WO1998054943A2 - Universal electronic transaction system and method therefor - Google Patents

Universal electronic transaction system and method therefor Download PDF

Info

Publication number
WO1998054943A2
WO1998054943A2 PCT/EP1998/002995 EP9802995W WO9854943A2 WO 1998054943 A2 WO1998054943 A2 WO 1998054943A2 EP 9802995 W EP9802995 W EP 9802995W WO 9854943 A2 WO9854943 A2 WO 9854943A2
Authority
WO
WIPO (PCT)
Prior art keywords
code
transaction
user
receiver
signal
Prior art date
Application number
PCT/EP1998/002995
Other languages
French (fr)
Other versions
WO1998054943A8 (en
WO1998054943A3 (en
Inventor
Ho Keung Tse
Original Assignee
Ho Keung Tse
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB9709748A external-priority patent/GB2328310B/en
Application filed by Ho Keung Tse filed Critical Ho Keung Tse
Priority to CA002331339A priority Critical patent/CA2331339A1/en
Priority to JP2000620576A priority patent/JP2003517662A/en
Priority to EP98928306A priority patent/EP1147497A2/en
Priority to AU80196/98A priority patent/AU773789B2/en
Publication of WO1998054943A2 publication Critical patent/WO1998054943A2/en
Publication of WO1998054943A3 publication Critical patent/WO1998054943A3/en
Publication of WO1998054943A8 publication Critical patent/WO1998054943A8/en
Priority to HK02103518.5A priority patent/HK1041962A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system

