AU2001259494B2 - System and method for enabling universal log-in - Google Patents

System and method for enabling universal log-in Download PDF

Info

Publication number
AU2001259494B2
AU2001259494B2 AU2001259494A AU2001259494A AU2001259494B2 AU 2001259494 B2 AU2001259494 B2 AU 2001259494B2 AU 2001259494 A AU2001259494 A AU 2001259494A AU 2001259494 A AU2001259494 A AU 2001259494A AU 2001259494 B2 AU2001259494 B2 AU 2001259494B2
Authority
AU
Australia
Prior art keywords
payment
chip
chip card
application
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
AU2001259494A
Other versions
AU2001259494A1 (en
Inventor
Michael D. Harris
John Wankmueller
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mastercard International Inc
Original Assignee
Mastercard International Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mastercard International Inc filed Critical Mastercard International Inc
Publication of AU2001259494A1 publication Critical patent/AU2001259494A1/en
Application granted granted Critical
Publication of AU2001259494B2 publication Critical patent/AU2001259494B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data

Description

c SYSTEM AND METHOD FOR ENABLING UNIVERSAL LOG-IN
O
SSPECIFICATION
PRIORITY APPLICATION c This application claims priority to United States provisional application serial number 60/201,790, filed on May 4, 2000, and entitled "SYSTEM AND METHOD FOR ENABLING UNIVERSAL LOG-IN," which is hereby incorporated by reference.
.1 BACKGROUND OF THE INVENTION SThe present invention relates to digital identification products and more specifically to a system and method for providing a universal log-in to software programs and web sites. Presently, there are numerous digital ID products on the market but none take advantage of payment card specifications to provide for universal log-in capability.
SUMMARY OF THE INVENTION It would be desirable for the present invention to use the functionality defined in a particular set of payment card specifications, namely those issued by Europay International MasterCard International Incorporated and Visa International Service Association ("the EMV specifications") in a different way to achieve a different end result, namely, identification of a cardholder to a piece of software or web site, thereby providing a universal log-in capability.
In accordance with a preferred embodiment of the invention, a method is provided for enabling universal remote access by a user of a chip payment application on a chip card to a remote non-payment application over a communications network through the use of a local chip card reader at the user location. The method preferably includes the following steps: providing the chip payment application with a payment security technique having at least one application that supports a payment dynamic data authentication function; providing at the remote hostaite instead of at the user location a public key infrastructure and payment chip terminal authentication software; WO 01/84452 PCT/US01/14485 reading by the local chip card reader the chip card; communicating by the payment chip terminal authentication software from the remote host site over the communications network and through the chip card reader with the chip payment application on the chip card; utilizing by the chip card the payment dynamic data authentication function to provide a payment response to the communication; verifying by the remote payment chip terminal authentication software, based on the payment response and through the public key infrastructure, that the chip card is authentic; allowing access to the non-payment application based on the verification.
Preferably, the method further includes: prompting the user for a personal identification number; locally verifying by the chip card the personal identification number; and verifying, based on the local verification step, that the user is authentic.
Preferably, the communication step further includes forwarding by the remote host site over the communications network authentication commands to the chip payment application; and the chip card contains a unique identifier utilized in the payment response.
BRIEF DESCRIPTION OF THE DRAWINGS Exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings in which: Fig. 1 is a block diagram illustrating the different components preferably utilized in the remote access method of the present invention; and Fig. 2 is a flow chart of a method for logging into a software program or web site according to an exemplary embodiment of the present invention.
While the subject invention will now be described in detail with reference to the figure, it is done so in connection with a preferred embodiment. It is intended that changes and modifications can be made to the described embodiment without departing from the true scope and spirit of the subject invention as defined by the appended claims.
WO 01/84452 PCT/US01/14485 DETAILED DESCRIPTION The EMV Specifications describe a set of functions which, taken together, perform a debit or credit payment function in a secure manner. One of the functions described is dynamic data authentication. Dynamic data authentication (DDA) is the process through which authenticating software, located generally at the point of sale terminal or local card reader device, can send specific commands and data to an EMV-compliant chip card application (on a chip card capable of performing public key cryptography signing functions) and receive data from the card application in response that allows the authenticating software to cryptographically verify that the chip card performed the digital signature. The following EMV specifications are hereby incorporated by reference and familiarity with the specifications is assumed: EMV '96 Integrated Circuit Card, Terminal and Application Specifications June 1998, Version EMV '96 Integrated Circuit Card Specification for Payment Systems, Version 3.1.1, May 31, 1998 (available at http://www.emvco.com/specifications.cfin).
EMV '96 Integrated Circuit Card Terminal Specifications for Payment Systems, Version 3.1.1, May 31, 1998 (available at http://www.emvco. com/ specifications.
cfn).
EMV '96 Integrated Circuit Card Application Specification for Payment Systems, Version 3.1.1, May 31, 1998 (available at http://www.emvco.com/specifications.
cfm).
EMV '96 Chip Electronic Commerce Specification, Version 1.0, December 1999 (available at http://www.emvco.com/specifications.cfm).
These publications are collectively referred to herein as the EMV Specifications.
The present invention uses the DDA functionality specified in the EMV Specifications as the basis of a secure universal log-in function to identify an authorized user to a piece of software or a web site by virtue of the user's authorized possession of a DDA-capable chip application and a valid account number or other valid identifier (such as a primary account number for sign-on use only). The present invention preferably utilizes the existing MasterCard International public key WO 01/84452 PCT/US01/14485 infrastructure, which has been built to support EMV applications. This public key infrastructure is described in the following documents, also incorporated herein by reference (familiarity with which is also presumed): 1. Recommended Specifications for Debit and Credit, Version 2.1 (describes the recommended card requirements for the MasterCard chip card application to support MasterCard debit and credit programs); 2. Minimum Card Requirements for Debit and Credit, Version 2.1 (contains the minimum card requirements when implementing a MasterCard debit or credit program on a chip card); 3. Terminal Requirements for Debit and Credit, Version 2.1 (contains MasterCard's requirements for terminals that accept MasterCard branded debit and credit chip card programs); 4. Personalization Data Specifications for Debit and Credit on Chip, Version 2.1 (specifies the data elements that are needed to create an Application Load File (ALF) which is used in the first stage of the chip personalization process).
