EP2380122A2 - Mesures de securite pour carte de credit - Google Patents

Mesures de securite pour carte de credit

Info

Publication number
EP2380122A2
EP2380122A2 EP09813865A EP09813865A EP2380122A2 EP 2380122 A2 EP2380122 A2 EP 2380122A2 EP 09813865 A EP09813865 A EP 09813865A EP 09813865 A EP09813865 A EP 09813865A EP 2380122 A2 EP2380122 A2 EP 2380122A2
Authority
EP
European Patent Office
Prior art keywords
card
code
generating
related transactions
dynamic authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP09813865A
Other languages
German (de)
English (en)
Inventor
Grant Paul Weideman
Selvanathan Narainsamy
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Radio Surveillance Technologies Pty Ltd
Original Assignee
Radio Surveillance Technologies Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Radio Surveillance Technologies Pty Ltd filed Critical Radio Surveillance Technologies Pty Ltd
Publication of EP2380122A2 publication Critical patent/EP2380122A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • This invention relates to security measures for bank card related transactions.
  • 'card' as applied to card related transactions shall be understood to include any type of 'smartcard' which includes any form of electronic processor and/or electronic memory and/or electronic storage capacity.
  • the code is usually intercepted while being verified by a card reading machine. This may be accomplished by adding software to the machine (or another handheld device) which reads the card and intercepts/copies the code without otherwise affecting the transaction. The user is therefore unaware of this interception. It is an object of this invention to provide an alternative to the single programmed static authentication code on credit and debit cards or similar card related transactions.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé de création d'un code sur des transactions relatives à une carte, par exemple des transactions par carte de crédit, qui consiste à charger un logiciel d'authentification multifacteur sur la carte même. Ledit logiciel est lu par un terminal de transaction par carte, par exemple un guichet automatique bancaire (ATM) ou une station de paiement analogue qui produit un code spécifique à l'heure et/ou à la date qui est vérifié par rapport à un code produit par une unité centrale distante exploitant un logiciel d'authentification multifacteur analogue ou identique. Il n'est pas nécessaire que les deux codes soient identiques, mais ils devraient être analogues avec une tolérance suffisante de façon à garantir qu'il n'y a aucune infraction à la sécurité. Une fois le code vérifié, on peut procéder à la transaction d'une manière normale.
EP09813865A 2008-12-17 2009-12-17 Mesures de securite pour carte de credit Withdrawn EP2380122A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA200810812 2008-12-17
PCT/ZA2009/000111 WO2010071904A2 (fr) 2008-12-17 2009-12-17 Mesures de securite pour carte de credit

Publications (1)

Publication Number Publication Date
EP2380122A2 true EP2380122A2 (fr) 2011-10-26

Family

ID=42135951

Family Applications (1)

Application Number Title Priority Date Filing Date
EP09813865A Withdrawn EP2380122A2 (fr) 2008-12-17 2009-12-17 Mesures de securite pour carte de credit

Country Status (7)

Country Link
EP (1) EP2380122A2 (fr)
CN (1) CN102301384A (fr)
AU (1) AU2009327344A1 (fr)
CA (1) CA2747249A1 (fr)
SG (1) SG172224A1 (fr)
WO (1) WO2010071904A2 (fr)
ZA (1) ZA201100774B (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330891A (zh) * 2016-08-21 2017-01-11 上海林果实业股份有限公司 智能卡、认证码认证方法及系统
WO2019031717A1 (fr) * 2017-08-09 2019-02-14 주식회사 센스톤 Système de paiement basé sur un réseau de communication inter-magasin, terminal portable comprenant une fonction de paiement basée sur un réseau de communication inter-magasin, procédé permettant de fournir un service de paiement basé sur un réseau de communication inter-magasin, et programme le réalisant

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7363494B2 (en) * 2001-12-04 2008-04-22 Rsa Security Inc. Method and apparatus for performing enhanced time-based authentication
CA2394742A1 (fr) * 2002-01-17 2003-07-17 Michel Caron Appareil portatif, active par l'empreinte digitale de son detenteur, qui fournira un code d'acces unique et different pour chaque utilisation de son detenteur
WO2004051585A2 (fr) * 2002-11-27 2004-06-17 Rsa Security Inc Systeme et procede de validation d'identite
KR20060027347A (ko) * 2003-06-19 2006-03-27 코닌클리케 필립스 일렉트로닉스 엔.브이. 패스워드를 인증하는 방법 및 장치
KR100645401B1 (ko) * 2006-05-01 2006-11-15 주식회사 미래테크놀로지 휴대폰에서의 시간동기 방식 오티피 발생장치와 방법
US8359630B2 (en) * 2007-08-20 2013-01-22 Visa U.S.A. Inc. Method and system for implementing a dynamic verification value

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2010071904A2 *

Also Published As

Publication number Publication date
CA2747249A1 (fr) 2010-06-24
CN102301384A (zh) 2011-12-28
AU2009327344A1 (en) 2011-07-21
WO2010071904A9 (fr) 2010-11-11
WO2010071904A2 (fr) 2010-06-24
WO2010071904A3 (fr) 2010-08-12
SG172224A1 (en) 2011-07-28
ZA201100774B (en) 2011-10-26

Similar Documents

Publication Publication Date Title
JP7345509B2 (ja) 安全な読み取り専用の認証のためのシステム及び方法
RU2427917C2 (ru) Устройство, система и способ сокращения времени взаимодействия при бесконтактной транзакции
KR101236957B1 (ko) 모바일 otp 보안을 이용한 휴대단말기의 신용카드 결제 시스템 및 그 방법
US20200286088A1 (en) Method, device, and system for securing payment data for transmission over open communication networks
US9984371B2 (en) Payment de-tokenization with risk evaluation for secure transactions
KR101330867B1 (ko) 결제 디바이스에 대한 상호인증 방법
Lacmanović et al. Contactless payment systems based on RFID technology
AU2012265824B2 (en) A transaction system and method for use with a mobile device
US11432155B2 (en) Method and system for relay attack detection
US20190362341A1 (en) Binding cryptogram with protocol characteristics
US10248947B2 (en) Method of generating a bank transaction request for a mobile terminal having a secure module
CA3047954A1 (fr) Methode de realisation d`une transaction, terminal correspondant, serveur et logiciel
WO2010071904A2 (fr) Mesures de securite pour carte de credit
EP4179697B1 (fr) Appariement sécurisé de bout en bout d'un élément sécurisé à un appareil mobile
KR101190745B1 (ko) 인터넷 otp 보안을 이용한 휴대단말기의 신용카드 결제 시스템 및 그 방법
RU2736507C1 (ru) Способ и система создания и использования доверенного цифрового образа документа и цифровой образ документа, созданный данным способом
Ion et al. Don’t trust POS terminals! Verify in-shop payments with your phone
WO2025045876A1 (fr) Procédé de protection de transactions monétaires contre des attaques par relais
Barisani et al. Practical EMV PIN interception and fraud detection
HK40120918A (zh) 用於安全只读认证的系统和方法
HK40048471B (zh) 用於安全只读认证的系统和方法

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20110718

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA

RAX Requested extension states of the european patent have changed

Extension state: BA

Payment date: 20110718

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20120320