Definitions

  • the present invention relates to electronic transaction systems, and particularly, to an electronic money transaction system with high portability and flexibility for enabling user to effect transactions of any kinds or for any purposes.
  • the IC credit card is regarded as a comparatively secure means for effecting transactions, and even so, it does have a problem as lacking the capability of providing reliable information of the transaction to be authorised, and as a consequent, there is no guarantee that a transaction being authorised is exactly the transaction being intended by its holder.
  • a terminal is necessary to be disposed in the service/product provider for interfacing the IC card and coupling it to a remote central computer responsible for authenticating the IC card, by establishing a communication link.
  • the communication link need not be a secure one as far as communication between the IC card and central computer is concerned because when an authentication process takes place, the central computer will generate and send a random number to the IC card through the communication link, and the IC card will encrypt the random number and return the encryption result back to the central computer through the communication link. If the encryption result is correct, the central computer will permit the transaction.
  • the communication link has to be secure to ensure the transaction information communicated to the central computer cannot be intercepted and modified.
  • the terminal also have to be a secure device in order to provide reliable transaction information, particularly, the transaction amount, to the cardholder by means of , for e.g., a display. These increase the cost of the system and also cause other problems ...
  • a IC card holder has to get into close vicinity of the terminal to monitor the transaction procedure handled by the cashier and desirably, should insert and remove the card into and from the terminal on his own.
  • an object of the present invention to provide an apparatus to a user, rather than to the services/products providers, for conveying to the user directly reliable information of a transaction to be authorised, and for enabling the user to authorise that transaction; and a method therefor.
  • an inexpensive, non-secure communication link such as any existing general purpose communication(s) network system e.g., telephone, internet computer or the like, without modification thereof for the security problems as mentioned above; and a method therefor.
  • a pager for receiving a paging signal representative of information of, for e.g., a transaction on a user account, to be authorised, and representative of a one time, non- predictable code for use by the user to authorise that transaction.
  • the user of the pager after checking the transaction information including transaction amount and payee's identity, being correct, sends or gives the one time, non-predictable code to the payee who will communicate the one time, non-predictable code to the bank for authorising the transaction.
  • a pager with an IC card receiving port therein for receiving an external conventional IC credit card.
  • the pager being for receiving a paging signal representative of information of a transaction to be authorised and representative of a random number.
  • the IC card being for transforming the random number according to an encryption algorithm specified to the user to a one time, non-predictable code which being for use by the user to authorise that transaction.
  • FIGJ is a block diagram of a present paging receiver according to a first embodiment.
  • FIG.2 is a flow chart of a method for a present authorisation process. Detailed description of the preferred embodiments
  • FIGJ there is shown a block diagram of a paging receiver 1, according to a first embodiment of the present invention, in which comprising :
  • an address comparator 25 for determining whether a signal received is assigned to paging receiver 1 and may comprise a plurality of addresses for reception of corresponding different kinds of signals ;
  • a CPU 21 for fetching a message following the call signal is determined to be assigned to the receiver 1 by address comparator 25 ;
  • a message memory 28 for storing received messages of signals assigned to paging receiver 1 ;
  • a cryptographic algorithm memory 27 containing cryptographic ajgorithm(s) for transforming at least a part of the E signals, of which details will be described herein below later ;
  • a speaker 33 and led 31 for providing sound and light signal respectively to a user for indicating a paging signal assigned to paging receiver 1 received .
  • the paging receiver 1 When in operation, the paging receiver 1 will receive any paging signals transmitted from a base station of the same pager based broadcast system.
  • a paging signal contains 4 fields, namely as, 1) address field for containing an address of the paging receiver assigned for receiving the signal ; 2) type field for indicating whether the signal is a E signal or not ; 3) information field for containing information to be displayed to user ; 4) signal number identity for indicating to the assigned paging receiver that, a signal which being broadcasted by the base station more than one time for ensuring it will be received by the assigned paging receiver, be the same signal, so that the assigned pager receiver will ignore the successively identical signals and will not alert the user unnecessarily.
  • the present paging receiver is for authorisation of transactions.
  • Fig.2 is a flow chart of a method for the authorisation process.
  • an internet computer receives the account number of a user.
  • the internet computer has a card reader therein for obtaining the user account number by, for instance, reading a magnetic card or a IC card or the like of the user, otherwise the user account number will have to be entered by hand with the aid of a keyboard.
