CN101432778B - Pin服务 - Google Patents
Pin服务 Download PDFInfo
- Publication number
- CN101432778B CN101432778B CN200780013505XA CN200780013505A CN101432778B CN 101432778 B CN101432778 B CN 101432778B CN 200780013505X A CN200780013505X A CN 200780013505XA CN 200780013505 A CN200780013505 A CN 200780013505A CN 101432778 B CN101432778 B CN 101432778B
- Authority
- CN
- China
- Prior art keywords
- pin
- smart card
- message
- services request
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000004044 response Effects 0.000 claims abstract description 30
- 238000000034 method Methods 0.000 claims description 24
- 230000008859 change Effects 0.000 claims description 4
- 238000012790 confirmation Methods 0.000 claims description 4
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 claims 2
- 238000012795 verification Methods 0.000 claims 1
- 238000010200 validation analysis Methods 0.000 abstract description 11
- 230000007246 mechanism Effects 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 2
- 230000000295 complement effect Effects 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000001343 mnemonic effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/08—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means
- G06K19/10—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1016—Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Networks & Wireless Communication (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Physics (AREA)
- Telephonic Communication Services (AREA)
- Lock And Its Accessories (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
Abstract
智能卡(1)与智能卡读卡器(2)接口以生成被发送到PIN服务中心(5,6)的验证消息(PSRQ)。如果验证消息(PSRQ)被PIN服务中心(5,6)确认,确认响应消息(PSRS)被发送回用户(3)。用户(3)在利用智能卡(1)验证确认响应消息(PSRS)的读卡器(2)上输入确认响应消息(PSRS);然后PIN服务功能可以被执行。智能卡密码信息由智能卡(1)内部地单独地生成-读卡器(2)仅作为输入到智能卡(1)的输入机制或作为从智能卡(1)到显示器(10)的输出机制。因此,读卡器(2)不需要包含用户信息或由卡发行商为用户定制。
Description
技术领域
本发明涉及用于PIN服务的方法和系统。
背景技术
在许多(金融的或其它的)交易中,个人识别号(PIN)被用于验证进行交易或服务的实体具有这样做的正当权限。银行和信用卡发行商提供给他们的用户包含有“参考PIN”的智能卡。通常对于这些卡,在交易进行期间,用户输入他们的PIN到智能卡终端中如零售商售货点装置,其接着把它发送到智能卡以和智能卡上的参考PIN比较。如果由终端发送的PIN与参考PIN相匹配,验证过程成功并且认为用户是智能卡的正当持有者,因此具有正当权限进行交易。
在这样的系统中的一个问题是用户忘记PIN的情况。在这种情况下,用户可以尝试猜测PIN,在给定数量的无效尝试后(通常是三次)智能卡可能变成不可用的,例如不能完成当前和任何其后的交易。尽管存在使智能卡返回它原始可用(未锁定)状态的方法,这些方法通常涉及用户不得不亲临特定的安全终端,通常是卡的发行商的或互惠自动取款机(ATM),并且在PIN被忘记的情况中,用户必须首先通过邮寄包含有PIN详细信息的安全信件被重新告知PIN。
这种情况对于用户来说是不方便的因为不仅他们不得不在ATM“解锁”他们的智能卡,而且如果PIN已经被忘记了在重新告知PIN在信中收到之前将有延迟。第二个问题是对于银行或信用卡发行机构来说,从用户到呼叫中心的进入电话有成本,发布PIN重新告知有成本,但是更重要的是,用户可能转而用竞争者的产品或使用不同的其PIN已知的产品。
在另一个例子中,在数字通信装置中使用的SIM(用户标识模块)卡,这样的GSM(移动通信特别小组)‘电话,可以由PIN保护以便装置只有当有效的PIN被输入时才能够使用。在给定数量的无效PIN输入后SIM被锁定,并且只能通过在用户详细信息被验证后从服务提供商获得解锁码,才能够解锁。
专利出版物US-A-6179205公布了利用专门的智能卡读卡器锁定和解锁智能卡中的申请而不需要PIN的系统。读卡器验证它本身到装置,并且申请可以使用读卡器上专门的按钮被锁定或解锁,不需要输入PIN。
