[go: up one dir, main page]

WO2017074281A1 - Multi-dimensional authentication system and method for cardless banking transactions and other transactions involving high-level security - Google Patents

Multi-dimensional authentication system and method for cardless banking transactions and other transactions involving high-level security Download PDF

Info

Publication number
WO2017074281A1
WO2017074281A1 PCT/TR2016/050312 TR2016050312W WO2017074281A1 WO 2017074281 A1 WO2017074281 A1 WO 2017074281A1 TR 2016050312 W TR2016050312 W TR 2016050312W WO 2017074281 A1 WO2017074281 A1 WO 2017074281A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
password
user
gsm
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/TR2016/050312
Other languages
French (fr)
Inventor
Hamit BAL
Abdussamet ARSLAN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to EP16784599.9A priority Critical patent/EP3369059A1/en
Publication of WO2017074281A1 publication Critical patent/WO2017074281A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/321Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wearable devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • G06Q20/3255Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/001Interfacing with vending machines using mobile or wearable devices

Definitions

  • the invention relates to a server and GSM backed, cardless banking transactions (ATM and POS) and access to high-level security systems without using a magnetic card or key.
  • ATM and POS cardless banking transactions
  • the invention relates to a method that allows making GSM confirmed banking operations (e.g., cardless POS transactions or ATM procedures) with GSM-SIM card integrated mobile devices or wearables without using a card; and it is also a system and method for entering areas with high-level security using a server and GSM backed authentication rather than using a key or a magnetic ID card.
  • GSM confirmed banking operations e.g., cardless POS transactions or ATM procedures
  • GSM-SIM card integrated mobile devices or wearables without using a card
  • Prior Art Magnetic Stripe Card In magnetic strip technology, digital data is encrypted on a magnetic strip. Data is inscribed from end-to-end by changing polarity of particles of magnetic material similar to placing a set of magnets. Reading equipment detects inversions on the magnetic field where all these miniature magnets have inverse polarity (e.g., S-N and N-S) and this is perceived as reverse current. Decoder reads reverse currents and translates these to letters and numbers for computer operations.
  • inverse polarity e.g., S-N and N-S
  • HiCo increases security by minimizing accidental data deletion or damages.
  • Most common magnetic strips are on credit and debit cards used in ATMs and POS terminals. Magnetic strips are also used for entering buildings, hotel rooms and other facilities with security.
  • Barcode Cards Barcode is the common name for encoding data with symbols generated with bars and spaces; these symbols are sent to electronic environment using optical readers. A barcode is simply a series of black bars and white spaces used for encoding a series of characters. Easy and cost efficient generation of these symbols and low error rate compared to other Technologies enables common use of barcode technology. Barcode cards are commonly used in Customer Loyalty systems with barcode readers. It is also cost efficient compared to other Technologies. Usually used in access control systems and personnel control systems. Barcode cards can be personalized using photos and logos. Barcode cards are more economical than other card systems. No physical contact with card reader is required; therefore, no frictions or deformation. Enables faster and hassle-free personnel entry. Commonly used in Customer Loyalty programs. It's not possible to use without taking out of pockets, wallets or bags.
  • a contact card has an embedded processor. Uses various encryption techniques and has copy protection. Personalized software can be developed with these cards and customer information can be stored. Chip technology minimizes security risks such as copying or fraud which are more common in magnetic cards.
  • Proximity cards are contactless cards used in secure pass and payment systems and has 125khz frequency. They are compatible with ISO standards and same size with credit cards. Both sides are thermal print compatible. They are also known as Proxy Cards and can be used within a range of 0-5 cm. they can be used without taking out of a wallet. Low cost of these cards make them suitable for big companies with large number of personnel. Copying is all but impossible.
  • Mifare System uses smart cards with an embedded microchip and a software. They are practical and embedded micro-processor is water and weather proof. Information stored on Mifare Cards cannot be copied. Data stored cannot be lost or harmed. Magnets or magnetic fields cannot affect these cards. Does not create or emit magnetic waves due to its Passive Card feature.
  • a 13.56Mhz Mifare Card embodies a chip and an antenna. Data on chip can be read or stored through radio frequency without a card loader. Proximity depends on the type of reader and ranges between 2-5 cm. Contactless smartcards provides speed and convenience. Mifare Cards are used commonly in Student IDs, e-passports, parking systems and automated payment systems. Preliminary research by patent research bureau for present invention and technique revealed following conclusions:
  • CN1804906 A (Abstract of CN1804906 Method of application of two- dimensional code and mobile telephone in credit card-based payment system)
  • Chinese patent document a credit card based mobile payment system using a two- dimensional code is mentioned.
  • mobile phone scans and stores 2D code and involves a screen to display the code.
  • Description of the document reveals that, user can request more than 1 credit card and related 2D codes therefore these requests are confirmed via passwords, voice, text, network or other methods necessary.
  • the present invention relates to a method that, other than techniques described above, meets requirements, eliminates all disadvantages, provides additional advantages and enables a more secure authentication, allows making GSM
  • confirmed banking operations e.g., cardless POS transactions or ATM procedures
  • GSM-SIM card integrated mobile devices or wearables e.g., glasses, watch
  • it is also a system and method for entering areas with high- level security using a server and GSM backed authentication rather than using a key or a magnetic ID card.
  • the object of the invention is to provide a system and method that enables banks to provide shopping and POS transaction opportunities to their customers without the need to use a magnetic card and provide more security in ATM transactions.
  • Another object of the invention relates to a server based authentication and transaction system and method used with GSM SIM Card integrated mobile Technologies.
  • Object of the invention relates to a system and method, providing a range of options in customer acquisition, account opening and account check for banks and individuals without the need to use a magnetic card (e.g., Mastercard, Visa).
  • a magnetic card e.g., Mastercard, Visa
