200306483 玖、發明說明 (發明說明應敘明:發明所屬之技術領域、先前技術、內容、實施方式及圖式簡單說明) (一) 發明所屬之技術領域 本發明是有關於一種用來改善信用卡及轉帳卡交易等之 安全的系統方法。 (二) 先前技術 信用卡及轉帳卡詐騙(以下總稱之爲交易卡弊端)是一項 曰益嚴重的問題,特別是線上(電子商務)交易。銀行界面 對此一問題之作法是用一短期方案來打擊不法,直到開發 出更爲複雜之措施。此種短期之解決方案稱爲c V V 2,是 一相對簡單之作法。C V V 2碼是一個三位數之十進位數字 ,一般是由發卡銀行印刷在信用卡或轉帳卡之背面上,與 卡號(PAN或付款人帳號)分開,並且沒有透過磁條或嵌入 式晶片而在卡片中進行電子編碼(如此有助於防止C V V 2碼 數不法之徒盜錄)。C V V 2碼是印刷在卡片上,無法由磁條 中讀取。交易之確認是由線上源獲取卡號,然後再核對所 提供之C V V 2碼是否正確。商家在進行一非持卡人在場之 交易(例如線上或電話交易)時,會要求持卡人之C V V 2碼 ,以及付款人帳號、卡片有效期限、及投遞地址。接著, 商家作一線上核對以確認CVV2碼以及收到的持卡人投遞地 址與發卡銀行持有之與收到的付款人帳號相關之卡片詳細 資料彼此相吻合對應。因此,意圖爲詐騙交易之不法人士 必須得到付款人帳號、持卡人地址、卡片有效期限及C V V 2 碼,故此種C V V 2方法是假定詐騙者無法事先知道如何盜 200306483 取這些資訊。c V V 2方法的問題在於其相對地容易失效, 因爲許多盜取卡號的技術可以輕易地擴充至盜取C V V 2碼 及持卡人地址。在最佳的情況下,C V V 2僅是減緩詐騙成 長之一暫時性措施。 支援C V V 2作法所需之基礎架構已安裝並操作中。因此 ,商家之設備(譬如無線刷卡之Ε Ρ Ο S及E F Τ Ρ Ο S終端機等) 及電腦(IT)系統皆已設計並修改爲要求提供一個三位數之 十進位數字作爲附加安全措施。本發明之實施例適合利用 此種現有之基礎架構,以提供一個甚至高於新智慧卡爲主 ® 之作法的反詐騙安全層級。 一種用來確認例如信用卡或轉帳卡持卡人身分之改良式 方法及系統已揭露在本申請人已同時申請中之英國專利號 碼0021964.2國際專利申請號碼PCT/GB01/04024及美國專 利申請號碼〇 9 / 6 6 3,2 8 1及0 9 / 9 1 5,2 7 1。此種方法及系統包 括在卡片交易之前先傳送一虛擬隨機安全字串碼至相關人 士之行動電話等裝置。該人士再加一掩蔽碼並以個人識別 號碼(PIN)之形式,依照一預定之方式應用在虛擬隨機字串 ® ,藉此能產生一揮發性之一次交易識別碼,而後傳送至商 家,再送至認證伺服器,在此該識別碼被檢視與一獨立計 算之揮發性一次識別碼是否相符,因此達到辨認持卡人身 分之目的。 (三)發明內容 根據本發明之一第一項特色,在於提供一種在客戶及商 家之間授權安全交易之方法,此種方法包含以下步驟 200306483 i)於一主電腦中儲存客戶資訊,包括客戶帳號及相關連之 個人識別碼(PIN); i i)於主電腦中產生一虛擬隨機安全字串碼; i i i)由主電腦將虛擬隨機安全字串碼傳送至至少一台由客 戶操作之遠端電子裝置; i v )當客戶與商家進行交易時,輸入該個人識別碼以及交易 金額至電子裝置; v )藉運用一預定之密碼演算法在虛擬隨機安全字串碼、個 人識別碼及交易金額,在該電子裝置中產生一回應碼; v i)傳送回應碼、交易金額及客戶帳號至主電腦; vi i)於主電腦中,使用客戶帳號去檢索PIN碼及虛擬隨機 安全字串碼,接著運用預定之密碼演算法至虛擬隨機安全 字串碼、P IN碼及交易金額,藉此能產生一檢查碼; v i i i)於主電腦中,比較檢查碼及回應碼,如果二者相符, 則授權該交易。 根據本發明之一第二項特色,在於提供一種客戶及商家 間用來授權交易之安全交易系統,該系統包括一主電腦以 及至少一台由客戶操作之電子裝置,其中: i)客戶資料,包含客戶帳號及一相關連之個人識別碼(PIN) ,儲存於主電腦; i i)主電腦產生一虛擬隨機安全字串碼,並且傳送該虛擬隨 機安全字串碼至至少一台由客戶操作之電子裝置; i i i)當客戶與商家進行交易時,電子裝置自交易端接收一輸 入,包含PIN以及交易金額; 200306483 i v )藉由應用一預設之密碼演算法於虛擬隨機安全字串碼 、P IN以及交易金額上,電子裝置即可產生一回應碼; v )回應碼、交易金額及客戶帳號傳輸至主電腦; vi)主電腦使用客戶帳號來檢索PIN及虛擬隨機安全字串 碼,然後應用預設之密碼演算法於虛擬隨機字串碼、P IN 及交易金額,藉以產生一檢查碼; v i i)主電腦比較檢查碼與回應碼,如果兩者相符,則授權 該交易。 電子裝置產生之回應碼較佳係顯示在電子裝置之顯示器 上並且以口頭或其他方式傳輸至與客戶進行交易之商家。 另一種作法是,該回應碼可直接由客戶操作之電子裝置傳 輸至由商家操作之電子裝置(例如無線刷卡之Ε Ρ Ο S或 E F T P〇S終端機),並且可以使用任何方便取得之技術(例如 藍芽技術或是其他標準通訊技術,典型情況係使用調變之 電磁幅射信號)。當交易是透過商家之網站等進行時,回應 碼可以輸入至網站之一適當欄位以便傳輸至商家。 一般而言,商家而非客戶會將回應碼、交易金額及客戶 帳號等資料傳輸至主電腦以獲得授權,可能藉由無線刷卡 之Ε Ρ Ο S或E F T P 0 S終端機,或是藉由任何適當之電腦裝 置。 電子裝置最佳爲一行動電話、個人數位助理(P D A )、傳 呼器、或一類似之電子通訊裝置。虛擬隨機安全字串碼可 以由主電腦傳輸至該電子裝置,並透過簡訊服務(S M S )協 定,或是任何其他適合之通訊協定,包含語音訊息、電子 200306483 郵件或其他方式。 爲了利用本發明之系統及方法,首先,客戶會依通常方 式被指定及發給一信用卡或是轉帳卡。此卡片印刷一專屬 該客戶之帳號。然後該客戶向負責維護主電腦之認證中心 註冊,並且登錄卡號、客戶電子裝置之通訊地址(如客戶之 行動電話、或PDA號碼、電子郵件地址等等)以及一 PIN 。個人識別碼(PIN)可以由客戶自行選擇或是由主電腦指定 給客戶,但不會洩露於第三者。P IN —般爲十進位數目, 長度通常爲四碼,但也可以爲其他長度亦可爲一字母數字 混合之字串。客戶帳號、通訊地址及P IN彼此結合並儲存 在主電腦中。這些完成以後,主電腦即傳輸一虛擬隨機安 全字串到客戶之電子裝置,譬如依據短訊服務(S MS)協定 寄發虛擬隨機安全字串至客戶之行動電話。虛擬隨機安全 字串可以是η位數之隨機產生十進位數字,或是一字母數 字混合字串等等。 本發明之系統及方法可以使用在電子商務環境或使用在 一較爲傳統之購物環境中。 在一電子商務的環境中,客戶依通常方式自一商家網站 中選擇產品及/或服務項目。當網站的結帳網頁顯示時,客 戶輸入或以其他方式提供其卡號(客戶帳號),並且決定付 款總額。然後客戶輸入付款總額,連同其ΡIΝ,一倂輸入 電子裝置,接下來由預設之密碼演算法將這些輸入値與虛 擬隨機安全字串碼相雜湊,或由預設之密碼演算法將其與 虛擬隨機安全字串碼摘取之一次碼作雜湊,如此可產生回 -10- 200306483 應碼。於一特別之較佳實施例中,回應碼是三位數之十進 位數字,其格式相同於印刷在已知信用卡或轉帳卡背面之 現有c V V 2型態之數字碼。然而,回應碼可以是任意長度 ,並且可以是非十進位或是一字母數字混合之字串,視使 用之密碼演算法之特性而定。有許多種型態的適合演算法 皆可用來執行對於三個輸入資料之雜湊函數,並且產生一 適當之回應碼,並且對於熟習此項技藝之一般人士將會相 當淸楚,因此本申請說明書不把注意力用在這些演算法之 特定內容上面。但是藉由範例說明,標準之著名S H A - 1加 密雜湊[美國聯邦資訊處理標準公告1 8 0 - 1號]演算法可以 用來產生一 1 6 0位元値,其餘數則係除以1 0 0 0而決定。 如果電子裝置是一行動電話,加密演算法可以儲存在行 動電話之用戶識別卡(S I Μ )上面,或是儲存在另一分離之記 憶裝置上,並且形成行動電話之一部件。加密演算法最佳 係以SIM卡中之一 applet程式加以執行,並以行動電話接 收之虛擬隨機安全字串碼作爲一輸入,付款總金額作爲第 二輸入,而PIN作爲第三輸入。第二及第三輸入可依一般 方式透過行動電話上面所提供之小型鍵盤以人工輸入。以 下將淸楚了解,加密演算法可在任意適當之電子裝置上 (譬如個人數位助理PDA、傳呼機、個人電腦等)依相類似 方式執行,並使用標準之記憶體及處理裝置。 當演算法完成了回應碼之計算後,即可將其顯示在電子 裝置之一顯示器上面。客戶接著可將回應碼輸入於商家網 站之一適當之資料鍵入欄位(譬如目前調整用於鍵入標準 200306483 CVV2碼之資料欄位),然後適當操作使得客戶帳號、交易 金額及回應碼能依通常方式經由商家操作之網路伺服器而 傳輸至商家。其他安全資訊,如卡片到期日及客戶地址等 亦可予提供。 商家接下來可自發卡銀行依通常方式而獲得該筆交易之 授權,其作法是將客戶帳號、交易金額、回應碼及任何其 他安全資訊傳送至由發卡銀行操作之驗證伺服器。驗證伺 服器可由客戶帳號判斷該處理中之卡已註冊於構成本發明 一部之主電腦,並且可以連線該主電腦以傳遞客戶帳號、 交易金額及回應碼等資料。 主電腦於接收此等資訊後,即使用其中客戶帳號來檢索 最初發給客戶端電子裝置之虛擬隨機安全碼,同時並檢索 客戶之P IN,因爲此二資料係儲存於主電腦中。就此,主 電腦可輕易地執行與使用在電子裝置中相同之預設的加密 演算法,並對虛擬隨機安全字串碼、交易金額及客戶P IN 運算後得出檢查碼。主電腦接著比較檢查碼與接收之回應 碼,查對彼此是否相符,若是相符,則連繫發卡銀行之驗 證伺服器並通知該筆交易獲得授權。發卡銀行即可依通常 方式記入客戶卡之借方,並且記入商家帳之貸方。 如果檢查碼與回應碼不相符,則該筆交易未獲授權,因 而發卡銀行之驗證伺服器得拒絕該交易。針對一特定客戶 帳號,若有超過一預定數目(例如3 )之交易嘗試無法通過授 權程序,則該客戶帳號可由主電腦加以中止,並且發卡銀 行之驗證伺服器亦可中止該帳號,因爲連續的授權失敗顯 -12- 200306483 人使用,故不知道客 帳號要解除中止使用 :/或認證中心之間進 能是客戶獲發一新卡 則產生一新的虛擬隨 電子裝置,如同以往 不同之商家進行另外 字串碼對於每筆交易 極難利用任可截取之 機安全字串可作爲訊 他資訊,例如最近一 度等等。 其操作係依非常類似 透過電話交易。於此 之間的介面,而是面 物時,他會詢問商家 電子裝置,然後將計 傳遞客戶帳號及非強 窗家,通常係透過信 一電子讀卡機,譬如 。計算所得之回應碼 以電子方式直接傳輸 示該卡已被盜竊並且被一未經授權之 戶之PIN或虛擬隨機安全字串。客戶 狀態只有在客戶/持卡人、發卡機構万 一步連絡溝通後始有可能,其結果可 及一新帳號。 若交易是由主電腦授權,該主電腦 機安全字串碼,並將其傳輸至客戶之 作法。客戶則可依相同方式與相同或 的一筆交易。然而因爲虛擬隨機安全 而言皆互不相同,所以詐騙者或駭客 通訊以試圖入侵該系統。新的虛擬隨 息之一部分加以傳輸,尙包含含有其 次交易細節、帳戶餘額、賸餘信用額 本發明當使用在傳統交易模式時, 之方式,譬如當客戶在商店購物或是 模式,交易並非透過網站作爲與商家 對面或是透過電話完成。當客戶欲購 總交易金額,將此金額連同P IN鍵入 算得到的回應碼傳遞給商家。客戶亦 制要求之安全資料(如卡片到期日)給_ 用卡或轉帳卡遞交給商家,用於通過 無線刷卡之Ε Ρ Ο S或E F T P 0 S終端機 可以逐字遞給商家,或是從電子裝置 至Ε P 0 S或E F T P 0 S終端機等爲例◦商家接著使用Ε P 0 S或 200306483 E F Τ P 0 S終端機設備等來傳輸客戶帳號、交易金額及回應 碼至發卡銀行操作之驗證伺服器,並依通常方式進行,然 後驗證及授權程序如同往常進行。 即使商家無E P 0 S或E F Τ Ρ Ο S終端機,本發明之系統及 方法仍可便利方式實施。一般熟知者,卡片之授權可由商 家執行,其作法是以電話通知驗證中心,並且口頭傳送客 戶帳號及交易金額之細節。因此,商家很容易如通常般執 行作業,此外,商家還提供由客戶傳遞而來的回應碼。然 後有關授權及驗證工作如往常一般進行。 爲了說明本發明之若干項優點,此刻將硏究數個安全方 面的議題,同時參照現有之卡片驗證協定。 卡片磁條盜錄: 此種安全攻擊包含詐騙者取得信用卡(客戶帳號)號碼 (可能是駭客入侵商家網站或是拾取載有卡片之丟棄交易 收據)然後試圖完成一詐騙交易。此種安全攻擊在本發明中 之成功機會相當低,這是因爲詐騙者必須猜測一正確的回 應碼(譬如,成功猜測三位數十進位回應碼之機會爲1 : 1 〇 〇 〇) 。在一預設數目(譬如3 )之進行交易試圖失敗後,主電腦即 扣住該卡(可能會透過短訊服務之訊息或等等通知持卡人) ,並且通知發卡銀行。發卡銀行可接下來與持卡人進行對 話以開啓該卡。 中途相遇· 此種安全攻擊包含一詐騙者取得信用卡號及一正確回應 碼。譬如,詐騙者可能是餐廳中的侍者(或是一破壞的網站) 200306483 並且獲知客戶卡號及回應碼。該詐騙之侍者從事詐騙交易 之値恰與客戶授權之金額相等,但真正的交易卻無法成功 。此意謂該行騙侍者進行單一之物品詐欺交易,其總額恰 相等於餐廳用食之金額,但是該餐廳之交易將會失敗。此 種詐欺行爲易於被偵測出來(餐廳雇主將很快發現該筆移 失之金額),因此是一個不太可能的模式。 窺視: 此種安全攻擊包含一騙徒從背後窺視持卡人操作電子裝 置,並且看到客戶在電子裝置上的按鍵情形,由此而獲悉 客戶之P IN。爲了成功地進行一詐騙的交易,騙徒需要信 用卡號,並且需要實際擁有持卡人之電子裝置(譬如行動電 話)。這是一個實體的犯罪行爲,因爲詐騙之徒必需看到 P IN然後再偷走信用卡以及電子裝置。克服此種安全攻擊 之作法是改善PIN之安全,且/或敬告持卡人相關的安全問 題(譬如,持卡人絕不可將卡片與電子裝置放在一起,且絕 不可讓任何其他人看到鍵入中的PIN)。 回應碼計算: 此種安全攻擊包含歹徒取得信用卡號,然後計算出一正 確之回應碼。爲了計算一回應碼,歹徒必須同時知道P IN 以及目前的虛擬隨機安全字串碼。推斷P IN之作法有賴取 得數個回應碼,也許藉由顛覆目標持卡人經常造訪之網站 。然而,欲推斷P IN必須先知道安全字串(此字串實際上是 一次即丟棄之記事本,含有一整段之隨機號碼在一撕頁之 記事本中,對每一訊息而言,一散頁即被撕去,此種加密 200306483 技術是已知完全安全的)。爲了獲得安全字串碼,歹徒需攻 擊數位行動電話系統上面的加密作業,直接攻擊主電腦, 或是攻擊主電腦及相結合之行動網路業者短訊服務訊息中 心(S M C )兩者之間的鏈路。爲了發起一次成功的回應碼計 算安全攻擊,歹徒必須能攻擊一安全基礎設施,同時攔截 交易(於面對面或是電子商務的情境中)。因此,這種形式 之攻擊極不可能成功,或是另一方面其花費不貲。 本發明之實施例提供一種用來驗證信用卡及轉帳卡交易 之安全方法及其系統,具有一部或全部之下述優點: •無需新增商家或持卡人的基礎設備。如果商家係執行 C V V 2協定,則他行甚至不需知道客戶卡片是否已依照 本發明前後文之定義而登錄於一主電腦。由於無須使用 智慧卡,因此發卡成本可以降低。 •交易金額大小可被確保。意即商家無法進行未經授權之 交易或是增加隱性費用至一交易當中。 •持卡人會透過短訊服務訊息等而被自動告知每筆交易。 •持卡人需有行動電話或同等功能之電子裝置,但無需特 別的行動電話或裝置。持卡人之行動電話中之用戶識別 卡需灌入一 applet程式,並包含及執行預設之加密演算 法。某些行動電話業者可以經由空中以無線方式安裝適 當之applet程式到現有之用戶識別卡。本發明適用之 A p p 1 e t s可以相當簡化,因此無需使用識別卡中很大的 空間。 •行動電話之通訊涵蓋範圍無需及於銷售點。持卡人所需 -16- 200306483 要的是在各交易間能夠接收短訊服務訊息等資訊(因此 在各交易之間的時間內,持卡人必需涵蓋於行動通訊範 圍內內)。 •行動電話中之用戶識別卡無須儲存特定持卡人之PINs 、密鑰或認證。因此,建立持卡人之作業無須用戶識別 卡之程式規劃(除了確保上述之Applet程式已安裝於用 戶識別卡中),而且再發卡之程序(例如由於遺失或是拒 絕服務攻繫所造成)無須變更用戶識別卡。 依據之前已經討論過者,本發明之某些實施例要求每一 筆交易皆使用一新的虛擬隨機安全字串碼(事實上,該安全 字串爲僅用一次之記事本,如以前所定義)。虛擬隨機安全 字串碼可在每筆交易完成後,透過短訊服務訊息等方式傳 送。然而,在某些情況下,對持卡人而言,爲了進行下一 筆交易而必須等待一新的短訊服務訊息等是頗不方便的事 (譬如,持卡人可能位於一行動電話無法涵蓋之商店,然而 想要完成多筆交易)。爲處理此種情形,本發明之實施例可 加以修改以容許數筆交易。 其原理相當簡單:當客戶藉登錄於主電腦而啓動其卡片 時,主電腦即對電子裝置進行單次之傳輸(例如一短訊服務 訊息),包含一組長度爲m之虛擬隨機安全字串碼(其中m 爲一整數,例如1 2)。Applet程式對每一處理中之交易皆 會逐一接收字串並加處理。爲了告知電子裝置中之a p p 1 e t 程式移動目標至下一個安全字串,持卡人可能必須選擇標 示爲"確認’’之淸單項目(而非本發明之前述實施例,其中, -1 7- 200306483 該確認是在使用單一安全字串接收新的短訊服務訊息等資 訊時隱含地被選擇)。 當一預設之第η筆交易(η係小於最初傳輸至電子裝置之 安全字串總數m ;例如η可以是6)已由主電腦授權後,一 新訊息即由主電腦傳送至電子裝置,其內含有另一組安全 字串。此種作法使得持卡人能完全至多m次購物而不須接 收來自主電腦之任何傳輸訊息,這將相當有用,例如當持 卡人不在行動電話網路之涵蓋範圍內或類似情形時。在每 筆交易之後,一簡訊可由主電腦傳送至持卡人之電子裝置 ® ,其功能係作爲一確認以及小型帳單之用(包含商家、交易 額、目前餘額以及賸餘信用額度)。 使用這種作法可能發生一種情況,即當一第一商家無法 在銷售點處理一交易時,applet程式在電子裝置及主電腦 之中執行時可能會不按步驟,因而阻礙後續商家處理後續 交易。當然,該第一商家並無動機如此做,因爲交易後來 可能會無效(譬如,使用者可能交出不正確的回應碼)。雖 然如此,處理此種情況可在主電腦重置卡片(也許是在持卡 ® 人或商家通知認證中心之後)。主電腦接著可以寄出新的一 組安全字串以重新啓動程序。 當(或如果)第一商家確實處理該筆交易,則主電腦很有 可能具備能力判斷是否接受或拒絕交易。當重置啓動時, 可能有界於η及m個安全字串尙未使用(亦即尙未用來驗 證交易之字串)。主電腦具有這些安全字串之紀錄,且來自 於第一商家之交易可以追溯比對最先前之未使用安全字串以 -]8> 200306483 檢視是否相符。不符的情況有兩種可能:(1 )交易失敗(詐 騙的交易、或持卡人錯誤、或商家錯誤),或(i i)有一個以 上的交易尙未立即處理。在第(i i)情形下,主電腦可以試著 針對不同的安全字串處理交易。當然,交易也可以簡單地 加以拒絕,原因是商家未能遵守正確程序。 使用行動電話等裝置作爲EPOS或EFTPOS終端機採用 本發明會改變一交易中正在處理之資訊的安全狀態(譬如 僅知道卡號及回應碼不足以進行詐騙交易)。