专利出版物US-A-6729550公布了具有IC卡读卡器的便携终端和通过便携终端基于用户验证用于锁定/解锁IC卡的装置。
发明内容
根据本发明的一个方面,提供一种PIN服务方法,其中智能卡与智能卡读卡器接口以生成被发送到PIN服务中心的验证消息。如果验证消息被PIN服务验证中心验证确认,确认响应消息被发送回用户。用户在利用智能卡验证确认响应消息的读卡器上输入确认响应消息;然后可以执行PIN服务功能。例如,如果PIN服务功能是公开参考PIN,那么响应确认响应消息的验证PIN可以显示在智能卡读卡器上。如果验证是不成功的,读卡器可以显示合适的信息。
其它PIN服务功能可以包括将智能卡上的参考PIN改变为一个由用户选择的,重置PIN重试次数(例如在给定数量的无效输入后解锁PIN)和/或重置智能卡上的内部配置或参数。
验证和响应消息优选地由动态一次使用码组成,这样验证和响应消息在每个由用户请求的PIN服务功能上变化。在优选的实施例中,这些消息利用密码密钥和智能卡中的一个或多个计数器利用基于对称密钥密码的密码算法如DES或AES生成。因为消息仅一次有效,这提供防御用户合法地获得消息值但是记下或存储它,允许它随后被欺骗性地重放。在优选的实施例中,验证请求消息和响应消息被数学地推导并且相关联,以便为了PIN服务成功,正当的智能卡必须参与原始验证消息的生成和响应消息的验证。这种信息的绑定还防御交易被“撕断”(例如在不同时间使用的来自原始交易的信息)并且确保完整性,因为卡和发行商系统相互验证彼此。
本发明的实施例的一个重要的特征是智能卡密码消息由智能卡内部地单独地生成-读卡器仅作为输入到智能卡的输入机制或作为从智能卡输出到显示器(或者如果在连接的环境中,输出到连接的上游系统)的输出机制。因此读卡器不需要包含用户信息或由卡发行商为用户定制,并且在未连接的环境中读卡器不需要包含任何物理的安全特征,除了窜改证据的形式。
附图说明
现在将参考如下所描述的附图对本发明的特有实施例进行说明。
图1是本发明的实施例中的PIN服务方法的示意图。
图2是实施例中智能卡和智能卡读卡器的图示。
图3是在用户端执行的方法的更详细的图示。
图4是在服务中心端执行的方法的更详细的图示。
具体实施方式
概述
图1中示意性示出一种根据本发明的实施例的PIN服务的方法。用户3把他们的智能卡1插入到读卡器2中,并且选择请求的PIN服务功能。智能卡1生成由读卡器2显示的验证消息。用户1从读卡器2的显示器读出验证消息并且通过用户接口部件4(例如连接到互联网或IVR(交互式语音响应)系统的终端或使用电话的语音呼叫)发送验证消息、请求的PIN服务功能的详细信息和识别用户的信息(例如用户识别信息)到请求接收部件5,例如语音系统、网络服务器或IVR系统。
请求接收部件5发送接收到的信息到一个或多个确认部件6。确认部件6确认验证消息和识别用户请求PIN服务的信息在哪里适用。然后确认部件6生成其内容可能基于由用户请求的PIN服务功能的确认响应消息。确认响应消息被发送到又发送确认响应消息到用户接口部件4并且因此发送回用户3的请求接收部件5。
用户3输入确认响应消息到发送它到智能卡1以进行验证的读卡器2。如果智能卡1成功地确认响应消息,成功消息被生成并由智能卡返回读卡器2,然后成功消息被显示在读卡器显示器上。或者,拒绝消息被生成并由返回读卡器2以显示。可以使用一个或多个成功或拒绝消息。成功或拒绝消息的内容将是针对PIN服务功能请求的内容特定的和确认是否成功。例如,当所请求的PIN服务功能要返回存储在智能卡上的PIN的值时,PIN可以由智能卡1发送回并且由读卡器2在成功消息中显示。
具体实施方式
图2示出读卡器2的详图,其包括数字小键盘8、对应于不同PIN服务功能的功能键9、确定输入的输入键12、显示消息和反映键入的显示器10和智能卡读卡器插槽11。任何符合相关标准(如ISO-7816或EMV)的智能卡、可以由用户插入智能卡读卡器插槽11。智能卡1包括用于电连接到插槽11中的相应触点的触点7,但也可以使用无接触的连接代替。
在另一个实施例中,读卡器2的功能可以被并入智能卡1:例如,智能卡可以包括数字键盘8和显示器10。而这种配置可能增加智能卡的复杂性并且需要集成的电源,利用现有技术是可行的并且进一步的技术进步可能使这种配置更具吸引力。
在另一个替代实施例中,智能卡1可能包括无线链接接口,如蓝牙接口,用于连接到具有键盘和显示器的、然后如读卡器2那样运行的无线装置上。无线装置可以是例如具有蓝牙功能的智能手机或PDA(个人数字助理),其运行提供读卡器2功能的读卡器应用程序。
在另一个替代实施例中,读卡器2可以提供有线或无线的接口到具有屏幕和键盘的装置,如计算机。例如,读卡器2可以包括到运行读卡器应用程序的计算机的智能卡接口和USB(通用串行总线)接口。
现在参考图3和图4:为了执行PIN服务功能,用户3把卡1插入读卡器2并且使用一个在读卡器2上的功能键9选择所请求的功能。读卡器2发送请求到卡1让它利用加密算法13和在卡1内部的密码密钥和优选地包括卡1中递增的计数器生成PIN服务请求密码(PSRQ)。PSRQ包含加密过程的结果和将发送回确认证部件6以验证密码的计数器的足够详细的信息。
在某些实现方式中,其它数据可能还需要包含在和加密过程相关的PSRQ中,如由确认部件6请求的指向数据单元的指针,例如主密码导出密钥。PSRQ被卡1返回到在读卡器显示器10上显示PSRQ的读卡器2。
PSRQ由用户3通过可以是例如电话、网络形式或其它传送装置的用户接口部件4传递到请求接收部件5。除了PSRQ,用户3还发送到(或应请求通过其提供)请求接收部件5以下信息:
用户标识-包括足够的用于确认部件6的材料以验证用户的身份-如生日、母亲的婚前姓氏和/或可记忆的单词。用户识别类型可以由接收部件5请求,其中这是交互式的,如呼叫中心代理或网页。
卡数据-例如,卡账号。
PIN服务请求功能(PSRQ)-代表用户想要执行的PIN服务功能的记忆符号、短语、词语或代码。
一旦从用户接口部件4接收,请求接收部件5发送数据到确认部件6;这可以包括多个通过利用卡数据寻找预期值验证用户识别17的子部件或步骤。除了这个过程之外,确认部件6传递PSRQ、PSRF和卡数据到密码确认步骤18以验证卡密码。密码确认步骤18可以从卡数据库,如指向密码主密钥、算法和关键字索引的指针,取回数据。密码确认步骤18的这个部分的主要目的是确保来自用户的请求从真正的卡发出。为了防御在随后的请求中PSRQ信息的重放,在优选的实施例中密码确认部件6采用跟踪历史卡计数器的步骤。这样,如果在PSRQ中发送或从PSRQ得到的计数被发现少于或等于历史值,那么过程将中断。