These documents, collectively referred to as the MasterCard Specs, are available at http://www.mastercard.com/emv/emvspecs02.html#emvl.
The present invention may also utilize PIN or password verification by the chip card application at the instigation of the authenticating software.
Alternatively, other methods of cardholder verification such as biometric verification methods may be used. Successful completion of such a PIN verification by the card could be communicated to the authenticating software in the data elements defined by the EMV Specifications for this purpose with the integrity of that data element being confirmed by the DDA.
In accordance with a preferred embodiment of the invention, a method is provided for enabling universal remote access by a user of a chip payment application on a chip card to a remote non-payment application over a communications network. Previously, all chip payment applications residing on a chip card communicated directly at the user site with a card reader or point-of-sale device which itself, based on authenticating software stored locally at the user site, verified, for payment purposes, the authenticity of the card and the user, the latter depending on whether a personal identification number was provided.
WO 01/84452 PCT/US01/14485 In contrast, the present invention contemplates using payment applications and payment security techniques in a different manner and in a different context not for purposes of authorizing payment transactions but instead for allowing access to non-payment applications and websites over a communications network. To accomplish this, payment chip terminal authentication software is placed not at the point of sale or at the user site but is instead placed at a remote host site location to allow for access to a non-payment application, such as a website, located remotely from the user location. The remote host site, stored with the authenticating software, drives the authentication process with the local chip card in accordance with a payment public key infrastructure, over a communications network, for purposes of allowing access to non-payment applications.
In accordance with the preferred embodiment of the invention, the process starts with the consumer/client at a computer moving his or her browser to a website having an access controlled area on the Internet. The provider of this restricted service operates a digital identification processing component the authentication software) at the remote host server site that will inquire regarding the capability of the client computer to perform an authentication transaction. If the client computer signals the availability of such a service, then the client side component will be activated by the server. Performing what it considers to be a payment procedure, it sends an authentication request to the service provider.
Figure 1 illustrates the structural or processing components involved in the preferred method of the present invention. As shown, a chip card 10 issued by an issuer contains a chip payment application 12 with a payment security technique having at least one application that preferably supports a payment dynamic data authentication function 14. Preferably, the chip card contains a unique identifier for the purpose of identifying the card and the issuer, and it also contains a secret key for use with the payment security technique.
A card reader 16 is provided at the user location (preferably attached to the user's computer) for reading (or electromechanical connection to) the card The electrical interface and transmission protocols should comply with the requirements in the EMV Specs. The reader should also be available with RS232 or WO 01/84452 PCT/US01/14485 USB connection, or it can be built into the user/client computer 18, which will now be described.
The user/client computer 18 will provide the interface between the card reader and the merchant/service provider component. The user/client software will preferably be downloaded from the web, if not already installed on the computer. It will preferably handle the following local functions: accepting the request from the remote site; prompting the cardholder to insert the card into the reader; optionally prompting the cardholder to enter his or her PIN; verifying the PIN with the application on the card; and performing the local processing in accordance with the EMV Specs.
At the remote host site, there is provided a payment public key infrastructure (PKI) 20, for instance in accordance with the MasterCard Specs, and payment chip terminal authentication software 22. The authenticating software 22 drives the communication with the card in accordance with the flow chart depicted in Figure 2.
Fig. 2 is a flow chart of a method for logging into an authenticating software a software program or web site) according to an exemplary embodiment of the present invention. The term "per EMV" in Fig. 2 indicates that an operation is performed according to the EMV Specifications.
With reference to Fig. 2, in step 100, a card application on an integrated circuit card is initiated by the authenticating software at the remote host site location. In step 102, it is preferably determined if PIN verification is required for the card application. If PIN verification is required, a PIN is obtained from a user in step 104. In step 106, a "VERIFY PIN" command is sent to the card application. In step 108, the card application performs PIN verification using a stored PIN in the IC card. This is done in accordance with the EMV Specs. In step 110, the result of the PIN verification is stored in the IC card, and in step 112, the PIN verification result is returned to the authenticating software per the EMV Specs.
In step 114, it is determined whether the PIN was correctly entered. If the PIN was not correctly entered, the authenticating program aborts. Alternatively, the user may be given another chance to enter the correct PIN. If the PIN was WO 01/84452 PCT/US01/14485 correctly entered or a PIN was not required, in step 116, a communication, including DDA command data, is prepared in accordance with the EMV Specs, and in step 118, the DDA command (with DDA command data) is sent to the card application.
In step 120, the card, via the EMV Spec payment security technique having the application which supports the payment dynamic data authentication function, processes the DDA command and data, preferably using the stored PIN result and user identifier information. The user identifier information may include a payment account number. In step 122, the card application returns the DDA data to the authenticating software.
In step 124, the authenticating software authenticates the returned DDA data using the payment public key cryptography, as specified in the EMV Specifications. The present invention preferably utilizes the existing MasterCard International payment public key infrastructure 20, as described in the MasterCard Specs, which has been built to support EMV Specifications.
In step 126, it is determined whether the returned DDA data is authentic. If the data is not authentic, the authenticating program aborts. If the returned DDA data is authentic, then log-in to the non-payment application is permitted in step 128.
The foregoing merely illustrates the principles of the invention. It will thus be appreciated that those skilled in the art will be able to devise numerous systems and methods which, although not explicitly shown or described herein, embody the principles of the invention and thus within the spirit and scope of the invention.