  • the internet computer supplies the account number together with the transaction information, which may be entered into the computer with the aid of a keyboard by the payee/payer and which may include information such as identity of payee, transaction amount, purpose of payment, e.g., deposit or full payment for a particular product or service or the like, identity of product(s) and services concerned etc., to a central computer via a communication link which in this case, the internet.
  • the central computer in response thereto, generates a random number which being a random number and searches in a storage thereof the user identity corresponding to the user account number received and then supplies the user identity searched, the transaction information received together with the random number to the base station mentioned above.
  • the base station will then search in an address storage thereof an address of the paging receiver, corresponding to the user identity received, and generate a paging E signal, in a format as mentioned above and in which the information field contains the transaction information and the random number, and broadcast the signal.
  • the paging receiver 1 after receiving the signal, transforms the random number therein by using an algorithm which being specific to the user and stored in cryptographic algorithm memory 27, the result will be used as a one time, non- predictable code for authorising the transaction. Then, alerts the user and displays the transaction information and the code to the user. The user, after seeing that the transaction information being correct, enters the code read on display 34 into the keyboard of the internet computer which again sends it to the central computer.
  • the central computer in response thereto, searches in a cryptographic algorithm storage thereof a cryptographic algorithm corresponding to the user identity and transforms the random number it generated previously by using the cryptographic algorithm searched and compared the result with the a one time, non-predictable code received, and if the comparison result is favourable, the transaction is determined as authorised.
  • the cryptographic process in the paging receiver 1 and the central computer may be omitted to simplify the authorisation process and at the same time, it can still provide an acceptable degree of security. This is possible for the reason that although theoretically, the paging signal is receivable by anyone, other people can actually not be able to receive it unless they know the correct address of the paging receiver 1 because nowadays, thousands of similar signals may occur and be receivable at the same instant of time.
  • the paging receiver may includes a keypad thereon for receiving, by CPU 21, a password and without it CPU 21 will not perform the cryptographic process.
  • CPU 21 will perform the cryptographic process on the random numbers of E signals received within a predetermined period of time thereafter, or will perform the cryptographic process on the random numbers of any E signals until the total transaction amount of authorised transactions exceeds a predetermined value, so that the user need not to enter the password every time a transaction take place.
  • the E signal may be modified into 2 separated signals, 1) El signal which being similar to the E signal as mentioned above, except that it contains transaction information but no random number therein ; 2) the random number signal for containing the random number which being disguised as an ordinary telephone number.
  • the address comparator 25 may contains a specific address dedicated for receiving the random number signal. In the random number signal, there is no type field for indicating to CPU 21 that it being a part of a E signal or the type field therein will not indicates it as a E signal, instead, the address comparator 25 will interrupt CPU 21 in a specific manner when it detects a received signal having an address in the address field thereof match the specific address, that is, a random number signal, thereby informing CPU 21 of this fact.
  • a pager with an IC card receiving port therein for receiving an external conventional IC credit card. Similar to the first embodiment, the pager is also for receiving a paging E signal containing information of a transaction to be authorised on a user's bank account, or the like, and a random number, but in this case, the CPU 21 in the pager will not perform an cryptographic process on the random number, instead, it supplies it to the external IC card in the receiving port.
  • the IC card upon reception of the random number, will transform it according to an cryptographic algorithm therein, and the result will be used as a one time, non-predictable code, as mentioned above, and will be communicated to CPU 21 which will cause it, together with the transaction information received, to be displayed in display 34.
  • the transaction information may be communicated to an operator of the bank, who will be responsible for the data entry of the transaction information by means of a keyboard.
  • both the money payer and receiver to have a respective pager of their own for receiving the transaction information and a different one time, non-predictable code for use by them respectively to authorise the transaction, so as to prevent loss to any one of them should there are errors in data entry.
  • the transaction information may be encrypted by the central computer before transmitting to the pager. This can eliminate the possibility of the reception of E signal by the pager be interfered by an extremely strong disturbance signal and the pager be fooled by another fake E signal with the same random number therein but a false transaction information.