此意謂有關於 提供所要求之交易資訊(卡片或客戶帳號、回應碼、交易金 ® 額等)於主電腦可使用另外的方法。 一行動電話或個人數位助理(P D A )或此類裝置能提供一 良好工具,使得商家藉此進入及使用處理系統。交易可描 述在一短訊服務訊息等資訊中(依預先定義之格式),然後 傳送至依適當收單網路設置之電話號碼。接收該訊息之收 單網路擷取其中之交易資訊(由行動電話等裝置之來源電 話號碼判斷商家之身分),然後依正常方法處理該筆交易( 檢查信用額度,進入主電腦以存取相關資料等)。該筆交易 β 之接受或拒絕透過短訊服務訊息等方式回傳商家並至原始 之行動電話等。 此種方式爲商家提供一種加入卡片處理網路之低成本作 法,尤其對僅有少量投資資本之小型企業而言特別有助益 。這種方式也讓卡片在獲得固網基礎建設較困難之地區中 能加以處理(譬如在計程車中)。 200306483 (四)實施方式 於第1圖中,主電腦1 0是作爲一授權伺服器。當發卡銀 行將卡片發給客戶後,客戶首先必需向主電腦1 0登錄卡片 ,並提交詳細資料,包括客戶帳號(卡號)、PIN、行動電話 號碼等,以及任何其他有用的資料,例如客戶名稱及地址 。一旦完成後,主電腦1 0即產生至少一虛擬隨機安全字串 碼,並且經由步驟1將其傳輸至客戶操作之行動通信裝置 1 1,該裝置1 1可以是一行動電話、個人數位助理(p D A)、 傳呼機等。傳輸步驟1可藉由短訊服務訊息、電子郵件等 方式。主電腦1 〇將該至少一虛擬隨機安全字串碼在其記憶 體當中結合客戶帳號以及PIN。 當客戶欲和商家1 3進行交易時,客戶藉小型鍵盤等裝置 將交易金額及P IN輸入於行動通信裝置1 1。裝置1 1中提 供之SIM卡等識別卡上面執行之applet程式係規劃爲單方 向之加密雜湊演算法12。Applet程式輸入由使用者鍵入之 交易金額及P IN,連同由步驟2供給之虛擬隨機安全字串 碼,將其雜湊處理之後,產生三位數之回應碼,並經由步 驟3將其傳送給商家1 3。回應碼可以回頭地以面對面或電 話交易方式傳給商家1 3,或是透過商家網站執行電子商務 交易之方式。 同時,商家1 3取得客戶帳號及交易金額,可能是透過 Ε Ρ Ο S或E F Τ Ρ Ο S終端機之刷卡方式,或是任何其他適當方 式,然後將此資訊連同回應碼傳至卡片收單網路伺服器 (C A N S ) 1 4,並依步驟4之已知方式完成。商家1 3亦透過 -20- 200306483 步驟4傳輸商家身分資訊至C A N S 1 4,因而使C A N S 1 4能 夠結合該筆交易與商家1 3以及客戶(藉由客戶帳號)。 卡片收單網路伺服器(CANS)14接著傳送客戶帳號、交易 金額及回應碼等,依已知方式透過步驟5到達主電腦1 0。 然後主電腦10使用接收自CANS 14之客戶帳號來檢索其 記憶體中之客戶PIN及虛擬隨機安全字串碼(最初係於步 驟1時傳輸至行動通信裝置1 1 ),然後將虛擬隨機安全字 串碼、客戶P IN及交易金額輸入於單向加密雜湊演算法1 2 ,該演算法與行動通信裝置1 1中之applet程式所執行之 演算法相同,除了此時該演算法係在主電腦1 0之中執行。 該演算法輸出之三位數檢查碼於該交易爲有效的情形下將 會符合所供給之回應碼,因爲在主電腦1 〇中執行之演算法 1 2所運算之輸入與行動裝置1 1中之ap p 1 e t程式所執行之 演算法1 2相同。因此,若主電腦1 0發現所供給之回應碼 與所計算之檢查碼彼此相符,則交易獲得授權,且一授權 信號即自主電腦1 〇經由步驟6傳送至C AN S 1 4。 另一方面,若計算結果之檢查碼與供給之回應碼不相符 ,則交易將由主電腦1 〇加以拒絕,且一拒絕信號經由步驟 6傳送至CANS 14。 若卡片收單網路伺服器(CANS) 14收到來自於主電腦10 之一授權信號,則客戶卡號帳戶內依通常方式將交易金額 記入其借方,記入借方之交易金額連結商家1 3之身分。此 外,C AN S 1 4將交易金額依正常記入商家帳戶內之貸方。 C A N S 1 4亦傳送一授權信號經由步驟7到達商家1 3,且商 200306483 家繼而透過步驟8通知客戶該筆交易已獲授權。 同時,一旦主1 〇已經授權該交易,即傳輸一新虛擬隨機 安全字串碼由步驟1到達客戶之行動通信裝置1 1,連同選 擇性之資訊,其係用以確認交易之授權、交易金額以及卡 片帳戶餘額。 若交易未獲授權,其係因爲回應碼及計算所得檢查碼經 主電腦1 〇判定爲不相符,則c AN S 1 4傳送一拒絕信號經 由步驟7到達商家1 3,並且不會記入客戶卡號帳戶之借方 或是記入商家帳戶之貸方。收到該拒絕信號後,商家1 3 即可回絕該筆交易,或是向客戶要求進一步之回應碼。如 果客戶提供三個連續的回應碼皆無法與主電腦1 0所計算 之檢查碼相符合,則主電腦1 〇可扣住客戶之帳戶,並且發 出此一動作之信號給C AN S 1 4,因此能防止該卡片被繼續 使用,直到客戶與操作主電腦1 〇之認證中心連絡。其可能 的情形爲客戶的卡片被盜取,或是被不知P IN或虛擬隨機 安全字串之第三者冒用,故可能需要發出一新卡。 爲了進一步說明本發明實施例之優點,以下將敘述一典 型的過程。 A 1 i c e決定他想要得到一張卡,並使用於本發明。他這樣 做有二個理由,首先,他想確信他可以在網路上安全購物 (他曾閱讀報導指出駭客能輕易地侵入網路,並且盜取信用 卡號、姓名、地址、電話號碼等)。第二,他想要一張卡, 但沒有其他人會給他:A 1 i c e目前1 5歲,還太年輕以致無 法獲得一張信用卡。但是因爲依本發明而受保護之卡片能 -22- 200306483 保護商家1 3及持卡人避免對方可能的錯誤行爲,所以有數 家銀行已準備發行預付保護卡給青少年。 當他在學校時,A 1 i c e進入他的銀行網站(使用他的網路 銀行帳號),並且請求獲寄卡片一張。他也將行動電話號碼 告知該銀行(以及他的行動業者一倂告知銀行),然後選擇 一個人密碼P IN。他勾選在卡片上要有一特別相片,並且 由他的個人電腦上載一數位相片(他的卡片將不會印成浮 凸,這是因爲卡片將不會刷卡在複寫紙上。 銀行開始處理卡片之請求。銀行檢查行動業者已使用 SIMs且其中已規劃適當的applet程式配合本發明之使用 。銀行接著製作A 1 i c e專屬卡片,然後傳輸卡號,A 1 i c e之 個人密碼PIN,以及他的行動電話號碼至獨立認證中心操 作之主電腦1 〇 (主電腦1 〇無需任何其他資訊)。 數天以後,A 1 i c e的卡片寄達郵局。A 1 i c e前往他的網路 銀行帳戶,並告知銀行卡片已到達。他也轉帳1 5 0鎊到卡 片。數秒鐘之後,他由電話1 1上面的文字訊息獲悉(步驟 1 )他的卡片可以開始使用(該訊息亦包含1 2個安全字串, 但是他並不須要知道)。 A 1 i c e上網購物,打算爲他的母親買一個生日禮物。他瀏 攬網站1 3,有關於銷售園藝設備的網站,並且找到一件理 想的禮物:一件鍍金的澆花罐,費用含郵寄共5 0鎊。他來 到結帳網頁並且拿出卡片準備付款,該網站要求輸入卡片 背面的最後三碼數字。在他的卡片上,最後的三碼數字標 示爲’ * * * ’。他仔細瞧並且注意到卡片包含Μ吏用有關* 〃之 -23- 200306483 回應碼〃等字。他回憶寄給他的卡片附有資訊小手冊,其中 也有相關的文字。他取出行動電話π,並且由表單之中選 擇’卡片付款八這將啓動applet程式),輸入(步驟2)他的個 人密碼P I N,並且按下’0 t鍵。然後他接著鍵入(步驟2 )交 易金額5 0並且按下1 Ο K ’。行動電話1 1的用戶識別卡(S I Μ c a ι· d )內之a ρ ρ 1 e t程式即運用演算法1 2於Ρ I Ν、交易金額 以及安全字串(由步驟2所提供),藉以產生三位數字之回 應碼,接下來行動電話會顯示”回應碼:1 3 2 "。他輸入Μ 3 2 f (步驟3 )於網站1 3內要求該三位數字碼欄框中,網站1 3 接著顯示’訂單處理中…|。 網路商家的伺服器將交易細節資料(卡號、金額、A 1 i c e 的地址、以及視爲C V V 2碼之三位數字碼)移至卡片處理電 腦(網路商家使用服務公司來處理卡片交易)。電腦接著查 看卡片並且連繫(步驟4)適當的卡片收單網路伺服器(CANS) 1 4,同時移交相同之交易細節資料。 C AN S 1 4檢查發現卡片中有足夠金額支付該筆交易款。 此一檢查即通過(卡片帳戶內含1 5 0鎊,而本項交易額爲 5 0鎊)。C AN S 1 4隨即通知(步驟5 )主電腦1 0相關的卡號 、金額、以及三位數字回應碼。主電腦1 0使用該卡號以檢 視A 1 i c e的個人密碼Ρ I N以及主電腦發給A 1 i c e的行動電 話1 1的安全字串。主電腦執行加密雜湊演算法1 2,並且 與A 1 i c e的行動電話1 1中S I Μ卡內的a ρ ρ 1 e t程式所執行 之演算法相同(使用其所檢視之安全字串與個人密碼P IN ,加上由CAN伺服器1 4所遞送之交易金額)。主電腦1 0 200306483 根據A 1 i c e自其行動電話之顯示器讀出之回應碼:1 3 算出相對應之檢查碼。該計算出來的檢查碼與C A N 器1 4移給主電腦1 0之回應碼相符,因此該筆交易視 效並予授權。 主電腦10告知(步驟6) CANS 14有關安全檢查已通 訊息,並且產生一新的安全字串。CANS 14告知主電 有關商家1 3之身分以及A 1 i c e卡片中的餘額。主電月g 取得此一訊息,並且將其以文字訊息傳送(步驟1 )至 的行動電話1 1,連同一新的安全字串。C A N S 1 4告知 處理電腦該筆交易已完成淸算,卡片處理電腦將此一 通知網路商家伺服器]3。網路伺服器1 3通知A 1 i c e該 款已經收到。數秒鐘之後,A 1 i c e在他的行動電話1 1 收到來自於主電腦1 〇的文字訊息(步驟1 ),該文字訊 示爲’禮物5 0鎊、餘額1 0 0鎊·。 A1 i c e前往城裏繼續更多的購物。在他最喜愛的書g 他發現無法由他的行動電話1 1連絡朋友,因爲沒有ί (他覺得很奇怪,因爲店面外面是在通訊的涵蓋範圍Ρ 他不知道這家書店是鋼樑建築,且其中爲鋼筋混凝土 此阻止行動電話的信號)。不過他還是找到了想要的書 準備付款。在結帳櫃台,店員靠訴他總價款爲2 0 . 5 5 他將卡片遞給店員,並且取出行動電話Π。他由表單 擇’卡片付款1如此將啓動applet程式),然後鍵入(步 個人密碼PIN再按壓’OK1。然後他輸入(步驟2)交易ί 2 〇 . 5 5並按’ Ο Κ ’。A ρ ρ 1 e t程式即取出一組1 2個原始提 2,計 伺服 爲有 過的 腦1〇 i 10 Alice '卡片 訊息 筆付 上面 息顯 ί裏。 5號 ],但 ,因 籍並 鎊。 中選 驟2) έ額 供之 -25- 200306483 安全字串中之一作爲一第三輸入,並且依據演算法1 2計算 回應碼。行動電話1 1顯示1回應碼:4 5 1 ’。 同時,店員將A 1 i c e的卡片在E P 0 S機器1 3上面刷卡。 機器1 3讀取卡號並且通知(步驟4 ) A 1 i c e的銀行使用的卡 片收單網路伺服器(C A N S ) 1 4。電話另一端的C A N S 1 4要求 Ε Ρ Ο S機器1 3讀取交易金額。店員鍵入金額2 0 . 5 5,然後 CANS伺服器1 4要求回應碼。店員於是向Alice詢問回應 碼,而A 1 i c e回答店員π 4 5 1 ’’。於是店員輸入該回應碼於 EPOS機器13,此一回應碼傳遞至CANS 14(步驟4)。 CANS 14檢查結果在卡片上有足夠金額支付該筆交易, 然後通知(步驟5)主電腦1 0有關卡號、金額及回應碼。主 電腦1 〇計算出來的檢查碼應與A 1 i c e由其行動電話之顯示 所讀出之回應碼相符,即4 5 1。計算所得到的檢查碼以及 回應碼由C AN 伺服器1 4送至主電腦1 0,並且確定爲相 符,因此該筆交易爲有效。主電腦通知(步驟6 ) C A N S 1 4 有關於安全檢查已完成,同時產生一新的安全字串。C A N S 1 4則通知主電腦1 0有關A 1 i c e卡片中的餘額以及商家的識 別身分。主電腦1 〇取得此資訊並將其以文字訊息傳送(步 驟1 )至A 1 i c e的行動電話1 1,並連同一新的安全字串。 CANS 14告知(步驟7)EP0S機器13該筆交易已完成淸 算。EPOS機器13於是顯示一 ’0K’訊息讓店員知道該筆交 易已完成淸算。然後店員將卡片以及一袋書籍交予A 1 i c e 。A 1 i c e離開書店時,雨下得很大。她決定搭計程車回家, 並且穿越街道,正當他到達街道另一頭時,他在行動電話 -26- 200306483 1 1上面獲得一文字訊息(步驟1 )。該訊息爲’ A c m e書籍 2 0 . 5 5鎊、餘額7 9 4 5 ’。他沒有看到的是此一訊息亦加一新 的安全字串至其行動電話1 1,因此已準備好他下一次使用 卡片。 當他到家時,計程車司機告訴他車資爲2 2 . 5 0鎊,他回 覆司機願付小費共計2 5鎊,他將卡片遞給司機,並且在行 動電話1 1上面的選單選擇’卡片付款’,輸入(步驟2 )他的 個人密碼PIN並且按下’OK1。然後他鍵入(步驟2 ) 2 5 .0 0並 且按下’OK’。行動電話1 1運用演算法1 2於PIN、交易金 額以及一安全字串碼,然後顯示,回應碼:7 2 2 ’。同時,計 程車司機已經開始將一新的文字訊息寫入其行動電話1 3 。他鍵入A 1 i c e的卡號以及交易金額2 5 . 0 0。然後他要求 A 1 i c e提供回應碼,而A 1 i c e回覆” 7 2 2 ”(步驟3 )。他將7 2 2 寫入訊息之中並將其傳送(步驟4 )至C A N S 1 4行動號碼(儲 存於行動電話1 3之地址簿中)。 CANS 1 4收到此一訊息,同時查看發送端之電話號碼, 並且得知該電話號碼係登記爲該計程車司機所有(該司機 爲一人公司)。C A N S 1 4確認A 1 i c e的卡片帳戶內有足夠金 額支付該筆交易(帳戶內有7 9 · 4 5鎊,而交易金額爲2 5鎊) 。然後C AN S 1 4連線至主電腦1 0,並且傳遞(步驟5 )卡號 、交易額(25鎊)以及回應碼(722)。主電腦10檢查該回應 碼,將其與獨立計算之檢查碼比較之後確認回應碼有效, 並且向CANS 1 4顯示一成功訊號(步驟6)。CAN 伺服器 1 4則送出(步驟7 ) —短訊服務訊息至計程車司機的行動電 -27- 200306483 話1 3,指出該筆交易已經成功,同時告知主電腦1 0有關 於商家之身分識別以及新的卡片帳戶餘額(5 4.4 5鎊)。 計程車司機收到(步驟7 )來自C A N S 1 4之一文字訊息, 內容爲’交易已獲授權^。他告訴A 1 i c e有關付款已完成(步 驟8 ),然後A 1 i c e下車。數秒鐘之後A I i c e在行動電話1 1 上面獲得一文字訊息(步驟1 ),內容爲4 〇 h η的計程車資2 5 鎊,餘額5 4.4 5鎊’。A 1 i c e隨後進入家裡。 第二天當A 1 i c e去城裡時發現他的卡片遺失了。計程車 司機一定是忘了將卡片還給他。A 1 i c e打電話通知銀行,銀 ® 行告訴他沒問題,並且會立刻寄送另一張卡片到他家。第 二天,一張新的卡片抵達郵局。銀行不必傷腦筋更換卡號 或是爲Alice製造新的PIN密碼,因爲銀行知道歹徒不可 能使用舊卡付款。A 1 i c e也很高興,因爲他也不想變更卡片 的各項細節,或是去記住一個新的PIN密碼。當然銀行也 高興,因爲除了印刷另一張原卡的複製卡並且郵寄以外, 他們不必做任何事情。 因此,本發明之各實施例是針對現有的C V V 2協定之一 ® 項主要的改良。他們爲各方提供了防止詐欺的保護。譬如 ,持卡人獲得保護以防範不正的商家(或其員工),而商家 也獲得保護以防卡片失竊或意圖詐欺的持卡人。 除了消除卡片詐欺情事(有利於發卡銀行及商家)外,本 發明之實施例也爲持卡人提供了直接的利益,亦即更換遺 失或遭竊的卡片相當簡單而不繁瑣,並且不必要仔細地察 看卡片之對帳單。 -28- 200306483 本發明之實施例的安全特性爲基礎建設領域中進一步發 展開啓了多種的可行性。舉例而言,使用行動電話作爲引 進商家設備之一低成本及簡易方式正意謂著卡片的使用可 以延伸至今天尙不可行之區域(反諷的是,許多開發中的國 家具備十分優良的無線通訊基礎建設,但是固網基礎建設 仍不足)。此一方式甚至使得一般人士亦能利用卡片帳戶來 付款(特別有用在支付高價位物品上面,例如二手汽車或是 電腦設備)。 本發明之實施例之一項最重要優點在於獲得這些利益無 ® 須重大的基礎建設投資,因而提供了 一次絕佳的機會來減 少詐騙事件,同時在個人理財業務上開啓了新的市場機會。 本發明之最佳特性適用於本發明之所有特色上面,並且 可依任何可能之組合方式加以運用。 在本發明之各項敘述及申請專利範圍中,” C 〇 m p 1· i s e (包 括)”及” Contain (包含)”以及這些字的各種詞類變化,譬如 ’’ C 〇 m p r i s i n g ’’及"C 〇 m p 1· i s e s π,皆指n包含但不限於’’,並且 非意圖(且不會)排除其他組成、完整個體、部分、各種附 ® 加或步驟。 (五)圖式簡單說明 爲了更加瞭解本發明,並說明本發明如何有效實施,將 參照附圖並藉實例加以敘述,其中: 第1圖係針對本發明之一實施例之基本架構的示意圖。 