WO2001084452A2 - System and method for enabling universal log-in - Google Patents
System and method for enabling universal log-in Download PDFInfo
- Publication number
- WO2001084452A2 WO2001084452A2 PCT/US2001/014485 US0114485W WO0184452A2 WO 2001084452 A2 WO2001084452 A2 WO 2001084452A2 US 0114485 W US0114485 W US 0114485W WO 0184452 A2 WO0184452 A2 WO 0184452A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- payment
- chip
- chip card
- application
- card
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
Definitions
- the present invention relates to digital identification products and more specifically to a system and method for providing a umversal log-in to software programs and web sites.
- digital ID products there are numerous digital ID products on the market but none take advantage of payment card specifications to provide for universal log-in capability.
- a method for enabling universal remote access by a user of a chip payment application on a chip card to a remote non-payment application over a communications network through the use of a local chip card reader at the user location.
- the method preferably includes the following steps: providing the chip payment application with a payment security technique having at least one application that supports a payment dynamic data authentication function; providing at the remote host site instead of at the user location a public key infrastructure and payment chip terminal authentication software; reading by the local chip card reader the chip card; communicating by the payment chip terminal authentication software from the remote host site over the communications network and through the chip card reader with the chip payment application on the chip card; utilizing by the chip card the payment dynamic data authentication function to provide a payment response to the communication; verifying by the remote payment chip terminal authentication software, based on the payment response and through the public key infrastructure, that the chip card is authentic; allowing access to the non-payment application based on the verification.
- the method further includes: prompting the user for a personal identification number; locally verifying by the chip card the personal identification number; and verifying, based on the local verification step, that the user is authentic.
- the communication step further includes forwarding by the remote host site over the communications network authentication commands to the chip payment application; and the chip card contains a unique identifier utilized in the payment response.
- Fig. 1 is a block diagram illustrating the different components preferably utilized in the remote access method of the present invention
- Fig. 2 is a flow chart of a method for logging into a software program or web site according to an exemplary embodiment of the present invention.
- Dynamic data authentication is the process through which authenticating software, located generally at the point of sale terminal or local card reader device, can send specific commands and data to an EMV-compliant chip card application (on a chip card capable of performing public key cryptography signing functions) and receive data from the card application in response that allows the authenticating software to cryptographically verify that the chip card performed the digital signature.
- DOE A Dynamic data authentication
- the present invention uses the DDA functionality specified in the EMV Specifications as the basis of a secure universal log-in function to identify an authorized user to a piece of software or a web site by virtue of the user's authorized possession of a DDA-capable chip application and a valid account number or other valid identifier (such as a primary account number for sign-on use only).
- the present invention preferably utilizes the existing MasterCard International public key infrastructure, which has been built to support EMV applications. This public key infrastructure is described in the following documents, also incorporated herein by reference (familiarity with which is also presumed):
- Terminal Requirements for Debit and Credit, Version 2.1 (contains MasterCard's requirements for terminals that accept MasterCard branded debit and credit chip card programs);
- the present invention may also utilize PIN or password verification by the chip card application at the instigation of the authenticating software.
- PIN or password verification by the chip card application at the instigation of the authenticating software.
- other methods of cardholder verification such as biometric verification methods may be used.
- Successful completion of such a PIN verification by the card could be communicated to the authenticating software in the data elements defined by the EMV Specifications for this purpose with the integrity of that data element being confirmed by the DDA.
- a method for enabling universal remote access by a user of a chip payment application on a chip card to a remote non-payment application over a communications network.
- chip payment applications residing on a chip card communicated directly at the user site with a card reader or point-of-sale device which itself, based on authenticating software stored locally at the user site, verified, for payment purposes, the authenticity of the card and the user, the latter depending on whether a personal identification number was provided.
- the present invention contemplates using payment applications and payment security techniques in a different manner and in a different context — not for purposes of authorizing payment transactions but instead for allowing access to non-payment applications and websites over a communications network.
- payment chip terminal authentication software is placed not at the point of sale or at the user site but is instead placed at a remote host site location to allow for access to a non-payment application, such as a website, located remotely from the user location.
- the remote host site stored with the authenticating software, drives the authentication process with the local chip card in accordance with a payment public key infrastructure, over a communications network, for purposes of allowing access to non-payment applications.
- the process starts with the consumer/client at a computer moving his or her browser to a website having an access controlled area on the Internet.
- the provider of this restricted service operates a digital identification processing component (e.g., the authentication software) at the remote host server site that will inquire regarding the capability of the client computer to perform an authentication transaction. If the client computer signals the availability of such a service, then the client side component will be activated by the server. Performing what it considers to be a payment procedure, it sends an authentication request to the service provider.
- a digital identification processing component e.g., the authentication software
- FIG. 1 illustrates the structural or processing components involved in the preferred method of the present invention.
- a chip card 10 issued by an issuer contains a chip payment application 12 with a payment security technique having at least one application that preferably supports a payment dynamic data authentication function 14.