如果密码确认过程已经成功地验证请求的密码,另一个的密码将作为PIN服务响应消息(PSRS)19被生成。在优选的实施例中,PSRS的生成将使用来自于原始PSRF的数据以加密地结合请求和响应消息。PSRS还可以结合原始PSRF的值以确保PIN服务响应与请求相匹配并且为了更加安全,还确保由用户3请求的PIN服务不能够被变换成不同的服务或在交易期间改变,如把PIN解锁功能改变成PIN显示功能。
由密码生成步骤19生成的PSRS消息通过确认部件6和请求接收部件5被发送到用户。用户3通过把它键入到智能卡读卡器小而将键盘8PSRS提交到卡1。
为了确认PSRS14,卡使用原始PSRQ和PSRF生成它自己的内部PSRS,然后把它与读卡器2发送的PSRS相比较。基于可用性和显示特性,卡1可能不得不比较部分密码的结果-如密码最右边的“n”个字节,其中“n”或者是读卡器显示器10的最大长度或者是用户3实际的最大数字长度。例如,可以认为用户键入8字节密码是不实际的。
成功的确认要求卡1内部计算的PSRS和读卡器2接收到的相等。如果成功,基于PSRF,由卡内部保持的安全访问条件将基于PIN服务请求允许内部智能卡的功能或者改变PIN的状态到“解锁”或者发送智能卡中的“参考PIN”。因此PSRF对来自智能卡1到读卡器2的响应类型具有直接的影响-或者“OK/成功”状态或者明文“参考PIN”的值。
替代实施例
上述的实施例是说明性的而不是限制本发明。通过阅读上述具体实施方式显而易见的替代实施例可以仍然属于本发明的范围内。
Claims (12)
1.一种为智能卡执行PIN服务的方法,包括:
a发起PIN服务请求,其中PIN服务请求选择多种可能的PIN服务中的一种;
b生成相应于选择的PIN服务请求的验证消息;
c发送验证消息到PIN服务设备;
d从PIN服务设备接收对验证消息的响应消息;
e对比选择的PIN服务请求确认响应消息,以及响应成功确认,
f为智能卡执行PIN服务,
其中,PIN存储在智能卡上。
2.如权利要求1所述的方法,其中所述验证消息包括一次性密码。
3.如权利要求2所述的方法,其中密码由智能卡生成。
4.如权利要求1或2所述的方法,其中步骤c包括发送识别卡的授权用户的用户识别信息到PIN服务设备。
5.如权利要求1或2所述的方法,其中步骤f还包括显示表明成功确认的PIN服务消息。
6.如权利要求4所述的方法,其中步骤f由连接到智能卡的智能卡读卡器执行。
7.如权利要求1或2所述的方法,其中步骤b和/或步骤e由智能卡执行。
8.如权利要求7所述的方法,其中步骤e包括通过连接到智能卡的智能卡读卡器提供响应消息给智能卡。
9.如权利要求1或2所述的方法,其中步骤a由连接到智能卡的智能卡读卡器执行。
10.如权利要求1或2所述的方法,还包括,在PIN服务设备处,在步骤c和d之间,确认验证消息并且响应验证消息的成功确认生成响应消息。
11.如权利要求10所述的方法,其中验证消息包括根据预定的关系在对智能卡的PIN服务请求间变化的部件,和对比预定的关系确认验证消息。
12.一种执行智能卡的PIN服务功能的设备,包括:
a配置为发起PIN服务请求的装置,其中PIN服务请求选择多种可能的PIN服务中的一种;
b配置为生成对应于所选择的PIN服务请求的验证消息的装置;和
c用于发送验证消息到PIN服务设备的装置;
d用于从PIN服务设备接收对验证消息的响应消息的装置;
e配置为对比PIN服务请求确认响应消息并且,响应于成功确认,执行智能卡的PIN服务的装置,
其中,PIN存储在智能卡上。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0603662.8 | 2006-02-23 | ||
GB0603662A GB2435951A (en) | 2006-02-23 | 2006-02-23 | System for PIN servicing |
PCT/GB2007/000560 WO2007096590A1 (en) | 2006-02-23 | 2007-02-19 | Pin servicing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101432778A CN101432778A (zh) | 2009-05-13 |
CN101432778B true CN101432778B (zh) | 2012-05-02 |
Family
ID=36178647
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200780013505XA Active CN101432778B (zh) | 2006-02-23 | 2007-02-19 | Pin服务 |
Country Status (7)
Country | Link |
---|---|
US (1) | US10528940B2 (zh) |
EP (1) | EP1989689A1 (zh) |
JP (1) | JP2009527835A (zh) |
CN (1) | CN101432778B (zh) |
AU (1) | AU2007217172B2 (zh) |
GB (1) | GB2435951A (zh) |
WO (1) | WO2007096590A1 (zh) |
Families Citing this family (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7992203B2 (en) * | 2006-05-24 | 2011-08-02 | Red Hat, Inc. | Methods and systems for secure shared smartcard access |
US8098829B2 (en) | 2006-06-06 | 2012-01-17 | Red Hat, Inc. | Methods and systems for secure key delivery |
