03 Ibm Transaction processing system
WO1996010811A1 (en) * 1994-09-30 1996-04-11 Siemens Aktiengesellschaft Process for generating electronic signatures and use of a pseudo-random generator therefor
WO1997042610A1 (en) * 1996-05-07 1997-11-13 France Telecom Method for performing a double-signature secure electronic transaction
FR2770071A1 (en) * 1997-10-16 1999-04-23 France Telecom Identification of persons for control of access to locations or information
GB2331822A (en) * 1997-12-01 1999-06-02 Global Money Transfer Holdings Money transfers
RU2147790C1 (en) * 1994-09-07 2000-04-20 Интел Корпорейшн Method for transferring software license to hardware unit
DE19856362A1 (en) * 1998-12-07 2000-06-08 Orga Kartensysteme Gmbh Data exchange system
FR2811452A1 (en) * 2000-07-07 2002-01-11 Thomson Multimedia Sa MICROPAYMENT TRANSACTION MANAGEMENT SYSTEM AND METHOD, CLIENT, MERCHANT AND FINANCIAL INTERMEDIATE DEVICES
EP0836160A3 (en) * 1996-10-08 2002-09-25 International Business Machines Corporation Method and means for limiting adverse use of counterfeit credit cards, access badges, electronic accounts or the like
FR2835078A1 (en) * 2002-10-16 2003-07-25 Thierry Baillietaieb Credit card security system for secure credit card payments, uses an encryption unit which calculates a secure code from the invariant elements of the credit card and variable elements keyed in
FR2840479A1 (en) * 2002-05-31 2003-12-05 Schlumberger Systems & Service METHOD FOR SECURING AN ONLINE TRANSACTION
EP1383090A1 (en) * 2002-07-19 2004-01-21 Groupement Des Cartes Bancaires "Cb" IC-card recording method and ic-card for implementing that method
EP1333407A3 (en) * 2002-01-31 2005-09-07 Giesecke & Devrient GmbH Electronic payment method
US20050268345A1 (en) * 2004-05-29 2005-12-01 Harrison Robert B Method and apparatus for providing temporary access to a network device
EP1132839A4 (en) * 1999-09-16 2006-03-15 Matsushita Electric Industrial Co Ltd ELETRONIC WALLET
US7079654B1 (en) * 1999-07-20 2006-07-18 France Telecom Method for carrying out an electronic transaction using several signatures
WO2007020510A1 (en) * 2005-08-16 2007-02-22 The Standard Bank Of South Africa Limited A system for authorising the use of a financial transaction card
GB2434014A (en) * 2006-01-10 2007-07-11 Clive Leader Transaction verification using signed data combination
US7353385B2 (en) * 2000-04-28 2008-04-01 Sony Corporation Authentication system, authentication method, authentication apparatus, and authentication method therefor
NO337079B1 (en) * 1997-05-15 2016-01-18 Comex Electronics Ab Electronic transaction

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1458646A (en) * 1974-07-08 1976-12-15
WO1986003040A1 (en) * 1984-11-15 1986-05-22 Intellicard International, Inc. A unitary, self-contained card verification and validation system and method
US5023908A (en) * 1984-11-30 1991-06-11 Kenneth Weiss Method and apparatus for personal identification

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1458646A (en) * 1974-07-08 1976-12-15
WO1986003040A1 (en) * 1984-11-15 1986-05-22 Intellicard International, Inc. A unitary, self-contained card verification and validation system and method
US5023908A (en) * 1984-11-30 1991-06-11 Kenneth Weiss Method and apparatus for personal identification

