WO2010071904A2 - Security measures for credit card - Google Patents
Security measures for credit card Download PDFInfo
- Publication number
- WO2010071904A2 WO2010071904A2 PCT/ZA2009/000111 ZA2009000111W WO2010071904A2 WO 2010071904 A2 WO2010071904 A2 WO 2010071904A2 ZA 2009000111 W ZA2009000111 W ZA 2009000111W WO 2010071904 A2 WO2010071904 A2 WO 2010071904A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- card
- code
- generating
- related transactions
- dynamic authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Definitions
- This invention relates to security measures for bank card related transactions.
- 'card' as applied to card related transactions shall be understood to include any type of 'smartcard' which includes any form of electronic processor and/or electronic memory and/or electronic storage capacity.
- the code is usually intercepted while being verified by a card reading machine. This may be accomplished by adding software to the machine (or another handheld device) which reads the card and intercepts/copies the code without otherwise affecting the transaction. The user is therefore unaware of this interception. It is an object of this invention to provide an alternative to the single programmed static authentication code on credit and debit cards or similar card related transactions.
- a method of generating a dynamic authentication code for card related transactions includes the steps of loading algorithm generating software onto the card to generate a time and/or date specific code when used in combination with a card transaction machine, and synchronising the generated code with one similarly generated at a remote terminal.
- suitable algorithm-generating and/or multifactor authentication software is loaded onto a card such as a credit card.
- the software may be loaded onto the micro-chip or any similar storage means and/or memory of the card, or wherever suitable.
- the software may be interpreted by a card reading machine such as an ATM or a card transacting terminal to generate a time and date specific code. This code may be sent to a remote terminal, on which the same software may be running and on which an identical code may be generated on similar terms.
- a card reading machine such as an ATM or a card transacting terminal
- This code may be sent to a remote terminal, on which the same software may be running and on which an identical code may be generated on similar terms.
- the remote terminal may verify the authenticity of the card and allow the transaction to proceed as it would normally.
- the software loaded onto the card may be any suitable multi factor authentication software.
- the card transaction terminal transmits a signal to the remote terminal which responds by sending a time and/or the date according to the terminal or the time zone in which the remote terminal is located.
- This signal and subsequent time and date ensures that the time and/or date on the remote terminal and the card transaction terminal are identical so that an identical or suitably matched code may be generated.
- the method may be adapted to generate a new code for each new transaction, which may be valid for a specific time interval, for instance three minutes. This variation should negate any delays caused by time-and-date verification or similar communication interruptions and should ensure that the codes are always identical.
- multi-factor authentication software 12 is loaded onto a credit or debit card 10.
- multi factor authentication software is used but any suitable algorithm generating authentication software may be used.
- the software may be loaded onto the microchip (not shown) of the card. It may be possible and necessary for the software to be loaded on other storage means in future depending on the evolution of card transactions.
- the software is also loaded onto a remote terminal 20.
- the card terminal transmits a signal or a 'ping' 18 to the remote terminal 20 located at a banking institution or the like (not shown).
- the remote terminal responds by sending back a signal 18 containing the time and/or date to the card terminal
- the reasoning behind this step is to ensure that the terminals are synchronised with regards to the time and date, irrespective of time zone differences or whether the machine's time and date are set accurately.
- the card terminal In the next step that the card terminal reads the software from the card and interprets it, taking the time and date into account, to generate a code 24 unique to the card for that specific time and/or date. Once the card terminal has generated the code it transmits the code 28 to the remote terminal where it is decrypted and interpreted to verify whether it is valid or not. If the codes satisfies the necessary criteria the remote terminal transmits a signal for receipt by the card terminal to authorise the transaction.
- this whole method takes place in a matter of seconds. It is however envisioned that a code may be time interval generated and that a code will be valid for a few minutes to ensure that communication delays or transaction traffic does not affect the generation and verification of codes.
- This time interval may for instance be three minutes.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims
Priority Applications (6)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2009327344A AU2009327344A1 (en) | 2008-12-17 | 2009-12-17 | Security measures for credit card |
| EP09813865A EP2380122A2 (en) | 2008-12-17 | 2009-12-17 | Security measures for credit card |
| CA2747249A CA2747249A1 (en) | 2008-12-17 | 2009-12-17 | Security measures for credit card |
| SG2011044435A SG172224A1 (en) | 2008-12-17 | 2009-12-17 | Security measures for credit card |
| CN200980151333.1A CN102301384A (en) | 2008-12-17 | 2009-12-17 | Security Measures For Credit Card |
| ZA2011/00774A ZA201100774B (en) | 2008-12-17 | 2011-01-31 | Security measures for credit card |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| ZA200810812 | 2008-12-17 | ||
| ZA2008/10812 | 2008-12-17 |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| WO2010071904A2 true WO2010071904A2 (en) | 2010-06-24 |
| WO2010071904A3 WO2010071904A3 (en) | 2010-08-12 |
| WO2010071904A9 WO2010071904A9 (en) | 2010-11-11 |
Family
ID=42135951
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/ZA2009/000111 Ceased WO2010071904A2 (en) | 2008-12-17 | 2009-12-17 | Security measures for credit card |