  • Object of the invention relates to a server and GSM backed system and method for increasing security level not only in banking transactions but also in high-level security building entrances and opening doors.
  • Most important object of this invention relates a system and a method to increase security of system login process by creating temporary sessions and adding a single use password to encrypt data in each login request (server-user-process request- reader) and if this data is acquired by third parties, it will be a useless encrypted data (after temporary session is terminated, data on screen and encrypted data read by reader has no value).
  • Object of the invention relates to a system and method that enables mobile device as a login tool; user's personal data is not stored on SIM Card or in user's mobile device.
  • invention involves a server and GSM backed system that enables cardless banking transactions (ATM and POS) without the need to use any magnetic card, and an authenticator for logging in to other high- level security systems.
  • Figure 1 shows a server and GSM backed multi-dimensional authorization system for access to high-level security systems.
  • FIG 2 shows processes executed in temporary session server (Detailing Temporary session server (100) in Figure 1 ).
  • 100 refers to authentication and transaction confirmation center (servers). There are two interconnected structures in authentication and transaction confirmation center (101 , 102)
  • Main server 101 refers to main server within Authentication and transaction confirmation center.
  • Main server stores user ID authentication data and transaction data.
  • 102 refers to temporary/short term session and encryption servers, that are located within authentication and transaction confirmation center and where temporary sessions are created, stored and deleted when expired.
  • user data Figure 2; 102-a
  • One or more than one transaction number and temporary password can be generated (This number depends on the number of accounts and cards user has in bank). Therefore, encrypted data displayed on user's device changes in each session and deleted when the session is terminated.
  • 200 refers to GSM operator. Plays an active role in user authentication process. It is used to verify device, SIM card and the application. Therefore, users who want to use the system should have a registered SIM Card and a number on that GSM operator. Applet installed to mobile device is matched with Sim Card ID.
  • 300 refers to user interface. This interface can be a mobile device with GSM operator's SIM card or other mobile devices with screens (phone, tablet or wearable technologies such as a smart watch).
  • 301 refers to GSM operator's SIM Card registered to user. This SIM
  • SIM Card works integrated with the mobile device (300)
  • SIM Card number refers to user ID. This ID can be used to communicate with the server.
  • Authentication ve transaction confirmation center applet (application) installed to user interface.
  • This application and mobile device does not store any personal information or data (password, account, etc.).
  • This application is an interface that enables user to connect to the server (100) (101 ) (102).
  • Application works integrated with SIM and is identified by SIM Card and main server. If SIM is inserted to another device, application must be installed to that device and security checks of main server should be confirmed by user-account owner.
  • This unit 400 refers to reader which sends requested transaction to main servers (100) (101 ) (102).
  • This unit refers to barcode, 2D code (encrypted data) readers installed to POS devices used in payments and ATMs, or units that read and send encrypted data ( Figure 2; 102-c) displayed on the user's device to main server during authentication process. It's a device that reads data on user's device and sends that data (depending on the transaction/process requested) to main server.
  • This request can be a payment request on POS devices or login request on ATM. It can also send request for opening a door.
  • ID SIM No, Application ID
  • GSM registered operator
  • GSM operator (200) sends a random password to user's SIM Card via SMS for device authentication.
  • Half-open application on user's device sends password, received from GSM operator, to main server (101 ) for device authentication.
  • Application opens after first password is sent as in Step 1 , confirmed by GSM and Steps 3 and 4 are performed, i.e., in 5 steps.
  • Main server (101 ) sends request to other server (102) to perform transaction/process and opens a temporary session.
  • Temporary session duration ranges between 30 seconds to 240 seconds and can be adjusted based on task's importance.
  • basic user data required for performing the transaction (Figure2; 102-a) (e.g., card number or IBAN) is encrypted by combining with a random password composed of a series of numeric numbers ( Figure 2; 102-b) ( Figure 2; 102-c).
  • Encrypted data can be a 2D Code as well as another code depending on the type of reader (400).
  • Encrypted data displayed on user interface is read by reader (400).
  • Reader (400) reads (deciphers) data on user's device, adds transaction request data and sends to mains servers (100).
  • This request data refers to payment on POS, login request on ATM, or request for opening a door on secure doors).
  • Transaction request from reader (400) is sent to user interface for user confirmation (300) (302). 10.
  • User is asked to enter password to confirm request.
  • Transaction confirmation password is sent to main server (101 ).
  • main server checks for any temporary sessions created for transaction/process.
  • Transaction is performed on main servers and both user (300) and reader (400) is informed; temporary session (102) created for this request is terminated.
  • 102-a refers to necessary data imported from main server for transaction/process in temporary session, after first password sent to main server is verified and device authentication is completed.
  • This data can be IBAN, card number or any other data for banking transactions as well as personal data required for other processes (Subscription number, TCKN or other numeric data).
  • 102-b refers to random password defined by server after temporary session is created.
  • 102-c refers to re-encrypted data sent to user's device (300) (302) to be read by reader (400) during active session. This refers to re- encrypted data which is a combination of identification data on 102-a and random password defined on 102-b.
  • session is expired, data generated for user is deleted from servers and session is terminated.
  • Figure 3 Reference Numbers; log in to application (302) with password on mobile device (300) for connecting to system 502 Verification of password entered by user and sent to main server,
  • main server (101 ) If password sent to main server (101 ) is correct, send password to SIM via GSM network (200) for device and SIM verification.
  • 505 Send password (which was sent to SIM) to main server via application for device and SIM verification. Check if password delivered via GSM network is sent to main server by the application. 506 Close the application, if password sent to SIM number via GSM network is not sent back.
  • Encrypted data (300) is displayed on user's device to be read by reader.
  • Encrypted data (barcode, 2D code) on mobile device (300) is read by reader.