Abstract

A pager for receiving information of a transaction and information which bears a predetermined relationship to a one-time, non-predictable code; and for conveying the information and the code to its user. The user, after checking the transaction information being correct, sends the code to a control centre directly or through the payee.

Description

UNINERSAL ELECTRONIC TRANSACTION SYSTEM AND METHOD THEREFOR Field of the invention
The present invention relates to electronic transaction systems, and particularly, to an electronic money transaction system with high portability and flexibility for enabling user to effect transactions of any kinds or for any purposes.
Background of the invention
Nowadays, electronic money transaction systems are easily found in the services/products providers such as restaurants and shops for receiving payments. Among such conventional systems, the IC credit card is regarded as a comparatively secure means for effecting transactions, and even so, it does have a problem as lacking the capability of providing reliable information of the transaction to be authorised, and as a consequent, there is no guarantee that a transaction being authorised is exactly the transaction being intended by its holder.
In such a conventional system, a terminal is necessary to be disposed in the service/product provider for interfacing the IC card and coupling it to a remote central computer responsible for authenticating the IC card, by establishing a communication link. It should be noted that, the communication link need not be a secure one as far as communication between the IC card and central computer is concerned because when an authentication process takes place, the central computer will generate and send a random number to the IC card through the communication link, and the IC card will encrypt the random number and return the encryption result back to the central computer through the communication link. If the encryption result is correct, the central computer will permit the transaction. If a secure communication between the IC card and the central computer is to be used, this will only mean that the random number will be encrypted one more time, this should be unnecessary and even if it was necessary, it should be carried out by/inside the IC card instead. However, the communication link has to be secure to ensure the transaction information communicated to the central computer cannot be intercepted and modified. Further, the terminal also have to be a secure device in order to provide reliable transaction information, particularly, the transaction amount, to the cardholder by means of , for e.g., a display. These increase the cost of the system and also cause other problems ...
To ensure no card fraud by, for e.g., the cashier of a services/products provider or even the provider itself, a IC card holder has to get into close vicinity of the terminal to monitor the transaction procedure handled by the cashier and desirably, should insert and remove the card into and from the terminal on his own.
In situations where such a terminal does not exist, the IC card will become useless, or it may take the card holder walk a long way if the location of the terminal is remote from the location where the cardholder receives the service/product, this may happen in a shop or restaurant with thousands of sq. ft. in size.
It may also be necessary for a cardholder to get out of his car to make payment for car park fee or fuel intake.
Finally, an I.C. card cannot be used for purchasing in internet environment.
Objects of the present invention :
Accordingly, it is therefore an object of the present invention to provide an apparatus to a user, rather than to the services/products providers, for conveying to the user directly reliable information of a transaction to be authorised, and for enabling the user to authorise that transaction; and a method therefor.
It is therefore another object of the present invention to provide an apparatus to a user, rather than to the services/products providers, for enabling an electronic transaction to take place with the aid of an inexpensive, non-secure communication link such as any existing general purpose communication(s) network system e.g., telephone, internet computer or the like, without modification thereof for the security problems as mentioned above; and a method therefor.
It is therefore a further another object of the present invention to provide a universal electronic transaction system which being low cost, secure, not dedicated for any particular purpose; and a method therefor.
Brief description of the invention:
According to one embodiment of the present invention, there is provided a pager for receiving a paging signal representative of information of, for e.g., a transaction on a user account, to be authorised, and representative of a one time, non- predictable code for use by the user to authorise that transaction. The user of the pager, after checking the transaction information including transaction amount and payee's identity, being correct, sends or gives the one time, non-predictable code to the payee who will communicate the one time, non-predictable code to the bank for authorising the transaction.
According to another embodiment of the present invention, there is provided a pager with an IC card receiving port therein for receiving an external conventional IC credit card. The pager being for receiving a paging signal representative of information of a transaction to be authorised and representative of a random number. The IC card being for transforming the random number according to an encryption algorithm specified to the user to a one time, non-predictable code which being for use by the user to authorise that transaction.
Brief description of drawing
FIGJ is a block diagram of a present paging receiver according to a first embodiment.
FIG.2 is a flow chart of a method for a present authorisation process. Detailed description of the preferred embodiments
Referring to FigJ, there is shown a block diagram of a paging receiver 1, according to a first embodiment of the present invention, in which comprising :
1) a receiver circuit 23 for receiving paging signals, including signals representative of electronic money transaction information ( herein below referred as E signals ) ;
2) an address comparator 25 for determining whether a signal received is assigned to paging receiver 1 and may comprise a plurality of addresses for reception of corresponding different kinds of signals ;
3) a CPU 21 for fetching a message following the call signal is determined to be assigned to the receiver 1 by address comparator 25 ;
4) a message memory 28 for storing received messages of signals assigned to paging receiver 1 ;
5) a display 34 for displaying the message received ;
6) a cryptographic algorithm memory 27 containing cryptographic ajgorithm(s) for transforming at least a part of the E signals, of which details will be described herein below later ;
7) a speaker 33 and led 31 for providing sound and light signal respectively to a user for indicating a paging signal assigned to paging receiver 1 received .
When in operation, the paging receiver 1 will receive any paging signals transmitted from a base station of the same pager based broadcast system. Such a paging signal contains 4 fields, namely as, 1) address field for containing an address of the paging receiver assigned for receiving the signal ; 2) type field for indicating whether the signal is a E signal or not ; 3) information field for containing information to be displayed to user ; 4) signal number identity for indicating to the assigned paging receiver that, a signal which being broadcasted by the base station more than one time for ensuring it will be received by the assigned paging receiver, be the same signal, so that the assigned pager receiver will ignore the successively identical signals and will not alert the user unnecessarily. The receiving circuit 23, after amplifying the incoming paging signal, supplies the signal to the address comparator 25 which will compare the address field of the signal with one or a number of stored address(es) therein, and if a coincidence occurs, the address comparator will feed the rest of the signal to the CPU 21, otherwise, the rest of the signal will be ignored.