US8495380B2 (en) | 2006-06-06 | 2013-07-23 | Red Hat, Inc. | Methods and systems for server-side key generation |
US8180741B2 (en) | 2006-06-06 | 2012-05-15 | Red Hat, Inc. | Methods and systems for providing data objects on a token |
US8332637B2 (en) | 2006-06-06 | 2012-12-11 | Red Hat, Inc. | Methods and systems for nonce generation in a token |
US8364952B2 (en) | 2006-06-06 | 2013-01-29 | Red Hat, Inc. | Methods and system for a key recovery plan |
US8589695B2 (en) | 2006-06-07 | 2013-11-19 | Red Hat, Inc. | Methods and systems for entropy collection for server-side key generation |
US8099765B2 (en) * | 2006-06-07 | 2012-01-17 | Red Hat, Inc. | Methods and systems for remote password reset using an authentication credential managed by a third party |
US8412927B2 (en) | 2006-06-07 | 2013-04-02 | Red Hat, Inc. | Profile framework for token processing system |
US8707024B2 (en) | 2006-06-07 | 2014-04-22 | Red Hat, Inc. | Methods and systems for managing identity management security domains |
US9769158B2 (en) | 2006-06-07 | 2017-09-19 | Red Hat, Inc. | Guided enrollment and login for token users |
US8787566B2 (en) | 2006-08-23 | 2014-07-22 | Red Hat, Inc. | Strong encryption |
US8806219B2 (en) | 2006-08-23 | 2014-08-12 | Red Hat, Inc. | Time-based function back-off |
US8977844B2 (en) | 2006-08-31 | 2015-03-10 | Red Hat, Inc. | Smartcard formation with authentication keys |
US8356342B2 (en) | 2006-08-31 | 2013-01-15 | Red Hat, Inc. | Method and system for issuing a kill sequence for a token |
US9038154B2 (en) | 2006-08-31 | 2015-05-19 | Red Hat, Inc. | Token Registration |
US8074265B2 (en) | 2006-08-31 | 2011-12-06 | Red Hat, Inc. | Methods and systems for verifying a location factor associated with a token |
US8693690B2 (en) | 2006-12-04 | 2014-04-08 | Red Hat, Inc. | Organizing an extensible table for storing cryptographic objects |
US8813243B2 (en) | 2007-02-02 | 2014-08-19 | Red Hat, Inc. | Reducing a size of a security-related data object stored on a token |
US8832453B2 (en) * | 2007-02-28 | 2014-09-09 | Red Hat, Inc. | Token recycling |
US8639940B2 (en) | 2007-02-28 | 2014-01-28 | Red Hat, Inc. | Methods and systems for assigning roles on a token |
US9081948B2 (en) | 2007-03-13 | 2015-07-14 | Red Hat, Inc. | Configurable smartcard |
US20100308110A1 (en) * | 2009-06-05 | 2010-12-09 | Dynamic Solutions International | Smart card pin management via an unconnected reader |
US8186586B2 (en) * | 2009-06-05 | 2012-05-29 | Datacard Corporation | System, method, and apparatus for smart card pin management via an unconnected reader |
US20100312709A1 (en) * | 2009-06-05 | 2010-12-09 | Dynamic Card Solutions International | Payment application pin data self-encryption |