Claims (6)

1. A method for enabling universal remote access by a user of a chip payment application on a chip card to a remote non-payment application over a communications network through the use of a local chip card reader at the user location, comprising the following steps: providing said chip payment application with a payment security technique having at least one application that supports a payment data authentication function; providing at said remote host site a public key infrastructure and payment chip terminal authentication software; reading by said local chip card reader said chip card; communicating by said payment chip terminal authentication software from said remote host site over said communications network and through said chip card reader with said chip payment application on said chip card; utilizing by said chip card said payment data authentication function to provide a payment response to said communication; verifying by said remote payment chip terminal authentication software, based on said payment response and through said public key infrastructure, that said chip card is authentic; allowing access to said non-payment application based on said verification.
2. The method of claim 1, wherein said payment data authentication function is a payment dynamic data authentication function.
3. The method of claim 2, further comprising the steps of: prompting said user for a personal identification number; locally verifying by said chip card said personal identification number; and wherein said verification step further includes, based on the local verification step, verifying that said user is authentic.
4. The method of claim 3, wherein said communication step further includes forwarding by said remote host site authentication commands to said 004750161 chip payment application; and wherein said payment response responds to said commands.
The method of claim 4 wherein said chip card contains a unique O identifier and wherein said payment response utilizes said unique identifier.
6. A method for enabling universal remote access by a user of a chip 5 payment application on a chip card to a remote non-payment application over a l communications network substantially as hereinbefore described with reference to the accompanying drawings. Dated 19 December 2005 Freehills Patent Trade Mark Attorneys Patent Trade Mark Attorneys for the Applicant/s: MasterCard International Incorporated
AU2001259494A 2000-05-04 2001-05-04 System and method for enabling universal log-in Ceased AU2001259494B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US20179000P 2000-05-04 2000-05-04
US60/201,790 2000-05-04
PCT/US2001/014485 WO2001084452A2 (en) 2000-05-04 2001-05-04 System and method for enabling universal log-in

Publications (2)

Publication Number Publication Date
AU2001259494A1 AU2001259494A1 (en) 2002-01-31
AU2001259494B2 true AU2001259494B2 (en) 2006-02-02

Family

ID=22747303

Family Applications (2)

Application Number Title Priority Date Filing Date
AU2001259494A Ceased AU2001259494B2 (en) 2000-05-04 2001-05-04 System and method for enabling universal log-in
AU5949401A Pending AU5949401A (en) 2000-05-04 2001-05-04 System and method for enabling universal log-in

Family Applications After (1)

Application Number Title Priority Date Filing Date
AU5949401A Pending AU5949401A (en) 2000-05-04 2001-05-04 System and method for enabling universal log-in

Country Status (7)

Country Link
EP (1) EP1281149A2 (en)
JP (1) JP2003532236A (en)
AU (2) AU2001259494B2 (en)
CA (1) CA2408014A1 (en)
HK (1) HK1052776A1 (en)
WO (1) WO2001084452A2 (en)
ZA (1) ZA200208825B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100492967C (en) * 2004-11-26 2009-05-27 王小矿 Sale managing method based on dynamic coding
CN100492966C (en) * 2004-11-26 2009-05-27 王小矿 Identity certifying system based on intelligent card and dynamic coding
CN100492968C (en) * 2004-11-26 2009-05-27 王小矿 Anti-fake technology based on dynamic cipher
CN102476719A (en) * 2011-03-18 2012-05-30 贾松仁 Anti-counterfeiting wine bottle and anti-counterfeiting method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5578808A (en) * 1993-12-22 1996-11-26 Datamark Services, Inc. Data card that can be used for transactions involving separate card issuers
EP0807911A2 (en) * 1996-05-15 1997-11-19 RSA Data Security, Inc. Client/server protocol for proving authenticity
WO1999012086A2 (en) * 1997-09-04 1999-03-11 Citicorp Development Center, Inc. Method and system for banking institution interactive center

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6385729B1 (en) * 1998-05-26 2002-05-07 Sun Microsystems, Inc. Secure token device access to services provided by an internet service provider (ISP)

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5578808A (en) * 1993-12-22 1996-11-26 Datamark Services, Inc. Data card that can be used for transactions involving separate card issuers
EP0807911A2 (en) * 1996-05-15 1997-11-19 RSA Data Security, Inc. Client/server protocol for proving authenticity
WO1999012086A2 (en) * 1997-09-04 1999-03-11 Citicorp Development Center, Inc. Method and system for banking institution interactive center

Also Published As

Publication number Publication date
JP2003532236A (en) 2003-10-28
WO2001084452A3 (en) 2002-06-27
WO2001084452A2 (en) 2001-11-08
ZA200208825B (en) 2003-05-21
AU5949401A (en) 2001-11-12
CA2408014A1 (en) 2001-11-08
HK1052776A1 (en) 2003-09-26
EP1281149A2 (en) 2003-02-05

Similar Documents

Publication Publication Date Title
EP3098786A1 (en) Emv transactions in mobile terminals
US20020091646A1 (en) Method and system for verifying the identity of on-line credit card purchasers through a proxy transaction
US20070241180A1 (en) Method of settling signatureless payment of bank card sales slip in mobile terminal, and system therefor
US20070033150A1 (en) Biometric web payment system
WO2003065164A3 (en) System and method for conducting secure payment transaction
AU2005208908A1 (en) System and method for secure telephone and computer transactions
JP2008282408A (en) Internet business security system
WO2013045743A2 (en) Payment system
KR20060034228A (en) Customer authentication in e-commerce transactions
WO2011063590A1 (en) Ic card payment system and method and multi-application ic card and payment terminal
CA2665417A1 (en) Proxy authentication methods and apparatus
US20230065485A1 (en) System and method for processing chip-card transactions from a host computer
US20050289052A1 (en) System and method for secure telephone and computer transactions
JP2003044765A (en) Device and method for requesting credit card transaction, affiliated store terminal, computer program and ic chip
US9152957B2 (en) System and method for downloading an electronic product to a pin-pad terminal after validating an electronic shopping basket entry
RU2644132C2 (en) Method, system and device for checking validation of transaction process
AU2001259494B2 (en) System and method for enabling universal log-in
US11880840B2 (en) Method for carrying out a transaction, corresponding terminal, server and computer program
KR20110029031A (en) System and method for authenticating financial transaction using electric signature and recording medium
AU2001259494A1 (en) System and method for enabling universal log-in
KR20110029032A (en) Method for processing issue public certificate of attestation, terminal and recording medium
KR101190745B1 (en) System for paying credit card using internet otp security of mobile phone and method therefor
KR200458538Y1 (en) System for Operating End-to-End Security Channel between Server and IC Card
KR101471006B1 (en) Method for Operating Certificate
KR20090073063A (en) System for non-face banking process using affiliated ic card

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)
MK14 Patent ceased section 143(a) (annual fees not paid) or expired