According to the first embodiment, the present paging receiver is for authorisation of transactions. Referring to Fig.2, which is a flow chart of a method for the authorisation process. As read on Fig.2, when an authorisation process takes place, an internet computer receives the account number of a user. Desirably, the internet computer has a card reader therein for obtaining the user account number by, for instance, reading a magnetic card or a IC card or the like of the user, otherwise the user account number will have to be entered by hand with the aid of a keyboard. Then, the internet computer supplies the account number together with the transaction information, which may be entered into the computer with the aid of a keyboard by the payee/payer and which may include information such as identity of payee, transaction amount, purpose of payment, e.g., deposit or full payment for a particular product or service or the like, identity of product(s) and services concerned etc., to a central computer via a communication link which in this case, the internet. The central computer, in response thereto, generates a random number which being a random number and searches in a storage thereof the user identity corresponding to the user account number received and then supplies the user identity searched, the transaction information received together with the random number to the base station mentioned above.
The base station will then search in an address storage thereof an address of the paging receiver, corresponding to the user identity received, and generate a paging E signal, in a format as mentioned above and in which the information field contains the transaction information and the random number, and broadcast the signal.
The paging receiver 1, after receiving the signal, transforms the random number therein by using an algorithm which being specific to the user and stored in cryptographic algorithm memory 27, the result will be used as a one time, non- predictable code for authorising the transaction. Then, alerts the user and displays the transaction information and the code to the user. The user, after seeing that the transaction information being correct, enters the code read on display 34 into the keyboard of the internet computer which again sends it to the central computer.
The central computer, in response thereto, searches in a cryptographic algorithm storage thereof a cryptographic algorithm corresponding to the user identity and transforms the random number it generated previously by using the cryptographic algorithm searched and compared the result with the a one time, non-predictable code received, and if the comparison result is favourable, the transaction is determined as authorised.
It should be noted that the cryptographic process in the paging receiver 1 and the central computer may be omitted to simplify the authorisation process and at the same time, it can still provide an acceptable degree of security. This is possible for the reason that although theoretically, the paging signal is receivable by anyone, other people can actually not be able to receive it unless they know the correct address of the paging receiver 1 because nowadays, thousands of similar signals may occur and be receivable at the same instant of time.
On the other hand, to enhance the security, the paging receiver may includes a keypad thereon for receiving, by CPU 21, a password and without it CPU 21 will not perform the cryptographic process. Alternatively, it may also be desirable that once a password is entered, CPU 21 will perform the cryptographic process on the random numbers of E signals received within a predetermined period of time thereafter, or will perform the cryptographic process on the random numbers of any E signals until the total transaction amount of authorised transactions exceeds a predetermined value, so that the user need not to enter the password every time a transaction take place.
Further, the E signal may be modified into 2 separated signals, 1) El signal which being similar to the E signal as mentioned above, except that it contains transaction information but no random number therein ; 2) the random number signal for containing the random number which being disguised as an ordinary telephone number. And, the address comparator 25 may contains a specific address dedicated for receiving the random number signal. In the random number signal, there is no type field for indicating to CPU 21 that it being a part of a E signal or the type field therein will not indicates it as a E signal, instead, the address comparator 25 will interrupt CPU 21 in a specific manner when it detects a received signal having an address in the address field thereof match the specific address, that is, a random number signal, thereby informing CPU 21 of this fact.
It should be noted that the specific address is different in different present paging receiver.
According to another embodiment of the present invention, there is provided a pager with an IC card receiving port therein for receiving an external conventional IC credit card. Similar to the first embodiment, the pager is also for receiving a paging E signal containing information of a transaction to be authorised on a user's bank account, or the like, and a random number, but in this case, the CPU 21 in the pager will not perform an cryptographic process on the random number, instead, it supplies it to the external IC card in the receiving port. The IC card, upon reception of the random number, will transform it according to an cryptographic algorithm therein, and the result will be used as a one time, non-predictable code, as mentioned above, and will be communicated to CPU 21 which will cause it, together with the transaction information received, to be displayed in display 34.
It should be noted that, as the user relies on the transaction information received by his pager in making a transaction, it is therefore no longer necessary or a must for the services/products providers to install a secure terminal as mentioned above. Rather, an existing general purpose communication(s) network system can be used for communicating the transaction information as well as the non-predictable code for authorising the transactions to the central computer, and the central computer can be publicly accessible.
If merely communicating the account numbers of the money payer and receiver as well as the transaction amount is required, then using touch tone buttons on a telephone will be sufficient.
If further details of the transaction information is required, such as the purpose of the transaction, e.g. to purchase a Benz, model # 380s, serial # 1234 or even personal loan etc., then the transaction information may be communicated to an operator of the bank, who will be responsible for the data entry of the transaction information by means of a keyboard. In this case, it is desirable that both the money payer and receiver to have a respective pager of their own for receiving the transaction information and a different one time, non-predictable code for use by them respectively to authorise the transaction, so as to prevent loss to any one of them should there are errors in data entry.
It should be noted that the above embodiments are given by way of example only, and it will be obvious to those skilled in the art that various changes and modifications may be made without departing from the spirit of the present invention.
For instance, the transaction information may be encrypted by the central computer before transmitting to the pager. This can eliminate the possibility of the reception of E signal by the pager be interfered by an extremely strong disturbance signal and the pager be fooled by another fake E signal with the same random number therein but a false transaction information.

