[go: up one dir, main page]

WO2012004640A1 - Authentification de transaction - Google Patents

Authentification de transaction Download PDF

Info

Publication number
WO2012004640A1
WO2012004640A1 PCT/IB2011/000517 IB2011000517W WO2012004640A1 WO 2012004640 A1 WO2012004640 A1 WO 2012004640A1 IB 2011000517 W IB2011000517 W IB 2011000517W WO 2012004640 A1 WO2012004640 A1 WO 2012004640A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
ussd
authentication
secure transaction
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2011/000517
Other languages
English (en)
Inventor
Christiaan Johannes Petrus Brand
Albertus Stefanus Van Tonder
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ENTERSECT TECHNOLOGIES Pty Ltd
Original Assignee
ENTERSECT TECHNOLOGIES Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from ZA2011/00242A external-priority patent/ZA201100242B/en
Application filed by ENTERSECT TECHNOLOGIES Pty Ltd filed Critical ENTERSECT TECHNOLOGIES Pty Ltd
Publication of WO2012004640A1 publication Critical patent/WO2012004640A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/20Services signaling; Auxiliary data signalling, i.e. transmitting data via a non-traffic channel

Definitions

  • the present invention relates to a method of authenticating secure transactions.
  • the invention relates to a method of authenticating transactions conducted by users in possession of a registered mobile cellular telephone or other GSM enabled device.
  • Passwords or pass keys are widely used to control authorised access to electronic media such as computer programs or Internet websites, for example Internet banking websites.
  • electronic media such as computer programs or Internet websites, for example Internet banking websites.
  • the user must enter a login identifier (username) and a secret password. These are then checked against entries in a secure database by the program/website and access is only allowed if the login identifier and password correctly correlate with a database entry.
  • the use of such a login identifier and password to control authorised access is known as one-factor authentication.
  • Password protected resources on computer networks like the Internet range from the simplest services, for example, managing your e-mail list subscriptions, to services requiring high-grade encryption and protection such as trading portfolios and banking services.
  • the protection of these sensitive resources with only a username and password has become insufficient and, in fact, more and more uncommon.
  • the major disadvantage of a simple password is that knowledge of that single vital piece of information can give anyone, anywhere, at any time, unauthorized access to the sensitive data it is meant to protect.
  • One-factor authentication therefore provides relatively weak protection as it relies on the user keeping his or her login identification and password secret.
  • SMS Short Messages Service
  • OTP one-time-pin
  • the software application is configured to communicate with an authentication service provider over a secure communications channel and to uniquely identify the user attempting to conduct a secure transaction if requested to do so, typically by means of a digital fingerprint which is generated by the software application and then registered with the authentication service provider.
  • the software application is typically JAVA based and needs to be installed on the user's mobile phone before being operational. Apart from the obvious trouble of having to install the software application on user mobile phones, which will typically have to be motivated by the secure transaction host, the software applications are generally only executable on so-called "smart phones" or other, more advanced phones, which offer more, advanced computing capabilities and connectivity than their more basic counterparts. A substantial number of mobile phones that are not capable of executing complex software applications are still actively being used all around the world. Authentication systems that require the execution of complex mobile phone applications are therefore not available to users of these phones.
  • a pass key is randomly generated by a mobile digital device each time the user wishes to perform a secure transaction.
  • the pass key is generally a meaningless hash number generated according to some predefined algorithm or private key that is stored on the device and which the secure environment is able to recognise as having originated from an authorized device.
  • This solution involves an initial hardware cost for the issuing institution (in most cases banks) and the user is forced to carry an extra piece of hardware with him or her.
  • this technology still requires the user to enter a, sometimes lengthy and complicated, pass key before being allowed to conduct the secure transaction.
  • Two-factor authentication generally refers to a system wherein two different elements, or factors, are used to authenticate the identity of a person or information.
  • the two factors normally include something the person to be authenticated has in his possession (for example the pass key generating hardware device or mobile phone in the examples above), and something he or she knows (for example a username and password).
  • Using two factors as opposed to one delivers a higher level of authentication integrity.
  • Any type of authentication in which more than one factor is used is generally referred to as strong authentication.
  • secure transaction should be widely construed and may include any instance where user authentication is required before conducting a secure operation or before access is granted to a secure environment.
  • a "host of a secure transaction” or “client” should be widely construed to include any institution that offers secure services or transactions and that may require the authentication of its users in order to provide the services.
  • the acronym USSD should be understood to mean Unstructured Supplementary Service Data, which is a messaging capability associated with all GSM phones.
  • a method for authenticating a secure transaction to be conducted between a secure transaction host and a transacting user the method to be carried out at an authentication server and comprising the steps of:
  • the authentication request including at least a purported identity indicator of the transacting user and details of the secure transaction;
  • a transaction confirmation request to a mobile communications device of the transacting user by means of a USSD message if the user identifier and purported identity indicator correspond, the transaction confirmation request including details of the secure transaction and requesting the user to confirm or deny its intended performance of the secure transaction;
  • a further feature of the invention provides for the mobile communications device to be a mobile telephone.
  • the USSD session initiation message to include the USSD string; for the authentication request to include the USSD string; for the method to include the step of the authentication server marking a received authentication request as a waiting request until it receives a USSD session initiation message containing a USSD string corresponding to that included in the authentication request and of which the user identifier corresponds to the purported identity indicator; for all USSD messages between the transacting user and authentication server to go through the network provider; and for the user identifier and purported identity indicator to be mobile phone numbers.
  • the invention further provides a system for authenticating a secure transaction conducted between a transacting user and a secure transaction host, the system comprising:
  • an authentication service provider including at least one authentication server
  • the authentication server is configured to: receive an authentication request from the secure transaction host, the request including at least a purported identity indicator of the transacting user and details of the secure transaction;
  • a transaction confirmation request to a mobile communications device of the transacting user by means of a USSD message if the user identifier and purported identity indicator correspond, the transaction confirmation request including details of the secure transaction and requesting the user to confirm or deny its intended performance of the secure transaction;
  • the mobile communications device to be a mobile phone; for the USSD session initiation message to include the USSD string; for the authentication request to include the USSD string; for the authentication server to be further configured to mark a received authentication request as a waiting request until it receives a USSD session initiation message containing a USSD string corresponding to that included in the authentication request and of which the user identifier corresponds to the purported identity indicator; for all USSD messages between the transacting user and authentication server to go through the network provider; and for the user identifier and purported identity indicator to be mobile phone numbers.
  • the invention also provides a system for authenticating a secure transaction comprising:
  • a secure transaction host operable to conduct a secure transaction with a transacting user
  • an authentication service provider including at least one authentication server operable to authenticate the transaction between the secure transaction host and the transacting user;
  • a network provider operable to receive a USSD session initiation from a mobile communications device of the transacting user, the USSD session initiation including at least a USSD string and an IMSI number associated with the SIM card used in the mobile communications device, to look up the identity of the transacting user by correlating the IMSI number to a database of subscribers, and to extract a user identifier from the database;
  • the secure transaction host is further operable to provide the transacting user with the USSD string and to transmit an authentication request to the authentication server, the authentication request including at least a purported identity indicator of the transacting user and details of the secure transaction;
  • the authentication server in turn being operable to:
  • the mobile communications device in response to a denial result, transmit a negative authentication result to the secure transaction host.
  • the mobile communications device to be a mobile phone; for the authentication request to include the USSD string; and for the user identifier and purported identity indicator to be mobile phone numbers.
  • the invention still further provides a method of authenticating a secure transaction conducted between a secure transaction host and a transacting user, the method to be carried out at an authentication server and comprising the steps of: receiving an authentication request from the secure transaction host, the authentication request including at least a purported identity indicator of the transacting user; initiating a USSD session with a mobile communications device associated with the purported identity indicator via a network provider, the association between the purported identity indicator and transacting user being verified by the network provider; transmitting a transaction confirmation request to the mobile communications device by means of a USSD message over the USSD session, the transaction confirmation request including details of the secure transaction and requesting the user to confirm or deny its intended performance of the secure transaction; receiving a confirmation or denial result from the mobile communications device of the transacting user by means of a USSD message; in response to a confirmation result, transmitting a positive authentication result to the secure transaction host; and in response to a denial result, transmitting a negative authentication result to the secure transaction host.
  • the mobile communications device to be a mobile telephone and the network provider is a mobile phone network provider; for the authentication request to include details of the secure transaction; and for the transaction confirmation request to further include a message requesting the user to provide a personal identification number by means of a USSD message over the USSD session.
  • the invention further provides a system for authenticating a secure transaction conducted between a transacting user and a secure transaction host, the system comprising: an authentication service provider including at least one authentication server; and a network provider, the system being characterised in that the authentication server is configured to: receive an authentication request from the secure transaction host, the request including at least a purported identity indicator of the transacting user and details of the secure transaction; initiate a USSD session with a mobile communications device associated with the purported identity indicator of the transacting user via the network provider, the association between the purported identity indicator and mobile communications device being verified by the network provider; transmit a transaction confirmation request to the mobile communications device of the transacting user by means of a USSD message, the transaction confirmation request including details of the secure transaction and requesting the user to confirm or deny its intended performance of the secure transaction; receive a confirmation or denial result from the mobile communications device of the transacting user by means of a USSD message; and in response to a confirmation result, transmit a positive authentication result to the secure transaction host; and in response
  • the mobile communications device to be a mobile phone; and for the authentication server to be further configured to request a personal identification number from the transacting user and receive the personal identification number by means of a USSD message from the mobile communications device.
  • Figure 1 is a schematic illustration of an authentication system in accordance with the invention
  • Figure 2 is a schematic illustration of a second embodiment of an authentication system in accordance with the invention.
  • the system (1) includes a secure transaction host (3) at which is situated a web server (5) and an authentication server (7) maintained by an authentication service provider.
  • the authentication server (7) is capable of communicating with a mobile phone network provider (9) via a GSM network (11).
  • a user (13) When a user (13) attempts to conduct a secure online transaction with the secure transaction host (3) from, for example, a personal computer (15), the user (13) logs into a website operated by the transaction host (3) and typically enters a predefined username and password (17) which gains him or her access to a user account with the transaction host (3).
  • the web server (5) receives the username and password and, if they are valid, identifies a user account which corresponds thereto.
  • the web server (5) retrieves a purported user identity indicator, in this case a mobile phone number, of the user associated with the identified account. It should be appreciated that at this stage of the process the identity of the user has not been verified and the identity therefore simply represents who the transacting user purports to be.
  • the web server (5) If the web server (5) identifies the username and password as relating to a valid account, it displays an Unstructured Supplementary Service Data (USSD) string on the user's computer (15) as well as a message requesting the user to enter the USSD string on his or her mobile phone (19).
  • the web server (5) also sends an authentication request (21) to the authentication server (7) which includes the purported identity indicator of the transacting user (13) as well as, optionally, the USSD string that was displayed to the user (13).
  • the authentication server (7) logs the authentication request and marks it as a waiting request.
  • the authentication server (7) then waits for the user to initiate a USSD session from its mobile phone.
  • the user On request by the web server (5), the user enters the USSD string on its mobile phone (19) and initiates a USSD session, typically by pressing the dial button. A USSD message containing the USSD string is then sent to the network provider (9).
  • IMSI International Mobile Subscriber Identity
  • MSISDN a number uniquely identifying a subscription in a GSM or UMTS mobile network, typically the telephone number to the SIM card of a mobile/cellular phone
  • HLR Home Location Register
  • the network provider (9) Upon receipt of the USSD message by the network provider (9), the network provider (9) retrieves a user identifier associated with the mobile phone (19) from where it originates, and transmits a USSD session initiation message to the authentication server (7), along with the user identifier of the user (13) from where it originates.
  • the user identifier in the embodiment described is a mobile phone number. It is also possible that communication between the network provider and the authentication server may be conducted through and intermediary such as, for example, a Wireless Application Services Provider (WASP).
  • WASP Wireless Application Services Provider
  • one or more USSD strings may be exclusively allocated to an authentication server (7) of a particular transaction host (3). In this way the network provider (9) will always know to which transaction host the USSD session initiation relates.
  • the authentication server (7) Upon receipt of the USSD initiation message, the authentication server (7) checks its logs to determine if a request is waiting which has a purported identity indicator corresponding to the user identifier. If a waiting request is identified for the identified user, the authentication server (7) transmits a USSD message to the user (13), via the network provider (9) which contains the details of the transaction the user is attempting to conduct, and further request the user (13) to either confirm (accept) or deny (reject) the transaction by sending a USSD message to the authentication server containing its choice.
  • the authentication server (7) Upon receipt of the user's (13) choice, the authentication server (7) transmits a positive authentication result to the web server (5) of the transaction host (3) in response to a confirmation result from the user (13), and a negative authentication result in the case of a denial by the user (13).
  • the transaction host (3) accordingly knows whether or not to allow the requested secure transaction.
  • the identification of the transacting user is done at two independent levels, firstly by the web server upon receipt of the user's username and password, and secondly by the network provider upon receipt of the USSD session initiation from the user using the IMSI number associated with the SIM card of the mobile phone.
  • the authentication is therefore a good example of strong authentication. Only if the identity of the user determined at both stages corresponds, will it be possible to continue with the transaction at all. In addition, the user then still has the opportunity to accept or reject the transaction from his or her mobile phone.
  • USSD is generally associated with real-time or instant messaging type phone services.
  • USSD messages do not generally get stored by the network providers before they are forwarded to their intended recipients, as is normally the case with standard SMS or MMS messages.
  • SMSC Short Message Service Centre
  • This can greatly accelerate response times and also adds an additional level of security as it is not possible to intercept USSD messages from a storage location. All these features make USSD particularly suited for use in an authentication system as proposed by the invention.
  • the USSD session is initiated from the user's side. In other words, the user has to take the first step by sending the USSD initiation from its mobile phone.
  • the authentication server can only communicate with the transacting user via USSD if the user has initiated the USSD session. All communication is then conducted over the open USSD session until such time as it is terminated.
  • International USSD standards provide for a USSD session to be initiated from the network's side. This is generally referred to as a push operation.
  • a push operation implies that, instead of the user having to take the first step by entering the USSD string on its mobile phone and accordingly initiated the USSD session, the authentication server may simply request the network provider to initiate the USSD session with the identified user or even be allowed by the network operator to initiate it directly. This allows the transaction details and acceptance/denial request to be sent to the user's mobile phone without the user first having to initiate the session. This would simplify the system even further, as well as alleviate the possibility of errors occurring while the user transcribes the USSD string onto his or her mobile phone.
  • FIG. 2 A second embodiment of a system (1) for authenticating a secure transaction utilising a network initiated USSD session is shown in Figure 2.
  • the secure transaction host (23) is a telephone call centre at, for example, a banking institution which allows for telephone banking.
  • the call centre has at least one call centre operator (25) and an authentication server (27) maintained by an authentication service provider.
  • the authentication server (27) is capable of communicating with a mobile phone network provider (29) via a GSM network (31).
  • the call centre operator (25) simply asks the user to identify him or herself.
  • the user may identify him or herself by, for example, verbally communicating a username and password (37) to the operator (25).
  • the operator then enters the username and password at a computer terminal (26) which is connected to a user database (not shown) containing account details of all the users with accounts at the transaction host. If the user's proposed identity corresponds to one of the accounts on the database, the terminal retrieves a purported user identity indicator, again a mobile phone number, of the user associated with the identified account. It should be appreciated that at this stage of the process the identity of the user has not been verified and the identity therefore simply represents who the transacting user purports to be.
  • the terminal If the terminal identifies the purported user identity as relating to a valid account in the database it sends an authentication request (41) to the authentication server (27) which includes the purported identity indicator of the transacting user (33).
  • the authentication server (27) then initiates a USSD session (30) with the mobile phone (39) of the user (33) via the network provider (29). It should be appreciated that this may, in practice, be done by the authentication server (27) requesting the network provider (29) to initiate the session while providing to it, amongst others, the purported identity indicator, which in this case corresponds to the user's mobile phone number.
  • the network provider (29) may provide the authentication server (27) with the capabilities of initiating the session directly, without having to request it first.
  • communication between the network provider and the authentication server may be conducted through and intermediary such as, for example, a Wireless Application Services Provider (WASP).
  • WASP Wireless Application Services Provider
  • the network provider (29) will then be able to look up the mobile phone number in the HLR and identify therefrom the IMSI number associated with the SIM card of the purported user's mobile phone.
  • the network provider (29) will therefore initiate the USSD session (30) with the mobile phone recorded in its database as belonging to the purported user.
  • the user's (33) mobile phone (39) displays a message (34) containing details of the transaction the user is attempting to conduct, and requests the user (33) to either confirm (accept) or deny (reject) the transaction by sending a USSD message (36) back to the authentication server (27) via the network provider (29) containing its choice.
  • the message (34) may also request the user (33) to enter a personal identification number (PIN) on the phone and transmit it back to the authentication server over the USSD session.
  • PIN personal identification number
  • the authentication server (27) Upon receipt of the user's (33) choice, possibly in combination with a PIN, the authentication server (27) transmits a positive authentication result (42) to the computer terminal (26) of the relevant operator (25) at the transaction host (23) in response to a confirmation result from the user (33) and a correct PIN, and a negative authentication result in the case of a denial of the transaction by the user (33) and/or an incorrect PIN.
  • the transaction host (23) accordingly knows whether or not to allow the requested secure transaction.
  • the transaction details in this example could simply include requesting the user whether he or she is attempting to conduct a telephone banking transaction. It should also be appreciated that numerous USSD authentication requests may be conducted during the course of a single telephone transaction, requesting the user to confirm or deny its next intended action.
  • the authentication may be conducted while the user is communicating with the call centre operator over the same mobile phone on which the authentication is being conducted, as most mobile phones are generally capable of handling USSD and voice communications simultaneously.
  • the user only if the user confirms its intended execution of the secure transaction via the USSD session to the network operator, will the user be allowed to verbally transact with the transaction host. To do so, the user and its mobile phone generally have to be in the same physical location. If an imposter is trying to fraudulently transact with the call centre and is not in possession of the user's mobile phone, the real user still has the opportunity of rejecting the transaction from his or her mobile phone.
  • Network initiated USSD offers substantial advantages over user initiated USSD in that the user does not have to take additional steps in order for the system to be implemented. The system could therefore be rolled out to any number of users on an existing platform without any further user interaction.
  • the authentication system is not limited in its application to secure online (Internet) transactions. It could also be utilized in other secure transactions such as, for example, access to a secure client domain, online financial transactions, offline financial transactions, online purchases, offline purchases, access to databases, access to information, physical access to buildings or other premises, access to computer networks, subscriber websites, network portals, ATM transactions and the like.
  • the server at the transaction host does not have to be a web-server, but could be any server capable of communicating with the authentication server.
  • the system may also be used as a pre-authorisation mode in which case the user may initiation a USSD session with the authentication server by entering a known USSD string on his or her mobile phone.
  • the authentication server may then, by means of a series of menu options, allow the user to pre- authorise a secure transaction at any number of pre-authorized transaction hosts.
  • the pre-authorised transaction will then be stored at the authentication server and if the user later attempts to conduct the transaction the authorisation will already be in place and can simply be retrieved by the transaction host and the transaction authorised without delay. This could, for example, be used if a user wishes to withdraw money from an ATM but does not wish to present his or her mobile phone while waiting at the ATM.
  • the user identifier and purported identity indicator may be any one of a number of things including, but not limited to, personal information, personal identification numbers, specially assigned identifiers and the like.
  • the invention is still capable of functioning despite the user losing his or her mobile phone. If a user's mobile phone is lost or broken it is generally easy to put the SIM card of the old phone into a new one, in which case the system will continue functioning as usual. In the case of a lost or stolen phone the user simply has to deactivate his or her old SIM card and apply for a new one, after receipt of which his or her personal records will have been updated accordingly with a new IMSI number associated with the new SIM card. The user's mobile phone number will, however, generally remain unchanged.
  • secure transaction hosts may obtain fixed, unique USSD strings which can be associated with all transactions conducted through them. In this case it would not be necessary for the transaction host to repeatedly display the USSD string to the transacting user and the user may simply store the USSD string associated with the transaction host in his or her mobile phone phonebook and initiate USSD sessions with the appropriate transaction host as and when required, without having to transcribe a USSD string in order to do so.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention porte sur un procédé et un système (1) d'authentification d'une transaction sécurisée entre un hôte de transaction sécurisée (3) et un utilisateur (13) effectuant une transaction. Le procédé comprend la réception d'une demande d'authentification provenant de l'hôte de transaction sécurisée (3) au niveau d'un serveur d'authentification (7) et l'établissement d'une session USSD avec le téléphone mobile (19) de l'utilisateur (13) effectuant une transaction, par l'intermédiaire d'un fournisseur de réseau (9) lors de la réception de la demande. Des détails de la transaction sont ensuite passés au téléphone mobile (19) de l'utilisateur au moyen de message USSD et il est demandé à l'utilisateur (13) de confirmer ou de démentir, également au moyen de l'USSD, ses performances destinées de la transaction sécurisée. Seulement si l'utilisateur confirme, la transaction est la transaction authentifiée par le fournisseur de service d'authentification (7). Il peut être également demandé à l'utilisateur d'entrer un numéro d'identification personnelle et de le transmettre au fournisseur de service d'authentification par l'intermédiaire d'un USSD.
PCT/IB2011/000517 2010-07-08 2011-03-11 Authentification de transaction Ceased WO2012004640A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
ZA201004832 2010-07-08
ZA2010/04832 2010-07-08
ZA2011/00242A ZA201100242B (en) 2010-07-08 2011-01-10 Transaction authentication
ZA2011/00242 2011-01-10

Publications (1)

Publication Number Publication Date
WO2012004640A1 true WO2012004640A1 (fr) 2012-01-12

Family

ID=45440809

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2011/000517 Ceased WO2012004640A1 (fr) 2010-07-08 2011-03-11 Authentification de transaction

Country Status (1)

Country Link
WO (1) WO2012004640A1 (fr)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL2010733C2 (nl) * 2013-04-29 2014-10-30 Baseline Automatisering B V Werkwijzen voor authenticatie, server, inrichting en datadrager.
GB2518877A (en) * 2013-10-04 2015-04-08 Technology Business Man Ltd Secure ID authentication
WO2015049540A1 (fr) * 2013-10-04 2015-04-09 Technology Business Management Limited Authentification sécurisée d'identifiant
US20150206126A1 (en) * 2012-08-16 2015-07-23 Rockhard Business Concepts And Consulting Cc Authentication method and system
EP2897321A4 (fr) * 2012-09-12 2015-11-18 Zte Corp Procédé et dispositif d'authentification d'identité d'utilisateur permettant d'empêcher un harcèlement malveillant
US9832649B1 (en) 2011-10-12 2017-11-28 Technology Business Management, Limted Secure ID authentication
GB2582326A (en) * 2019-03-19 2020-09-23 Securenvoy Ltd A method of mutual authentication
US11282062B2 (en) 2017-08-30 2022-03-22 Walmart Apollo, Llc System and method providing checkout authentication using text messaging
US11563727B2 (en) 2020-09-14 2023-01-24 International Business Machines Corporation Multi-factor authentication for non-internet applications