  • the invention relates to a method that, other than techniques described above, meets requirements, eliminates all disadvantages, provides additional advantages and enables a more secure authentication, allows making GSM confirmed banking operations (e.g., cardless POS transactions or ATM procedures) with GSM-SIM card integrated mobile devices or wearables (e.g., glasses, watch) without using a card; and it is also a system and method for entering areas with high-level security using a server and GSM backed authentication rather than using a key or a magnetic ID card.
  • Figure 1 Object of this invention involves a system and method that enables banks to provide shopping and POS transaction opportunities to their customers without the need to use a magnetic card and provide more security in ATM transactions.
  • Invention involves a system and method based on authentication and transaction confirmation servers (100) (101 ) (102) and GSM backed (400) security for reader requests (400) sent via a SIM Card integrated mobile device (300).
  • Invention is composed of a security (100) (200) authentication and transaction center performing two intermediary systems' (a SIM Card integrated mobile device (300) and requestor reader (400)) requests. No data is stored on login device or reader and they both serve as intermediaries for transactions. All transactions and authentications take place on servers (100) (101 ) (102) and on GSM network, therefore it's completely secure. As follows;
  • system login application (302) is installed to mobile device (300). This is the initial installation and application does not store ant data (e.g., personal data, passwords, etc.)
  • Mobile device needs a SIM (301 ) for GSM network connection for the system to be operable. Passwords used in this system can be obtained from authentication and confirmation center via individual application.
  • application works only on identified device and SIM combination. Application is associated with only 1 SIM and Works on a single device. Application works integrated with SIM Card ID (number) and if SIM is inserted to another device application must be re-installed and authentication process must be completed. Application will be active after being installed to device and registeration to authentication transaction confirmation center. Instructions shown in Figure 1 are as follows:
  • Application on (302) device sends password request to (101 ) Authentication server. Password confirmation performed on (101 ) server. If password and user match, device authentication is performed.
  • a confirmation password is sent to user's GSM (200) number that is registered on system for device authentication.
  • Authentication password is sent ti SIM Card via GSM (200) network. After authentication message is delivered to the application (301 ) on mobile device (300), main server is informed that device and application ID are correct.
  • This encrypted data ( Figure 2; 102-c) created on temporary session servers (102) is displayed on user's device through the application (302). If more than 1 encrypted data is available in a session, they are listed horizontally or vertically.
  • Preferred encrypted data ( Figure 2; 102-c) is read by reader (400) (POS, ATM).
  • Reader (400) sends transaction request to main servers (101 ) after reading encrypted data ( Figure 2; 102-c) on user's device (payment on POS devices or display main menu on ATM) (400). Reader must be registered to main servers and have transaction request authorization. If reader is not registered, no request will be sent to main server (101 ).
  • Request from registered reader is displayed on user's device with a confirmation via open application ( .... TL / $ paymetn will be made from account no to company. Enter password for confirmation or enter your PIN fro banking transactions - on ATM) and request second password. 10. User (300) enters password for confirmation and password is sent to main server (100).
  • Main server verifies password and if password is correct checks for an available temporary session specific to this request. If a temporary session is available proceeds to final step.
  • authentication and transaction confirmation center (100) performs the transaction/process requested, (payment, ATM login). Transaction confirmation is displayed both on user's device (300) and reader's screen (400). Data is deleted after temporary session (102) on confirmation transaction center (1 00) is terminated.
  • This invention may replace current magnetic cards (Mastercard, Visa) as well as enable users to perform banking transactions (account opening) without using these cards, (e.g., performing banking transactions with IBAN).
  • Invention may be used in aforementioned banking transactions as well as for entering areas with high-level security (hotels, hotel rooms, buildings, houses, offices). Invention involves a method for opening building doors by sending request to main servers which sends confirmation to door lock after authentication process.
  • GSM - Authentication is GSM based therefore GSM network also allows device verification.
  • Mobile wallets are using mobile phones and store card information or passwords. In this method, no data is stored on user's device. Security and personal data (account information, passwords, numbers, subscription details, etc.) is located solely in main servers.
  • Invention can be used in all systems that require entry or transactions with magnetic cards. Specifically, cardless payments and banking transactions are gaining importance with ever increasing internet connection speeds. Therefore, invention enables fast and secure POS payments and ATM transactions.
  • no data is stored on mobile device and even first login password is verified by authentication center server.
  • no data is stored on mobile device and even first login password is verified by authentication center server.
  • it is not a system access method but also has a GSM based device and SIM verification.
  • it has a single use login and authentication system with temporary separate sessions in each login.
  • transaction confirmation is performed by user with a second password.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a method that allows making GSM confirmed banking transactions (e.g., cardless POS transactions or ATM procedures) with GSM-SIM card integrated mobile devices or wearables without using a card; and it is also a system and method for entering places that require specific safety using a server and GSM backed authorization rather than using a key or a magnetic ID card. Invention takes password entry request from user, makes necessary checks in main server (100) and uses GSM network (200) for device verification. It also involves a 5 layer ID verification and transaction confirmation method; after ID (300), device (301 ) and application (302) verification, it logs in to a temporary session for requested transaction in a different server (102); available data (Figure 2; 102-a) that will be used for transaction in this temporary session, will be encrypted with a single-use random password (Figure 2, 102-b) in each session and will be available to be used in user's mobile device to be scanned by reader (400); and finally reader's (400) transaction request will be confirmed by user by entering the password.