主要部分之代表符號說明 10 主電腦 -29- 200306483 11 行動通信裝置 12 單向雜湊演算法 1 3 商家 14 (CANS)卡片收單網路伺服器200306483 发明 Description of the invention (The description of the invention should state: the technical field to which the invention belongs, the prior art, the content, the embodiments, and the drawings) (1) the technical field to which the invention belongs A secure and systematic approach to debit card transactions, etc. (II) Prior art Credit card and debit card fraud (hereinafter referred to as transaction card disadvantages) is a serious problem, especially online (e-commerce) transactions. The bank interface responded to this problem with a short-term solution until more sophisticated measures were developed. This short-term solution is called c V V 2 and is a relatively simple approach. The CVV 2 code is a three-digit decimal number, which is usually printed on the back of the credit or debit card by the card-issuing bank, separated from the card number (PAN or payer account number), and does not appear on the magnetic strip or embedded chip The card is electronically coded (this helps to prevent the illegal recording of CVV 2 yards). The C V V 2 code is printed on the card and cannot be read by the magnetic stripe. The confirmation of the transaction is to obtain the card number from the online source, and then check whether the C V V 2 code provided is correct. When conducting a non-cardholder transaction (such as online or telephone transactions), the merchant will require the cardholder's C V V 2 code, as well as the payer account number, card expiration date, and delivery address. Then, the merchant made an online check to confirm the CVV2 code and the received cardholder delivery address, and the card details held by the issuing bank and related to the received payer account number corresponded to each other. Therefore, an illegal person who intends to conduct a fraudulent transaction must obtain the payer account number, cardholder address, card expiration date, and CV V 2 code. Therefore, this C V V 2 method assumes that the fraudster cannot know in advance how to steal 200306483 to obtain this information. The problem with the c V V 2 method is that it is relatively easy to fail, because many techniques for stealing card numbers can be easily extended to steal C V V 2 codes and cardholder addresses. In the best case, C V V 2 is only one temporary measure to mitigate fraud growth. The infrastructure required to support the C V V 2 approach is installed and operational. Therefore, the merchant's equipment (such as wireless card swipe Ε Ρ Ο S and EF Τ Ρ Ο S terminals, etc.) and computer (IT) systems have been designed and modified to require a three-digit decimal number as an additional security measure . The embodiments of the present invention are suitable for utilizing such an existing infrastructure to provide an anti-fraud security level that is even higher than that of a new smart card-based approach. An improved method and system for confirming the identity of a credit or debit card holder, for example, has been disclosed in British Patent No. 0021964, which has been filed concurrently by the applicant. 2 International patent application number PCT / GB01 / 04024 and U.S. patent application numbers 0 9/6 6 3, 2 8 1 and 0 9/9 1 5, 2 71. Such a method and system include transmitting a virtual random security string code to a device such as a mobile phone of a relevant person before a card transaction. The person adds a masking code and applies it in the form of a personal identification number (PIN) to the virtual random string ® in a predetermined manner, thereby generating a volatile one-time transaction identification code, which is then transmitted to the merchant and then sent Go to the authentication server, where the identification code is checked for consistency with an independently calculated volatile primary identification code, so the purpose of identifying the identity of the cardholder is achieved. (C) Summary of the Invention According to a first feature of the present invention, a method for authorizing secure transactions between a customer and a merchant is provided. This method includes the following steps: 200306483 i) Store customer information in a host computer, including the customer Account number and associated personal identification number (PIN); ii) generating a virtual random security string code in the host computer; iii) the host computer transmitting the virtual random security string code to at least one remote operated by the customer Electronic device; iv) when a customer conducts a transaction with a merchant, enter the personal identification number and transaction amount into the electronic device; v) by using a predetermined password algorithm in a virtual random security string code, personal identification number and transaction amount, Generate a response code in the electronic device; vi) send the response code, transaction amount, and customer account to the host computer; vi i) use the customer account to retrieve the PIN code and virtual random security string code in the host computer, and then use A predetermined password algorithm to a virtual random security string code, a P IN code, and a transaction amount, thereby generating a check code; viii) in the host computer, Compare the check code and response code, and if they match, authorize the transaction. According to a second feature of the present invention, a secure transaction system for authorizing transactions between customers and merchants is provided. The system includes a host computer and at least one electronic device operated by the customer, wherein: i) customer information, Contains the customer account number and a related personal identification number (PIN), stored on the host computer; ii) the host computer generates a virtual random security string code, and sends the virtual random security string code to at least one operated by the customer Electronic device; iii) when the customer conducts a transaction with the merchant, the electronic device receives an input from the transaction terminal, including the PIN and the transaction amount; 200306483 iv) by applying a preset password algorithm to the virtual random security string code, P In the IN and transaction amount, the electronic device can generate a response code; v) the response code, transaction amount, and customer account number are transmitted to the host computer; vi) the host computer uses the customer account number to retrieve the PIN and virtual random security string code, and then apply The preset password algorithm is based on the virtual random string code, P IN and transaction amount to generate a check code; vii) comparison by the host computer Check code and response code, if they coincide, authorize the transaction. The response code generated by the electronic device is preferably displayed on the display of the electronic device and transmitted orally or otherwise to the merchant who conducts transactions with the customer. Another method is that the response code can be directly transmitted from the electronic device operated by the customer to the electronic device operated by the merchant (such as the wireless card swipe ΕΡ Ο S or EFTP〇S terminal), and can use any convenient technology ( For example, Bluetooth technology or other standard communication technologies, typically using modulated electromagnetic radiation signals). When the transaction is conducted through the merchant's website, etc., the response code can be entered into an appropriate field on the website for transmission to the merchant. Generally speaking, the merchant, not the customer, will transmit the response code, transaction amount, and customer account number to the host computer for authorization, which may be through the ΕΡ Ο S or EFTP 0 S terminal of the wireless card, or through any Appropriate computer equipment. The electronic device is preferably a mobile phone, a personal digital assistant (PDA), a pager, or a similar electronic communication device. The virtual random security string code can be transmitted from the host computer to the electronic device, and through the SMS service agreement, or any other suitable communication protocol, including voice messages, electronic 200306483 mail or other methods. In order to utilize the system and method of the present invention, first, a customer is assigned and issued a credit or debit card in the usual manner. This card is printed with a unique account number for that customer. The customer then registers with the certification center responsible for maintaining the host computer, and logs in the card number, the communication address of the customer's electronic device (such as the customer's mobile phone, or PDA number, email address, etc.) and a PIN. The personal identification number (PIN) can be selected by the customer or assigned to the customer by the host computer, but will not be disclosed to a third party. P IN — generally a decimal number, the length is usually four yards, but it can also be a string of other lengths or an alphanumeric