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030046236A1 (en) * 2001-08-16 2003-03-06 Andreas Berg Method and arrangement for paying electronically for a goods item or service, in particular an application in a data network
US20070107050A1 (en) * 2005-11-07 2007-05-10 Jexp, Inc. Simple two-factor authentication
CN201063172Y (zh) * 2006-09-21 2008-05-21 邓斌涛 电子支付系统
WO2009090428A1 (fr) * 2008-01-15 2009-07-23 Vodafone Group Plc Système et procédé d'approbation par mobile

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030046236A1 (en) * 2001-08-16 2003-03-06 Andreas Berg Method and arrangement for paying electronically for a goods item or service, in particular an application in a data network
US20070107050A1 (en) * 2005-11-07 2007-05-10 Jexp, Inc. Simple two-factor authentication
CN201063172Y (zh) * 2006-09-21 2008-05-21 邓斌涛 电子支付系统
WO2009090428A1 (fr) * 2008-01-15 2009-07-23 Vodafone Group Plc Système et procédé d'approbation par mobile

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9832649B1 (en) 2011-10-12 2017-11-28 Technology Business Management, Limted Secure ID authentication
US20150206126A1 (en) * 2012-08-16 2015-07-23 Rockhard Business Concepts And Consulting Cc Authentication method and system
US9729532B2 (en) 2012-09-12 2017-08-08 Zte Corporation User identity authenticating method and device for preventing malicious harassment
EP2897321A4 (fr) * 2012-09-12 2015-11-18 Zte Corp Procédé et dispositif d'authentification d'identité d'utilisateur permettant d'empêcher un harcèlement malveillant
US11159522B2 (en) 2013-04-29 2021-10-26 Baseline Automatisering B.V. Method for authentication, server, device and data carrier
WO2014196852A1 (fr) * 2013-04-29 2014-12-11 Baseline Automatisering B.V. Procédé d'authentification, serveur, dispositif et support de données
NL2010733C2 (nl) * 2013-04-29 2014-10-30 Baseline Automatisering B V Werkwijzen voor authenticatie, server, inrichting en datadrager.
WO2015049540A1 (fr) * 2013-10-04 2015-04-09 Technology Business Management Limited Authentification sécurisée d'identifiant
GB2518877A (en) * 2013-10-04 2015-04-08 Technology Business Man Ltd Secure ID authentication
US11282062B2 (en) 2017-08-30 2022-03-22 Walmart Apollo, Llc System and method providing checkout authentication using text messaging
GB2582326A (en) * 2019-03-19 2020-09-23 Securenvoy Ltd A method of mutual authentication
GB2582326B (en) * 2019-03-19 2023-05-31 Securenvoy Ltd A method of mutual authentication
US11563727B2 (en) 2020-09-14 2023-01-24 International Business Machines Corporation Multi-factor authentication for non-internet applications

Similar Documents

Publication Publication Date Title
US11832099B2 (en) System and method of notifying mobile devices to complete transactions
US8862097B2 (en) Secure transaction authentication
EP2082558B1 (fr) Système et procédé d'authentification d'accès au serveur à distance
US8151326B2 (en) Using audio in N-factor authentication
US8917826B2 (en) Detecting man-in-the-middle attacks in electronic transactions using prompts
CN101495956B (zh) 扩展一次性密码方法和装置
AU2012310295B2 (en) Method of controlling access to an internet-based application
US11658962B2 (en) Systems and methods of push-based verification of a transaction
WO2012004640A1 (fr) Authentification de transaction
WO2011133988A2 (fr) Système de vérification d'identité utilisant des ussd lancées par le réseau
US20210234850A1 (en) System and method for accessing encrypted data remotely
Hari et al. Enhancing security of one time passwords in online banking systems
ZA201100242B (en) Transaction authentication
KR102705620B1 (ko) 사용자 2차 인증 방법
EP3944581A1 (fr) Système et procédé d'authentification
JP2025054624A (ja) ユーザ認証システム及びユーザ認証方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11803202

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11803202

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 11803202

Country of ref document: EP

Kind code of ref document: A1