Description

MULTI-DIMENSIONAL AUTHENTICATION SYSTEM and METHOD for CARDLESS BANKING TRANSACTIONS and OTHER TRANSACTIONS
INVOLVING HIGH-LEVEL SECURITY Technical Field
The invention relates to a server and GSM backed, cardless banking transactions (ATM and POS) and access to high-level security systems without using a magnetic card or key.
The invention relates to a method that allows making GSM confirmed banking operations (e.g., cardless POS transactions or ATM procedures) with GSM-SIM card integrated mobile devices or wearables without using a card; and it is also a system and method for entering areas with high-level security using a server and GSM backed authentication rather than using a key or a magnetic ID card.
Prior Art Magnetic Stripe Card: In magnetic strip technology, digital data is encrypted on a magnetic strip. Data is inscribed from end-to-end by changing polarity of particles of magnetic material similar to placing a set of magnets. Reading equipment detects inversions on the magnetic field where all these miniature magnets have inverse polarity (e.g., S-N and N-S) and this is perceived as reverse current. Decoder reads reverse currents and translates these to letters and numbers for computer operations.
There are two kinds of magnetic strips; (HiCo) and (LoCo). HiCo increases security by minimizing accidental data deletion or damages. Most common magnetic strips are on credit and debit cards used in ATMs and POS terminals. Magnetic strips are also used for entering buildings, hotel rooms and other facilities with security.
Barcode Cards: Barcode is the common name for encoding data with symbols generated with bars and spaces; these symbols are sent to electronic environment using optical readers. A barcode is simply a series of black bars and white spaces used for encoding a series of characters. Easy and cost efficient generation of these symbols and low error rate compared to other Technologies enables common use of barcode technology. Barcode cards are commonly used in Customer Loyalty systems with barcode readers. It is also cost efficient compared to other Technologies. Mostly used in access control systems and personnel control systems. Barcode cards can be personalized using photos and logos. Barcode cards are more economical than other card systems. No physical contact with card reader is required; therefore, no frictions or deformation. Enables faster and hassle-free personnel entry. Commonly used in Customer Loyalty programs. It's not possible to use without taking out of pockets, wallets or bags.
Contact (Chip) Card : A contact card has an embedded processor. Uses various encryption techniques and has copy protection. Personalized software can be developed with these cards and customer information can be stored. Chip technology minimizes security risks such as copying or fraud which are more common in magnetic cards.
Proximity Card : Proximity cards are contactless cards used in secure pass and payment systems and has 125khz frequency. They are compatible with ISO standards and same size with credit cards. Both sides are thermal print compatible. They are also known as Proxy Cards and can be used within a range of 0-5 cm. they can be used without taking out of a wallet. Low cost of these cards make them suitable for big companies with large number of personnel. Copying is all but impossible.
Contactless Mifare Card : Mifare System uses smart cards with an embedded microchip and a software. They are practical and embedded micro-processor is water and weather proof. Information stored on Mifare Cards cannot be copied. Data stored cannot be lost or harmed. Magnets or magnetic fields cannot affect these cards. Does not create or emit magnetic waves due to its Passive Card feature. A 13.56Mhz Mifare Card embodies a chip and an antenna. Data on chip can be read or stored through radio frequency without a card loader. Proximity depends on the type of reader and ranges between 2-5 cm. Contactless smartcards provides speed and convenience. Mifare Cards are used commonly in Student IDs, e-passports, parking systems and automated payment systems. Preliminary research by patent research bureau for present invention and technique revealed following conclusions:
1- In CN1804906 A (Abstract of CN1804906 Method of application of two- dimensional code and mobile telephone in credit card-based payment system) Chinese patent document, a credit card based mobile payment system using a two- dimensional code is mentioned. In this invention, mobile phone scans and stores 2D code and involves a screen to display the code. Additionally, includes a compatible reader, a credit card "quoting" device and a credit card VAN server. Description of the document reveals that, user can request more than 1 credit card and related 2D codes therefore these requests are confirmed via passwords, voice, text, network or other methods necessary.
User enters credit card number and password; after confirmation process user requests a 2D code and an encrypted code is sent to user. This 2D code is saved to user's mobile phone and payments are made using these codes with compatible readers. (Description of CN1804906 Method of application of two-dimensional code and mobile telephone in credit card-based payment system).
2- In US8924712 B2 U.S.A. patent document, a system for using QR code in ATMs and other devices for cardless transactions is mentioned. (Abstract of US 8924712 B2 Using QR codes for authenticating users to ATMs and other secure machines for cardless transactions). Invention involves scanning the QR Code displayed on ATM screen with a mobile device, decoding transaction data, sending this data to user authentication system and enabling cardless transaction. (Brief Summary of US 8924712 B2).
3- In US20120173311 A1 U.S.A. patent document, a system that enables logging in to ATM using 2D code is mentioned. Invention involves a reader unit that can read the 2D code (barcode) displayed on mobile phone's screen and grants access (Abstract of US20120173311 Automatic teller machine for providing service using two-dimensional barcode and method for operating automatic teller machine). 4- In WO2014055279 A1 international patent document, an authentication system is mentioned (Abstract of WO2014055279 Authentication system). Description of the document reveals that ATM transactions can be made with a smartphone. One version of invention involves sending QR Code from mobile phone to ATM; and other version involves displaying QR code on mobile phone or ATM screen and mobile phone or ATM capable of reading this QR Code (Description of WO2014055279).
5- CN103218884 A Chinese patent document involves using 2D code on mobile phone screen as a bus (transportation) card. 2D code on screen is read by 2D code reader in the bus and defined payment is deducted from user's account. (Abstract of CN103218884 Bus card swiping system by applying cell phone two- dimensional code technology).
6- On http ://www . q rpay. co m/q r- pay, a QR Code backed payment system is mentioned. Payment is made by scanning the barcode displayed on mobile phone screen generated by the application installed. Objects of the Invention
The present invention relates to a method that, other than techniques described above, meets requirements, eliminates all disadvantages, provides additional advantages and enables a more secure authentication, allows making GSM
confirmed banking operations (e.g., cardless POS transactions or ATM procedures) with GSM-SIM card integrated mobile devices or wearables (e.g., glasses, watch) without using a card; and it is also a system and method for entering areas with high- level security using a server and GSM backed authentication rather than using a key or a magnetic ID card.
The object of the invention is to provide a system and method that enables banks to provide shopping and POS transaction opportunities to their customers without the need to use a magnetic card and provide more security in ATM transactions.
Another object of the invention relates to a server based authentication and transaction system and method used with GSM SIM Card integrated mobile Technologies. Object of the invention relates to a system and method, providing a range of options in customer acquisition, account opening and account check for banks and individuals without the need to use a magnetic card (e.g., Mastercard, Visa).
Object of the invention relates to a server and GSM backed system and method for increasing security level not only in banking transactions but also in high-level security building entrances and opening doors.
Most important object of this invention relates a system and a method to increase security of system login process by creating temporary sessions and adding a single use password to encrypt data in each login request (server-user-process request- reader) and if this data is acquired by third parties, it will be a useless encrypted data (after temporary session is terminated, data on screen and encrypted data read by reader has no value).
Object of the invention relates to a system and method that enables mobile device as a login tool; user's personal data is not stored on SIM Card or in user's mobile device.
In order to achieve aforementioned objects; invention involves a server and GSM backed system that enables cardless banking transactions (ATM and POS) without the need to use any magnetic card, and an authenticator for logging in to other high- level security systems. Brief description of Drawings
Invention should be evaluated with figures described below in order to understand its setup and advantages with additional units.