- the chip card contains a unique identifier for the purpose of identifying the card and the issuer, and it also contains a secret key for use with the payment security technique.
- a card reader 16 is provided at the user location (preferably attached to the user's computer) for reading (or electromechanical connection to) the card 10.
- the electrical interface and transmission protocols should comply with the requirements in the EMV Specs.
- the reader should also be available with RS232 or USB connection, or it can be built into the user/client computer 18, which will now be described.
- the user/client computer 18 will provide the interface between the card reader and the merchant/service provider component.
- the user/client software will preferably be downloaded from the web, if not already installed on the computer. It will preferably handle the following local functions: accepting the request from the remote site; prompting the cardholder to insert the card into the reader; optionally prompting the cardholder to enter his or her PIN; verifying the PIN with the application on the card; and performing the local processing in accordance with the EMV Specs.
- PKI public key infrastructure
- the authenticating software 22 drives the communication with the card in accordance with the flow chart depicted in Figure 2.
- Fig. 2 is a flow chart of a method for logging into an authenticating software (e.g., a software program or web site) according to an exemplary embodiment of the present invention.
- the term "per EMV” in Fig. 2 indicates that an operation is performed according to the EMV Specifications.
- a card application on an integrated circuit (“IC") card is initiated by the authenticating software at the remote host site location.
- IC integrated circuit
- step 102 it is preferably determined if PIN verification is required for the card application. If PIN verification is required, a PIN is obtained from a user in step 104.
- a "VERIFY PIN" command is sent to the card application.
- step 108 the card application performs PIN verification using a stored PIN in the IC card. This is done in accordance with the EMV Specs.
- step 110 the result of the PIN verification is stored in the IC card, and in step 112, the PIN verification result is returned to the authenticating software per the EMV Specs.
- step 114 it is determined whether the PIN was correctly entered. If the PIN was not correctly entered, the authenticating program aborts. Alternatively, the user may be given another chance to enter the correct PIN. If the PIN was correctly entered or a PIN was not required, in step 116, a communication, including DDA command data, is prepared in accordance with the EMV Specs, and in step 118, the DDA command (with DDA command data) is sent to the card application.
- the card via the EMV Spec payment security technique having the application which supports the payment dynamic data authentication function, processes the DDA command and data, preferably using the stored PIN result and user identifier information.
- the user identifier information may include a payment account number.
- the card application returns the DDA data to the authenticating software.
- the authenticating software authenticates the returned
- step 126 it is determined whether the returned DDA data is authentic. If the data is not authentic, the authenticating program aborts. If the returned DDA data is authentic, then log-in to the non-payment application is permitted in step 128.
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP01933029A EP1281149A2 (en) | 2000-05-04 | 2001-05-04 | System and method for enabling universal log-in |
AU5949401A AU5949401A (en) | 2000-05-04 | 2001-05-04 | System and method for enabling universal log-in |
AU2001259494A AU2001259494B2 (en) | 2000-05-04 | 2001-05-04 | System and method for enabling universal log-in |
CA002408014A CA2408014A1 (en) | 2000-05-04 | 2001-05-04 | System and method for enabling universal log-in |
JP2001581192A JP2003532236A (en) | 2000-05-04 | 2001-05-04 | Universal login system and method |
HK03105054.9A HK1052776A1 (en) | 2000-05-04 | 2003-07-12 | System and method for enabling universal log-in |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US20179000P | 2000-05-04 | 2000-05-04 | |
US60/201,790 | 2000-05-04 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001084452A2 true WO2001084452A2 (en) | 2001-11-08 |
WO2001084452A3 WO2001084452A3 (en) | 2002-06-27 |
Family
ID=22747303
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2001/014485 WO2001084452A2 (en) | 2000-05-04 | 2001-05-04 | System and method for enabling universal log-in |
Country Status (7)
Country | Link |
---|---|
EP (1) | EP1281149A2 (en) |
JP (1) | JP2003532236A (en) |
AU (2) | AU2001259494B2 (en) |
CA (1) | CA2408014A1 (en) |
HK (1) | HK1052776A1 (en) |
WO (1) | WO2001084452A2 (en) |
ZA (1) | ZA200208825B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100492967C (en) * | 2004-11-26 | 2009-05-27 | 王小矿 | Sale managing method based on dynamic coding |
CN100492968C (en) * | 2004-11-26 | 2009-05-27 | 王小矿 | Anti-fake technology based on dynamic cipher |
CN100492966C (en) * | 2004-11-26 | 2009-05-27 | 王小矿 | Identity certifying system based on intelligent card and dynamic coding |
