IS5307A - Payment process and system - Google Patents

Payment process and system

Info

Publication number
IS5307A
IS5307A IS5307A IS5307A IS5307A IS 5307 A IS5307 A IS 5307A IS 5307 A IS5307 A IS 5307A IS 5307 A IS5307 A IS 5307A IS 5307 A IS5307 A IS 5307A
Authority
IS
Iceland
Prior art keywords
acquirer
terminal
cryptogram
payment process
smart card
Prior art date
Application number
IS5307A
Other languages
Icelandic (is)
Inventor
Charles Viner John
Barrington Everett David
Original Assignee
National Westminster Bank Plc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Westminster Bank Plc. filed Critical National Westminster Bank Plc.
Publication of IS5307A publication Critical patent/IS5307A/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Credit Cards Or The Like (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A payment process and system using a smart card (1) which accesses a remote account at a card issuer (20) via an acquirer (18). The card is read in a terminal (6) which is in two-way communication (17) with the acquirer (18). As part of the payment process, a cryptogram of the transaction data is made by the smart card and used in the terminal (6) as a key to encrypt the PIN, entered by the cardholder, for transmission to the acquirer (18). The acquirer also creates a cryptogram, using the transaction data sent to it by the terminal (6), and uses this cryptogram (which should be the same as that created by the smart card) to decrypt the encrypted PIN. In this way, the use of an expensive tamper-resistant encrypting PIN pad at the terminal (6) is avoided, whilst maintaining security.
IS5307A 1997-06-27 1999-12-17 Payment process and system IS5307A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB9713743.4A GB9713743D0 (en) 1997-06-27 1997-06-27 A cryptographic authentication process
PCT/GB1998/001865 WO1999000775A1 (en) 1997-06-27 1998-06-26 Payment process and system

Publications (1)

Publication Number Publication Date
IS5307A true IS5307A (en) 1999-12-17

Family

ID=10815113

Family Applications (1)

Application Number Title Priority Date Filing Date
IS5307A IS5307A (en) 1997-06-27 1999-12-17 Payment process and system

Country Status (22)

Country Link
EP (1) EP0992026A1 (en)
JP (1) JP2002507297A (en)
KR (1) KR20010014257A (en)
CN (1) CN1260894A (en)
AU (1) AU8122598A (en)
BG (1) BG104041A (en)
BR (1) BR9810486A (en)
CA (1) CA2295032A1 (en)
EA (1) EA200000073A1 (en)
EE (1) EE9900598A (en)
GB (1) GB9713743D0 (en)
HU (1) HUP0003227A2 (en)
IS (1) IS5307A (en)
MX (1) MXPA99011836A (en)
NO (1) NO996488L (en)
NZ (1) NZ501887A (en)
PL (1) PL337533A1 (en)
SK (1) SK176199A3 (en)
TR (1) TR199903243T2 (en)
TW (1) TW411427B (en)
WO (1) WO1999000775A1 (en)
ZA (1) ZA985628B (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8108307B1 (en) * 1998-03-30 2012-01-31 Citicorp Development Center, Inc. System, method and apparatus for value exchange utilizing value-storing applications
AUPQ556600A0 (en) * 2000-02-14 2000-03-02 Ong, Yong Kin (Michael) Electronic funds transfers-zipfund
US7103575B1 (en) 2000-08-31 2006-09-05 International Business Machines Corporation Enabling use of smart cards by consumer devices for internet commerce
KR100420600B1 (en) * 2001-11-02 2004-03-02 에스케이 텔레콤주식회사 METHOD FOR PROCESSING EMV PAYMENT BY USING IrFM
GB0305806D0 (en) * 2003-03-13 2003-04-16 Ecebs Ltd Smartcard based value transfer
US8407097B2 (en) 2004-04-15 2013-03-26 Hand Held Products, Inc. Proximity transaction apparatus and methods of use thereof
US8549592B2 (en) 2005-07-12 2013-10-01 International Business Machines Corporation Establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform
GB2435951A (en) * 2006-02-23 2007-09-12 Barclays Bank Plc System for PIN servicing
US7873835B2 (en) * 2006-03-31 2011-01-18 Emc Corporation Accessing data storage devices
CN102024288B (en) * 2009-09-11 2014-02-26 中国银联股份有限公司 A method and system for secure payment using a smart card
GB2476065A (en) * 2009-12-09 2011-06-15 Pol Nisenblat A multi-currency cash deposit and exchange method and system
CN102096968A (en) * 2009-12-09 2011-06-15 中国银联股份有限公司 Method for verifying accuracy of PIN (Personal Identification Number) in agent authorization service
EP2426652A1 (en) * 2010-09-06 2012-03-07 Gemalto SA Simplified method for customising a smart card and associated device
CN102968865B (en) * 2012-11-23 2016-08-31 易联支付有限公司 The authentication method of a kind of mobile payment and system
US10147087B2 (en) * 2015-03-06 2018-12-04 Mastercard International Incorporated Primary account number (PAN) length issuer identifier in payment account number data field of a transaction authorization request message
CN106991346A (en) * 2017-04-18 2017-07-28 东信和平科技股份有限公司 The method and device of a kind of smart card issuing
CN113222600A (en) * 2021-05-18 2021-08-06 中国银行股份有限公司 Offline payment method and system, payment terminal and collection terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0198384A3 (en) * 1985-04-09 1988-03-23 Siemens Aktiengesellschaft Berlin Und Munchen Method and device for enciphering data
US4965568A (en) * 1989-03-01 1990-10-23 Atalla Martin M Multilevel security apparatus and method with personal key
NL1001659C2 (en) * 1995-11-15 1997-05-21 Nederland Ptt Method for writing down an electronic payment method.