EP2426652A1 (fr) * | 2010-09-06 | 2012-03-07 | Gemalto SA | Procédé simplifié de personnalisation de carte à puce et dispositif associé |
EP2613287B1 (en) | 2012-01-04 | 2017-12-06 | Barclays Bank PLC | Computer system and method for initiating payments based on cheques |
CN103297236B (zh) * | 2013-05-10 | 2016-09-14 | 季亚琴科·安德烈 | 用户身份验证授权系统 |
CN103839322B (zh) * | 2013-07-10 | 2017-04-19 | 天地融科技股份有限公司 | 智能卡及校验数据输出方法、操作请求响应方法及系统 |
JP6236151B2 (ja) * | 2013-07-10 | 2017-11-22 | 天地融科技股▲ふん▼有限公司 | スマートカード、検証データの出力方法、操作要求への応答方法およびシステム |
US9760704B2 (en) * | 2014-05-23 | 2017-09-12 | Blackberry Limited | Security apparatus session sharing |
US10521793B2 (en) * | 2017-01-12 | 2019-12-31 | BBPOS Limited | System and method to protect privacy of personal-identification-number entry on consumer mobile device and computing apparatus |
CN111010363B (zh) * | 2019-09-20 | 2022-04-05 | 中国银联股份有限公司 | 信息认证方法及其系统、认证模块以及用户终端 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5590198A (en) * | 1995-12-19 | 1996-12-31 | Pitney Bowes Inc. | Open metering system with super password vault access |
CN1260894A (zh) * | 1997-06-27 | 2000-07-19 | 国民西敏寺银行 | 付款方法及其系统 |
Family Cites Families (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS629470A (ja) * | 1985-07-05 | 1987-01-17 | Casio Comput Co Ltd | 個人証明カ−ドにおける本人照合方式 |
JP2831658B2 (ja) * | 1988-07-22 | 1998-12-02 | 株式会社東芝 | ロツク解除方法 |
US5754655A (en) * | 1992-05-26 | 1998-05-19 | Hughes; Thomas S. | System for remote purchase payment and remote bill payment transactions |
JPH06150082A (ja) | 1992-11-02 | 1994-05-31 | Hitachi Ltd | 秘密情報変更方法及び装置 |
US5826166A (en) * | 1995-07-06 | 1998-10-20 | Bell Atlantic Network Services, Inc. | Digital entertainment terminal providing dynamic execution in video dial tone networks |
US5724423A (en) * | 1995-09-18 | 1998-03-03 | Telefonaktiebolaget Lm Ericsson | Method and apparatus for user authentication |
US6075861A (en) * | 1996-05-29 | 2000-06-13 | At&T Corp. | Security access system |
JPH10154192A (ja) | 1996-09-27 | 1998-06-09 | N T T Data Tsushin Kk | 電子マネーシステム及び記録媒体 |
US20030217005A1 (en) * | 1996-11-27 | 2003-11-20 | Diebold Self Service Systems, Division Of Diebold, Incorporated | Automated banking machine system and method |
DE69735664T2 (de) * | 1997-04-18 | 2006-09-07 | Fujitsu Ltd., Kawasaki | Vorrichtung zum Verarbeiten von Karten |
JP3192118B2 (ja) * | 1997-04-18 | 2001-07-23 | 富士通株式会社 | カードユニット処理装置 |
US6179205B1 (en) | 1998-03-05 | 2001-01-30 | Visa International Service Association | System and method for locking and unlocking and application in a smart card |
US6092202A (en) * | 1998-05-22 | 2000-07-18 | N*Able Technologies, Inc. | Method and system for secure transactions in a computer system |