CN102480355A (en) * | 2011-03-18 | 2012-05-30 | 贾松仁 | Anti-counterfeiting method and anti-counterfeiting device with dynamic token |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5578808A (en) * | 1993-12-22 | 1996-11-26 | Datamark Services, Inc. | Data card that can be used for transactions involving separate card issuers |
EP0807911A2 (en) * | 1996-05-15 | 1997-11-19 | RSA Data Security, Inc. | Client/server protocol for proving authenticity |
WO1999012086A2 (en) * | 1997-09-04 | 1999-03-11 | Citicorp Development Center, Inc. | Method and system for banking institution interactive center |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6385729B1 (en) * | 1998-05-26 | 2002-05-07 | Sun Microsystems, Inc. | Secure token device access to services provided by an internet service provider (ISP) |
-
2001
- 2001-05-04 AU AU2001259494A patent/AU2001259494B2/en not_active Ceased
- 2001-05-04 WO PCT/US2001/014485 patent/WO2001084452A2/en active Application Filing
- 2001-05-04 AU AU5949401A patent/AU5949401A/en active Pending
- 2001-05-04 JP JP2001581192A patent/JP2003532236A/en active Pending
- 2001-05-04 CA CA002408014A patent/CA2408014A1/en not_active Abandoned
- 2001-05-04 EP EP01933029A patent/EP1281149A2/en not_active Withdrawn
-
2002
- 2002-10-31 ZA ZA200208825A patent/ZA200208825B/en unknown
-
2003
- 2003-07-12 HK HK03105054.9A patent/HK1052776A1/en unknown
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5578808A (en) * | 1993-12-22 | 1996-11-26 | Datamark Services, Inc. | Data card that can be used for transactions involving separate card issuers |
EP0807911A2 (en) * | 1996-05-15 | 1997-11-19 | RSA Data Security, Inc. | Client/server protocol for proving authenticity |
WO1999012086A2 (en) * | 1997-09-04 | 1999-03-11 | Citicorp Development Center, Inc. | Method and system for banking institution interactive center |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100492967C (en) * | 2004-11-26 | 2009-05-27 | 王小矿 | Sale managing method based on dynamic coding |
CN100492968C (en) * | 2004-11-26 | 2009-05-27 | 王小矿 | Anti-fake technology based on dynamic cipher |
CN100492966C (en) * | 2004-11-26 | 2009-05-27 | 王小矿 | Identity certifying system based on intelligent card and dynamic coding |
CN102480355A (en) * | 2011-03-18 | 2012-05-30 | 贾松仁 | Anti-counterfeiting method and anti-counterfeiting device with dynamic token |
CN102546175A (en) * | 2011-03-18 | 2012-07-04 | 贾松仁 | Anti-counterfeiting device and anti-counterfeiting method |
Also Published As
Publication number | Publication date |
---|---|
EP1281149A2 (en) | 2003-02-05 |
AU5949401A (en) | 2001-11-12 |
WO2001084452A3 (en) | 2002-06-27 |
ZA200208825B (en) | 2003-05-21 |
JP2003532236A (en) | 2003-10-28 |
AU2001259494B2 (en) | 2006-02-02 |
CA2408014A1 (en) | 2001-11-08 |
HK1052776A1 (en) | 2003-09-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9760939B2 (en) | System and method for downloading an electronic product to a pin-pad terminal using a directly-transmitted electronic shopping basket entry | |
EP3098786A1 (en) | Emv transactions in mobile terminals | |
AU2005208908A1 (en) | System and method for secure telephone and computer transactions | |
EP2761553A2 (en) | Payment system | |
JP2008282408A (en) | Internet business security system | |
WO2003065164A3 (en) | System and method for conducting secure payment transaction | |
WO2002049255A2 (en) | Method and system for verifying the identify of on-line credit card purchases through a proxy transaction | |
JP2005507533A (en) | EMV payment processing method using IrFM | |
US20230065485A1 (en) | System and method for processing chip-card transactions from a host computer | |
US20050289052A1 (en) | System and method for secure telephone and computer transactions | |
US9152957B2 (en) | System and method for downloading an electronic product to a pin-pad terminal after validating an electronic shopping basket entry | |
RU2644132C2 (en) | Method, system and device for checking validation of transaction process | |
AU2001259494B2 (en) | System and method for enabling universal log-in | |
US11880840B2 (en) | Method for carrying out a transaction, corresponding terminal, server and computer program | |
KR20110029031A (en) | System and method for authenticating financial transaction using electric signature and recording medium | |
AU2001259494A1 (en) | System and method for enabling universal log-in | |
KR20110029032A (en) | Method for processing issue public certificate of attestation, terminal and recording medium | |
KR101190745B1 (en) | System for paying credit card using internet otp security of mobile phone and method therefor | |
KR200458538Y1 (en) | System for Operating End-to-End Security Channel between Server and IC Card | |
KR101471006B1 (en) | Method for Operating Certificate | |
KR101598993B1 (en) | Method for Operating Certificate | |
KR101471000B1 (en) | Method for Operating Certificate | |
KR101519580B1 (en) | Method for Operating Certificate | |
KR101541539B1 (en) | Method for Operating Certificate | |
WO2023186480A1 (en) | Method for enrolling a public key on a server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2408014 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002/08825 Country of ref document: ZA Ref document number: 200208825 Country of ref document: ZA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001259494 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001933029 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2001933029 Country of ref document: EP |