Claims

What is claimed is :
1) A secure transaction system, comprising :
A receiver with no transmitting capability, comprising : means for receiving broadcasting signals assigned to said receiver, including a first signal representative of a non-predictable code associated with and dedicated for an attempted transaction and a second signal representative of information concerning said attempted transaction ; means for conveying said information and said code to a user ; wherein response from said user including said code is to be communicated to a control unit at least in part via a publicly accessible data communication medium for directing said attempted transaction ;
said control unit.
2) A system as claimed in claim 1, wherein there is a human operator for reception of said code through said publicly accessible data communication medium from another person, and for communication of said code to said control unit by means of an information input means.
3) A system as claimed in claim 1, wherein said second signal being in an encrypted form and said receiver will decrypt it before conveying it to said user.
4) A system as claimed in claim 1, wherein further comprising means for transforming said first signal by means of a predetermined cryptographic algorithm specific to said user, thereby obtaining said code from said first signal.
5) A system as claimed in claim 1, wherein said receiver is a paging receiver. 6) A system as claimed in claim 5, wherein said first signal is disguised as paging signal representative of a telephone number.
7) A system as claimed in claim 1, wherein said publicly accessible data communication medium being a telephone network and said code being entered by means of touch tone buttons on a telephone.
8) A system as claimed in claim 1, wherein said publicly accessible data communication medium being the internet and said code being entered by means of an internet computer.
9) A system as claimed in claim 1, wherein said receiver further comprising a means for receiving an external module for transforming said first signal by means of a predetermined algorithm specific to said user, thereby obtaining said code .
10) A system as claimed in claim 1, wherein said means for conveying being a display.
11) A system as claimed in claim 1, wherein said transaction being an electronic money transaction on an account of said user.
12) A system as claimed in claim 1, wherein said control unit will determine said attempted transaction as being approved by said user, if said code is being received.
13) A system as claimed in claim 1, wherein said control unit will determine said attempted transaction as being conducted by said user, if said code is being received. 14) A secure transaction system, comprising : means for generating a first signal representative of a one time, non- predictable code ; means for broadcasting a second signal representative of information concerning an attempted transaction and said first signal to a receiver of a user who has the authority or right to conduct the attempted transaction, said receiver has no transmitting capability ; means for receiving response from said user containing said one time, non- predictable code therein at least in part via a publicly accessible data communication medium ; means for using said user response to direct said attempted transaction .
15) A system as claimed in claim 14, wherein further comprising said receiver which being a paging receiver.
16) A system as claimed in claim 14, wherein said second signal being in an encrypted form and said receiver will decrypt it before conveying it to said user.
17) A system as claimed in claim 14, wherein said receiver transforms said first signal by means of a predetermined cryptographic algorithm specific to said user, thereby obtaining said one time, non-predictable code from said first signal.
18) A method for securely conducting transactions, comprising : generating, by a control unit, a first signal representative of a non-predictable code ; associating said first signal with an attempted transaction ; transmitting a second signal representative of information concerning said attempted transaction and said first signal to a receiver of a user who has the authority or right to conduct said attempted transaction, said receiver has no transmitting capability ; conveying, by said receiver, said information and said code to said user ; wherein said code is for use by said user to make a response, to cause the transaction to be completed .
19) A method as claimed in claim 18, wherein further comprising the steps of communicating said code back to said control unit at least in part via a publicly accessible data communication medium ; determining , by said control unit, said attempted transaction as being conducted by said user if said code is being received.
20) A system for securely conducting transactions in situations where communication link to a control unit is already provided by a service/product provider for communicating information of a requested transaction or the like to said control unit, and a communication between the purchaser of said requested transaction and said service/product provider exists, comprising :
A portable receiver of said purchaser, which has no transmitting capability, comprising : means for receiving broadcasting signals assigned to said receiver, including a first signal representative of a non-predictable code associated with and dedicated for said requested transaction and a second signal representative of information concerning said requested transaction ; means for conveying said information concerning said requested transaction and said code to said purchaser ; wherein a user response having said code therein is to be communicated to a control unit at least in part via a publicly accessible data communication medium for approving said requested transaction ;
and said control unit.
21) A system as claimed in claim 20, wherein said information concerning said requested transaction includes said information of a requested transaction.
22) In a system for securely conducting transactions, a receiver with no transmitting capability, comprising : means for receiving broadcasting signals assigned to said receiver, including a first signal representative of a code associated with and dedicated for an attempted transaction and a second signal representative of information concerning said attempted transaction ; means for conveying said information and said code to a user ; wherein said code is for use by said user to cause said transaction to be completed.
PCT/EP1998/002995 1997-05-14 1998-05-12 Universal electronic transaction system and method therefor WO1998054943A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
CA002331339A CA2331339A1 (en) 1998-05-12 1998-05-12 Electronic transaction system and method therefor
JP2000620576A JP2003517662A (en) 1998-05-12 1998-05-12 Electronic trading system and method
EP98928306A EP1147497A2 (en) 1997-05-14 1998-05-12 Universal electronic transaction system and method therefor
AU80196/98A AU773789B2 (en) 1998-05-12 1998-05-12 Universal electronic transaction system and method therefor
HK02103518.5A HK1041962A1 (en) 1997-05-14 2002-05-09 Universal electronic transaction system and method therefor

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB9709748A GB2328310B (en) 1996-05-15 1997-05-14 Electronic transaction apparatus and method therefor
GB9709748.9 1997-05-14