WO2000016568A1 (en) * | 1998-09-15 | 2000-03-23 | In Touch Technologies Limited | Communication services |
WO2001038950A2 (en) * | 1999-11-22 | 2001-05-31 | Ascom Hasler Mailing Systems, Inc. | Generation and management of customer pin's |
WO2001084761A1 (en) * | 2000-04-28 | 2001-11-08 | Swisscom Mobile Ag | Method for securing communications between a terminal and an additional user equipment |
FR2810138B1 (fr) * | 2000-06-08 | 2005-02-11 | Bull Cp8 | Procede de stockage securise d'une donnee sensible dans une memoire d'un systeme embarque a puce electronique, notamment d'une carte a puce, et systeme embarque mettant en oeuvre le procede |
US7216083B2 (en) * | 2001-03-07 | 2007-05-08 | Diebold, Incorporated | Automated transaction machine digital signature system and method |
WO2002082387A1 (en) * | 2001-04-04 | 2002-10-17 | Microcell I5 Inc. | Method and system for effecting an electronic transaction |
US20030004124A1 (en) * | 2001-05-21 | 2003-01-02 | The Regents Of The University Of California | BTF3: an inhibitor of apoptosis |
JP2003016398A (ja) | 2001-06-27 | 2003-01-17 | Sony Corp | 携帯端末機 |
US6990471B1 (en) * | 2001-08-02 | 2006-01-24 | Oracle International Corp. | Method and apparatus for secure electronic commerce |
JP2003085496A (ja) * | 2001-09-12 | 2003-03-20 | Dainippon Printing Co Ltd | 会員カードの暗証情報変更方法 |
US6607127B2 (en) * | 2001-09-18 | 2003-08-19 | Jacob Y. Wong | Magnetic stripe bridge |
JP2003201071A (ja) * | 2001-11-01 | 2003-07-15 | Inventio Ag | 人もしくは物の輸送もしくはアクセス制御のためのシステム、このシステムを保守するための方法、装置およびコンピュータプログラム製品、およびこのシステムにより建物を改造する方法 |
JP4170723B2 (ja) | 2002-10-23 | 2008-10-22 | 大日本印刷株式会社 | ロック解除方法およびシステム |
KR20060034228A (ko) * | 2003-06-04 | 2006-04-21 | 마스터카드 인터내셔날, 인코포레이티드 | 전자 상거래 트랜잭션에서의 고객 인증 시스템 및 방법 |
JP2005258517A (ja) | 2004-03-09 | 2005-09-22 | Matsushita Electric Ind Co Ltd | 決済システム |
GB0407648D0 (en) * | 2004-04-03 | 2004-05-05 | Rothwell Brian | Variable password access controller |
JP4398807B2 (ja) | 2004-06-28 | 2010-01-13 | 株式会社日立製作所 | 閉塞解除システム |
US7210620B2 (en) * | 2005-01-04 | 2007-05-01 | Ameriprise Financial, Inc. | System for facilitating online electronic transactions |
US20070081540A1 (en) * | 2005-10-11 | 2007-04-12 | First Data Corporation | Emergency services notification from an ATM system and methods |
US8249965B2 (en) * | 2006-03-30 | 2012-08-21 | Obopay, Inc. | Member-supported mobile payment system |
-
2006
- 2006-02-23 GB GB0603662A patent/GB2435951A/en not_active Withdrawn
-
2007
- 2007-02-19 EP EP07712737A patent/EP1989689A1/en not_active Ceased
- 2007-02-19 JP JP2008555858A patent/JP2009527835A/ja active Pending
- 2007-02-19 US US12/280,492 patent/US10528940B2/en active Active
- 2007-02-19 CN CN200780013505XA patent/CN101432778B/zh active Active