mixture. The customer account number, mailing address and P IN are combined with each other and stored in the host computer. After this is completed, the host computer transmits a virtual random security string to the customer's electronic device, such as sending a virtual random security string to the customer's mobile phone according to the SMS service (SMS) protocol. The pseudo-random security string can be a randomly generated decimal number of n digits, or an alphanumeric mixed string, etc. The system and method of the present invention can be used in an e-commerce environment or in a more traditional shopping environment. In an e-commerce environment, customers select products and / or services from a merchant website in the usual manner. When the checkout page of the website is displayed, the customer enters or otherwise provides his card number (customer account number) and decides the total payment. The customer then enters the total amount of payment, along with their PIN, into the electronic device, and then these inputs are hashed with a virtual random security string code by a preset password algorithm, or they are combined with a preset password algorithm. The one-time code extracted from the virtual random security string code is hashed, so that a response code of -10- 200306483 can be generated. In a particularly preferred embodiment, the response code is a three-digit decimal number in the same format as the existing c V V 2 type digital code printed on the back of a known credit or debit card. However, the response code can be any length and can be a non-decimal or an alphanumeric string, depending on the characteristics of the cryptographic algorithm used. There are many types of suitable algorithms that can be used to perform a hash function for the three input data, and generate an appropriate response code, and it will be quite puzzling for the average person familiar with this technique, so this application description does not Focus on the specific content of these algorithms. But by way of example, the standard well-known SHA-1 cryptographic hash algorithm [United States Federal Information Processing Standards Bulletin No. 180-No. 1] algorithm can be used to generate a 160 bit 値, and the rest are divided by 1 0 0 0 and decided. If the electronic device is a mobile phone, the encryption algorithm can be stored on the subscriber identity card (SIM) of the mobile phone or on another separate memory device and form a part of the mobile phone. The best encryption algorithm is executed by an applet program in the SIM card, and the virtual random security string code received by the mobile phone is used as an input, the total payment amount is used as the second input, and the PIN is used as the third input. The second and third inputs can be entered manually through the small keyboard provided on the mobile phone in the usual manner. As will be understood below, the encryption algorithm can be executed in a similar manner on any appropriate electronic device (such as a personal digital assistant PDA, pager, personal computer, etc.) and uses standard memory and processing devices. After the algorithm has completed the calculation of the response code, it can be displayed on one of the displays of the electronic device. The customer can then enter the response code into one of the appropriate data entry fields on the merchant's website (such as the data field currently adjusted for entering the standard 200306483 CVV2 code), and then properly operate the customer account, transaction amount, and response code as usual The method is transmitted to the merchant through the web server operated by the merchant. Other security information such as card expiration date and customer address are also available. The merchant can then obtain authorization for the transaction from the card issuing bank in the usual way. The method is to send the customer account number, transaction amount, response code, and any other secure information to the verification server operated by the card issuing bank. The verification server can judge from the customer account that the card in process has been registered on the host computer constituting a part of the present invention, and can connect to the host computer to transfer information such as the customer account number, transaction amount, and response code. After receiving this information, the host computer uses the customer account to retrieve the virtual random security code originally sent to the client electronic device, and also retrieves the client's P IN, because these two data are stored in the host computer. In this regard, the host computer can easily execute the same preset encryption algorithm as used in the electronic device, and calculate the check code after calculating the virtual random security string code, transaction amount, and customer P IN. The host computer then compares the check code with the received response code to see if they match each other. If they match, they contact the verification server of the card-issuing bank and notify the transaction to obtain authorization. The card-issuing bank can then debit the customer card and credit the merchant's account in the usual way. If the check code does not match the response code, the transaction is not authorized and the verification server of the issuing bank may reject the transaction. For a specific customer account, if more than a predetermined number (for example, 3) of transaction attempts fail the authorization process, the customer account can be suspended by the host computer, and the verification server of the card issuing bank can also terminate the account, because continuous Authorization failure shows -12- 200306483 people use, so I do n’t know if the customer account should be canceled and suspended: / or if a new card is issued between the certification center and the customer, a new virtual accompanying electronic device is generated, just like a different merchant in the past It is extremely difficult for each transaction to make use of any interceptable machine-safe string for other transactions, such as the most recent one. The operation is very similar to trading over the phone. When the interface between them is face-to-face, he will ask the merchant's electronic device, and then pass the account to the customer's account number and the non-strong window owner, usually through an electronic card reader, such as. The calculated response code is directly transmitted electronically to indicate that the card has been stolen and has been PIN or a virtual random security string from an unauthorized user. The customer status is only possible after the customer / cardholder and card issuer have contacted each other, and the result can be a new account. If the transaction is authorized by the host computer, the host computer secures the string code and transmits it to the client. Customers can make a transaction with the same or in the same way. However, since virtual random security is different from each other, scammers or hackers communicate in an attempt to invade the system. Part of the new virtual interest-bearing is transmitted, including the following transaction details, account balances, and remaining credits. When the invention is used in a traditional transaction mode, such as when a customer is shopping in a store or the mode, the transaction is not through a website Complete as a face-to-face with the business or over the phone. When the customer wants to purchase the total transaction amount, this amount is passed to the merchant along with the calculated response code entered by P IN. The customer also prepares the required security information (such as the card expiration date) to _ use the card or debit card to deliver to the merchant, and the ΕΡ Ο S or EFTP 0 S terminal used for wireless card swiping can be handed to the merchant verbatim, or As an example, from an electronic device to an E 0 0 S or EFTP 0 S terminal. The merchant then uses E P 0 S or 200306483 EF T P 0 S terminal equipment to transmit the customer account number, transaction amount, and response code to the issuing bank. Authentication server and proceed as usual, then