Publications (3)

Publication Number Publication Date
WO1998054943A2 true WO1998054943A2 (en) 1998-12-10
WO1998054943A3 WO1998054943A3 (en) 1999-07-29
WO1998054943A8 WO1998054943A8 (en) 1999-11-18

Family

ID=10812275

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP1998/002995 WO1998054943A2 (en) 1997-05-14 1998-05-12 Universal electronic transaction system and method therefor

Country Status (4)

Country Link
EP (1) EP1147497A2 (en)
CN (1) CN1322334A (en)
HK (1) HK1041962A1 (en)
WO (1) WO1998054943A2 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1067492A3 (en) * 1999-06-30 2001-01-17 Lucent Technologies Inc. Transaction notification system and method
FR2804264A1 (en) * 2000-04-19 2001-07-27 Magicaxess Method and device for electronic payment, uses once only certificate generated by user and validated by return of confidential code sent to user for that transaction by bank
WO2001073708A2 (en) * 2000-03-29 2001-10-04 Cma Business Credit Services Method and apparatus for admistering one or more value bearing instruments
EP1104921A3 (en) * 1997-11-04 2001-11-14 Magicaxess Method for transmitting data and implementing server
WO2001056352A3 (en) * 2000-04-19 2002-01-10 Magicaxess Electronic payment method and device
EP1182625A1 (en) * 2000-08-25 2002-02-27 TELEFONAKTIEBOLAGET LM ERICSSON (publ) Introduction of an electronic payment transaction
WO2002037355A2 (en) * 2000-11-03 2002-05-10 Tomas Mulet Valles A method to carry out economic transactions through a telecommunications network
WO2002039392A2 (en) * 2000-11-10 2002-05-16 Smart Design Method and installation for making secure the use of media associated with identifiers and with electronic devices
EP1313075A2 (en) * 2001-11-19 2003-05-21 Fujitsu Limited Electronic money processing method and program
WO2006023839A2 (en) 2004-08-18 2006-03-02 Mastercard International Incorporated Method and system for authorizing a transaction using a dynamic authorization code
AU2012200393B2 (en) * 2004-08-18 2015-04-02 Mastercard International Incorporated Method and system for authorizing a transaction using a dynamic authorization code

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5285496A (en) * 1992-12-14 1994-02-08 Firstperson, Inc. Methods and apparatus for providing a secure paging system
US5483595A (en) * 1993-09-20 1996-01-09 Seiko Communications Holding N.V. Paging device including password accessed stored cryptographic keys
US5521966A (en) * 1993-12-14 1996-05-28 At&T Corp. Method and system for mediating transactions that use portable smart cards
US5708422A (en) * 1995-05-31 1998-01-13 At&T Transaction authorization and alert system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1103935A3 (en) * 1997-11-04 2001-11-14 Magicaxess Method for data transmission and server to carry out such method
EP1107203A3 (en) * 1997-11-04 2001-11-14 Magicaxess Method for data transmission and implementing server
EP1104921A3 (en) * 1997-11-04 2001-11-14 Magicaxess Method for transmitting data and implementing server
EP1067492A3 (en) * 1999-06-30 2001-01-17 Lucent Technologies Inc. Transaction notification system and method
WO2001073708A3 (en) * 2000-03-29 2003-08-28 Cma Business Credit Services Method and apparatus for admistering one or more value bearing instruments
WO2001073708A2 (en) * 2000-03-29 2001-10-04 Cma Business Credit Services Method and apparatus for admistering one or more value bearing instruments
WO2001056352A3 (en) * 2000-04-19 2002-01-10 Magicaxess Electronic payment method and device
FR2804264A1 (en) * 2000-04-19 2001-07-27 Magicaxess Method and device for electronic payment, uses once only certificate generated by user and validated by return of confidential code sent to user for that transaction by bank
EP1182625A1 (en) * 2000-08-25 2002-02-27 TELEFONAKTIEBOLAGET LM ERICSSON (publ) Introduction of an electronic payment transaction
WO2002017253A1 (en) * 2000-08-25 2002-02-28 Telefonaktiebolaget Lm Ericsson (Publ) Initiation of an electronic payment transaction
WO2002037355A3 (en) * 2000-11-03 2002-07-11 Valles Tomas Mulet A method to carry out economic transactions through a telecommunications network
WO2002037355A2 (en) * 2000-11-03 2002-05-10 Tomas Mulet Valles A method to carry out economic transactions through a telecommunications network
WO2002039392A3 (en) * 2000-11-10 2003-02-13 Smart Design Method and installation for making secure the use of media associated with identifiers and with electronic devices
FR2816736A1 (en) * 2000-11-10 2002-05-17 Smart Design Method of secure transaction between buyer and merchant using handheld devices by to transmitting to payment terminal secondary identification (ISA), amount of transaction and merchant account ID associated to merchant terminal
WO2002039392A2 (en) * 2000-11-10 2002-05-16 Smart Design Method and installation for making secure the use of media associated with identifiers and with electronic devices
EP1313075A2 (en) * 2001-11-19 2003-05-21 Fujitsu Limited Electronic money processing method and program
EP1313075A3 (en) * 2001-11-19 2005-07-13 Fujitsu Limited Electronic money processing method and program
WO2006023839A2 (en) 2004-08-18 2006-03-02 Mastercard International Incorporated Method and system for authorizing a transaction using a dynamic authorization code
EP1810243A2 (en) * 2004-08-18 2007-07-25 Mastercard International, Inc. Method and system for authorizing a transaction using a dynamic authorization code
EP1810243A4 (en) * 2004-08-18 2012-05-02 Mastercard International Inc Method and system for authorizing a transaction using a dynamic authorization code
AU2012200393B2 (en) * 2004-08-18 2015-04-02 Mastercard International Incorporated Method and system for authorizing a transaction using a dynamic authorization code
US9911121B2 (en) 2004-08-18 2018-03-06 Mastercard International Incorporated Method and system for authorizing a transaction using a dynamic authorization code