- 2007-02-19 WO PCT/GB2007/000560 patent/WO2007096590A1/en active Application Filing
- 2007-02-19 AU AU2007217172A patent/AU2007217172B2/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5590198A (en) * | 1995-12-19 | 1996-12-31 | Pitney Bowes Inc. | Open metering system with super password vault access |
CN1260894A (zh) * | 1997-06-27 | 2000-07-19 | 国民西敏寺银行 | 付款方法及其系统 |
Also Published As
Publication number | Publication date |
---|---|
US20100313027A1 (en) | 2010-12-09 |
AU2007217172A1 (en) | 2007-08-30 |
CN101432778A (zh) | 2009-05-13 |
US10528940B2 (en) | 2020-01-07 |
WO2007096590A1 (en) | 2007-08-30 |
GB2435951A (en) | 2007-09-12 |
AU2007217172B2 (en) | 2011-10-06 |
EP1989689A1 (en) | 2008-11-12 |
JP2009527835A (ja) | 2009-07-30 |
GB0603662D0 (en) | 2006-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101432778B (zh) | Pin服务 | |
US20240127236A1 (en) | Communications Device, Point Of Sale Device, Payment Device and Methods | |
EP3039627B1 (en) | Method for authenticating transactions | |
KR101150241B1 (ko) | 동적 인증 코드를 이용한 트랜잭션의 승인 방법 및 시스템 | |
US10108958B2 (en) | Method for processing a payment, and system and electronic device for implementing the same | |
US20140019360A1 (en) | Method for online payment, and system and electronic device for implementing the same | |
US11132657B2 (en) | Transaction flow | |
KR20110055112A (ko) | 스마트카드와 통신단말기를 이용한 전자화폐 인증 시스템 | |
CN104919779A (zh) | 相对于自动装置认证用户的方法 | |
CN103903131A (zh) | 一种基于图形码实现电子交易的方法及系统 | |
EP2787474A2 (en) | Dynamically allocated security code system for smart debt and credit cards | |
EP2854087A1 (en) | Method for processing a payment | |
CN102867374A (zh) | 应用于网上银行的银行卡及网上银行安全系统 | |
EP1266275A2 (en) | A method for secured identification of user's i.d. | |
JP2001351155A (ja) | 携帯電話を利用した自動販売機の代金支払認証方法と代金支払認証システム | |
KR20230174217A (ko) | 일련의 작업을 수행하기 위해 비접촉식 카드를 통해 리소스 로케이터를 활용하는 기술 | |
EP3702990A1 (en) | Change of reference pin code value of smart card by a mobile device and a distinct telecommunication device | |
JP5589471B2 (ja) | ロイヤリティ管理システム,ロイヤリティ管理方法及びトークン | |
EP3660767A1 (en) | Improvements relating to security and authentication of interaction data | |
CN105405010A (zh) | 交易装置、使用其的交易系统与交易方法 | |
EP4120165A1 (en) | Method for managing a smart card | |
KR102443675B1 (ko) | 사용자 인증 및 거래 스테이징 | |
KR101008947B1 (ko) | 브이오아이피 단말의 다중 채널을 이용한 금융거래 방법 및 브이오아이피 단말과 이를 위한 기록매체 | |
EP3082087B1 (en) | Mobile payment method | |
KR101041120B1 (ko) | 브이오아이피 단말을 통한 조회납부 방법 및 시스템과 이를위한 브이오아이피 단말 및 기록매체 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201119 Address after: England Atsushi Patentee after: Barclays Executive Services Limited Address before: England Atsushi Patentee before: BARCLAYS BANK PLC |
|
TR01 | Transfer of patent right |