the authentication and authorization process proceeds as usual. Even if the merchant does not have an E P 0 S or E F T P 0 S terminal, the system and method of the present invention can still be implemented in a convenient manner. As is generally known, the authorization of the card can be implemented by the merchant. The practice is to notify the verification center by phone and send the details of the customer account number and transaction amount verbally. Therefore, it is easy for the merchant to perform the operation as usual, and in addition, the merchant also provides a response code passed by the customer. The relevant authorization and verification work then proceeded as usual. In order to illustrate several advantages of the present invention, several security aspects will be examined at this time, while referring to existing card verification protocols. Card magnetic stripping: This type of security attack involves a scammer obtaining a credit card (customer account number) number (may be a hacker hacking a merchant website or picking up a discarded transaction receipt containing a card) and then attempting to complete a fraudulent transaction. The chance of success of such a security attack in the present invention is quite low, because the scammer must guess a correct response code (for example, the chance of successfully guessing three tens of round response codes is 1: 1 100). After a predetermined number (such as 3) of failed transaction attempts, the host computer detains the card (which may notify the cardholder through a message from the SMS service or the like) and notifies the card-issuing bank. The issuing bank can then talk to the cardholder to open the card. Encounter halfway · This type of security attack involves a fraudster obtaining a credit card number and a correct response code. For example, the scammer may be a waiter in a restaurant (or a broken website) 200306483 and learned the customer card number and response code. The fraud waiter engaged in fraud transactions equal to the amount authorized by the client, but the real transaction failed. This means that the bank deceived the waiter into a single item fraud transaction, the total amount of which was equal to the amount of food consumed by the restaurant, but the restaurant transaction would fail. This type of fraud is easy to detect (restaurants will soon find the amount lost) and is therefore an unlikely model. Peep: This type of security attack involves a fraudster watching the cardholder's operation of the electronic device from behind, and seeing the customer's keys on the electronic device, thereby knowing the customer's P IN. In order to successfully conduct a fraudulent transaction, the scammer needs a credit card number and physically owns the cardholder's electronic device (such as a mobile phone). This is a physical crime because the scammer must see the P IN before stealing credit cards and electronic devices. Overcoming this type of security attack is to improve the security of the PIN and / or to warn cardholders of security issues (for example, the cardholder must never place the card with an electronic device and must not be visible to anyone else Typing PIN). Response code calculation: This type of security attack involves the gangster obtaining a credit card number and then calculating a correct response code. In order to calculate a response code, the gangster must know both P IN and the current virtual random security string code. It is inferred that the approach of P IN relies on obtaining several response codes, perhaps by subverting the websites that target cardholders often visit. However, to infer that P IN must first know the security string (this string is actually a notepad that is discarded once, and contains a whole random number in a torn notepad. For each message, a The loose pages are torn off, and this encryption 200306483 technique is known to be completely secure). In order to obtain a secure string code, the gangster must attack the encryption operation on the digital mobile phone system, directly attack the host computer, or between the host computer and the combined mobile network operator's Short Message Service Message Center (SMC). link. In order to launch a successful response code to calculate a security attack, the gangster must be able to attack a security infrastructure while intercepting transactions (in a face-to-face or e-commerce context). Therefore, this form of attack is highly unlikely to be successful, or on the other hand, it is costly. Embodiments of the present invention provide a security method and system for verifying credit and debit card transactions, which have some or all of the following advantages: • No need to add basic equipment for merchants or cardholders. If the merchant implements the CV V 2 agreement, the other bank does not even need to know whether the customer card has been registered on a host computer in accordance with the definitions in the context of the present invention. Since no smart card is required, the cost of issuing cards can be reduced. • The transaction amount can be guaranteed. This means that the merchant cannot conduct unauthorized transactions or add hidden fees to a transaction. • Cardholders will be automatically notified of each transaction via SMS service messages, etc. • Cardholders need a mobile phone or equivalent electronic device, but no special mobile phone or device is required. The user identification card in the cardholder's mobile phone needs to be filled with an applet program, and it contains and executes a preset encryption algorithm. Some mobile phone operators can wirelessly install the appropriate applet over the air to an existing subscriber identity card. A p p 1 e t s to which the present invention is applicable can be quite simplified, so that there is no need to use a large space in the identification card. • Mobile phone communication need not be at the point of sale. What the cardholder needs -16- 200306483 is to be able to receive information such as short message service messages between transactions (so the cardholder must be included in the mobile communication range during the time between transactions). • The user identification card in the mobile phone does not need to store PINs, keys or authentications of specific cardholders. Therefore, the cardholder's operation does not require the planning of the user identification card (except to ensure that the above Applet program is installed in the user identification card), and the process of reissuing the card (such as due to loss or denial of service) does not Change user identification card. According to what has been discussed before, certain embodiments of the present invention require a new virtual random security string code for each transaction (in fact, the security string is a notepad that is used only once, as previously defined) . The virtual random security string code can be transmitted by SMS and other methods after each transaction is completed. However, in some cases, it may be inconvenient for the cardholder to wait for a new SMS service message in order to make the next transaction (for example, the cardholder may be located on a mobile phone that cannot be covered Store, but want to complete multiple transactions). To handle this situation, embodiments of the invention can be modified to allow several transactions. The principle is quite simple: when a customer activates his card by logging in to the host computer, the host computer transmits the electronic device once (for example, a short message service message), including a set of virtual random security strings of length m Code (where m is an integer, such as 1 2). The applet program will receive and process the strings one by one for each transaction in progress. In order to inform the app 1 et program in the electronic device to move the target to the next secure string, the cardholder may have to choose a single item labeled " confirmed " (instead of the foregoing embodiment of the present invention, where -1 7- 200306483 This confirmation is implicitly selected when receiving information such as new SMS service messages using a single secure string). When