Figure 1 shows a server and GSM backed multi-dimensional authorization system for access to high-level security systems.
Figure 2 shows processes executed in temporary session server (Detailing Temporary session server (100) in Figure 1 ).
Figure 3, Security layers process flow diagram Reference Numbers
Figure 1 Reference Numbers;
100 refers to authentication and transaction confirmation center (servers). There are two interconnected structures in authentication and transaction confirmation center (101 , 102)
101 refers to main server within Authentication and transaction confirmation center. Main server stores user ID authentication data and transaction data.
102 refers to temporary/short term session and encryption servers, that are located within authentication and transaction confirmation center and where temporary sessions are created, stored and deleted when expired. At temporary session step (after initial authentication and device - SIM confirmation) user data (Figure 2; 102-a) required for transaction are imported from main server (101 ) and in each session a random numeric password is added (Figure 2; 102-b) (Debit card number + a random numeric password = new encrypted data) and re- encrypted data is temporarily stored to be displayed on user's device (Figure 2;102-c). One or more than one transaction number and temporary password can be generated (This number depends on the number of accounts and cards user has in bank). Therefore, encrypted data displayed on user's device changes in each session and deleted when the session is terminated.
200 refers to GSM operator. Plays an active role in user authentication process. It is used to verify device, SIM card and the application. Therefore, users who want to use the system should have a registered SIM Card and a number on that GSM operator. Applet installed to mobile device is matched with Sim Card ID. 300 refers to user interface. This interface can be a mobile device with GSM operator's SIM card or other mobile devices with screens (phone, tablet or wearable technologies such as a smart watch). 301 refers to GSM operator's SIM Card registered to user. This SIM
Card works integrated with the mobile device (300) SIM Card number refers to user ID. This ID can be used to communicate with the server.
302 refers to Authentication ve transaction confirmation center applet (application) installed to user interface. This application and mobile device does not store any personal information or data (password, account, etc.). This application is an interface that enables user to connect to the server (100) (101 ) (102). Application works integrated with SIM and is identified by SIM Card and main server. If SIM is inserted to another device, application must be installed to that device and security checks of main server should be confirmed by user-account owner.
400 refers to reader which sends requested transaction to main servers (100) (101 ) (102). This unit refers to barcode, 2D code (encrypted data) readers installed to POS devices used in payments and ATMs, or units that read and send encrypted data (Figure 2; 102-c) displayed on the user's device to main server during authentication process. It's a device that reads data on user's device and sends that data (depending on the transaction/process requested) to main server. This request can be a payment request on POS devices or login request on ATM. It can also send request for opening a door.
Transaction/process step reference numbers for Figure 1
1 . User sends request to main server (100 ve 101 ) by entering a password for logging in to application (302) which is installed to device, with user's SIM inserted, after security and transaction confirmation center's confirmation. Password verification is performed on main server (101 ) - not on the device.
Password sent from user interface with user ID (ID=SIM No, Application ID) is verified on main server (authentication) and then sent to user's registered operator (GSM) for device authentication.
GSM operator (200) sends a random password to user's SIM Card via SMS for device authentication.
Half-open application on user's device sends password, received from GSM operator, to main server (101 ) for device authentication. Application opens after first password is sent as in Step 1 , confirmed by GSM and Steps 3 and 4 are performed, i.e., in 5 steps.
Main server (101 ) sends request to other server (102) to perform transaction/process and opens a temporary session. Temporary session duration ranges between 30 seconds to 240 seconds and can be adjusted based on task's importance. In temporary session, basic user data required for performing the transaction (Figure2; 102-a) (e.g., card number or IBAN) is encrypted by combining with a random password composed of a series of numeric numbers (Figure 2; 102-b) (Figure 2; 102-c). Encrypted data can be a 2D Code as well as another code depending on the type of reader (400).
Data encrypted in temporary session (Figure2; 102-c) in secondary server (102) is sent to user interface (302).
Encrypted data displayed on user interface is read by reader (400).
Reader (400) reads (deciphers) data on user's device, adds transaction request data and sends to mains servers (100). (This request data refers to payment on POS, login request on ATM, or request for opening a door on secure doors).
Transaction request from reader (400) is sent to user interface for user confirmation (300) (302). 10. User is asked to enter password to confirm request. Transaction confirmation password is sent to main server (101 ).
10s. After password confirmation, main server checks for any temporary sessions created for transaction/process.
1 1 . Transaction is performed on main servers and both user (300) and reader (400) is informed; temporary session (102) created for this request is terminated.
Figure 2. Reference Numbers;
102-a. refers to necessary data imported from main server for transaction/process in temporary session, after first password sent to main server is verified and device authentication is completed. This data can be IBAN, card number or any other data for banking transactions as well as personal data required for other processes (Subscription number, TCKN or other numeric data).
102-b. refers to random password defined by server after temporary session is created.
102-c. refers to re-encrypted data sent to user's device (300) (302) to be read by reader (400) during active session. This refers to re- encrypted data which is a combination of identification data on 102-a and random password defined on 102-b. When session is expired, data generated for user is deleted from servers and session is terminated.
Figure 3. Reference Numbers; log in to application (302) with password on mobile device (300) for connecting to system 502 Verification of password entered by user and sent to main server,
503 Inform user and close application if password is wrong. Block access to system if password in second attempt is wrong.
504 If password sent to main server (101 ) is correct, send password to SIM via GSM network (200) for device and SIM verification.
505 Send password (which was sent to SIM) to main server via application for device and SIM verification. Check if password delivered via GSM network is sent to main server by the application. 506 Close the application, if password sent to SIM number via GSM network is not sent back.
507 After user password, device, SIM and application are verified, transfer requested data on server (101 ) to other server for temporary session and encrypt with a numeric password (encryption can be 128 bit, 256 bit as well as barcode or 2D code).
508 Encrypted data (300) is displayed on user's device to be read by reader.
509 Encrypted data (barcode, 2D code) on mobile device (300) is read by reader.
510 Reader (400), reads single use data (Figure 2; 102-c) displayed on mobile device (300) and transaction request is sent to main servers (100)(101 ).
51 1 Transaction request sent by reader is displayed on user's/account owner's device for password verification; user enters password,
512 Password entered by user is checked by system. 513 If password is wrong, transaction/process is cancelled and temporary session is terminated.
514 If password is correct, check for an active session or any temporary sessions created for transaction/process (Figure 1 . 10s)
515 Terminate transaction/process if no temporary session is created or active session expired.
516 If password is correct and a temporary session is active, transaction/process is performed; user and reader are informed.
Detailed description of the invention
The invention relates to a method that, other than techniques described above, meets requirements, eliminates all disadvantages, provides additional advantages and enables a more secure authentication, allows making GSM confirmed banking operations (e.g., cardless POS transactions or ATM procedures) with GSM-SIM card integrated mobile devices or wearables (e.g., glasses, watch) without using a card; and it is also a system and method for entering areas with high-level security using a server and GSM backed authentication rather than using a key or a magnetic ID card. (Figure 1 ) Object of this invention involves a system and method that enables banks to provide shopping and POS transaction opportunities to their customers without the need to use a magnetic card and provide more security in ATM transactions.