Country Status (7)
| Country | Link |
|---|---|
| EP (1) | EP2380122A2 (en) |
| CN (1) | CN102301384A (en) |
| AU (1) | AU2009327344A1 (en) |
| CA (1) | CA2747249A1 (en) |
| SG (1) | SG172224A1 (en) |
| WO (1) | WO2010071904A2 (en) |
| ZA (1) | ZA201100774B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3441926A1 (en) * | 2017-08-09 | 2019-02-13 | SSenStone Inc. | System for payment based on store's intranet, mobile terminal including payment function based on store's intranet, method for providing payment service based on store's intranet, and program for performing the same |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330891A (en) * | 2016-08-21 | 2017-01-11 | 上海林果实业股份有限公司 | Smart card, verification code verifying method and system |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7363494B2 (en) * | 2001-12-04 | 2008-04-22 | Rsa Security Inc. | Method and apparatus for performing enhanced time-based authentication |
| CA2394742A1 (en) * | 2002-01-17 | 2003-07-17 | Michel Caron | Portable device, activated by the fingerprint of the holder, that will provide a unique and different access code each time the holder uses it |
| WO2004051585A2 (en) * | 2002-11-27 | 2004-06-17 | Rsa Security Inc | Identity authentication system and method |
| KR20060027347A (en) * | 2003-06-19 | 2006-03-27 | 코닌클리케 필립스 일렉트로닉스 엔.브이. | Method and apparatus for authenticating a password |
| KR100645401B1 (en) * | 2006-05-01 | 2006-11-15 | 주식회사 미래테크놀로지 | Time Synchronous OTP Generator in Mobile Phone |
| US8359630B2 (en) * | 2007-08-20 | 2013-01-22 | Visa U.S.A. Inc. | Method and system for implementing a dynamic verification value |
-
2009
- 2009-12-17 EP EP09813865A patent/EP2380122A2/en not_active Withdrawn
- 2009-12-17 WO PCT/ZA2009/000111 patent/WO2010071904A2/en not_active Ceased
- 2009-12-17 AU AU2009327344A patent/AU2009327344A1/en not_active Abandoned
- 2009-12-17 CA CA2747249A patent/CA2747249A1/en not_active Abandoned
- 2009-12-17 SG SG2011044435A patent/SG172224A1/en unknown
- 2009-12-17 CN CN200980151333.1A patent/CN102301384A/en active Pending
-
2011
- 2011-01-31 ZA ZA2011/00774A patent/ZA201100774B/en unknown
Non-Patent Citations (1)
| Title |
|---|
| None |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3441926A1 (en) * | 2017-08-09 | 2019-02-13 | SSenStone Inc. | System for payment based on store's intranet, mobile terminal including payment function based on store's intranet, method for providing payment service based on store's intranet, and program for performing the same |
| CN109389390A (en) * | 2017-08-09 | 2019-02-26 | 森斯通株式会社 | Clearing mobile terminal, system, method and program based on communication network in sales field |
| US11301921B2 (en) | 2017-08-09 | 2022-04-12 | SSenStone Inc. | System for payment based on store's intranet, mobile terminal including payment function based on store's intranet, method for providing payment service based on store's intranet, and program for performing the same |
Also Published As
| Publication number | Publication date |
|---|---|
| CA2747249A1 (en) | 2010-06-24 |
| CN102301384A (en) | 2011-12-28 |
| AU2009327344A1 (en) | 2011-07-21 |
| EP2380122A2 (en) | 2011-10-26 |
| WO2010071904A9 (en) | 2010-11-11 |
| WO2010071904A3 (en) | 2010-08-12 |
| SG172224A1 (en) | 2011-07-28 |
| ZA201100774B (en) | 2011-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7345509B2 (en) | System and method for secure read-only authentication | |
| RU2427917C2 (en) | Device, system and method to reduce time of interaction in contactless transaction | |
| KR101236957B1 (en) | System for paying credit card using mobile otp security of mobile phone and method therefor | |
| US20200286088A1 (en) | Method, device, and system for securing payment data for transmission over open communication networks | |
| US9984371B2 (en) | Payment de-tokenization with risk evaluation for secure transactions | |
| KR101330867B1 (en) | Authentication method for payment device | |
| Lacmanović et al. | Contactless payment systems based on RFID technology | |
| AU2012265824B2 (en) | A transaction system and method for use with a mobile device | |
| US11432155B2 (en) | Method and system for relay attack detection | |
| US20190362341A1 (en) | Binding cryptogram with protocol characteristics | |
| US10248947B2 (en) | Method of generating a bank transaction request for a mobile terminal having a secure module | |
| CA3047954A1 (en) | Method for carrying out a transaction, corresponding terminal, server and computer program | |
| WO2010071904A2 (en) | Security measures for credit card | |
| EP4179697B1 (en) | Secure end-to-end pairing of secure element to mobile device | |
| KR101190745B1 (en) | System for paying credit card using internet otp security of mobile phone and method therefor | |
| RU2736507C1 (en) | Method and system for creating and using trusted digital image of document and digital image of document created by this method | |
| Ion et al. | Don’t trust POS terminals! Verify in-shop payments with your phone | |
| WO2025045876A1 (en) | Method for relay attack protection of monetary transactions | |
| Barisani et al. | Practical EMV PIN interception and fraud detection | |
| HK40120918A (en) | Systems and methods for secure read-only authentication | |
| HK40048471B (en) | Systems and methods for secure read-only authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| WWE | Wipo information: entry into national phase |
Ref document number: 200980151333.1 Country of ref document: CN |
|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09813865 Country of ref document: EP Kind code of ref document: A2 |
|
| WWE | Wipo information: entry into national phase |
Ref document number: 2747249 Country of ref document: CA |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| WWE | Wipo information: entry into national phase |
Ref document number: 1326/MUMNP/2011 Country of ref document: IN |
|
| WWE | Wipo information: entry into national phase |
Ref document number: 2009327344 Country of ref document: AU |
|
| WWE | Wipo information: entry into national phase |
Ref document number: 2009813865 Country of ref document: EP |
|
| ENP | Entry into the national phase |
Ref document number: 2009327344 Country of ref document: AU Date of ref document: 20091217 Kind code of ref document: A |