a preset ηth transaction (η is less than the total number of security strings originally transmitted to the electronic device m; for example, η can be 6) has been authorized by the host computer, a new message is transmitted from the host computer to the electronic device, It contains another set of security strings. This approach allows the cardholder to make purchases up to m times without receiving any transmission from the host computer, which is quite useful, for example, when the cardholder is not covered by the mobile phone network or the like. After each transaction, a text message can be sent from the host computer to the cardholder's electronic device ®, which functions as a confirmation and small bill (including merchant, transaction amount, current balance, and remaining credit limit). Using this approach may happen that when a first merchant is unable to process a transaction at the point of sale, the applet program may fail to follow the steps when executed on the electronic device and the host computer, thereby preventing subsequent merchants from processing subsequent transactions. Of course, the first merchant has no incentive to do so, because the transaction may become invalid later (for example, the user may hand over an incorrect response code). Nonetheless, the situation can be handled by resetting the card on the host computer (perhaps after the cardholder or merchant notifies the certificate authority). The host computer can then send a new set of security strings to restart the process. When (or if) the first merchant does process the transaction, the host computer is likely to have the ability to determine whether to accept or reject the transaction. When the reset is activated, there may be bound η and m security strings 尙 unused (that is, 尙 strings not used to verify transactions). The host computer has a record of these security strings, and transactions from the first merchant can be retrospectively compared to the most recent unused security string with-] 8 > 200306483 to see if they match. There are two possible discrepancies: (1) transaction failure (fraudulent transaction, or cardholder error, or merchant error), or (i i) more than one transaction is not processed immediately. In case (i i), the host computer may try to process transactions for different secure strings. Of course, transactions can also be rejected simply because the merchant fails to follow the correct procedures. Using a device such as a mobile phone as an EPOS or EFTPOS terminal The present invention changes the security status of the information being processed in a transaction (for example, knowing only the card number and response code is not enough to conduct a fraudulent transaction). This means that there is another method for providing requested transaction information (card or customer account number, response code, transaction amount ® amount, etc.) on the host computer. A mobile phone or personal digital assistant (PDA) or such device can provide a good tool for businesses to access and use the processing system. The transaction can be described in a short message service message (in a pre-defined format) and then sent to a phone number set up with the appropriate acquiring network. The receiving network that receives the message retrieves the transaction information in it (from the source phone number of the mobile phone and other devices to determine the identity of the merchant), and then processes the transaction in the normal way (check the credit limit, enter the main computer to access the relevant Information, etc.). The acceptance or rejection of the transaction β is returned to the merchant through the SMS service message and the original mobile phone. This approach provides merchants with a low-cost way to join a card processing network, especially for small businesses with a small amount of investment capital. This approach also allows cards to be processed in areas where access to fixed network infrastructure is difficult (for example in taxis). 200306483 (IV) Embodiment In the first figure, the host computer 10 is used as an authorization server. When the card-issuing bank issues the card to the customer, the customer must first log in to the host computer 10 and submit detailed information, including the customer account number (card number), PIN, mobile phone number, etc., and any other useful information, such as the customer name And address. Once completed, the host computer 10 generates at least one virtual random security string code and transmits it to the mobile communication device 11 operated by the client through step 1. The device 11 can be a mobile phone, a personal digital assistant ( p DA), pager, etc. Transmission step 1 can be through SMS, email, etc. The host computer 10 combines the at least one virtual random security string code in its memory with the customer account number and the PIN. When the customer wants to conduct a transaction with the merchant 13, the customer inputs the transaction amount and P IN to the mobile communication device 11 by using a small keyboard or the like. The applet program executed on the identification card such as the SIM card provided in the device 11 is planned as a unidirectional encryption hash algorithm 12. The Applet program enters the transaction amount and P IN entered by the user, together with the virtual random security string code provided in step 2, after hashing it, generates a three-digit response code, and sends it to the merchant through step 3. 1 3. The response code can be passed back to the merchants in face-to-face or telephone transactions, or through e-commerce transactions through the merchant's website. At the same time, the merchants 1 3 may obtain the customer account number and transaction amount through the card swipe method of the Ε Ρ Ο S or EF Τ Ρ Ο S terminal, or any other appropriate method, and then send this information to the card with the response code Network server (CANS) 1 4 and complete in a known manner in step 4. Merchant 1 3 also transmits merchant identity information to C A N S 1 4 through -20- 200306483 Step 4, so that C A N S 1 4 can combine the transaction with merchant 13 and the customer (through the customer account). The card acquiring network server (CANS) 14 then sends the customer account number, transaction amount, and response code to the host computer 10 through step 5 in a known manner. The host computer 10 then uses the customer account received from CANS 14 to retrieve the customer PIN and virtual random security string code in its memory (originally transmitted to the mobile communication device 1 1 in step 1), and then transmits the virtual random security word The serial number, the client's P IN, and the transaction amount are entered in the one-way cryptographic hash algorithm 1 2, which is the same as the algorithm executed by the applet program in the mobile communication device 11 except that the algorithm is now on the host computer 10 out of 10. The three-digit check code output by the algorithm will comply with the provided response code if the transaction is valid, because the input calculated by the algorithm 1 2 executed on the host computer 10 and the mobile device 11 The ap p 1 et program performs the same algorithm 1 2. Therefore, if the host computer 10 finds that the provided response code and the calculated check code match each other, the transaction is authorized, and an authorization signal is transmitted from the autonomous computer 10 to the CAN 14 through step 6. On the other hand, if the check code of the calculation result does not match the response code of the supply, the transaction will be rejected by the host computer 10, and a rejection signal is transmitted to CANS 14 through step 6. If the card acquisition network server (CANS) 14 receives an authorization signal from the host computer 10, the customer's card number account will be charged to the debit in the usual way, and the debit's transaction amount will be linked to the identity of the merchant 13 . In addition, C AN S 1 4 credits the transaction amount normally to the merchant's account. C A N S 1 4 also sends an authorization signal to the merchant 13 through