Also Published As

Publication number Publication date
ZA985628B (en) 1999-01-26
WO1999000775A1 (en) 1999-01-07
EP0992026A1 (en) 2000-04-12
AU8122598A (en) 1999-01-19
GB9713743D0 (en) 1997-09-03
NZ501887A (en) 2001-05-25
HUP0003227A2 (en) 2001-02-28
EE9900598A (en) 2000-08-15
BG104041A (en) 2000-05-31
CA2295032A1 (en) 1999-01-07
NO996488L (en) 2000-02-28
JP2002507297A (en) 2002-03-05
TW411427B (en) 2000-11-11
EA200000073A1 (en) 2000-06-26
CN1260894A (en) 2000-07-19
BR9810486A (en) 2000-09-12
NO996488D0 (en) 1999-12-27
PL337533A1 (en) 2000-08-28
SK176199A3 (en) 2000-07-11
KR20010014257A (en) 2001-02-26
MXPA99011836A (en) 2002-04-19
TR199903243T2 (en) 2000-04-21

Similar Documents

Publication Publication Date Title
IS5307A (en) Payment process and system
AUPM350794A0 (en) Funds transaction device
TR200002758T2 (en) Credit card system and method
MD1402F2 (en) Value transfer system
NO996147D0 (en) Transaction method of a mobile device, as well as identification element for its use
TWI229279B (en) System and method for secure credit and debit card transactions
GB2377806B (en) Secure electronic commerce system
SE9602829D0 (en) Procedure and apparatus for payment processing and means of payment
AU5701901A (en) An improved method and system for conducting secure payments over a computer network
AU3377895A (en) Method and arrangement for providing selective access to a security system
SE9602528D0 (en) Improvements in, or relating to, Internet communication systems
KR100457994B1 (en) Apparatus and method of on-line approve by smart card
CA2296208A1 (en) Cryptographic token and security system
NZ321717A (en) Secure data transfer between ic card terminal and central computer
WO2002041236A3 (en) High security data card
SE9702216L (en) security module
SE9500697D0 (en) Electronic transaction system
SE0002416D0 (en) Communication method and device
MY121601A (en) Funds transaction device
HK1045393A1 (en) System and process for conducting a financial transaction
MY128057A (en) High flow rate centralized cryptographic system and method.
NO941774L (en) Process system for secure, decentralized smart card personalization