Invention involves a system and method based on authentication and transaction confirmation servers (100) (101 ) (102) and GSM backed (400) security for reader requests (400) sent via a SIM Card integrated mobile device (300).
Invention is composed of a security (100) (200) authentication and transaction center performing two intermediary systems' (a SIM Card integrated mobile device (300) and requestor reader (400)) requests. No data is stored on login device or reader and they both serve as intermediaries for transactions. All transactions and authentications take place on servers (100) (101 ) (102) and on GSM network, therefore it's completely secure. As follows;
There are two server systems in Authentication and Security center. One of them is (101 ) server that stores user data. Others are temporary session servers (102) that secure transactions and necessary user data after user authentication. On temporary servers (102), necessary data required for transaction is sent from main server (Figure 2; 102-a) and this data is re-encrypted (Figure 2; 102-c) and stored on these servers until session is terminated. It's extremely secure because encrypted data (Figure 2; 102-c) is different in each session, therefore data displayed on user's device is different. Even if this data is acquired by third parties, it will be specific to active session and cannot be used for further transactions. (Figure 2, 102-c).
How it Works? It's operable after system login application (302) is installed to mobile device (300). This is the initial installation and application does not store ant data (e.g., personal data, passwords, etc.) Mobile device needs a SIM (301 ) for GSM network connection for the system to be operable. Passwords used in this system can be obtained from authentication and confirmation center via individual application. After authentication and installation, application works only on identified device and SIM combination. Application is associated with only 1 SIM and Works on a single device. Application works integrated with SIM Card ID (number) and if SIM is inserted to another device application must be re-installed and authentication process must be completed. Application will be active after being installed to device and registeration to authentication transaction confirmation center. Instructions shown in Figure 1 are as follows:
1 . Application on (302) device sends password request to (101 ) Authentication server. Password confirmation performed on (101 ) server. If password and user match, device authentication is performed.
2. A confirmation password is sent to user's GSM (200) number that is registered on system for device authentication.
3. Authentication password is sent ti SIM Card via GSM (200) network. After authentication message is delivered to the application (301 ) on mobile device (300), main server is informed that device and application ID are correct.
After user, device and application authentication is completed, necessary data (Figure 2;102-a) for transaction on main server (101 ) (account info or IBAN for banking transactions) are sent to other server (102) for temporary session. A session is created for user (102). Data from main server (e.g., account number or IBAN) (Figure 2; 102-a) is encrypted with a numeric password defined specifically for this session (Figure 2; 102-b) (This encryption can be a 2D Code or a Barcode) (Figure 2; 102-c). Example: Account number or IBAN is re-encrypted with a temporary password (e.g., 1234). Encrypted data (Figure 2; 102-c) is solely used in this session and deleted after session is terminated. If user has more than 1 account or card, each account and card is encrypted separately in each session. Account used depends on user. In other words, for banking transactions, each account and card is encrypted separately and sent to user's device on demand.
This encrypted data (Figure 2; 102-c) created on temporary session servers (102) is displayed on user's device through the application (302). If more than 1 encrypted data is available in a session, they are listed horizontally or vertically.
Preferred encrypted data (Figure 2; 102-c) is read by reader (400) (POS, ATM).
Reader (400) sends transaction request to main servers (101 ) after reading encrypted data (Figure 2; 102-c) on user's device (payment on POS devices or display main menu on ATM) (400). Reader must be registered to main servers and have transaction request authorization. If reader is not registered, no request will be sent to main server (101 ).
Request from registered reader is displayed on user's device with a confirmation via open application ( .... TL / $ paymetn will be made from account no to company. Enter password for confirmation or enter your PIN fro banking transactions - on ATM) and request second password. 10. User (300) enters password for confirmation and password is sent to main server (100).
10s. Main server verifies password and if password is correct checks for an available temporary session specific to this request. If a temporary session is available proceeds to final step.
1 1 . After completing all steps mentioned above, authentication and transaction confirmation center (100) performs the transaction/process requested, (payment, ATM login). Transaction confirmation is displayed both on user's device (300) and reader's screen (400). Data is deleted after temporary session (102) on confirmation transaction center (1 00) is terminated.
This invention may replace current magnetic cards (Mastercard, Visa) as well as enable users to perform banking transactions (account opening) without using these cards, (e.g., performing banking transactions with IBAN).
Invention may be used in aforementioned banking transactions as well as for entering areas with high-level security (hotels, hotel rooms, buildings, houses, offices). Invention involves a method for opening building doors by sending request to main servers which sends confirmation to door lock after authentication process.
Invention is extremely secure. Has a 5-dimensional security system as follows:
1 - Individual application for initial installation to mobile device and defining password. Application works integrated with SIM Card ID.
2- After registration and installation process, system login request with password. No password or data is stored on device.
3- Device and SIM verification after user request (GSM based verification via SMS).
4- Sending encrypted data to user by creating a temporary session (Figure 2;
102-a, 102-b, 102-c), deleting data after temporary session is terminated.
5- Transaction confirmation request from user (with password), checking for temporary session and performing transaction. 6 similar patents were found during preliminary research. However, further research revealed that present invention is different in many aspects, such as;
- Invention has a 5-dimensional security.
- No data is stored on device, all data and transaction processes are performed by Authentication and transaction confirmation servers
- Application on mobile device is an intermediary that enables contact with main server and works integrated with SIM Card number
- Authentication is GSM based therefore GSM network also allows device verification.
- Most important aspect of invention is temporary sessions and cross- authentication and device verification processes that takes place on authentication transaction confirmation servers (100) (101 ) (102). Main innovation lies in this aspect. It involves separate sessions and encrypted data for each transaction/process (Figure 2; 102-a, 102-b, 102-c). After transaction is completed, all encrypted data becomes useless.
There are various mobile wallet applications in the market. Invention is different than these applications. Mobile wallets are using mobile phones and store card information or passwords. In this method, no data is stored on user's device. Security and personal data (account information, passwords, numbers, subscription details, etc.) is located solely in main servers.
Industrial Use of Invention
Invention can be used in all systems that require entry or transactions with magnetic cards. Specifically, cardless payments and banking transactions are gaining importance with ever increasing internet connection speeds. Therefore, invention enables fast and secure POS payments and ATM transactions.
In preferred embodiments of invention, no data is stored on mobile device and even first login password is verified by authentication center server.
In preferred embodiments of invention, no data is stored on mobile device and even first login password is verified by authentication center server. In preferred embodiments of invention, it is not a system access method but also has a GSM based device and SIM verification.
In preferred embodiments of invention, it has a single use login and authentication system with temporary separate sessions in each login. In preferred embodiments of invention, even after login and transaction request is sent to main servers (by reader), transaction confirmation is performed by user with a second password.
In preferred embodiments of invention, after confirmation process both user (account owner) and reader (POS, ATM) is informed of transaction results. Present invention enables easy and secure transactions with aforementioned technical specifications which provide numerous advantages.
Structural and characteristic features and advantages of present invention can be understood with the help of following figures and detailed description with reference numbers of these figures. Therefore, evaluation process should consider these figures and detailed descriptions.