Also Published As

Publication number Publication date
CN1322334A (en) 2001-11-14
WO1998054943A8 (en) 1999-11-18
EP1147497A2 (en) 2001-10-24
HK1041962A1 (en) 2002-07-26
WO1998054943A3 (en) 1999-07-29

Similar Documents

Publication Publication Date Title
GB2328310A (en) Electronic transaction authorisation system
US11605074B2 (en) System and method for secured account numbers in proximily devices
US10755271B2 (en) Location based authentication
US7634804B2 (en) Information providing system and method thereof
US8645280B2 (en) Electronic credit card with fraud protection
US20100138345A1 (en) Financial transaction system having location based fraud protection
MXPA04009725A (en) System and method for secure credit and debit card transactions.
JPWO2002073483A1 (en) Electronic money settlement method using mobile communication terminal
US20120166344A1 (en) Secure wireless payment system and method thereof
CN104063789B (en) A kind of method, Apparatus and system that handling object is processed
EP1147497A2 (en) Universal electronic transaction system and method therefor
GB2398159A (en) Electronic payment authorisation using a mobile communications device
AU773789B2 (en) Universal electronic transaction system and method therefor
GB2378294A (en) Credit card security system
WO2005066907A1 (en) Transaction processing system and method
JPH10294727A (en) Data collation method
JP2002183439A (en) On-line checking method for commerce transaction party concerned, on-line communication method to commerce transaction party concerned, on-line acceptance information obtaining method, and system for them
JP2002123773A (en) Individual authentication system
NZ523709A (en) Transaction processing system and method of creating stored transaction authorisation information at a remote location

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 98814026.8

Country of ref document: CN

AK Designated states

Kind code of ref document: A2

Designated state(s): AT AU BB BG BR BY CA CH CN CZ DE DK ES FI GB HU JP KP KR KZ LK LU MG MN MW NO NZ PL PT RO RU SD SE SK UA US VN

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WPC Withdrawal of priority claims after completion of the technical preparations for international publication
AK Designated states

Kind code of ref document: A3

Designated state(s): AT AU BB BG BR BY CA CH CN CZ DE DK ES FI GB HU JP KP KR KZ LK LU MG MN MW NO NZ PL PT RO RU SD SE SK UA US VN

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

AK Designated states

Kind code of ref document: C1

Designated state(s): AT AU BB BG BR BY CA CH CN CZ DE DK ES FI GB HU JP KP KR KZ LK LU MG MN MW NO NZ PL PT RO RU SD SE SG SK UA US VN

AL Designated countries for regional patents

Kind code of ref document: C1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

CFP Corrected version of a pamphlet front page
CR1 Correction of entry in section i

Free format text: PAT. BUL. 49/98 UNDER (81) ADD "SG"

NENP Non-entry into the national phase

Ref country code: CA

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref document number: 2331339

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 80196/98

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 1998928306

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1998928306

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1998928306

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 80196/98

Country of ref document: AU