Cited By (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1995010823A1 (en) * 1993-10-15 1995-04-20 British Telecommunications Public Limited Company Personal identification systems
GB2283349A (en) * 1993-10-29 1995-05-03 Ibm Transaction processing system
RU2147790C1 (en) * 1994-09-07 2000-04-20 Интел Корпорейшн Method for transferring software license to hardware unit
WO1996010811A1 (en) * 1994-09-30 1996-04-11 Siemens Aktiengesellschaft Process for generating electronic signatures and use of a pseudo-random generator therefor
WO1997042610A1 (en) * 1996-05-07 1997-11-13 France Telecom Method for performing a double-signature secure electronic transaction
FR2748591A1 (en) * 1996-05-07 1997-11-14 France Telecom METHOD FOR PERFORMING A SECURE ELECTRONIC TRANSACTION WITH DOUBLE SIGNATURE
EP0836160A3 (en) * 1996-10-08 2002-09-25 International Business Machines Corporation Method and means for limiting adverse use of counterfeit credit cards, access badges, electronic accounts or the like
NO337079B1 (en) * 1997-05-15 2016-01-18 Comex Electronics Ab Electronic transaction
FR2770071A1 (en) * 1997-10-16 1999-04-23 France Telecom Identification of persons for control of access to locations or information
GB2331822A (en) * 1997-12-01 1999-06-02 Global Money Transfer Holdings Money transfers
GB2331822B (en) * 1997-12-01 2002-04-17 Global Money Transfer Holdings Method and apparatus for money transfers
DE19856362C2 (en) * 1998-12-07 2002-06-27 Orga Kartensysteme Gmbh Data exchange system
DE19856362A1 (en) * 1998-12-07 2000-06-08 Orga Kartensysteme Gmbh Data exchange system
US7079654B1 (en) * 1999-07-20 2006-07-18 France Telecom Method for carrying out an electronic transaction using several signatures
US9396469B1 (en) 1999-09-16 2016-07-19 Panasonic Intellectual Property Management Co., Ltd. Communication terminal and communication method using plural wireless communication schemes
EP1132839A4 (en) * 1999-09-16 2006-03-15 Matsushita Electric Industrial Co Ltd ELETRONIC WALLET
US10325254B2 (en) 1999-09-16 2019-06-18 Sovereign Peak Ventures, Llc Communication terminal and communication method using plural wireless communication schemes
US7353385B2 (en) * 2000-04-28 2008-04-01 Sony Corporation Authentication system, authentication method, authentication apparatus, and authentication method therefor
WO2002005226A1 (en) * 2000-07-07 2002-01-17 Thomson Licensing Sa Micropayment transaction management method, client devices, trader and financial intermediary
FR2811452A1 (en) * 2000-07-07 2002-01-11 Thomson Multimedia Sa MICROPAYMENT TRANSACTION MANAGEMENT SYSTEM AND METHOD, CLIENT, MERCHANT AND FINANCIAL INTERMEDIATE DEVICES
EP1333407A3 (en) * 2002-01-31 2005-09-07 Giesecke & Devrient GmbH Electronic payment method
WO2003102882A1 (en) * 2002-05-31 2003-12-11 Axalto Sa Method for securing an on-line transaction
CN100587735C (en) * 2002-05-31 2010-02-03 阿克萨尔托股份公司 Security Protection Methods for Online Transactions
US8271391B2 (en) 2002-05-31 2012-09-18 Gemalto Sa Method for securing an on-line transaction
FR2840479A1 (en) * 2002-05-31 2003-12-05 Schlumberger Systems & Service METHOD FOR SECURING AN ONLINE TRANSACTION
FR2842631A1 (en) * 2002-07-19 2004-01-23 Grp Des Cartes Bancaires METHOD FOR RECORDING IN A CHIP CARD AND CHIP CARD FOR CARRYING OUT THIS METHOD
EP1383090A1 (en) * 2002-07-19 2004-01-21 Groupement Des Cartes Bancaires "Cb" IC-card recording method and ic-card for implementing that method
FR2835078A1 (en) * 2002-10-16 2003-07-25 Thierry Baillietaieb Credit card security system for secure credit card payments, uses an encryption unit which calculates a secure code from the invariant elements of the credit card and variable elements keyed in
US20050268345A1 (en) * 2004-05-29 2005-12-01 Harrison Robert B Method and apparatus for providing temporary access to a network device
US8166310B2 (en) * 2004-05-29 2012-04-24 Ironport Systems, Inc. Method and apparatus for providing temporary access to a network device
WO2007020510A1 (en) * 2005-08-16 2007-02-22 The Standard Bank Of South Africa Limited A system for authorising the use of a financial transaction card
GB2434014A (en) * 2006-01-10 2007-07-11 Clive Leader Transaction verification using signed data combination

Also Published As

Publication number Publication date
GB9124124D0 (en) 1992-01-02
GB2261538B (en) 1995-05-24

Similar Documents

Publication Publication Date Title
GB2261538A (en) Transaction authentication system
CA2140803C (en) Method of authenticating a terminal in a transaction execution system
US4453074A (en) Protection system for intelligent cards
US5917913A (en) Portable electronic authorization devices and methods therefor
EP0138386B1 (en) Identification card
KR100768754B1 (en) Portable Electronic Billing and Authentication Device and Method Therefor
EP0033833B1 (en) Transaction execution system, method of operating such a system and terminal for use in such a system
US4529870A (en) Cryptographic identification, financial transaction, and credential device
EP1302018B1 (en) Secure transactions with passive storage media
US4357529A (en) Multilevel security apparatus and method
US6983882B2 (en) Personal biometric authentication and authorization device
US6669100B1 (en) Serviceable tamper resistant PIN entry apparatus
US20020198848A1 (en) Transaction verification system and method
US20020016913A1 (en) Modifying message data and generating random number digital signature within computer chip
US20040005051A1 (en) Entity authentication in eletronic communications by providing verification status of device
EP3770839A1 (en) Data protection with translation
JPS6265168A (en) Authentication method in IC card system
JPS6244869A (en) Ic card collating system
US6163612A (en) Coding device, decoding device and IC circuit
US4852165A (en) Secure system and method for providing personal identifier
JPH11282983A (en) Individual identification method by fingerprint data
KR100468154B1 (en) System and method for business of electronic finance bases of smart card
Read EFTPOS: electronic funds transfer at point of sale
AU2008203481B2 (en) Entity authentication in electronic communications by providing verification status of device
KR100187518B1 (en) Mutual authentication device of IC card terminal using dual card

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20031113