Claims

1 . A method that allows making GSM confirmed banking transactions (e.g., cardless POS transactions or ATM procedures) with GSM-SIM card integrated mobile devices or wearables without using a card; and it is also a multi-dimensional method for entering places that require specific safety using a server and GSM backed authorization rather than using a key or a magnetic ID card is characterized with following steps:
- User (300)(302) sends main server login request with password,
- Checking received password in main server (101 ) and then sending password to GSM number registered in server for device confirmation,
- User sends password received from GSM (200) operator to main server via application (302),
- After device and SIM confirmation, importing required data from main server (101 ) and transferring to temporary session servers (102), - Re-encrypting (102-c) available data (102-a) required for confirmation in temporary session servers (102) by adding a single use password (102-b) and sending to user's mobile device (300)(302),
- Scanning received encrypted data (102-c) to reader (400) and sending transaction request to main server (101 ), - Request from reader is sent to user (300) and user confirms transaction with password,
- Checking transaction confirmation password sent by user and temporary session and performing the transaction in main servers (100)(101 ) .
2. The multi-layered authentication and transaction confirmation method according to Claim 1 wherein mobile application (302) stores no personal data.
3. The multi-layered authentication and transaction confirmation method according to Claim 1 wherein application installed to mobile device and device authentication is performed via GSM network.
4. The multi-layered authentication and transaction confirmation method compatible according to Claim 1 wherein after identification and device authentication, a temporary session (102) is created specific to requested transaction.
5. The multi-layered authentication and transaction confirmation method according to Claim 1 wherein after password, application (302) and device confirmation, data required for transaction in temporary session (102) is re-encrypted by adding a single use, random password and sent to user's device (300)(302); after transaction is confirmed, session is terminated and deleted.
6. The multi-layered authentication and transaction confirmation method according to Claim 1 wherein mobile device (300) should be integrated with SIM (301 ) and application ID should be integrated with Sim Card.
PCT/TR2016/050312 2015-10-27 2016-08-29 Multi-dimensional authentication system and method for cardless banking transactions and other transactions involving high-level security Ceased WO2017074281A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP16784599.9A EP3369059A1 (en) 2015-10-27 2016-08-29 Multi-dimensional authentication system and method for cardless banking transactions and other transactions involving high-level security

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR2015/13407 2015-10-27
TR201513407 2015-10-27

Publications (1)

Publication Number Publication Date
WO2017074281A1 true WO2017074281A1 (en) 2017-05-04

Family

ID=57178463

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2016/050312 Ceased WO2017074281A1 (en) 2015-10-27 2016-08-29 Multi-dimensional authentication system and method for cardless banking transactions and other transactions involving high-level security

Country Status (2)

Country Link
EP (1) EP3369059A1 (en)
WO (1) WO2017074281A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112396424A (en) * 2019-08-15 2021-02-23 京东数字科技控股有限公司 Transaction method and system fusing instant communication system
US11681995B1 (en) 2020-11-06 2023-06-20 Wells Fargo Bank, N.A. Point of sale (POS) device for currency control
US11829976B1 (en) 2020-11-06 2023-11-28 Wells Fargo Bank, N.A. Apparatuses, computer-implemented methods, and computer program products for currency control