step 7, and the merchant 200306483 then informs the customer through step 8 that the transaction is authorized. At the same time, once the host 10 has authorized the transaction, a new virtual random security string code is transmitted from step 1 to the customer's mobile communication device 11 together with optional information, which is used to confirm the transaction authorization and transaction amount And card account balance. If the transaction is not authorized, it is because the response code and the calculated check code are determined to be inconsistent by the host computer 10, then c AN S 1 4 sends a rejection signal to the merchant 13 via step 7, and will not be credited to the customer card number The debit of the account or the credit to the merchant account. After receiving the rejection signal, the merchant 1 3 can reject the transaction or request a further response code from the customer. If the customer provides three consecutive response codes that cannot match the check code calculated by the host computer 10, the host computer 10 can hold the customer's account and send a signal to this action to C AN S 1 4 Therefore, the card can be prevented from being used continuously until the customer contacts the certification center operating the host computer 10. The possible situation is that the customer's card is stolen or fraudulently used by a third party who does not know P IN or the virtual random security string, so it may be necessary to issue a new card. To further illustrate the advantages of embodiments of the present invention, a typical process will be described below. A 1 i c e decides that he wants to get a card and use it in the present invention. He did this for two reasons. First, he wanted to make sure that he could shop safely on the Internet (he had read reports that hackers could easily break into the Internet and steal credit card numbers, names, addresses, phone numbers, etc.). Second, he wanted a card, but no one else would give him: A 1 i c e is currently 15 years old and too young to get a credit card. However, because the card protected according to the present invention can protect merchants 13 and cardholders from possible wrongdoing by each other, several banks have prepared to issue prepaid protection cards to young people. When he was at school, A 1 i c e entered his bank website (using his online bank account number) and requested to receive a card. He also informs the bank of the mobile phone number (and his banker informs the bank at once), and then selects a person's password P IN. He ticked a special photo on the card, and uploaded a digital photo from his personal computer (his card will not be embossed, because the card will not be swiped on carbon paper. Banks started processing cards. Request. The bank checks that the mobile operator has used SIMs and that an appropriate applet program has been planned for use with the present invention. The bank then creates an A 1 ice exclusive card and then transmits the card number, A 1 ice's personal password PIN, and his mobile phone number To the main computer 1 〇 operated by the independent certification center (the main computer 1 〇 does not require any other information). A few days later, A 1 ice's card arrived at the post office. A 1 ice went to his online bank account and informed the bank card Arrived. He also transferred £ 150 to the card. After a few seconds, he learned from the text message on the phone 11 (step 1) that his card was ready to use (the message also contained 12 secure strings, but he I do n’t need to know.) A 1 ice shopped online and was planning to buy a birthday gift for his mother. He visited the website 1 3 for sales of gardening equipment Website and found an ideal gift: a gold-plated watering can for a total of 50 pounds including mailing. He went to the checkout page and took out the card to prepare the payment. The website asked for the last three digits on the back of the card . On his card, the last three digits were marked as '* * *'. He looked closely and noticed that the card contained the words * used by 吏 Officials 〃 之 -23- 200306483 response code 〃 etc. He recalled it to him The card has an information brochure with relevant text in it. He takes out the mobile phone π and selects' card payment from the form. This will launch the applet program), enters (step 2) his personal password PIN, and presses Press the '0 t key. He then enters (step 2) the transaction amount 50 and presses 10K '. The a ρ ρ 1 et program in the subscriber identification card of the mobile phone 1 1 (SI M ca d · d) uses the algorithm 1 2 in PI N, the transaction amount, and the security string (provided in step 2), thereby Generate a three-digit response code, and then the mobile phone will display "Response code: 1 3 2 ". He enters M 3 2 f (step 3) and asks for the three-digit code in the website 13 box. The website 1 3 Then it displays' Order processing ... |. The server of the online merchant moves the transaction details (card number, amount, A 1 ice address, and three-digit code regarded as CVV 2 code) to the card processing computer ( Internet merchants use service companies to process card transactions.) The computer then looks at the card and contacts (step 4) the appropriate card-acquiring network server (CANS) 1 4 while transferring the same transaction details. C AN S 1 4 The check found that there was sufficient amount in the card to pay the transaction. This check was passed (the card account contains 150 pounds and the transaction amount is 50 pounds). C AN S 1 4 was notified immediately (step 5) Card number, amount, and three related to the host computer 10 Digital response code. The host computer 10 uses the card number to view A 1 ice's personal password PIN and the security string sent by the host computer to A 1 ice's mobile phone 1 1. The host computer executes the cryptographic hash algorithm 12 and The algorithm is the same as that performed by the a ρ ρ 1 et program in the SIM card in A 1 ice ’s mobile phone 1 1 (using the security string and personal password P IN viewed by it, plus the CAN server 1 4 The transaction amount delivered). The host computer 1 0 200306483 reads the response code from the display of its mobile phone according to A 1 ice: 1 3 Calculate the corresponding check code. The calculated check code is transferred to the CAN device 1 4 The response code of the host computer 10 matches, so the transaction is visually effective and authorized. The host computer 10 informs (step 6) that CANS 14 has communicated information about the security check and generates a new security string. CANS 14 informs the host Regarding the identity of the merchant 1 3 and the balance in the A 1 ice card. The main electronic month g obtains this message and sends it as a text message (step 1) to the mobile phone 1 1 with a new security string. CANS 1 4 notification processing The brain has completed the calculation of the transaction, the card processing computer will notify the online merchant server] 3. The network server 1 3 notifies A 1 ice that the payment has been received. After a few seconds, A 1 ice is in his The mobile phone 1 1 receives a text message from the host computer 10 (step 1). The text message is' Gift £ 50, balance £ 100. A1 i c e head to town to continue more shopping. In his favorite book, he found that he could not contact friends by his mobile phone 1 1 because there was no ί (he felt strange, because the store was outside the coverage area of the communication, he did n’t know that the book store was a steel beam building, And among them is the signal that reinforced concrete blocks mobile phones). However, he still found the book he wanted to pay. At the checkout counter, the clerk claimed that the total price was 20. 5 5 He passes the card to the clerk and takes out the mobile phone Π. He selects ‘Card Payment 1’ from the form, which will launch the applet program, and then enters (step personal password PIN and then press ‘OK1.’ Then he enters (step 2) transaction ί 2 〇. 5 5 and press 'Ο Κ'. A ρ ρ 1 e t program is to take out a group of 12 original picks 2 and calculate the servo for the previous brain 10 i 10 No. 5], but, because of nationality and pound. Winning step 2) -25- 200306483 One of the security strings is used as a third input, and the response code is calculated according to the algorithm 12. Mobile phone 1 1 displays 1 response code: 4 5 1 ′. At the same time, the clerk swipes the A 1 i c e card on the EP 0 S machine 1 3. The machine 1 3 reads the card number and notifies (step 4) the card acquisition network server (C A N S) 1 4 used by the bank of A 1 i c e. C A N S 1 4 on the other end of the phone asked ΕΡ Ο S machine 1 3 to read the transaction amount. The clerk types the amount 2 0. 5 5, then the CANS server 1 4 requests a response code. The clerk then asked Alice for the response code, and A 1 i c e answered the clerk π 4 5 1 ′ ′. The clerk then enters the response code into the EPOS machine 13 and the response code is passed to CANS 14 (step 4). The result of the CANS 14 check is that there is sufficient amount on the card to pay for the transaction, and then notify (step 5) the host computer 10 of the relevant card number, amount and response code. The check code calculated by the host computer 10 should match the response code read by A 1 i c e from the display of his mobile phone, ie 4 5 1. The calculated check code and response code are sent from the CAN server 14 to the host computer 10 and determined to be consistent, so the transaction is valid. The host computer notifies (step 6) C A N S 1 4 that the security check has been completed and a new security string is generated. C A N S 1 4 informs the host computer 10 about the balance in the A 1 i c e card and the identity of the merchant. The host computer 10 obtains this information and sends it as a text message (step 1) to the mobile phone 1 1 of A 1 i c e, and connects to the same new security string. CANS 14 informs (step 7) that the EP0S machine 13 has completed the transaction. The EPOS machine 13 then displays a '0K' message to let the store clerk know that the transaction has been calculated. The clerk then handed the card and a bag of books to A 1 i c e. When A 1 i c e left the bookstore, it rained heavily. She decides to take a taxi home and cross the street. Just as he reaches the other side of the street, he gets a text message on mobile phone -26- 200306483 1 1 (step 1). The message is ‘A c me book 2 0. 5 5 pounds, balance 7 9 4 5 ′. What he didn't see was that this message also added a new security string to his mobile phone 1 1, so he was ready to use the card next time. When he got home, the taxi driver told him that the fare was 2 2. £ 50, he replied that the driver was willing to tip 25 pounds in total, he handed the card to the driver, and selected 'Card Payment' in the menu on mobile phone 1 1 1, entered (step 2) his personal password PIN and pressed 'OK1. Then he typed (step 2) 2 5. 0 0 and press 'OK'. The mobile phone 11 uses the algorithm 1 2 on the PIN, the transaction amount, and a security string code, and then displays the response code: 7 2 2 ′. At the same time, taxi drivers have started writing a new text message into their mobile phones 1 3. He types in the card number of A 1 i c e and the transaction amount 2 5. 0 0. He then asked A 1 i c e to provide a response code, and A 1 i c e responded with "7 2 2" (step 3). He writes 7 2 2 into the message and sends it (step 4) to the C A N S 1 4 mobile number (stored in the address book of the mobile phone 13). CANS 1 4 received this message, and at the same time checked the sender's phone number, and learned that the phone number was registered with the taxi driver (the driver is a one-person company). C A N S 1 4 confirms that there is sufficient money in the card account of A 1 i c e to pay for the transaction (the account has £ 79.45 and the transaction amount is £ 25). C AN S 1 4 then connects to the host computer 10 and passes (step 5) the card number, transaction amount (25 pounds), and response code (722). The host computer 10 checks the response code, compares it with an independently calculated check code, confirms that the response code is valid, and displays a success signal to CANS 1 4 (step 6). CAN server 14 sends out (step 7) — SMS service message to the taxi driver ’s mobile phone -27- 200306483 words 1 3, pointing out that the transaction has been successful, and also inform the host computer 10 about the identity of the merchant and New card account balance (5 4. 45 pounds). The taxi driver receives (step 7) one of the text messages from CA N S 1 14 with the content that the transaction has been authorized ^. He tells A 1 i c e that the payment has been completed (step 8), and then A 1 i c e gets off. After a few seconds, A I i c e got a text message on mobile phone 1 1 (step 1) with a taxi fee of 40 h η at 25 pounds and a balance of 54. 45 pounds ’. A 1 i c e then enters the house. When A 1 i c e went to the city the next day, he found that his card was missing. The taxi driver must have forgotten to return the card to him. A 1 i c e called the bank to inform him that the Bank ® told him that there was no problem and he would immediately send another card to his home. The next day, a new card arrived at the post office. The bank doesn't have to worry about changing the card number or creating a new PIN for Alice, because the bank knows that the gangster cannot pay with the old card. A 1 i c e is also very happy, because he also does not want to change the details of the card or remember a new PIN code. Of course the banks are happy because they don't have to do anything other than print another copy of the original card and mail it. Therefore, the embodiments of the present invention are directed to one of the major improvements of the existing C V V 2 protocol. They provide protection to all parties against fraud. For example, cardholders are protected against unscrupulous merchants (or their employees), and merchants are protected against card theft or cardholder intent to defraud. In addition to eliminating card fraud (which is beneficial to card issuers and merchants), the embodiments of the present invention also provide cardholders with direct benefits, that is, replacing lost or stolen cards is relatively simple and tedious, and it is not necessary to be careful Look at the card statement. -28- 200306483 The security features of the embodiments of the present invention open up multiple possibilities for further development in the field of infrastructure. For example, the use of mobile phones as a low-cost and easy way to bring in merchant equipment means that the use of cards can be extended to areas that are not feasible today (ironically, many developing countries have very good wireless communications Infrastructure, but fixed network infrastructure is still insufficient). This method even allows ordinary people to use card accounts to pay (especially useful for paying high-value items, such as used cars or computer equipment). One of the most important advantages of the embodiments of the present invention is that obtaining these benefits does not require significant infrastructure investment, thus providing an excellent opportunity to reduce fraud and at the same time open up new market opportunities in personal financial services. The best features of the invention apply to all the features of the invention and can be applied in any possible combination. In the scope of each description and patent application of the present invention, "C 〇mp 1 · ise (included)" and "Contain (included)" and various parts of speech of these words, such as "C 〇mprising" and " C omp 1 · ises π, all mean that n includes but is not limited to '', and is not intended (and will not) exclude other components, complete individuals, parts, various additions or steps. (V) Brief Description of the Drawings In order to better understand the present invention and explain how the present invention is effectively implemented, it will be described with reference to the drawings and examples, where: FIG. 1 is a schematic diagram of the basic structure of an embodiment of the present invention. Description of the main symbols of the main part 10 Host computer -29- 200306483 11 Mobile communication device 12 One-way hashing algorithm 1 3 Merchant 14 (CANS) card acquiring network server