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1804906A (en) 2006-01-05 2006-07-19 福建新大陆电脑股份有限公司 Method of application of two-dimensional code and mobile telephone in credit card-based payment system
US20080091614A1 (en) * 2004-07-30 2008-04-17 Etrans Lc Method To Make Payment Or Charge Safe Transactions Using Programmable Mobile Telephones
US20120173311A1 (en) 2010-12-31 2012-07-05 Nautilus Hyosung Inc. Automatic teller machine for providing service using two-dimensional barcode and method for operating automatic teller machine
US20120185398A1 (en) * 2009-09-17 2012-07-19 Meir Weis Mobile payment system with two-point authentication
EP2523155A2 (en) * 2011-05-13 2012-11-14 Deutscher Sparkassen Verlag GmbH Method for data allocation of an NFC-enabled terminal, an NFC chip card and a transaction
US20130124855A1 (en) * 2011-11-14 2013-05-16 Ca, Inc. Using qr codes for authenticating users to atms and other secure machines for cardless transactions
CN103218884A (en) 2012-11-29 2013-07-24 彭超 Bus card swiping system by applying cell phone two-dimensional code technology
US20130297513A1 (en) * 2012-05-04 2013-11-07 Rawllin International Inc. Multi factor user authentication
WO2014055279A1 (en) 2012-10-01 2014-04-10 Acuity Systems, Inc. Authentication system
WO2015088638A1 (en) * 2013-10-11 2015-06-18 Sequent Software, Inc. System and method for dynamic temporary payment authorization in a portable communication device

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080091614A1 (en) * 2004-07-30 2008-04-17 Etrans Lc Method To Make Payment Or Charge Safe Transactions Using Programmable Mobile Telephones
CN1804906A (en) 2006-01-05 2006-07-19 福建新大陆电脑股份有限公司 Method of application of two-dimensional code and mobile telephone in credit card-based payment system
US20120185398A1 (en) * 2009-09-17 2012-07-19 Meir Weis Mobile payment system with two-point authentication
US20120173311A1 (en) 2010-12-31 2012-07-05 Nautilus Hyosung Inc. Automatic teller machine for providing service using two-dimensional barcode and method for operating automatic teller machine
EP2523155A2 (en) * 2011-05-13 2012-11-14 Deutscher Sparkassen Verlag GmbH Method for data allocation of an NFC-enabled terminal, an NFC chip card and a transaction
US20130124855A1 (en) * 2011-11-14 2013-05-16 Ca, Inc. Using qr codes for authenticating users to atms and other secure machines for cardless transactions
US8924712B2 (en) 2011-11-14 2014-12-30 Ca, Inc. Using QR codes for authenticating users to ATMs and other secure machines for cardless transactions
US20130297513A1 (en) * 2012-05-04 2013-11-07 Rawllin International Inc. Multi factor user authentication
WO2014055279A1 (en) 2012-10-01 2014-04-10 Acuity Systems, Inc. Authentication system
CN103218884A (en) 2012-11-29 2013-07-24 彭超 Bus card swiping system by applying cell phone two-dimensional code technology
WO2015088638A1 (en) * 2013-10-11 2015-06-18 Sequent Software, Inc. System and method for dynamic temporary payment authorization in a portable communication device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "Zwei-Faktor-Authentifizierung - Wikipedia", 27 April 2015 (2015-04-27), XP055326948, Retrieved from the Internet <URL:https://de.wikipedia.org/w/index.php?title=Zwei-Faktor-Authentifizierung&oldid=141533197> [retrieved on 20161207] *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112396424A (en) * 2019-08-15 2021-02-23 京东数字科技控股有限公司 Transaction method and system fusing instant communication system
CN112396424B (en) * 2019-08-15 2024-02-02 京东科技控股股份有限公司 Transaction method and system integrating instant messaging system
US11681995B1 (en) 2020-11-06 2023-06-20 Wells Fargo Bank, N.A. Point of sale (POS) device for currency control
US11829976B1 (en) 2020-11-06 2023-11-28 Wells Fargo Bank, N.A. Apparatuses, computer-implemented methods, and computer program products for currency control

Also Published As

Publication number Publication date
EP3369059A1 (en) 2018-09-05

Similar Documents

Publication Publication Date Title
US10607211B2 (en) Method for authenticating a user to a machine
US11157905B2 (en) Secure on device cardholder authentication using biometric data
US7571461B2 (en) Personal website for electronic commerce on a smart Java card with multiple security check points
US10706136B2 (en) Authentication-activated augmented reality display device
CN1344396B (en) Portable electronic payment and authorization device and method thereof
US20110142234A1 (en) Multi-Factor Authentication Using a Mobile Phone
EP3098786A1 (en) Emv transactions in mobile terminals
US20080126260A1 (en) Point Of Sale Transaction Device With Magnetic Stripe Emulator And Biometric Authentication
EP4221091A1 (en) Binding cryptogram with protocol characteristics
WO2008147457A1 (en) Point0f sale transaction device with magnetic stripe emulator and biometric authentication
AU2018214800A1 (en) Methods and systems for securely storing sensitive data on smart cards
EP3186739B1 (en) Secure on device cardholder authentication using biometric data
CN105283898A (en) Methods and systems for providing a customer controlled account lock feature
CN105556550A (en) Method for securing a validation step of an online transaction
CN104951939A (en) Electronic bank card system and application method thereof as well as electronic method of bank card
US10503936B2 (en) Systems and methods for utilizing magnetic fingerprints obtained using magnetic stripe card readers to derive transaction tokens
EP3369059A1 (en) Multi-dimensional authentication system and method for cardless banking transactions and other transactions involving high-level security
KR102122555B1 (en) System and Method for Identification Based on Finanace Card Possessed by User
US20200005306A1 (en) Method for carrying out a transaction, corresponding terminal, server and computer program
US11823200B2 (en) Smart physical payment cards
KR20200022194A (en) System and Method for Identification Based on Finanace Card Possessed by User
WO2014003684A1 (en) Terminal and method of authentication
WO2013170880A1 (en) Method and system for identity and know your customer verification through credit card transactions in combination with internet based social data
Salma et al. Smart Card for Banking with Highly Enhanced Security System
Kibaya Design of a multifactor authentication system for automated teller machines.

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16784599

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE