CN116848833A - 使用非接触式卡的一次性口令的安全生成 - Google Patents
使用非接触式卡的一次性口令的安全生成 Download PDFInfo
- Publication number
- CN116848833A CN116848833A CN202180094058.5A CN202180094058A CN116848833A CN 116848833 A CN116848833 A CN 116848833A CN 202180094058 A CN202180094058 A CN 202180094058A CN 116848833 A CN116848833 A CN 116848833A
- Authority
- CN
- China
- Prior art keywords
- application
- otp
- processor
- password
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 33
- 230000015654 memory Effects 0.000 claims description 65
- 238000004891 communication Methods 0.000 claims description 29
- 238000003860 storage Methods 0.000 claims description 21
- 230000004044 response Effects 0.000 claims description 10
- 238000012545 processing Methods 0.000 description 12
- 230000005291 magnetic effect Effects 0.000 description 8
- 230000003287 optical effect Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000004519 manufacturing process Methods 0.000 description 5
- 230000003068 static effect Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 4
- 239000000758 substrate Substances 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 239000010410 layer Substances 0.000 description 3
- 239000000463 material Substances 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- VIEYMVWPECAOCY-UHFFFAOYSA-N 7-amino-4-(chloromethyl)chromen-2-one Chemical compound ClCC1=CC(=O)OC2=CC(N)=CC=C21 VIEYMVWPECAOCY-UHFFFAOYSA-N 0.000 description 2
- KDLHZDBZIXYQEI-UHFFFAOYSA-N Palladium Chemical compound [Pd] KDLHZDBZIXYQEI-UHFFFAOYSA-N 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 2
- 239000003990 capacitor Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 229920000642 polymer Polymers 0.000 description 2
- 229910052710 silicon Inorganic materials 0.000 description 2
- 239000010703 silicon Substances 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- RTAQQCXQSZGOHL-UHFFFAOYSA-N Titanium Chemical compound [Ti] RTAQQCXQSZGOHL-UHFFFAOYSA-N 0.000 description 1
- DSHPMFUQGYAMRR-UHFFFAOYSA-N [Si].[Si].O=[Si] Chemical compound [Si].[Si].O=[Si] DSHPMFUQGYAMRR-UHFFFAOYSA-N 0.000 description 1
- XECAHXYUAAWDEL-UHFFFAOYSA-N acrylonitrile butadiene styrene Chemical compound C=CC=C.C=CC#N.C=CC1=CC=CC=C1 XECAHXYUAAWDEL-UHFFFAOYSA-N 0.000 description 1
- 229920000122 acrylonitrile butadiene styrene Polymers 0.000 description 1
- 239000004676 acrylonitrile butadiene styrene Substances 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 229910052799 carbon Inorganic materials 0.000 description 1
- 238000005520 cutting process Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 description 1
- 229910052737 gold Inorganic materials 0.000 description 1
- 239000010931 gold Substances 0.000 description 1
- 230000003340 mental effect Effects 0.000 description 1
- 229910052751 metal Inorganic materials 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 229910052763 palladium Inorganic materials 0.000 description 1
- 229920003023 plastic Polymers 0.000 description 1
- 239000004033 plastic Substances 0.000 description 1
- 229920000515 polycarbonate Polymers 0.000 description 1
- 239000004417 polycarbonate Substances 0.000 description 1
- 229920000728 polyester Polymers 0.000 description 1
- 229920002689 polyvinyl acetate Polymers 0.000 description 1
- 239000011118 polyvinyl acetate Substances 0.000 description 1
- 239000004800 polyvinyl chloride Substances 0.000 description 1
- 229920000915 polyvinyl chloride Polymers 0.000 description 1
- 210000001525 retina Anatomy 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000002356 single layer Substances 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 229910052719 titanium Inorganic materials 0.000 description 1
- 239000010936 titanium Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3226—Use of secure elements separate from M-devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
- G06Q20/108—Remote banking, e.g. home banking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3221—Access to banking information through M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/352—Contactless payments by cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/353—Payments by cards read by M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/386—Payment protocols; Details thereof using messaging services or messaging apps
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4012—Verifying personal identification numbers [PIN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Microelectronics & Electronic Packaging (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Telephonic Communication Services (AREA)
- Credit Cards Or The Like (AREA)
- Coupling Device And Connection With Printed Circuit (AREA)
Abstract
公开了用于使用非接触式卡的一次性口令的安全生成的系统、方法、装置和计算机可读介质。在一个示例中,设备的操作系统(OS)可以从非接触式卡接收统一资源定位符(URL)和密码。该OS可以启动与URL相关联的应用。该应用可以将密码传送到认证服务器。该应用可以从认证服务器接收指示认证服务器解密了密码的解密结果。基于解密结果,该应用可以请求OTP。处理器可以从OTP生成器接收OTP。该应用可以接收输入值,并将该输入值与OTP的副本进行比较。该应用可以确定出比较结果匹配,并且基于该比较结果匹配的确定,显示账户的一个或多个属性。
Description
相关申请
本申请要求于2021年1月4日提交的题为“SECURE GENERATION OF ONE-TIMEPASSCODES USING A CONTACTLESS CARD(使用非接触式卡的一次性口令的安全生成)”的美国专利申请序列号17/140,698的优先权。前述申请的内容通过引用整体并入本文。
相关申请
本文中公开的实施例涉及计算系统。更具体地,本文中公开的实施例涉及提供用于使用非接触式卡的一次性口令的安全生成的计算系统。
背景技术
一次性口令可以用作第二种形式的认证。然而,一次性口令容易受到许多安全风险的影响。例如,如果用户在公共场所未锁定他们的智能手机,则路人可以访问被发送到设备的任何口令。相似地,如果恶意用户获得对发送口令的设备和/或账户的访问,则恶意用户可以访问口令。这样做就可能允许恶意用户访问账户数据或其他敏感信息。
发明内容
公开了用于使用非接触式卡安全生成一次性口令的系统、方法、装置和计算机可读介质。在一个示例中,在设备的处理器上执行的操作系统(OS)可以从与账户相关联的非接触式卡接收统一资源定位符(URL)和密码。该OS可以启动与非接触式卡相关联的应用。该应用可以将密码传送到认证服务器。该应用可以从认证服务器接收指示认证服务器解密了密码的解密结果。基于解密结果,该应用可以将针对包括标识符在内的一次性口令(OTP)的请求传送到URL。处理器可以从URL处的OTP生成器接收OTP。该应用可以接收输入值,并将该输入值与从OTP生成器接收到的OTP的副本进行比较。该应用可以确定出比较结果匹配,并且基于比较结果匹配的确定,在设备上显示账户的一个或多个属性。
附图说明
图1A示出了根据一个实施例的主题的一方面。
图1B示出了根据一个实施例的主题的一方面。
图1C示出了根据一个实施例的主题的一方面。
图2A示出了根据一个实施例的主题的一方面。
图2B示出了根据一个实施例的主题的一方面。
图2C示出了根据一个实施例的主题的一方面。
图2D示出了根据一个实施例的主题的一方面。
图3示出了根据一个实施例的例程300。
图4示出了根据一个实施例的例程400。
图5A示出了根据一个实施例的非接触式卡。
图5B示出了根据一个实施例的非接触式卡136。
图6示出了根据一个实施例的数据结构600。
图7示出了根据一个实施例的计算机架构700。
具体实施方式
本文中公开的实施例提供了安全地生成一次性口令(one-time passcode,OTP)的技术,该一次性口令可以用作第二种形式的认证。一般地,用户可以期望认证到账户、完成购买或执行要求多因素认证(multi-factor authentication,MFA)的任何操作。在一个示例中,用户可以将非接触式卡轻拍到计算设备以发起认证。响应于进入与设备的通信范围,非接触式卡可以生成包括密码和统一资源定位符(uniform resource locator,URL)的数据包。设备的操作系统可以读取数据包和/或URL,并且启动设备上与URL相关联的账户应用。在一个示例中,该账户应用与非接触式卡的发卡方相关联。账户应用可以将OTP请求传送到URL处的OTP生成器。该OTP请求可以包括密码。
然后,OTP生成器和/或与OTP生成器相关联的服务器可以尝试解密密码,如本文中更详细描述的。如果解密成功,则OTP生成器可以识别用于相关联账户的联系信息,诸如电话号码、电子邮件等。OTP生成器可以生成OTP,并将该OTP传送到识别出的联系信息。然后,用户可以从OTP生成器接收OTP,并将接收到的OTP作为输入提供给账户应用。账户应用可以将该输入与从OTP生成器接收到的OTP的实例进行比较。如果比较结果匹配,则账户应用可以验证OTP,并允许所请求的操作,例如,查看账户详情、进行购买等。如果比较结果不匹配,则验证可能失败,并且账户应用可以拒绝或以其他方式限制执行所请求的操作。
有利地,本文中公开的实施例提供了用于使用非接触式卡生成用于多因素认证的OTP的安全技术。通过利用由非接触式卡生成的密码,本公开的实施例可以用最小的欺诈活动风险安全地验证请求执行操作的用户的身份。此外,这样做确保了仅当用户能够访问非接触式卡以及以用于促进与服务器进行密码验证的安全应用访问计算设备时才生成OTP代码。此外,通过提供简化的OTP生成过程,更多请求可以由服务器处理,从而提高系统性能。
总体参照本文中使用的符号和命名,后续详细描述的一个或多个部分可以在计算机或计算机网络上执行的程序过程方面呈现。这些过程性描述和表示由本领域技术人员使用,以将他们工作的实质最有效地传达给本领域其他技术人员。过程在这里总体上被构思为导致所需结果的自洽序列的操作。这些操作是那些要求对物理量进行物理操控的操作。通常,虽然不是必须的,但是这些量采取能够进行存储、传输、结合、比较和以其他方式操控的电、磁或光信号的形式。主要是出于习惯用语的原因,有时将这些信号称为比特、值、元素、符号、字符、项、数字等经证明是方便的。然而,应该注意,所有这些和相似的术语都要与适当的物理量相关联,并且仅仅是应用于那些量的方便标记。
此外,这些操控经常以诸如添加或比较的术语指代,这通常与由人工操作员执行的脑力操作相关联。然而,在构成一个或多个示例的一部分的本文所描述的任何操作中,人类操作员的这种能力不是必须的,或者在大多数情况下不是可取的。相反,这些操作是机器操作。用于执行各种实施例的操作的有用机器包括由存储在其中的计算机程序选择性地激活或配置的数字计算机,该计算机程序根据本文中的教导来编写,和/或包括为所需的目的而专门构造的装置或数字计算机。各种实施例还涉及用于执行这些操作的装置或系统。这些装置可以为所需的目的而专门构造。针对各种这些机器所需的结构从给出的描述中将是显而易见的。
现在参照附图,其中相同的附图标记始终用于指代相同的元件。在下面的描述中,出于解释的目的,阐述了许多具体细节以便提供对其的透彻理解。然而,显然,可以在没有这些具体细节的情况下实践新颖的实施例。在其他实例中,公知的结构和设备以框图形式显示以便促进对其的描述。旨在覆盖权利要求范围内的所有修改、等同物和替代物。
图1A描绘了与所公开的实施例一致的示例性计算架构100,也被称为系统。虽然图1A-1C所示的计算架构100在特定拓扑中具有有限数量的元件,但是可以认识到,该计算架构100可以在按照给定实施方式所期望的替代拓扑中包括更多或更少的元件。
计算架构100包括计算设备102、服务器104和非接触式卡136。非接触式卡136代表任何类型的支付卡,诸如信用卡、借记卡、ATM卡、礼品卡等。该非接触式卡136可以包括一个或多个通信接口122,诸如射频识别(radio frequency identification,RFID)芯片,其被配置为在无线通信中经由NFC、EMV标准或其他短程协议与计算设备102(本文中也被称为“卡读取器”、“无线卡读取器”和/或“无线通信接口”)通信。虽然NFC在本文中用作示例通信协议,但是本公开同样适用于其他类型的无线通信,诸如EMV标准、蓝牙和/或Wi-Fi。
计算设备102代表任何数量和类型的计算设备,诸如智能手机、平板电脑、可穿戴设备、膝上型电脑、便携式游戏设备、虚拟化计算系统、商家终端、销售点系统、服务器、桌上型计算机等。移动设备被用作计算设备102的示例,但是不应被视为对本公开的限制。服务器104代表任何类型的计算设备,诸如服务器、工作站、计算集群、云计算平台、虚拟化计算系统等。虽然出于清楚起见没有描绘,但计算设备102、非接触式卡136和服务器104各自包括一个或多个处理器电路以执行程序、代码和/或指令。
如图所示,该非接触式卡136的存储器106包括小应用程序108、计数器110、主密钥112、多样化密钥114和唯一客户标识符(identifier,ID)116。小应用程序108是被配置为执行本文中描述的操作的可执行代码。计数器110、主密钥112、多样化密钥114和客户ID 116被用于在系统100中提供安全性,如下面更详细地描述的。
如图所示,移动设备102的存储器144包括操作系统(OS)138的实例。示例操作系统138包括OS、/>和/>操作系统。如图所示,该OS138包括账户应用118和web浏览器140。账户应用118允许用户执行各种账户相关的操作,诸如激活支付卡、查看账户余额、购买物品、处理付款等。在一些实施例中,用户可以使用认证凭证进行认证以访问账户应用118的某些特征部。例如,认证凭证可以包括用户名(或登录名)和口令、生物特征凭证(例如,指纹、面部ID等)和诸如此类。web浏览器140是允许设备102经由网络124(例如,经由互联网)访问信息的应用。
如图所示,服务器104的存储器128包括认证应用123,该认证应用123包括OTP生成器142。虽然被描绘为服务器104的集成部件,但是在一些实施例中,认证应用123和OTP生成器142可以被分成不同的部件,此外,认证应用123和/或OTP生成器142可以在硬件、软件和/或硬件与软件的组合中实施。
在一些实施例中,为了保护账户应用118和/或相关联的数据,例如,账户数据库130中用户账户的细节,系统100可以提供用于使用非接触式卡136的OTP的安全生成。例如,用户可以向账户应用118提供认证凭证,诸如由账户应用118验证的用户名/口令(例如,通过使用账户数据库130的本地实例和/或将凭证传送到服务器104以进行验证)。一旦被验证,账户应用118就可以指示用户将非接触式卡136轻拍到计算设备102。
在图1A所描绘的实施例中,用户可以将非接触式卡136轻拍到计算设备102(或以其他方式将非接触式卡136带入设备102的卡读取器122的通信范围内)。非接触式卡136的小应用程序108然后可以生成URL 120,该URL 120被定向到诸如服务器104、认证应用126和/或OTP生成器142的资源。在一些实施例中,小应用程序108根据一个或多个规则来构造URL 120。在一些实施例中,非接触式卡136存储多个URL 120,并且小应用程序108基于一个或多个规则从多个URL 120中选择URL 120。在一些实施例中,小应用程序108可以通过选择URL 120并添加动态数据诸如密码134作为URL的一个或多个参数来生成URL 120。
密码134可以基于非接触式卡136的客户ID 116。密码134可以基于任何合适的密码技术生成。在一些实施例中,小应用程序108可以包括URL 120、密码134和未加密的标识符(例如,客户ID 116、非接触式卡136的标识符、和/或任何其他唯一标识符)作为数据包的一部分。在至少一些实施例中,数据包是NDEF文件。
如上所述,计算架构100被配置为实施密钥多样化以保护数据,这可以在本文中被称为密钥多样化技术。一般地,服务器104(或另一计算设备)和非接触式卡136可以配备有相同的主密钥112(也被称为主对称密钥)。更具体地,每个非接触式卡136被编程有不同的主密钥112,该主密钥112在服务器104中具有相应的配对。例如,当制造非接触式卡136时,唯一的主密钥112可以被编程到非接触式卡136的存储器106中。相似地,唯一的主密钥112可以被存储在服务器104的账户数据130中的与非接触式卡136相关联的客户的记录中(和/或存储在不同的安全位置中,诸如硬件安全模块(HSM)132中)。主密钥112可以对除了非接触式卡136和服务器104以外的各方保密,由此提高系统100的安全性。在一些实施例中,非接触式卡136的小应用程序108可以使用主密钥112来加密和/或解密数据(例如,客户ID116),并且该数据作为密码算法的输入。例如,利用主密钥112对客户ID 116进行加密可以产生密码134。相似地,服务器104可以使用相应的主密钥112来加密和/或解密与非接触式卡136相关联的数据。
在其他实施例中,非接触式卡136和服务器104的主密钥112可以与计数器110结合使用以使用密钥多样化来提高安全性。计数器110包括在非接触式卡136与服务器104之间同步的值。计数器110可以包括每次数据在非接触式卡136与服务器104(和/或非接触式卡136与计算设备102)之间交换时改变的数字。当准备(例如向服务器104和/或设备102)发送数据时,非接触式卡136的小应用程序108可以递增计数器110。非接触式卡136的小应用程序108然后可以提供主密钥112和计数器110作为密码算法的输入,该密码算法产生多样化密钥114作为输出。该密码算法可以包括加密算法、基于散列的消息认证码(hash-basedmessage authentication code,HMAC)算法、基于密文的消息认证码(cipher-basedmessage authentication code,CMAC)算法等。密码算法的非限制性示例可以包括对称加密算法,诸如3DES或AES107;对称HMAC算法,诸如HMAC-SHA-256算法;以及对称CMAC算法,诸如AES-CMAC。密钥多样化技术的示例在2018年11月29日提交的美国专利申请16/205,119中更详细地描述。前述专利申请通过引用整体并入本文。
继续密钥多样化示例,小应用程序108然后可以使用多样化密钥114和数据作为密码算法的输入来加密数据(例如客户ID 116和/或任何其他数据)。例如,利用多样化密钥114对客户ID 116进行加密可以产生已加密的客户ID(例如密码134)。在一些实施例中,密码134被包括在内作为URL 120的参数。在其他实施例中,密码134不是URL 120的参数,但是利用数据包诸如NDEF文件中的URL 120进行传送。操作系统138然后可以经由计算设备102的通信接口122读取包括URL 120和密码134的数据包。
如前所述,密码134可以是URL 120的参数。例如,URL 120可以是“http://www.example.com/OTPgenerator?param=ABC123”。在这样的示例中,该密码134可以对应于参数“ABC123”。然而,如果密码134不是URL 120的参数,则URL 120可以是“http://www.exmaple.com/OTPgenerator”。不管URL 120是否包括密码134作为参数,URL 120都可以向账户应用118注册,这致使操作系统138启动账户应用118,并将URL 120和密码134提供给账户应用118作为输入。
账户应用118然后可以将密码134与生成OTP的请求传送到服务器104。在URL 120包括密码134作为参数的实施例中,账户应用118从URL 120中提取出密码134,并将带有密码134的请求传送到与OTP生成器142相关联的地址,例如,URL 120的至少一部分。在一些实施例中,账户应用118对OTP生成器142进行应用编程接口(application programminginterface,API)调用。此外,账户应用118可以包括另一个标识符,诸如由小应用程序108在数据包中提供的未加密的客户ID 116。在一些实施例中,另一个标识符可以是非接触式卡136的标识符、和账户标识符等。在这样的实施例中,账户应用118可以包括账户数据库130的一个或多个部分的实例,以确定另一个标识符。
图1B描绘了其中账户应用将包括密码134和未加密的标识符的OTP请求146传送到服务器104的实施例。一旦被接收到,服务器104就可以尝试认证密码134。例如,认证应用126可以尝试使用由服务器104存储的主密钥112的副本来对密码134进行解密。在一些实施例中,认证应用126可以使用由账户应用118提供给服务器104的未加密的客户ID 116(或其他标识符)来识别主密钥112和计数器110。在一些示例中,认证应用126可以提供主密钥112和计数器110作为密码算法的输入,该密码算法产生多样化密钥114作为输出。所得到的多样化密钥114可以对应于非接触式卡136的多样化密钥114,其可以用于对密码134进行解密。
不管使用何种解密技术,认证应用126都可以成功地对密码134进行解密,从而验证或认证OTP请求146中的密码134(例如,通过将对密码134解密所产生的客户ID 116与存储在账户数据库130中的已知客户ID进行比较,和/或基于使用主密钥112和/或多样化密钥114的解密成功的指示)。尽管密钥112、114被描绘为存储在存储器128中,但是该密钥可以存储在其他地方,诸如在安全元件和/或HSM 132中。在这样的实施例中,安全元件和/或HSM132可以使用主密钥112和/或多样化密钥114以及密码函数来解密密码134。相似地,如上所述,安全元件和/或HSM 132可以基于主密钥112和计数器110来生成多样化密钥114。如果解密成功,则认证应用126可以识别被存储在账户数据库130中的用于用户的联系信息,例如,电子邮件地址、电话号码、注册到账户应用118的实例的设备标识符、计算设备102的设备标识符等。认证应用126可以基于被包括在OTP请求146中的未加密的标识符来识别联系信息。认证应用126然后可以指示OTP生成器142要生成OTP并将OTP传送到识别出的联系信息。
然而,如果认证应用126无法解密密码134以产生预期结果(例如,与非接触式卡136相关联的账户的客户ID 116),则认证应用126不验证密码134。在这样的示例中,认证应用126确定要抑制生成OTP。认证应用126可以将解密失败的指示传送到账户应用118。
图1C描绘了其中认证应用126将解密结果148传送到账户应用118的实施例。该解密结果148通常指示服务器104是解密了密码134还是没有解密密码134。在图1C所描绘的示例中,解密结果148指示服务器104解密了密码134。账户应用118可以使用解密结果148来确定密码134是否被解密。基于成功的解密,OTP生成器142可以生成OTP 150并基于所确定的联系信息将其传送到计算设备102。OTP 150可以是任何长度的任何字母数字字符串。如果联系信息是电话号码,则OTP生成器142可以经由短消息服务(short message service,SMS)消息传送OTP 150。如果联系信息是电子邮件地址,则OTP生成器142可以经由电子邮件传送OTP 150。如果联系信息是设备标识符,则OTP生成器142可以将OTP 150作为定向到计算设备102的推送通知的一部分来传送。
用户然后可以经由用户界面将接收到的OTP作为输入提供给账户应用118。账户应用118然后可以将由用户提供的输入与从OTP生成器142接收到的OTP 150的实例进行比较。在另一个实施例中,账户应用118可以将用户输入传送到OTP生成器142,该OTP生成器142执行比较。如果OTP生成器142执行比较,则OTP生成器142将比较结果传送到账户应用118。在一些实施例中,用户可以将输入提供给另一个应用,诸如已经加载了与OTP生成器142相关联的页面的web浏览器140。该web页面然后可以执行比较。如果比较结果匹配,则多因素认证可以完成,并且用户可以能够执行一个或多个所请求的操作。例如,用户可以查看账户属性、执行与账户相关联的操作、进行付款、转移资金、查看余额等。
图2A是示出其中非接触式卡136被轻拍到计算设备102的实施例的示意图200a。虽然计算设备102被描绘为输出操作系统138的屏幕(例如主屏幕),但是计算设备102通常可以处于任何状态。例如,当将非接触式卡136轻拍到计算设备102时,用户可以正在使用另一个应用,诸如web浏览器140。
如前所述,当将非接触式卡136轻拍到计算设备102时,小应用程序108可以生成密码134和URL 120。在一些实施例中,密码134是URL 120的参数。小应用程序108可以进一步包括标识符,诸如未加密的客户ID 116、和非接触式卡136的标识符等。如果密码134是URL120的参数,则未加密的标识符也可以是URL 120的参数。不管密码134和/或未加密的标识符是否是URL 120的参数,密码134、未加密的标识符和URL 120都可以被包括在由计算设备102读取的数据包(诸如NDEF文件)中。如图所示,响应于接收到数据包,操作系统138可以启动账户应用118,因为URL 120(或其一部分)可以向操作系统138中的账户应用118注册。
图2B是示出其中账户应用118响应于操作系统138读取从非接触式卡136接收到的URL 120而被打开的实施例的示意图200b。如图所示,账户应用118指示用户提供第一认证因素,其可以是生物特征凭证。账户应用118可以验证生物特征凭证,并且基于该验证,从OTP生成器142生成针对OTP 150的OTP请求146。如前所述,账户应用118可以将密码134和未加密的标识符传送到OTP生成器142。在一些实施例中,该OTP请求146可以是API调用。
然后,认证应用126可以尝试对密码134进行解密,如上面更详细地描述的。如果解密成功,则认证应用126可以在账户数据库130中识别用于用户账户的联系信息。在一些实施例中,基于未加密的标识符,例如,未加密的客户ID 116、及设备ID等,联系信息被识别出来。然后,认证应用126可以指示OTP生成器142生成OTP 150并将OTP 150传送到联系信息。认证应用126还可以将解密结果148传送到账户应用118。
图2C是示出其中OTP 150作为推送通知202被发送到计算设备102的实施例的示意图200c。用户可以被指示在输入栏204中键入OTP 150。如图所示,推送通知202允许用户选择推送通知202以将OTP 150自动填充到栏204。例如,当被选择时,操作系统138的自动填充服务(未图示)可以拷贝OTP 150并将OTP 150填充到栏204中。在另一个示例中,OTP 150可以被拷贝到操作系统138的剪贴板(未图示)。这样做允许用户将OTP 150从剪贴板粘贴到栏204。
如图所示,OTP 150可以作为输入被键入到栏204。账户应用118然后可以例如通过将该输入与从OTP生成器142接收到的OTP 150的实例进行比较来验证被键入到栏204中的OTP 150。在另一个示例中,账户应用118将被键入到栏204中的输入提供给OTP生成器142,该OTP生成器142执行比较,并将比较的结果返回给账户应用118。如果比较结果匹配,则账户应用118可以确定多因素认证完成。
图2D是示出其中栏204中提供的输入与OTP 150匹配的实施例的示意图200d。基于匹配和对密码134的解密,用户可以在账户应用118中登录到他们的账户。如图所示,账户应用118显示各种账户属性,例如账户余额。实施例不限于该上下文,因为使用OTP 150的MFA可以用于授权任何所请求的操作。
用于所公开的实施例的操作可以参照以下图进一步描述。一些图可以包括逻辑流程。尽管本文中呈现的这些图可以包括特定的逻辑流程,但是可以认识到,该逻辑流程仅提供了能够如何实施本文中描述的一般功能的示例。此外,除非另有说明,否则给定的逻辑流程并不一定必须按照所呈现的顺序执行。此外,不是逻辑流程中示出的所有动作可能在一些实施例中都是必需的。另外,给定的逻辑流程可以由硬件元素、由处理器执行的软件元素、或其任何组合实施。实施例不限于该上下文。
图3示出了逻辑流程或例程300的实施例。逻辑流程300可以代表由本文所描述的一个或多个实施例执行的一些或所有操作。例如,逻辑流程300可以包括使能使用非接触式卡的OTP的安全生成的一些或所有操作。实施例不限于该上下文。
在框302中,例程300由在计算设备102的处理器上执行的操作系统138从与账户相关联的非接触式卡136接收统一资源定位符(URL)120和密码134。在框304中,例程300由操作系统138响应于接收到URL 120,启动与非接触式卡136相关联的账户应用118。然而,在一些实施例中,账户应用118在操作系统138的前台执行,并且不需要启动。在这样的实施例中,用户可以请求执行操作,诸如查看账户余额、转移资金等。
在框306中,例程300由账户应用118将密码134传送到认证服务器104。账户应用118还可以包括未加密的标识符,例如,客户ID 116和/或对认证应用126的设备标识符。在框308中,例程300由账户应用118从服务器104接收解密结果148,该解密结果148指示认证服务器104解密了密码134。
在框310中,例程300由账户应用118基于解密结果将针对包括标识符的一次性口令(OTP)的请求传送到服务器104。该标识符可以是未加密的客户ID 116、设备标识符和/或非接触式卡136的标识符。在框312中,例程300由服务器104基于标识符确定账户数据库130中的联系信息。该联系信息可以包括但不限于电话号码、电子邮件地址、设备标识符等。在框314中,例程300由计算设备102在所确定的联系信息处从OTP生成器142接收OTP 150。在框316中,例程300由账户应用118接收来自用户的输入值。在框318中,例程300由账户应用118将输入值与从OTP生成器142接收到的OTP的副本进行比较。在框320中,例程300由账户应用118确定出比较结果匹配。在框322中,例程300由账户应用118基于解密结果148以及比较结果匹配的确定,在设备上显示账户的一个或多个属性。附加地和/或可替选地,账户应用118可以基于比较结果匹配的确定以及解密结果148来授权由用户所请求的操作的执行。
图4示出了逻辑流程或例程400的实施例。逻辑流程400可以代表由本文所描述的一个或多个实施例执行的一些或所有操作。例如,逻辑流程400可以包括使能使用非接触式卡的OTP的安全生成的一些或所有操作。实施例不限于该上下文。
在框402中,例程400由在计算设备102的处理器上执行的操作系统138从与账户相关联的非接触式卡136接收统一资源定位符(URL)120和密码134。如本文中更详细地描述,小应用程序108可以生成密码134。小应用程序108可以进一步将未加密的标识符(例如,客户ID 116)传送到计算设备102。在框404中,例程400由操作系统138响应于接收到URL 120,启动与非接触式卡136相关联的账户应用118。在框406中,例程400由账户应用118将密码134传送到认证服务器104。账户应用118可以进一步将未加密的标识符传送到服务器104。
在框408中,例程400由账户应用118从认证服务器104接收解密结果148,该解密结果148指示认证服务器104解密了密码134。在框410中,例程400由账户应用118基于解密结果148将针对包括标识符的一次性口令(OTP)的请求传送到URL。该标识符可以是未加密的客户ID 116、设备标识符和/或非接触式卡136的标识符。在框412中,例程400由服务器104基于标识符确定账户数据库130中的联系信息。该联系信息可以包括但不限于电话号码、电子邮件地址、设备标识符等。在框414中,例程400由计算设备102在所确定的联系信息处从URL 120处的OTP生成器142接收OTP 150。在框416中,例程400由账户应用118接收输入值。在框418中,例程400由账户应用118将输入值与从OTP生成器142接收到的OTP 150的副本进行比较。在框420中,例程400由应用确定出比较结果匹配。在框422中,例程400由账户应用118基于比较结果匹配的确定并基于解密结果148,在设备上显示账户的一个或多个属性。
图5A是示出非接触式卡136的示例构造的示意图500,该非接触式卡136可以包括由作为服务提供商标记502在非接触式卡136的正面或背面显示的服务提供商发行的支付卡,诸如信用卡、借记卡或礼品卡。在一些示例中,非接触式卡136与支付卡无关,并且可以包括但不限于身份证。在一些示例中,非接触式卡可以包括双界面非接触式支付卡、奖励卡等。非接触式卡136可以包括基板504,其可以包括由塑料、金属和其他材料组成的单层或一个或多个层压层。示例性基板材料包括聚氯乙烯、聚氯乙烯醋酸酯、丙烯腈丁二烯苯乙烯、聚碳酸酯、聚酯、阳极化钛、钯、金、碳、纸、以及可生物降解材料。在一些示例中,非接触式卡136可能具备符合ISO/IEC 7816标准的ID-1格式的物理特性,并且非接触式卡可能另外符合ISO/IEC 14443标准。然而,可以理解,根据本公开的非接触式卡136可以具备不同的特性,并且本公开并不要求在支付卡中实现非接触式卡。
非接触式卡136还可以包括显示在该卡的正面和/或背面的识别信息506,以及接触垫508。接触垫508可以包括一个或多个垫,并且被配置为经由交易卡与另一个客户端设备(诸如ATM、用户设备、智能手机、膝上型电脑、桌上型电脑或平板电脑)建立接触。该接触垫可以根据诸如ISO/IEC 7816标准的一个或多个标准来设计,并且使能根据EMV协议进行通信。非接触式卡136还可以包括处理电路、天线和其他部件,这将在图5B中进一步讨论。这些部件可以位于接触垫508后面或基板504上的其他地方,例如,基板504的不同层内,并且可以与接触垫508电耦合和物理耦合。非接触式卡136还可以包括磁条或磁带,其可以位于该卡的背面(图5A中未显示)。非接触式卡136还可以包括与能够经由NFC协议进行通信的天线耦合的近场通信(Near-Field Communication,NFC)设备。实施例不限于这种方式。
如图2所示,非接触式卡136的接触垫508可以包括用于存储、处理和传递信息的处理电路510,包括处理器512、存储器106以及一个或多个通信接口122。可以理解,处理电路510可以包含附加部件,包括处理器、存储器、错误和奇偶校验/CRC校验器、数据编码器、防冲突算法、控制器、命令解码器、安全原语和防篡改硬件,如执行本文中描述的功能所必需的。
存储器106可以是只读存储器、一次写入多次读取存储器或读/写存储器,例如,RAM、ROM和EEPROM,并且非接触式卡136可以包括这些存储器中的一个或多个。只读存储器可以被厂商可编程为只读或一次性可编程。一次性可编程性提供一次写入然后多次读取的机会。一次写入/多次读取存储器可以在存储器芯片已出厂后的某个时间点进行编程。一旦存储器被编程,它就可能不会被重写,但可以被多次读取。读/写存储器可以在出厂后被多次编程和重新编程。读/写存储器也可以在出厂后被多次读取。在一些实例中,存储器106可以是已加密的存储器,其利用由处理器512执行加密算法对数据进行加密。
存储器106可以被配置为存储一个或多个小应用程序108、一个或多个计数器110、客户ID 116、主密钥112、多样化密钥114和URL 120。一个或多个小应用程序108可以包括被配置为在非接触式卡上执行的一个或多个软件应用,诸如卡小应用程序。然而,可以理解,小应用程序108不限于Java卡小应用程序,而是可以是可在非接触式卡或具有有限存储器的其他设备上操作的任何软件应用。一个或多个计数器110可以包括足以存储整数的数字计数器。客户ID 116可以包括被分配给非接触式卡136的用户的唯一字母数字标识符,并且该标识符可以将非接触式卡的用户与其他非接触式卡的用户区分开。在一些示例中,客户ID 116可以识别客户和分配给该客户的账户两者,并且可以进一步识别与该客户的账户相关联的非接触式卡136。
前述示例性实施例的处理器512和存储器元件参照接触垫508进行描述,但是本公开不限于此。可以理解,这些元件可以被实施在接触垫508之外或与其完全分离,或者作为除了位于接触垫508内的处理器512和存储器106元件以外的进一步元件。
在一些示例中,非接触式卡136可以包括一个或多个天线514。一个或多个天线514可以被放置在非接触式卡136内并且在接触垫508的处理电路510周围。例如,一个或多个天线514可以与处理电路510构成一体,并且一个或多个天线514可以与外部升压线圈一起使用。又例如,一个或多个天线514可以在接触垫508和处理电路510的外部。
在实施例中,非接触式卡136的线圈可以充当空芯变压器的次级。终端可以通过切断功率或振幅调制与非接触式卡136进行通信。非接触式卡136可以使用非接触式卡136的功率连接中的间隙来推断出从终端传送的数据,这可以通过一个或多个电容器在功能上维持。非接触式卡136可以通过切换非接触式卡136的线圈上的负载或负载调制向回通信。负载调制可以通过干扰在终端线圈中检测到。更一般地,使用(一个或多个)天线514、处理器512和/或存储器106,非接触式卡136提供通信接口以经由NFC、蓝牙、和/或Wi-Fi通信进行通信。
如上面解释的,非接触式卡136可以被构建在可在智能卡或具有有限存储器的其他设备诸如JavaCard上操作的软件平台上,并且一个或多个应用或小应用程序可以被安全地执行。小应用程序108可以被添加到非接触式卡以在各种基于移动应用的用例中提供用于多因素认证(MFA)的一次性口令(OTP)。小应用程序108可以被配置为:响应来自读取器诸如(例如,移动设备或销售点终端的)移动NFC读取器的一个或多个请求诸如近场数据交换请求,并且产生包括被编码为NDEF文本标签的密码安全OTP的NDEF消息。
NDEF OTP的一个示例是NDEF短记录布局(SR=1)。在这样的示例中,一个或多个小应用程序108可以被配置为将OTP编码为NDEF类型4公知类型的文本标签。在一些示例中,NDEF消息可以包括一个或多个记录。除了OTP记录以外,小应用程序108可以被配置为还添加一个或多个静态标签记录。
在一些示例中,一个或多个小应用程序108可以被配置为仿真RFID标签。该RFID标签可以包括一个或多个多态标签。在一些示例中,每次读取标签时都呈现不同的密码数据,这些数据可以指示非接触式卡的真实性。基于一个或多个小应用程序108,对标签的NFC读取可以被处理,数据可以被传送到服务器诸如银行系统的服务器,并且该数据可以在服务器处被验证。
在一些示例中,非接触式卡136和服务器可以包括某些数据,使得该卡可以被正确识别。非接触式卡136可以包括一个或多个唯一标识符(未图示)。每次发生读取操作时,计数器110可以被配置为递增。在一些示例中,每次(例如,由移动设备)读取来自非接触式卡136的数据时,计数器110被传送到服务器以进行验证,并且确定计数器110是否等于(作为验证的一部分)服务器的计数器。
一个或多个计数器110可以被配置为阻止重放攻击。例如,如果密码已经被获得并重放,则该密码立即被拒绝,如果已经读取或使用或以其他方式忽略了计数器110的话。如果计数器110尚未被使用,则它可以被重放。在一些示例中,在非接触式卡136上递增的计数器不同于针对交易而递增的计数器。非接触式卡136不能确定应用交易计数器110,因为在非接触式卡136上的小应用程序108之间没有通信。在一些示例中,非接触式卡136可以包括第一小应用程序440-1,其可以是交易小应用程序,以及第二小应用程序440-2。每个小应用程序440-1和440-2可以包括相应的计数器110。
在一些示例中,计数器110可能会变得不同步。在一些示例中,为了解释发起交易的意外读取,诸如以某一角度读取,计数器110可以递增,但该应用不会处理计数器110。在一些示例中,当移动设备10被唤醒时,NFC可以被启用,并且该设备102可以被配置为读取可用的标签,但是不响应于读取而采取动作。
为了保持计数器110同步,可以执行应用诸如后台应用,该应用将被配置为:检测移动设备102何时唤醒,并与银行系统的服务器同步以指示由于检测而发生的读取,然后将计数器110向前移动。在其他示例中,可以利用散列的一次性口令使得可以接受不同步的窗口。例如,如果在阈值10内,计数器110可以被配置为向前移动。但是如果在不同的阈值数内,例如在10或1000内,则可以处理用于执行重同步的请求,其经由一个或多个应用请求用户经由用户设备轻拍、打手势或以其他方式指示一次或多次。如果计数器110以适当的顺序增加,则有可能获知用户已经这样做了。
本文中参照计数器110、主密钥和多样化密钥描述的密钥多样化技术是加密和/或解密密钥多样化技术的一则示例。这种示例密钥多样化技术不应被视为对本公开的限制,因为本公开同样适用于其他类型的密钥多样化技术。
在非接触式卡136的创建过程期间,两个密码密钥可以被唯一地分配给每张卡。密码密钥可以包括对称密钥,该对称密钥可以在数据的加密和解密两者中使用。三重DES(Triple DES,3DES)算法可以由EMV使用,并且它由非接触式卡136中的硬件实施。通过使用密钥多样化过程,一个或多个密钥可以基于用于要求密钥的每个实体的唯一可识别信息从主密钥中导出。
在一些示例中,为了克服3DES算法可能易受漏洞影响的缺陷,可以导出会话密钥(诸如每个会话的唯一密钥)而不是使用主密钥,唯一卡导出的密钥和计数器可以用作多样化数据。例如,每次非接触式卡136在操作中使用时,不同的密钥可用于创建消息认证码(message authentication code,MAC)和执行加密。这会导致三层密码。该会话密钥可以由一个或多个小应用程序生成,并通过使用具有一个或多个算法的应用交易计数器导出(如EMV 4.3Book 2A1.3.1公共会话密钥导出中定义的那样)。
此外,用于每张卡的增量可以是唯一的,并且通过个性化分配,或者通过一些识别信息在算法上分配。例如,奇数卡可以递增2,偶数卡可以递增5。在一些示例中,增量也可以在顺序读取方面上变化,使得一张卡可以按1、3、5、2、2……重复的顺序递增。具体序列或算法序列可以在个性化的时候定义,或者从唯一标识符导出的一个或多个过程中定义。这能够使得重放攻击者更难从少量的卡情况下进行归纳。
认证消息可以作为十六进制ASCII格式的文本NDEF记录的内容递送。在另一个示例中,NDEF记录可以以十六进制格式编码。
图6示出了根据示例实施例的NDEF短记录布局(SR=1)数据结构600。一个或多个小应用程序可以被配置为:将OTP编码为NDEF类型4公知类型的文本标签。在一些示例中,NDEF消息可以包括一个或多个记录。小应用程序可以被配置为除了OTP记录以外,还添加一个或多个静态标签记录。示例性标签包括但不限于:标签类型:公知类型、文本、编码英语(encoding English,en);小应用程序ID:D2760000850101;能力:只读访问;编码:认证消息可被编码为ASCII十六进制;类型-长度-值(type-length-value,TLV)数据可以被提供作为可用来生成NDEF消息的个性化参数。在实施例中,认证模板可以包括第一记录,具有用于提供实际动态认证数据的公知索引。该数据结构600可以包括URL 120、密码134和由小应用程序108提供的任何其他数据。
图7示出了适合于实施如前描述的各种实施例的示例性计算机架构700的实施例。在一个实施例中,计算机架构700可以包括或被实施为计算架构100的一部分,如本文中讨论的那样。
如本申请中使用的,术语“系统(system)”和“部件(component)”旨在是指计算机相关的实体,硬件、硬件与软件的组合、软件、或执行中的软件,其示例由示例性计算计算机架构700提供。例如,部件可以是但不限于在处理器上运行的进程、处理器、硬盘驱动器、(光和/或磁存储介质的)多个存储驱动器、对象、可执行文件、执行线程、程序和/或计算机。举例说明,在服务器运行上的应用和服务器两者都可以是部件。一个或多个部件可以驻留在进程和/或执行线程内,并且部件可以定位在一台计算机上和/或分布在两台或更多台计算机之间。此外,部件可以由各种类型的通信介质彼此通信地耦合以协调操作。该协调可以涉及单向或双向信息交换。例如,部件可以以通过通信介质传递的信号形式传递信息。该信息可以被实施为分配给各种信号线的信号。在这样的分配中,每条消息都是信号。然而,可替选地,进一步的实施例也可以采用数据消息。这样的数据消息可以跨各种连接被发送。示例性连接包括并行接口、串行接口和总线接口。
计算机架构700包括各种常见的计算元件,诸如一个或多个处理器、多核处理器、协处理器、存储器单元、芯片组、控制器、外围设备、接口、振荡器、定时设备、视频卡、音频卡、多媒体输入/输出(input/output,I/O)部件、电源等。然而,实施例不限于由计算架构100进行的实施方式。
如图7所示,计算机架构700包括处理器702、系统存储器704和系统总线706。处理器702可以是各种可商购获得的处理器中的任何一种。
系统总线706提供用于系统部件的接口,包括但不限于系统存储器704到处理器702。系统总线706可以是几种类型的总线结构中的任何一种,其进一步可以使用各种可商购获得的总线架构中的任何一种与存储器总线(具有或不具有存储器控制器)、外围总线和本地总线互连。接口适配器可以经由插槽架构连接到系统总线706。示例插槽架构可以包括但不限于加速图形端口(AGP)、卡总线、(扩展的)工业标准架构((E)ISA)、微通道架构(MCA)、网络用户总线(NuBus)、外围部件互联(扩展)(PCI(X))、PCI高速(PCI Express)、个人计算机存储卡国际协会(PCMCIA)等。
计算机架构700可以包括或实施各种制品。制品可以包括用以存储逻辑的计算机可读存储介质。计算机可读存储介质的示例可以包括能够存储电子数据的任何有形介质,包括易失性存储器或非易失性存储器、可移动或不可移动存储器、可擦除或不可擦除存储器、可写或可重写存储器等。逻辑的示例可以包括使用任何合适类型的代码实施的可执行计算机程序指令,诸如源代码、编译代码、解释代码、可执行代码、静态代码、动态代码、面向对象代码、可视代码等。实施例也可以至少部分地被实施为包含在非暂时性计算机可读介质中或其上的指令,这些指令可以由一个或多个处理器读取和执行,以使能执行本文中描述的操作。
系统存储器704可以包括以一个或多个高速存储器单元形式的各种类型的计算机可读存储介质,诸如只读存储器(ROM)、随机存取存储器(RAM)、动态RAM(DRAM)、双数据速率DRAM(DDRAM)、同步DRAM(SDRAM)、静态RAM(SRAM)、可编程ROM(PROM)、可擦除可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)、闪存、聚合物存储器诸如铁电聚合物存储器、双向存储器、相变或铁电存储器、硅-氧化硅-氮化硅-氧化硅-硅(SONOS)存储器、磁卡或光卡、诸如独立磁盘冗余阵列(RAID)驱动器的设备阵列、固态存储设备(例如,USB存储器、固态驱动器(SSD))以及适合于存储信息的任何其他类型的存储介质。在图7所示的说明性实施例中,系统存储器704可以包括非易失性708和/或易失性710。基本输入/输出系统(BIOS)可以被存储在非易失性708中。
计算机712可以包括以一个或多个低速存储器单元形式的各种类型的计算机可读存储介质,包括内部(或外部)硬盘驱动器714、从可移动磁盘718读取或向其写入的磁盘驱动器716和从可移动光盘722(例如CD-ROM或DVD)读取或向其写入的光盘驱动器720。硬盘驱动器714、磁盘驱动器716和光盘驱动器720可以分别通过HDD接口724、FDD接口726和光盘驱动器接口728连接到系统总线706。用于外部驱动器实施方式的HDD接口724可以包括通用串行总线(Universal Serial Bus,USB)和IEEE 1394接口技术中的至少一种或两种。
驱动器及相关联的计算机可读介质提供数据、数据结构、计算机可执行指令等的易失性和/或非易失性存储。例如,许多程序模块可以被存储在驱动器以及非易失性708和易失性710中,包括操作系统730、一个或多个应用732、其他程序模块734和程序数据736。在一个实施例中,一个或多个应用732、其他程序模块734和程序数据736可以包括例如系统100的各种应用和/或部件。
用户可以通过一个或多个有线/无线输入设备(例如,键盘738和定点设备诸如鼠标740)将命令和信息键入计算机712。其他输入设备可以包括麦克风、红外(infra-red,IR)遥控器、射频(radio-frequency,RF)遥控器、游戏垫、触笔、卡读取器、加密狗(dongle)、指纹读取器、手套、图形输入板、操纵杆、键盘、视网膜读取器、触摸屏(例如,电容式、电阻式等)、轨迹球、触控板、传感器、手写笔等。这些和其他输入设备通常通过被耦合到系统总线706的输入设备接口742而被连接到处理器702,但是也可以通过其他接口被连接,诸如并行端口、IEEE 1394串行端口、游戏端口、USB端口、IR接口等。
监视器744或其他类型的显示设备也经由诸如视频适配器746的接口被连接到系统总线706。监视器744可以在计算机712的内部或外部。除了监视器744以外,计算机典型地还包括其他外围输出设备,诸如扬声器、打印机等。
计算机712可以使用经由与一台或多台远程计算机诸如(一台或多台)远程计算机748的有线和/或无线通信的逻辑连接在网络化环境中操作。(一台或多台)远程计算机748可以是工作站、服务器计算机、路由器、个人计算机、便携式计算机、基于微处理器的娱乐设备、对等设备或其他公共网络节点,并且典型地包括相对于计算机712描述的许多或所有元素,尽管出于简洁的目的,只有存储器/存储设备750被示出。所描绘的逻辑连接包括与局域网752和/或更大的网络例如广域网754的有线/无线连接。这样的LAN和WAN联网环境在办公室和公司中很常见,并且便于企业范围的计算机网络,诸如内部网,所有这些可以连接到全球通信网络,例如互联网。
当在局域网752联网环境中使用时,计算机712通过有线和/或无线通信网络接口或网络适配器756被连接到局域网752。网络适配器756可以促进到局域网752的有线和/或无线通信,该局域网752还可以包括设置在其上的无线接入点,以用于与网络适配器756的无线功能进行通信。
当在广域网754联网环境中使用时,计算机712可以包括调制解调器758,或者被连接到广域网754上的通信服务器,或者具有用于诸如通过互联网的方式在广域网754上建立通信的其他装置。调制解调器758可以是内置或外置的有线和/或无线设备,经由输入设备接口742连接到系统总线706。在网络化环境中,相对于计算机712所描绘的程序模块或其部分可以被存储在远程存储器/存储设备750中。将认识到,所示的网络连接是示例性的,并且可以使用在计算机之间建立通信链路的其他装置。
计算机712可操作为使用IEEE 802标准族与有线和无线的设备或实体(诸如,可操作地设置在无线通信(例如,IEEE 802.11空中调制技术)中的无线设备)通信。除了别的以外,这至少还包括Wi-Fi(或无线保真度)、WiMax和BluetoothTM无线技术。因此,通信可以是与常规网络一样的预定义结构,或者只是在至少两个设备之间的自组织(ad hoc)通信。Wi-Fi网络使用称作IEEE 802.118(a、b、g、n等)的无线电技术来提供安全、可靠、快速的无线连接。Wi-Fi网络可以用于将计算机彼此连接、连接到互联网以及连接到有线网络(其使用IEEE 802.3相关的介质和功能)。
如先前参照图1A-6描述的设备的各种元素可以包括各种硬件元素、软件元素或两者的组合。硬件元素的示例可以包括设备、逻辑设备、部件、处理器、微处理器、电路、处理器、电路元件(例如,晶体管、电阻器、电容器、电感器等)、集成电路、专用集成电路(application specific integrated circuits,ASIC)、可编程逻辑设备(programmablelogic devices,PLD)、数字信号处理器(digital signal processors,DSP)、现场可编程门阵列(field programmable gate array,FPGA)、存储器单元、逻辑门、寄存器、半导体器件、芯片、微芯片、芯片组等。软件元素的示例可以包括软件部件、程序、应用、计算机程序、应用程序、系统程序、软件开发程序、机器程序、操作系统软件、中间件、固件、软件模块、例程、子例程、功能、方法、过程、软件接口、应用程序接口(API)、指令集、计算代码、计算机代码、代码段、计算机代码段、字、值、符号、或其任何组合。然而,确定实施例是否使用硬件元素和/或软件元素来实施可能根据许多因素而变化,诸如期望的计算速率、功率水平、耐热性、处理周期预算、输入数据速率、输出数据速率、存储器资源、数据总线速度和按照给定的实施方式期望的其他设计或性能约束。
至少一个实施例的一个或多个方面可以由存储在机器可读介质上的代表性指令实施,该指令表示处理器内的各种逻辑,当由机器读取时该指令致使机器制造逻辑以执行本文所描述的技术。这样的被称为“IP核”的表示可以被存储在有形的机器可读介质上,并且被供应给各种客户或制造设施,以加载到制造逻辑或处理器的制造机器中。一些实施例可以例如使用机器可读介质或物品来实施,该机器可读介质或物品可以存储指令或指令集,如果由机器执行该指令或指令集可以致使机器执行根据实施例的方法和/或操作。这样的机器可以包括例如任何合适的处理平台、计算平台、计算设备、处理设备、计算系统、处理系统、计算机、处理器等,并且可以使用硬件和/或软件的任何合适的组合来实施。机器可读介质或物品可以包括例如任何合适类型的存储器单元、存储器设备、存储器物品、存储器介质、存储设备、存储物品、存储介质和/或存储单元,例如,存储器、可移动或不可移动介质、可擦除或不可擦除介质、可写或可重写介质、数字或模拟介质、硬盘、软盘、光盘只读存储器(CD-ROM)、可记录光盘(CD-R)、可重写光盘(CD-RW)、光盘、磁介质、磁光介质、可移动存储卡或盘、各种类型的数字通用盘(DVD)、磁带、盒式磁带等。指令可以包括任何合适类型的代码,诸如源代码、编译代码、解释代码、可执行代码、静态代码、动态代码、加密代码等,使用任何合适的高级、低级、面向对象、可视化、编译和/或解释的编程语言来实施。
出于说明和描述的目的,已经呈现了示例实施例的前述描述。它并不旨在穷举或将本公开限制于所公开的精确形式。根据本公开,许多修改和变化是可能的。意图是本公开的范围不受该详细描述的限制,而是受所附权利要求的限制。要求本申请的优先权的未来提交的申请可以用不同的方式要求所公开的主题,并且通常可以包括如本文所公开的或以其他方式证明的一个或多个限制的任何集合。
Claims (20)
1.一种方法,包括:
由在设备的处理器上执行的操作系统从与账户相关联的非接触式卡接收统一资源定位符(URL)和密码;
由所述操作系统响应于接收到所述URL,启动与所述非接触式卡相关联的应用;
由所述应用将所述密码传送到认证服务器;
由所述应用从所述认证服务器接收解密结果,所述解密结果指示所述认证服务器解密了所述密码;
由所述应用基于所述解密结果将针对包括标识符的一次性口令(OTP)的请求传送到所述URL;
由所述设备从所述URL处的OTP生成器接收所述OTP;
由所述应用接收输入值;
由所述应用将所述输入值与从所述OTP生成器接收到的所述OTP的副本进行比较;
由所述应用确定出比较结果匹配;以及
由所述应用基于比较结果匹配的确定,在所述设备上显示账户的一个或多个属性。
2.根据权利要求1所述的方法,进一步包括:
由所述应用在所述设备上的账户数据库中确定所述标识符,其中,所述标识符包括所述非接触式卡的标识符或所述账户的标识符中的一个。
3.根据权利要求2所述的方法,进一步包括:
由所述设备经由以下至少一个接收所述OTP:(i)与所述标识符相关联的电子邮件地址,(ii)与所述标识符相关联的电话号码处的短消息服务(SMS)消息,以及(iii)由所述应用基于与所述标识符相关联的所述设备的设备标识符而接收到的推送通知。
4.根据权利要求1所述的方法,进一步包括:在将所述密码传送到所述认证服务器前:
由所述应用接收用于所述账户的认证凭证;以及
由所述应用验证接收到的用于所述账户的认证凭证。
5.根据权利要求4所述的方法,进一步包括:在验证用于所述账户的认证凭证后:
由所述应用接收用以执行与所述账户相关联的操作的请求;
由所述应用输出指定要轻拍所述非接触式卡到所述设备以授权所述操作的指示;以及
由所述应用基于指示所述认证服务器解密了所述密码的解密结果以及比较结果匹配的确定来授权所请求的操作。
6.根据权利要求1所述的方法,其中,所述OS基于近场通信(NFC)从所述非接触式卡接收所述URL和所述密码,所述方法进一步包括:
由所述OS将接收到的OTP提供给所述OS的自动填充服务;以及
由所述自动填充服务将所述OTP自动填充到所述应用的表单栏中。
7.根据权利要求1所述的方法,其中,所述URL被注册为启动所述OS中的所述应用,其中,所述URL被定向到用于所述OTP生成器的应用编程接口(API)端点。
8.一种系统,包括:
处理器;和
存储指令的存储器,所述指令当由所述处理器执行时致使所述处理器:
由在所述处理器上执行的操作系统从与账户相关联的非接触式卡接收统一资源定位符(URL)和密码;
由所述操作系统响应于接收到所述URL,启动与所述非接触式卡相关联的应用;
由所述应用将所述密码传送到认证服务器;
由所述应用从所述认证服务器接收解密结果,所述解密结果指示所述认证服务器解密了所述密码;
由所述应用基于所述解密结果将针对包括标识符的一次性口令(OTP)的请求传送到所述URL;以及
由所述处理器从所述URL处的OTP生成器接收所述OTP;
由所述应用接收输入值;
由所述应用将所述输入值与从所述OTP生成器接收到的所述OTP的副本进行比较;
由所述应用确定出比较结果匹配;以及
由所述应用基于比较结果匹配的确定,显示所述账户的一个或多个属性。
9.根据权利要求8所述的系统,所述存储器存储指令,所述指令当由所述处理器执行时致使所述处理器:
由所述应用在被存储在所述存储器中的账户数据库中确定所述标识符,其中,所述标识符包括所述非接触式卡的标识符或所述账户的标识符中的一个。
10.根据权利要求8所述的系统,所述存储器存储指令,所述指令当由所述处理器执行时致使所述处理器:
由所述处理器经由以下至少一个接收所述OTP:(i)与所述标识符相关联的电子邮件地址,(ii)与所述标识符相关联的电话号码处的短消息服务(SMS)消息,以及(iii)由所述应用基于与所述标识符相关联的所述设备的设备标识符而接收到的推送通知。
11.根据权利要求8所述的系统,所述存储器存储指令,所述指令当由所述处理器执行时致使所述处理器,在将所述密码传送到所述认证服务器前:
由所述应用接收用于所述账户的认证凭证;以及
由所述应用验证接收到的用于所述账户的认证凭证。
12.根据权利要求11所述的系统,所述存储器存储指令,所述指令当由所述处理器执行时致使所述处理器,在验证用于所述账户的认证凭证后:
由所述应用接收用以执行与所述账户相关联的操作的请求;
由所述应用输出指定要轻拍所述非接触式卡到所述系统以授权所述操作的指示;以及
由所述应用基于指示所述认证服务器解密了所述密码的解密结果以及所述比较结果匹配的确定来授权所请求的操作。
13.根据权利要求8所述的系统,其中,所述OS基于近场通信(NFC)从所述非接触式卡接收所述URL和所述密码,所述存储器存储指令,所述指令当由所述处理器执行时致使所述处理器:
由所述OS将接收到的OTP提供给所述OS的自动填充服务;以及
由所述自动填充服务将所述OTP自动填充到所述应用的表单栏中。
14.根据权利要求8所述的系统,其中,所述URL被注册为启动所述OS中的所述应用,其中,所述URL被定向到用于所述OTP生成器的应用编程接口(API)端点。
15.一种存储计算机可读指令的非暂时性计算机可读存储介质,当由处理器执行时,所述指令致使处理器:
由在所述处理器上执行的操作系统(OS)从与账户相关联的非接触式卡接收统一资源定位符(URL)和密码;
由所述操作系统响应于接收到所述URL,启动与所述非接触式卡相关联的应用;
由所述应用将所述密码传送到认证服务器;
由所述应用从所述认证服务器接收解密结果,所述解密结果指示所述认证服务器解密了所述密码;
由所述应用基于所述解密结果将针对包括标识符的一次性口令(OTP)的请求传送到所述URL;以及
从所述URL处的OTP生成器接收所述OTP;
由所述应用接收输入值;
由所述应用将所述输入值与从所述OTP生成器接收到的所述OTP的副本进行比较;
由所述应用确定比较结果匹配;以及
由所述应用基于比较结果匹配的确定,在显示器上显示所述账户的一个或多个属性。
16.根据权利要求15所述的非暂时性计算机可读存储介质,进一步包括指令,所述指令当由所述处理器执行时致使所述处理器:
由所述应用在被存储在所述介质中的账户数据库中确定所述标识符,其中,所述标识符包括所述非接触式卡的标识符或所述账户的标识符中的一个。
17.根据权利要求15所述的非暂时性计算机可读存储介质,进一步包括指令,所述指令当由所述处理器执行时致使所述处理器:
经由以下至少一个接收所述OTP:(i)与所述标识符相关联的电子邮件地址,(ii)与所述标识符相关联的电话号码处的短消息服务(SMS)消息,以及(iii)由所述应用基于与所述标识符相关联的所述设备的设备标识符而接收到的推送通知。
18.根据权利要求15所述的非暂时性计算机可读存储介质,进一步包括指令,所述指令当由所述处理器执行时致使所述处理器,在将所述密码传送到所述认证服务器前:
由所述应用接收用于所述账户的认证凭证;以及
由所述应用验证接收到的用于所述账户的认证凭证。
19.根据权利要求18所述的非暂时性计算机可读存储介质,进一步包括指令,所述指令当由所述处理器执行时致使所述处理器,在验证用于所述账户的认证凭证后:
由所述应用接收用以执行与所述账户相关联的操作的请求;
由所述应用输出指定要轻拍所述非接触式卡到包括所述处理器的设备以授权所述操作的指示;以及
由所述应用基于指示所述认证服务器解密了所述密码的解密结果以及比较结果匹配的确定来授权所请求的操作。
20.根据权利要求15所述的非暂时性计算机可读存储介质,其中,OS基于近场通信(NFC)从所述非接触式卡接收所述URL和所述密码,其中所述URL被注册为启动所述OS中的所述应用,其中所述URL被定向到用于所述OTP生成器的应用编程接口(API)端点,所述介质进一步包括指令,所述指令当由所述处理器执行时致使所述处理器:
由所述OS将接收到的OTP提供给所述OS的自动填充服务;以及
由所述自动填充服务将所述OTP自动填充到所述应用的表单栏中。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/140,698 US11216799B1 (en) | 2021-01-04 | 2021-01-04 | Secure generation of one-time passcodes using a contactless card |
US17/140,698 | 2021-01-04 | ||
PCT/US2021/063281 WO2022146672A1 (en) | 2021-01-04 | 2021-12-14 | Secure generation of one-time passcodes using a contactless card |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116848833A true CN116848833A (zh) | 2023-10-03 |
Family
ID=79169462
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202180094058.5A Pending CN116848833A (zh) | 2021-01-04 | 2021-12-14 | 使用非接触式卡的一次性口令的安全生成 |
Country Status (8)
Country | Link |
---|---|
US (3) | US11216799B1 (zh) |
EP (1) | EP4272410A1 (zh) |
JP (1) | JP2024502434A (zh) |
KR (1) | KR20230125226A (zh) |
CN (1) | CN116848833A (zh) |
AU (1) | AU2021415999A1 (zh) |
CA (1) | CA3204039A1 (zh) |
WO (1) | WO2022146672A1 (zh) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230015697A1 (en) * | 2021-07-13 | 2023-01-19 | Citrix Systems, Inc. | Application programming interface (api) authorization |
Family Cites Families (548)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2523745B1 (fr) | 1982-03-18 | 1987-06-26 | Bull Sa | Procede et dispositif de protection d'un logiciel livre par un fournisseur a un utilisateur |
JPS6198476A (ja) | 1984-10-19 | 1986-05-16 | Casio Comput Co Ltd | カードターミナル |
FR2613565B1 (fr) | 1987-04-03 | 1989-06-23 | Bull Cps | Procede pour acheminer des cles secretes vers des modules de securite et des cartes utilisateurs, dans un reseau de traitement d'informations |
US5036461A (en) | 1990-05-16 | 1991-07-30 | Elliott John C | Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device |
FR2704341B1 (fr) | 1993-04-22 | 1995-06-02 | Bull Cp8 | Dispositif de protection des clés d'une carte à puce. |
US5377270A (en) | 1993-06-30 | 1994-12-27 | United Technologies Automotive, Inc. | Cryptographic authentication of transmitted messages using pseudorandom numbers |
US5363448A (en) | 1993-06-30 | 1994-11-08 | United Technologies Automotive, Inc. | Pseudorandom number generation and cryptographic authentication |
JP3053527B2 (ja) | 1993-07-30 | 2000-06-19 | インターナショナル・ビジネス・マシーンズ・コーポレイション | パスワードを有効化する方法及び装置、パスワードを生成し且つ予備的に有効化する方法及び装置、認証コードを使用して資源のアクセスを制御する方法及び装置 |
US5537314A (en) | 1994-04-18 | 1996-07-16 | First Marketrust Intl. | Referral recognition system for an incentive award program |
US5764789A (en) | 1994-11-28 | 1998-06-09 | Smarttouch, Llc | Tokenless biometric ATM access system |
US7152045B2 (en) | 1994-11-28 | 2006-12-19 | Indivos Corporation | Tokenless identification system for authorization of electronic transactions and electronic transmissions |
US5778072A (en) | 1995-07-07 | 1998-07-07 | Sun Microsystems, Inc. | System and method to transparently integrate private key operations from a smart card with host-based encryption services |
US5666415A (en) | 1995-07-28 | 1997-09-09 | Digital Equipment Corporation | Method and apparatus for cryptographic authentication |
US5832090A (en) | 1995-08-10 | 1998-11-03 | Hid Corporation | Radio frequency transponder stored value system employing a secure encryption protocol |
US5748740A (en) | 1995-09-29 | 1998-05-05 | Dallas Semiconductor Corporation | Method, apparatus, system and firmware for secure transactions |
US6049328A (en) | 1995-10-20 | 2000-04-11 | Wisconsin Alumni Research Foundation | Flexible access system for touch screen devices |
US5616901A (en) | 1995-12-19 | 1997-04-01 | Talking Signs, Inc. | Accessible automatic teller machines for sight-impaired persons and print-disabled persons |
DE69704684T2 (de) | 1996-02-23 | 2004-07-15 | Fuji Xerox Co., Ltd. | Vorrichtung und Verfahren zur Authentifizierung von Zugangsrechten eines Benutzers zu Betriebsmitteln nach dem Challenge-Response-Prinzip |
US6226383B1 (en) | 1996-04-17 | 2001-05-01 | Integrity Sciences, Inc. | Cryptographic methods for remote authentication |
US5768373A (en) | 1996-05-06 | 1998-06-16 | Symantec Corporation | Method for providing a secure non-reusable one-time password |
US5901874A (en) | 1996-05-07 | 1999-05-11 | Breakthrough Marketing, Inc. | Handicapped accessible dumpster |
US5763373A (en) | 1996-06-20 | 1998-06-09 | High Point Chemical Corp. | Method of preparing an alkaline earth metal tallate |
US6058373A (en) | 1996-10-16 | 2000-05-02 | Microsoft Corporation | System and method for processing electronic order forms |
US6483920B2 (en) | 1996-12-04 | 2002-11-19 | Bull, S.A. | Key recovery process used for strong encryption of messages |
US5796827A (en) | 1996-11-14 | 1998-08-18 | International Business Machines Corporation | System and method for near-field human-body coupling for encrypted communication with identification cards |
US6021203A (en) | 1996-12-11 | 2000-02-01 | Microsoft Corporation | Coercion resistant one-time-pad cryptosystem that facilitates transmission of messages having different levels of security |
US6061666A (en) | 1996-12-17 | 2000-05-09 | Citicorp Development Center | Automatic bank teller machine for the blind and visually impaired |
GB9626196D0 (en) | 1996-12-18 | 1997-02-05 | Ncr Int Inc | Self-service terminal (sst) and a method of oerating the sst to control movement of a card of the sst |
US6282522B1 (en) | 1997-04-30 | 2001-08-28 | Visa International Service Association | Internet payment system using smart card |
US7290288B2 (en) | 1997-06-11 | 2007-10-30 | Prism Technologies, L.L.C. | Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network |
US5960411A (en) | 1997-09-12 | 1999-09-28 | Amazon.Com, Inc. | Method and system for placing a purchase order via a communications network |
US5983273A (en) | 1997-09-16 | 1999-11-09 | Webtv Networks, Inc. | Method and apparatus for providing physical security for a user account and providing access to the user's environment and preferences |
US5883810A (en) | 1997-09-24 | 1999-03-16 | Microsoft Corporation | Electronic online commerce card with transactionproxy number for online transactions |
DE69824437T2 (de) | 1997-10-14 | 2005-06-23 | Visa International Service Association, Foster City | Personalisieren von chipkarten |
IL122105A0 (en) | 1997-11-04 | 1998-04-05 | Rozin Alexander | A two-way radio-based electronic toll collection method and system for highway |
US6889198B2 (en) | 1998-01-30 | 2005-05-03 | Citicorp Development Center, Inc. | Method and system for tracking smart card loyalty points |
US7207477B1 (en) | 2004-03-08 | 2007-04-24 | Diebold, Incorporated | Wireless transfer of account data and signature from hand-held device to electronic check generator |
US6199762B1 (en) | 1998-05-06 | 2001-03-13 | American Express Travel Related Services Co., Inc. | Methods and apparatus for dynamic smartcard synchronization and personalization |
EP0956818B1 (en) | 1998-05-11 | 2004-11-24 | Citicorp Development Center, Inc. | System and method of biometric smart card user authentication |
JP3112076B2 (ja) | 1998-05-21 | 2000-11-27 | 豊 保倉 | ユーザ認証システム |
US6615189B1 (en) | 1998-06-22 | 2003-09-02 | Bank One, Delaware, National Association | Debit purchasing of stored value card for use by and/or delivery to others |
US6216227B1 (en) | 1998-06-29 | 2001-04-10 | Sun Microsystems, Inc. | Multi-venue ticketing using smart cards |
US6032136A (en) | 1998-11-17 | 2000-02-29 | First Usa Bank, N.A. | Customer activated multi-value (CAM) card |
US7660763B1 (en) | 1998-11-17 | 2010-02-09 | Jpmorgan Chase Bank, N.A. | Customer activated multi-value (CAM) card |
US6438550B1 (en) | 1998-12-10 | 2002-08-20 | International Business Machines Corporation | Method and apparatus for client authentication and application configuration via smart cards |
US6829711B1 (en) | 1999-01-26 | 2004-12-07 | International Business Machines Corporation | Personal website for electronic commerce on a smart java card with multiple security check points |
ATE231266T1 (de) | 1999-02-18 | 2003-02-15 | Orbis Patents Ltd | Kreditkartensystem und -verfahren |
US6731778B1 (en) | 1999-03-31 | 2004-05-04 | Oki Electric Industry Co, Ltd. | Photographing apparatus and monitoring system using same |
US6402028B1 (en) | 1999-04-06 | 2002-06-11 | Visa International Service Association | Integrated production of smart cards |
US7127605B1 (en) | 1999-05-10 | 2006-10-24 | Axalto, Inc. | Secure sharing of application methods on a microcontroller |
US6227447B1 (en) | 1999-05-10 | 2001-05-08 | First Usa Bank, Na | Cardless payment system |
US6845498B1 (en) | 1999-05-11 | 2005-01-18 | Microsoft Corporation | Method and apparatus for sharing data files among run time environment applets in an integrated circuit card |
US6504945B1 (en) | 1999-07-13 | 2003-01-07 | Hewlett-Packard Company | System for promoting correct finger placement in a fingerprint reader |
US7908216B1 (en) | 1999-07-22 | 2011-03-15 | Visa International Service Association | Internet payment, authentication and loading system using virtual smart card |
US6324271B1 (en) | 1999-08-17 | 2001-11-27 | Nortel Networks Limited | System and method for authentication of caller identification |
SE515327C2 (sv) | 1999-08-27 | 2001-07-16 | Ericsson Telefon Ab L M | Anordning för att utföra säkra transaktioner i en kommunikationsanordning |
US7085931B1 (en) | 1999-09-03 | 2006-08-01 | Secure Computing Corporation | Virtual smart card system and method |
US6834271B1 (en) | 1999-09-24 | 2004-12-21 | Kryptosima | Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet |
US7319986B2 (en) | 1999-09-28 | 2008-01-15 | Bank Of America Corporation | Dynamic payment cards and related management systems and associated methods |
US6910627B1 (en) | 1999-09-29 | 2005-06-28 | Canon Kabushiki Kaisha | Smart card systems and electronic ticketing methods |
JP2001195368A (ja) | 1999-11-01 | 2001-07-19 | Sony Corp | 認証情報通信システムおよび認証情報通信方法、携帯情報処理装置、並びにプログラム提供媒体 |
US8814039B2 (en) | 1999-11-05 | 2014-08-26 | Lead Core Fund, L.L.C. | Methods for processing a payment authorization request utilizing a network of point of sale devices |
US8794509B2 (en) | 1999-11-05 | 2014-08-05 | Lead Core Fund, L.L.C. | Systems and methods for processing a payment authorization request over disparate payment networks |
AU1431301A (en) | 1999-11-22 | 2001-06-04 | Intel Corporation | Integrity check values (icv) based on pseudorandom binary matrices |
US7366703B2 (en) | 2000-01-05 | 2008-04-29 | American Express Travel Related Services Company, Inc. | Smartcard internet authorization system |
WO2001052180A1 (en) | 2000-01-10 | 2001-07-19 | Tarian, Llc | Device using histological and physiological biometric marker for authentication and activation |
US20010034702A1 (en) | 2000-02-04 | 2001-10-25 | Mockett Gregory P. | System and method for dynamically issuing and processing transaction specific digital credit or debit cards |
US8150767B2 (en) | 2000-02-16 | 2012-04-03 | Mastercard International Incorporated | System and method for conducting electronic commerce with a remote wallet server |
US20030034873A1 (en) | 2000-02-16 | 2003-02-20 | Robin Chase | Systems and methods for controlling vehicle access |
US6779115B1 (en) | 2000-02-18 | 2004-08-17 | Digital5, Inc. | Portable device using a smart card to receive and decrypt digital data |
US20010029485A1 (en) | 2000-02-29 | 2001-10-11 | E-Scoring, Inc. | Systems and methods enabling anonymous credit transactions |
US6852031B1 (en) | 2000-11-22 | 2005-02-08 | Igt | EZ pay smart card and tickets system |
CA2406001A1 (en) | 2000-04-14 | 2001-10-25 | American Express Travel Related Services Company, Inc. | A system and method for using loyalty points |
JP5025875B2 (ja) | 2000-04-24 | 2012-09-12 | ビザ・インターナショナル・サービス・アソシエーション | オンラインの支払人認証サービスの方法 |
US7933589B1 (en) | 2000-07-13 | 2011-04-26 | Aeritas, Llc | Method and system for facilitation of wireless e-commerce transactions |
US6631197B1 (en) | 2000-07-24 | 2003-10-07 | Gn Resound North America Corporation | Wide audio bandwidth transduction method and device |
WO2002015037A1 (en) | 2000-08-14 | 2002-02-21 | Gien Peter H | System and method for facilitating signing by buyers in electronic commerce |
US7789302B2 (en) | 2000-08-17 | 2010-09-07 | Dexrad (Proprietary) Limited | Transfer of verification data |
AU2001288679A1 (en) | 2000-09-11 | 2002-03-26 | Sentrycom Ltd. | A biometric-based system and method for enabling authentication of electronic messages sent over a network |
US7006986B1 (en) | 2000-09-25 | 2006-02-28 | Ecardless Bancorp, Ltd. | Order file processes for purchasing on the internet using verified order information |
US6873260B2 (en) | 2000-09-29 | 2005-03-29 | Kenneth J. Lancos | System and method for selectively allowing the passage of a guest through a region within a coverage area |
US6877656B1 (en) | 2000-10-24 | 2005-04-12 | Capital One Financial Corporation | Systems, methods, and apparatus for instant issuance of a credit card |
US6721706B1 (en) | 2000-10-30 | 2004-04-13 | Koninklijke Philips Electronics N.V. | Environment-responsive user interface/entertainment device that simulates personal interaction |
US7069435B2 (en) | 2000-12-19 | 2006-06-27 | Tricipher, Inc. | System and method for authentication in a crypto-system utilizing symmetric and asymmetric crypto-keys |
US7606771B2 (en) | 2001-01-11 | 2009-10-20 | Cardinalcommerce Corporation | Dynamic number authentication for credit/debit cards |
EP1223565A1 (en) | 2001-01-12 | 2002-07-17 | Motorola, Inc. | Transaction system, portable device, terminal and methods of transaction |
US20020093530A1 (en) | 2001-01-17 | 2002-07-18 | Prasad Krothapalli | Automatic filling and submission of completed forms |
US20020158123A1 (en) | 2001-01-30 | 2002-10-31 | Allen Rodney F. | Web-based smart card system and method for maintaining status information and verifying eligibility |
US20020152116A1 (en) | 2001-01-30 | 2002-10-17 | Yan Kent J. | Method and system for generating fixed and/or dynamic rebates in credit card type transactions |
US7181017B1 (en) | 2001-03-23 | 2007-02-20 | David Felsher | System and method for secure three-party communications |
ATE364202T1 (de) | 2001-04-02 | 2007-06-15 | Motorola Inc | Aktivieren und deaktivieren von softwarefunktionen |
US7290709B2 (en) | 2001-04-10 | 2007-11-06 | Erica Tsai | Information card system |
US7044394B2 (en) | 2003-12-17 | 2006-05-16 | Kerry Dennis Brown | Programmable magnetic data storage card |
US20020153424A1 (en) | 2001-04-19 | 2002-10-24 | Chuan Li | Method and apparatus of secure credit card transaction |
US20040015958A1 (en) | 2001-05-15 | 2004-01-22 | Veil Leonard Scott | Method and system for conditional installation and execution of services in a secure computing environment |
US7206806B2 (en) | 2001-05-30 | 2007-04-17 | Pineau Richard A | Method and system for remote utilizing a mobile device to share data objects |
DE10127511A1 (de) | 2001-06-06 | 2003-01-02 | Wincor Nixdorf Gmbh & Co Kg | Schreib-/Lesegerät für eine Ausweis- oder Kreditkarte vom RFID-Typ |
US20030167350A1 (en) | 2001-06-07 | 2003-09-04 | Curl Corporation | Safe I/O through use of opaque I/O objects |
AUPR559201A0 (en) | 2001-06-08 | 2001-07-12 | Canon Kabushiki Kaisha | Card reading device for service access |
US6834795B1 (en) | 2001-06-29 | 2004-12-28 | Sun Microsystems, Inc. | Secure user authentication to computing resource via smart card |
US7762457B2 (en) | 2001-07-10 | 2010-07-27 | American Express Travel Related Services Company, Inc. | System and method for dynamic fob synchronization and personalization |
US7993197B2 (en) | 2001-08-10 | 2011-08-09 | Igt | Flexible loyalty points programs |
US8266451B2 (en) | 2001-08-31 | 2012-09-11 | Gemalto Sa | Voice activated smart card |
US20030055727A1 (en) | 2001-09-18 | 2003-03-20 | Walker Jay S. | Method and apparatus for facilitating the provision of a benefit to a customer of a retailer |
US7373515B2 (en) | 2001-10-09 | 2008-05-13 | Wireless Key Identification Systems, Inc. | Multi-factor authentication system |
JP3975720B2 (ja) | 2001-10-23 | 2007-09-12 | 株式会社日立製作所 | Icカード、顧客情報分析システムおよび顧客情報分析結果提供方法 |
US6934861B2 (en) | 2001-11-06 | 2005-08-23 | Crosscheck Identification Systems International, Inc. | National identification card system and biometric identity verification method for negotiating transactions |
US6641050B2 (en) | 2001-11-06 | 2003-11-04 | International Business Machines Corporation | Secure credit card |
US7243853B1 (en) | 2001-12-04 | 2007-07-17 | Visa U.S.A. Inc. | Method and system for facilitating memory and application management on a secured token |
US8108687B2 (en) | 2001-12-12 | 2012-01-31 | Valve Corporation | Method and system for granting access to system and content |
FR2834403B1 (fr) | 2001-12-27 | 2004-02-06 | France Telecom | Systeme cryptographique de signature de groupe |
JP3820999B2 (ja) | 2002-01-25 | 2006-09-13 | ソニー株式会社 | 近接通信システム及び近接通信方法、データ管理装置及びデータ管理方法、記憶媒体、並びにコンピュータ・プログラム |
SE524778C2 (sv) | 2002-02-19 | 2004-10-05 | Douglas Lundholm | Förfarande och arrangemang för att skydda mjukvara för otillbörlig användning eller kopiering |
US6905411B2 (en) | 2002-02-27 | 2005-06-14 | Igt | Player authentication for cashless gaming machine instruments |
US20030208449A1 (en) | 2002-05-06 | 2003-11-06 | Yuanan Diao | Credit card fraud prevention system and method using secure electronic credit card |
US7900048B2 (en) | 2002-05-07 | 2011-03-01 | Sony Ericsson Mobile Communications Ab | Method for loading an application in a device, device and smart card therefor |
CN100440195C (zh) | 2002-05-10 | 2008-12-03 | 斯伦贝谢(北京)智能卡科技有限公司 | 智能卡更换方法及其更换系统 |
US20040127256A1 (en) | 2002-07-30 | 2004-07-01 | Scott Goldthwaite | Mobile device equipped with a contactless smart card reader/writer |
US8010405B1 (en) | 2002-07-26 | 2011-08-30 | Visa Usa Inc. | Multi-application smart card device software solution for smart cardholder reward selection and redemption |
US7697920B1 (en) | 2006-05-05 | 2010-04-13 | Boojum Mobile | System and method for providing authentication and authorization utilizing a personal wireless communication device |
EP3547599A1 (en) | 2002-08-06 | 2019-10-02 | Apple Inc. | Methods for secure enrollment and backup of personal identity credentials into electronic devices |
JP4553565B2 (ja) | 2002-08-26 | 2010-09-29 | パナソニック株式会社 | 電子バリューの認証方式と認証システムと装置 |
CZ2005209A3 (cs) | 2002-09-10 | 2005-12-14 | Ivi Smart Technologies, Inc. | Bezpečné biometrické ověření identity |
US7306143B2 (en) | 2002-09-20 | 2007-12-11 | Cubic Corporation | Dynamic smart card/media imaging |
US9710804B2 (en) | 2012-10-07 | 2017-07-18 | Andrew H B Zhou | Virtual payment cards issued by banks for mobile and wearable devices |
US8985442B1 (en) | 2011-07-18 | 2015-03-24 | Tiger T G Zhou | One-touch payment using haptic control via a messaging and calling multimedia system on mobile device and wearable device, currency token interface, point of sale device, and electronic payment card |
WO2004036492A2 (en) | 2002-10-16 | 2004-04-29 | Sci-Tel Ltd. | Smart card network interface device |
US9740988B1 (en) | 2002-12-09 | 2017-08-22 | Live Nation Entertainment, Inc. | System and method for using unique device indentifiers to enhance security |
US9251518B2 (en) | 2013-03-15 | 2016-02-02 | Live Nation Entertainment, Inc. | Centralized and device-aware ticket-transfer system and methods |
JP2006513477A (ja) | 2003-01-14 | 2006-04-20 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | 偽造及び/または変造されたスマートカードを検出する方法及び端末 |
US7453439B1 (en) | 2003-01-16 | 2008-11-18 | Forward Input Inc. | System and method for continuous stroke word-based text input |
US20050195975A1 (en) | 2003-01-21 | 2005-09-08 | Kevin Kawakita | Digital media distribution cryptography using media ticket smart cards |
US8589335B2 (en) | 2003-04-21 | 2013-11-19 | Visa International Service Association | Smart card personalization assistance tool |
EP1632091A4 (en) | 2003-05-12 | 2006-07-26 | Gtech Corp | METHOD AND SYSTEM FOR AUTHENTICATION |
US7949559B2 (en) | 2003-05-27 | 2011-05-24 | Citicorp Credit Services, Inc. | Credit card rewards program system and method |
US8200775B2 (en) | 2005-02-01 | 2012-06-12 | Newsilike Media Group, Inc | Enhanced syndication |
JP4744106B2 (ja) | 2003-08-06 | 2011-08-10 | パナソニック株式会社 | セキュアデバイス、情報処理端末、通信システム及び通信方法 |
US20050075985A1 (en) | 2003-10-03 | 2005-04-07 | Brian Cartmell | Voice authenticated credit card purchase verification |
FI20031482A (fi) | 2003-10-10 | 2005-04-11 | Open Bit Oy Ltd | Maksutapahtumatietojen prosessointi |
US7597250B2 (en) | 2003-11-17 | 2009-10-06 | Dpd Patent Trust Ltd. | RFID reader with multiple interfaces |
US20050138387A1 (en) | 2003-12-19 | 2005-06-23 | Lam Wai T. | System and method for authorizing software use |
US7357309B2 (en) | 2004-01-16 | 2008-04-15 | Telefonaktiebolaget Lm Ericsson (Publ) | EMV transactions in mobile terminals |
US7374099B2 (en) | 2004-02-24 | 2008-05-20 | Sun Microsystems, Inc. | Method and apparatus for processing an application identifier from a smart card |
US7165727B2 (en) | 2004-02-24 | 2007-01-23 | Sun Microsystems, Inc. | Method and apparatus for installing an application onto a smart card |
US7472829B2 (en) | 2004-12-10 | 2009-01-06 | Qsecure, Inc. | Payment card with internally generated virtual account numbers for its magnetic stripe encoder and user display |
US7584153B2 (en) | 2004-03-15 | 2009-09-01 | Qsecure, Inc. | Financial transactions with dynamic card verification values |
WO2005091182A2 (de) | 2004-03-19 | 2005-09-29 | Roger Humbel | Alles-schlüssel bzw. einstell software liste in handy (pass-partout) für funk-fahrrad-schlösser, autos, häuser, rfid-tags mit zulassungs- und zahlungsverkehrs-funktion „all in one remote key“ (aiork) |
US20140019352A1 (en) | 2011-02-22 | 2014-01-16 | Visa International Service Association | Multi-purpose virtual card transaction apparatuses, methods and systems |
US7748617B2 (en) | 2004-04-12 | 2010-07-06 | Gray R O'neal | Electronic identification system |
US7805755B2 (en) | 2004-05-03 | 2010-09-28 | Research In Motion Limited | System and method for application authorization |
US8762283B2 (en) | 2004-05-03 | 2014-06-24 | Visa International Service Association | Multiple party benefit from an online authentication service |
US7703142B1 (en) | 2004-05-06 | 2010-04-20 | Sprint Communications Company L.P. | Software license authorization system |
US7660779B2 (en) | 2004-05-12 | 2010-02-09 | Microsoft Corporation | Intelligent autofill |
GB0411777D0 (en) | 2004-05-26 | 2004-06-30 | Crypomathic Ltd | Computationally asymmetric cryptographic systems |
US7314165B2 (en) | 2004-07-01 | 2008-01-01 | American Express Travel Related Services Company, Inc. | Method and system for smellprint recognition biometrics on a smartcard |
US7175076B1 (en) | 2004-07-07 | 2007-02-13 | Diebold Self-Service Systems Division Of Diebold, Incorporated | Cash dispensing automated banking machine user interface system and method |
WO2006019989A2 (en) | 2004-07-15 | 2006-02-23 | Mastercard International Incorporated | Reference equipment for testing contactless payment devices |
US8439271B2 (en) | 2004-07-15 | 2013-05-14 | Mastercard International Incorporated | Method and system using a bitmap for passing contactless payment card transaction variables in standardized data formats |
US7287692B1 (en) | 2004-07-28 | 2007-10-30 | Cisco Technology, Inc. | System and method for securing transactions in a contact center environment |
EP1630712A1 (en) | 2004-08-24 | 2006-03-01 | Sony Deutschland GmbH | Method for operating a near field communication system |
CA2578083C (en) | 2004-08-27 | 2013-12-31 | Dave Wang | Nasal bone conduction wireless communication transmitting device |
US20060047954A1 (en) | 2004-08-30 | 2006-03-02 | Axalto Inc. | Data access security implementation using the public key mechanism |
US7375616B2 (en) | 2004-09-08 | 2008-05-20 | Nokia Corporation | Electronic near field communication enabled multifunctional device and method of its operation |
US7270276B2 (en) | 2004-09-29 | 2007-09-18 | Sap Ag | Multi-application smartcard |
US20060085848A1 (en) | 2004-10-19 | 2006-04-20 | Intel Corporation | Method and apparatus for securing communications between a smartcard and a terminal |
US7748636B2 (en) | 2004-11-16 | 2010-07-06 | Dpd Patent Trust Ltd. | Portable identity card reader system for physical and logical access |
GB2410113A (en) | 2004-11-29 | 2005-07-20 | Morse Group Ltd | A system and method of accessing banking services via a mobile telephone |
US8224753B2 (en) | 2004-12-07 | 2012-07-17 | Farsheed Atef | System and method for identity verification and management |
US7232073B1 (en) | 2004-12-21 | 2007-06-19 | Sun Microsystems, Inc. | Smart card with multiple applications |
GB0428543D0 (en) | 2004-12-31 | 2005-02-09 | British Telecomm | Control of data exchange |
US20130104251A1 (en) | 2005-02-01 | 2013-04-25 | Newsilike Media Group, Inc. | Security systems and methods for use with structured and unstructured data |
US8200700B2 (en) | 2005-02-01 | 2012-06-12 | Newsilike Media Group, Inc | Systems and methods for use of structured and unstructured distributed data |
US8347088B2 (en) | 2005-02-01 | 2013-01-01 | Newsilike Media Group, Inc | Security systems and methods for use with structured and unstructured data |
DE102005004902A1 (de) | 2005-02-02 | 2006-08-10 | Utimaco Safeware Ag | Verfahren zur Anmeldung eines Nutzers an einem Computersystem |
US7581678B2 (en) | 2005-02-22 | 2009-09-01 | Tyfone, Inc. | Electronic transaction card |
BRPI0520028B1 (pt) | 2005-03-07 | 2018-12-11 | Nokia Corp | método para controlar um dispositivo terminal móvel, dispositivo terminal móvel habilitado para realizar transações de dados sem fio e sistema de transação de dados sem fio |
US7628322B2 (en) | 2005-03-07 | 2009-12-08 | Nokia Corporation | Methods, system and mobile device capable of enabling credit card personalization using a wireless network |
US7128274B2 (en) | 2005-03-24 | 2006-10-31 | International Business Machines Corporation | Secure credit card with near field communications |
US8266441B2 (en) | 2005-04-22 | 2012-09-11 | Bank Of America Corporation | One-time password credit/debit card |
US7840993B2 (en) | 2005-05-04 | 2010-11-23 | Tricipher, Inc. | Protecting one-time-passwords against man-in-the-middle attacks |
US7793851B2 (en) | 2005-05-09 | 2010-09-14 | Dynamics Inc. | Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card |
US20080035738A1 (en) | 2005-05-09 | 2008-02-14 | Mullen Jeffrey D | Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card |
CA2608707A1 (en) | 2005-05-16 | 2006-11-23 | Mastercard International Incorporated | Method and system for using contactless payment cards in a transit system |
US20060280338A1 (en) | 2005-06-08 | 2006-12-14 | Xerox Corporation | Systems and methods for the visually impared |
US8583454B2 (en) | 2005-07-28 | 2013-11-12 | Beraja Ip, Llc | Medical claims fraud prevention system including photograph records identification and associated methods |
US8762263B2 (en) | 2005-09-06 | 2014-06-24 | Visa U.S.A. Inc. | System and method for secured account numbers in proximity devices |
US20070067833A1 (en) | 2005-09-20 | 2007-03-22 | Colnot Vincent C | Methods and Apparatus for Enabling Secure Network-Based Transactions |
WO2007044500A2 (en) | 2005-10-06 | 2007-04-19 | C-Sam, Inc. | Transactional services |
US8245292B2 (en) | 2005-11-16 | 2012-08-14 | Broadcom Corporation | Multi-factor authentication using a smartcard |
JP4435076B2 (ja) | 2005-11-18 | 2010-03-17 | フェリカネットワークス株式会社 | 携帯端末,データ通信方法,およびコンピュータプログラム |
US7568631B2 (en) | 2005-11-21 | 2009-08-04 | Sony Corporation | System, apparatus and method for obtaining one-time credit card numbers using a smart card |
WO2007076476A2 (en) | 2005-12-22 | 2007-07-05 | Mastercard International Incorporated | Methods and systems for two-factor authentication using contactless chip cards or devices and mobile devices or dedicated personal readers |
FR2895608B1 (fr) | 2005-12-23 | 2008-03-21 | Trusted Logic Sa | Procede pour la realisation d'un compteur securise sur un systeme informatique embarque disposant d'une carte a puce |
US8559987B1 (en) | 2005-12-31 | 2013-10-15 | Blaze Mobile, Inc. | Wireless bidirectional communications between a mobile device and associated secure element |
US8352323B2 (en) | 2007-11-30 | 2013-01-08 | Blaze Mobile, Inc. | Conducting an online payment transaction using an NFC enabled mobile communication device |
US7775427B2 (en) | 2005-12-31 | 2010-08-17 | Broadcom Corporation | System and method for binding a smartcard and a smartcard reader |
US8224018B2 (en) | 2006-01-23 | 2012-07-17 | Digimarc Corporation | Sensing data from physical objects |
US9137012B2 (en) | 2006-02-03 | 2015-09-15 | Emc Corporation | Wireless authentication methods and apparatus |
US20070224969A1 (en) | 2006-03-24 | 2007-09-27 | Rao Bindu R | Prepaid simcard for automatically enabling services |
US7380710B2 (en) | 2006-04-28 | 2008-06-03 | Qsecure, Inc. | Payment card preloaded with unique numbers |
US7571471B2 (en) | 2006-05-05 | 2009-08-04 | Tricipher, Inc. | Secure login using a multifactor split asymmetric crypto-key with persistent key security |
EP1855229B1 (fr) | 2006-05-10 | 2010-08-11 | Inside Contactless | Procédé de routage de données sortantes et entrantes dans un chipset NFC |
ATE440417T1 (de) | 2006-06-29 | 2009-09-15 | Incard Sa | Verfahren zur diversifizierung eines schlüssels auf einer chipkarte |
US9985950B2 (en) | 2006-08-09 | 2018-05-29 | Assa Abloy Ab | Method and apparatus for making a decision on a card |
GB0616331D0 (en) | 2006-08-16 | 2006-09-27 | Innovision Res & Tech Plc | Near Field RF Communicators And Near Field Communications Enabled Devices |
US20080072303A1 (en) | 2006-09-14 | 2008-03-20 | Schlumberger Technology Corporation | Method and system for one time password based authentication and integrated remote access |
US20080071681A1 (en) | 2006-09-15 | 2008-03-20 | Khalid Atm Shafiqul | Dynamic Credit and Check Card |
US8322624B2 (en) | 2007-04-10 | 2012-12-04 | Feinics Amatech Teoranta | Smart card with switchable matching antenna |
US8738485B2 (en) | 2007-12-28 | 2014-05-27 | Visa U.S.A. Inc. | Contactless prepaid product for transit fare collection |
US7962369B2 (en) | 2006-09-29 | 2011-06-14 | Einar Rosenberg | Apparatus and method using near field communications |
US8474028B2 (en) | 2006-10-06 | 2013-06-25 | Fmr Llc | Multi-party, secure multi-channel authentication |
GB2443234B8 (en) | 2006-10-24 | 2009-01-28 | Innovision Res & Tech Plc | Near field RF communicators and near field RF communications enabled devices |
US8682791B2 (en) | 2006-10-31 | 2014-03-25 | Discover Financial Services | Redemption of credit card rewards at a point of sale |
US8267313B2 (en) | 2006-10-31 | 2012-09-18 | American Express Travel Related Services Company, Inc. | System and method for providing a gift card which affords benefits beyond what is purchased |
WO2008054715A2 (en) | 2006-10-31 | 2008-05-08 | Solicore, Inc. | Powered print advertisements, product packaging, and trading cards |
US9251637B2 (en) | 2006-11-15 | 2016-02-02 | Bank Of America Corporation | Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value |
US8365258B2 (en) | 2006-11-16 | 2013-01-29 | Phonefactor, Inc. | Multi factor authentication |
CN101192295A (zh) | 2006-11-30 | 2008-06-04 | 讯想科技股份有限公司 | 芯片信用卡网络交易系统与方法 |
US8041954B2 (en) | 2006-12-07 | 2011-10-18 | Paul Plesman | Method and system for providing a secure login solution using one-time passwords |
US20080162312A1 (en) | 2006-12-29 | 2008-07-03 | Motorola, Inc. | Method and system for monitoring secure applet events during contactless rfid/nfc communication |
US7594605B2 (en) | 2007-01-10 | 2009-09-29 | At&T Intellectual Property I, L.P. | Credit card transaction servers, methods and computer program products employing wireless terminal location and registered purchasing locations |
GB2442249B (en) | 2007-02-20 | 2008-09-10 | Cryptomathic As | Authentication device and method |
US8095974B2 (en) | 2007-02-23 | 2012-01-10 | At&T Intellectual Property I, L.P. | Methods, systems, and products for identity verification |
US8463711B2 (en) | 2007-02-27 | 2013-06-11 | Igt | Methods and architecture for cashless system security |
US9081948B2 (en) | 2007-03-13 | 2015-07-14 | Red Hat, Inc. | Configurable smartcard |
US20080223918A1 (en) | 2007-03-15 | 2008-09-18 | Microsoft Corporation | Payment tokens |
WO2008114931A1 (en) | 2007-03-16 | 2008-09-25 | Lg Electronics Inc. | Performing contactless applications in battery off mode |
US8285329B1 (en) | 2007-04-02 | 2012-10-09 | Sprint Communications Company L.P. | Mobile device-based control of smart card operation |
US8667285B2 (en) | 2007-05-31 | 2014-03-04 | Vasco Data Security, Inc. | Remote authentication and transaction signatures |
US7739169B2 (en) | 2007-06-25 | 2010-06-15 | Visa U.S.A. Inc. | Restricting access to compromised account information |
US20120252350A1 (en) | 2007-07-24 | 2012-10-04 | Allan Steinmetz | Vehicle safety device for reducing driver distractions |
US20090037275A1 (en) | 2007-08-03 | 2009-02-05 | Pollio Michael J | Consolidated membership/rewards card system |
US8235825B2 (en) | 2007-08-14 | 2012-08-07 | John B. French | Smart card holder for automated gaming system and gaming cards |
WO2009025605A2 (en) | 2007-08-19 | 2009-02-26 | Yubico Ab | Device and method for generating dynamic credit card data |
US7748609B2 (en) | 2007-08-31 | 2010-07-06 | Gemalto Inc. | System and method for browser based access to smart cards |
US20090143104A1 (en) | 2007-09-21 | 2009-06-04 | Michael Loh | Wireless smart card and integrated personal area network, near field communication and contactless payment system |
US8249654B1 (en) | 2007-09-27 | 2012-08-21 | Sprint Communications Company L.P. | Dynamic smart card application loading |
GB2457221A (en) | 2007-10-17 | 2009-08-12 | Vodafone Plc | Smart Card Web Server (SCWS) administration within a plurality of security domains |
US8095113B2 (en) | 2007-10-17 | 2012-01-10 | First Data Corporation | Onetime passwords for smart chip cards |
FR2922701B1 (fr) | 2007-10-23 | 2009-11-20 | Inside Contacless | Procede de personnalisation securise d'un chipset nfc |
US7652578B2 (en) | 2007-10-29 | 2010-01-26 | Motorola, Inc. | Detection apparatus and method for near field communication devices |
US8135648B2 (en) | 2007-11-01 | 2012-03-13 | Gtech Corporation | Authentication of lottery tickets, game machine credit vouchers, and other items |
US20090132417A1 (en) | 2007-11-15 | 2009-05-21 | Ebay Inc. | System and method for selecting secure card numbers |
US9684861B2 (en) | 2007-12-24 | 2017-06-20 | Dynamics Inc. | Payment cards and devices with displays, chips, RFIDs, magnetic emulators, magnetic decoders, and other components |
EP2245583A1 (en) | 2008-01-04 | 2010-11-03 | M2 International Ltd. | Dynamic card verification value |
GB0801225D0 (en) | 2008-01-23 | 2008-02-27 | Innovision Res & Tech Plc | Near field RF communications |
US20090192912A1 (en) | 2008-01-30 | 2009-07-30 | Kent Griffin | Charge-for-service near field communication transactions |
US8369960B2 (en) | 2008-02-12 | 2013-02-05 | Cardiac Pacemakers, Inc. | Systems and methods for controlling wireless signal transfers between ultrasound-enabled medical devices |
US9947002B2 (en) | 2008-02-15 | 2018-04-17 | First Data Corporation | Secure authorization of contactless transaction |
US8302167B2 (en) | 2008-03-11 | 2012-10-30 | Vasco Data Security, Inc. | Strong authentication token generating one-time passwords and signatures upon server credential verification |
ES2386164T3 (es) | 2008-03-27 | 2012-08-10 | Motorola Mobility, Inc. | Método y aparato para la selección automática de una aplicación de comunicación de campo cercano en un dispositivo electrónico |
ITMI20080536A1 (it) | 2008-03-28 | 2009-09-29 | Incard Sa | Metodo per proteggere un file cap per una carta a circuito integrato. |
US8024576B2 (en) | 2008-03-31 | 2011-09-20 | International Business Machines Corporation | Method and system for authenticating users with a one time password using an image reader |
US8365988B1 (en) | 2008-04-11 | 2013-02-05 | United Services Automobile Association (Usaa) | Dynamic credit card security code via mobile device |
US8347112B2 (en) | 2008-05-08 | 2013-01-01 | Texas Instruments Incorporated | Encryption/decryption engine with secure modes for key decryption and key derivation |
US9082117B2 (en) | 2008-05-17 | 2015-07-14 | David H. Chin | Gesture based authentication for wireless payment by a mobile electronic device |
US8099332B2 (en) | 2008-06-06 | 2012-01-17 | Apple Inc. | User interface for application management for a mobile device |
EP2139196A1 (en) | 2008-06-26 | 2009-12-30 | France Telecom | Method and system for remotely blocking/unblocking NFC applications on a terminal |
US8229853B2 (en) | 2008-07-24 | 2012-07-24 | International Business Machines Corporation | Dynamic itinerary-driven profiling for preventing unauthorized card transactions |
US8662401B2 (en) | 2008-07-25 | 2014-03-04 | First Data Corporation | Mobile payment adoption by adding a dedicated payment button to mobile device form factors |
US8740073B2 (en) | 2008-08-01 | 2014-06-03 | Mastercard International Incorporated | Methods, systems and computer readable media for storing and redeeming electronic certificates using a wireless smart card |
US8706622B2 (en) | 2008-08-05 | 2014-04-22 | Visa U.S.A. Inc. | Account holder demand account update |
US8438382B2 (en) | 2008-08-06 | 2013-05-07 | Symantec Corporation | Credential management system and method |
US20100033310A1 (en) | 2008-08-08 | 2010-02-11 | Narendra Siva G | Power negotation for small rfid card |
BRPI0912057B1 (pt) | 2008-08-08 | 2020-09-15 | Assa Abloy Ab | Mecanismo de sensor direcional e autenticação de comunicações |
WO2010022129A1 (en) | 2008-08-20 | 2010-02-25 | Xcard Holdings Llc | Secure smart card system |
US8103249B2 (en) | 2008-08-23 | 2012-01-24 | Visa U.S.A. Inc. | Credit card imaging for mobile payment and other applications |
US10970777B2 (en) | 2008-09-15 | 2021-04-06 | Mastercard International Incorporated | Apparatus and method for bill payment card enrollment |
US20100078471A1 (en) | 2008-09-30 | 2010-04-01 | Apple Inc. | System and method for processing peer-to-peer financial transactions |
US9037513B2 (en) | 2008-09-30 | 2015-05-19 | Apple Inc. | System and method for providing electronic event tickets |
US20100094754A1 (en) | 2008-10-13 | 2010-04-15 | Global Financial Passport, Llc | Smartcard based secure transaction systems and methods |
US20100095130A1 (en) | 2008-10-13 | 2010-04-15 | Global Financial Passport, Llc | Smartcards for secure transaction systems |
US8689013B2 (en) | 2008-10-21 | 2014-04-01 | G. Wouter Habraken | Dual-interface key management |
CN101729502B (zh) | 2008-10-23 | 2012-09-05 | 中兴通讯股份有限公司 | 密钥分发方法和系统 |
US8371501B1 (en) | 2008-10-27 | 2013-02-12 | United Services Automobile Association (Usaa) | Systems and methods for a wearable user authentication factor |
EP2182439A1 (en) | 2008-10-28 | 2010-05-05 | Gemalto SA | Method of managing data sent over the air to an applet having a restricted interface |
US20100114731A1 (en) | 2008-10-30 | 2010-05-06 | Kingston Tamara S | ELECTRONIC WALLET ("eWallet") |
WO2010069033A1 (en) | 2008-12-18 | 2010-06-24 | Bce Inc | Validation method and system for use in securing nomadic electronic transactions |
EP2199992A1 (en) | 2008-12-19 | 2010-06-23 | Gemalto SA | Secure activation before contactless banking smart card transaction |
US10354321B2 (en) | 2009-01-22 | 2019-07-16 | First Data Corporation | Processing transactions with an extended application ID and dynamic cryptograms |
US9065812B2 (en) | 2009-01-23 | 2015-06-23 | Microsoft Technology Licensing, Llc | Protecting transactions |
EP2852070B1 (en) | 2009-01-26 | 2019-01-23 | Google Technology Holdings LLC | Wireless communication device for providing at least one near field communication service |
US9509436B2 (en) | 2009-01-29 | 2016-11-29 | Cubic Corporation | Protection of near-field communication exchanges |
EP2219374A1 (en) | 2009-02-13 | 2010-08-18 | Irdeto Access B.V. | Securely providing a control word from a smartcard to a conditional access module |
CN101820696B (zh) | 2009-02-26 | 2013-08-07 | 中兴通讯股份有限公司 | 支持增强型近场通信的终端及其处理方法 |
US20100240413A1 (en) | 2009-03-21 | 2010-09-23 | Microsoft Corporation | Smart Card File System |
US8567670B2 (en) | 2009-03-27 | 2013-10-29 | Intersections Inc. | Dynamic card verification values and credit transactions |
EP2199965A1 (en) | 2009-04-22 | 2010-06-23 | Euro-Wallet B.V. | Payment transaction client, server and system |
US8893967B2 (en) | 2009-05-15 | 2014-11-25 | Visa International Service Association | Secure Communication of payment information to merchants using a verification token |
US8417231B2 (en) | 2009-05-17 | 2013-04-09 | Qualcomm Incorporated | Method and apparatus for programming a mobile device with multiple service accounts |
US8391719B2 (en) | 2009-05-22 | 2013-03-05 | Motorola Mobility Llc | Method and system for conducting communication between mobile devices |
US20100312635A1 (en) | 2009-06-08 | 2010-12-09 | Cervenka Karen L | Free sample coupon card |
US20100312634A1 (en) | 2009-06-08 | 2010-12-09 | Cervenka Karen L | Coupon card point of service terminal processing |
US8489112B2 (en) | 2009-07-29 | 2013-07-16 | Shopkick, Inc. | Method and system for location-triggered rewards |
US8186602B2 (en) | 2009-08-18 | 2012-05-29 | On Track Innovations, Ltd. | Multi-application contactless smart card |
US20110060631A1 (en) | 2009-09-04 | 2011-03-10 | Bank Of America | Redemption of customer benefit offers based on goods identification |
US9373141B1 (en) | 2009-09-23 | 2016-06-21 | Verient, Inc. | System and method for automatically filling webpage fields |
US8317094B2 (en) | 2009-09-23 | 2012-11-27 | Mastercard International Incorporated | Methods and systems for displaying loyalty program information on a payment card |
US8830866B2 (en) | 2009-09-30 | 2014-09-09 | Apple Inc. | Methods and apparatus for solicited activation for protected wireless networking |
US20110084132A1 (en) | 2009-10-08 | 2011-04-14 | At&T Intellectual Property I, L.P. | Devices, Systems and Methods for Secure Remote Medical Diagnostics |
US9307065B2 (en) | 2009-10-09 | 2016-04-05 | Panasonic Intellectual Property Management Co., Ltd. | Method and apparatus for processing E-mail and outgoing calls |
US8806592B2 (en) | 2011-01-21 | 2014-08-12 | Authentify, Inc. | Method for secure user and transaction authentication and risk management |
US8843757B2 (en) | 2009-11-12 | 2014-09-23 | Ca, Inc. | One time PIN generation |
US8799668B2 (en) | 2009-11-23 | 2014-08-05 | Fred Cheng | Rubbing encryption algorithm and security attack safe OTP token |
US9225526B2 (en) | 2009-11-30 | 2015-12-29 | Red Hat, Inc. | Multifactor username based authentication |
US9258715B2 (en) | 2009-12-14 | 2016-02-09 | Apple Inc. | Proactive security for mobile devices |
EP2336986A1 (en) | 2009-12-17 | 2011-06-22 | Gemalto SA | Method of personalizing an application embedded in a secured electronic token |
US10049356B2 (en) | 2009-12-18 | 2018-08-14 | First Data Corporation | Authentication of card-not-present transactions |
US9324066B2 (en) | 2009-12-21 | 2016-04-26 | Verizon Patent And Licensing Inc. | Method and system for providing virtual credit card services |
US8615468B2 (en) | 2010-01-27 | 2013-12-24 | Ca, Inc. | System and method for generating a dynamic card value |
CA2694500C (en) | 2010-02-24 | 2015-07-07 | Diversinet Corp. | Method and system for secure communication |
US10255601B2 (en) | 2010-02-25 | 2019-04-09 | Visa International Service Association | Multifactor authentication using a directory server |
US9317018B2 (en) | 2010-03-02 | 2016-04-19 | Gonow Technologies, Llc | Portable e-wallet and universal card |
US9129270B2 (en) | 2010-03-02 | 2015-09-08 | Gonow Technologies, Llc | Portable E-wallet and universal card |
SI23227A (sl) | 2010-03-10 | 2011-05-31 | Margento R&D D.O.O. | Brezžični mobilni transakcijski sistem in postopek izvedbe transakcije z mobilnim telefonom |
WO2011119976A2 (en) | 2010-03-26 | 2011-09-29 | Visa International Service Association | System and method for early detection of fraudulent transactions |
WO2011127084A2 (en) | 2010-04-05 | 2011-10-13 | Vivotech, Inc. | Systems, methods, and computer readable media for performing multiple transactions through a single near field communication (nfc) tap |
US10304051B2 (en) | 2010-04-09 | 2019-05-28 | Paypal, Inc. | NFC mobile wallet processing systems and methods |
US9122964B2 (en) | 2010-05-14 | 2015-09-01 | Mark Krawczewicz | Batteryless stored value card with display |
US20120109735A1 (en) | 2010-05-14 | 2012-05-03 | Mark Stanley Krawczewicz | Mobile Payment System with Thin Film Display |
US9047531B2 (en) | 2010-05-21 | 2015-06-02 | Hand Held Products, Inc. | Interactive user interface for capturing a document in an image signal |
TWI504229B (zh) | 2010-05-27 | 2015-10-11 | Mstar Semiconductor Inc | 支援電子錢包功能之行動裝置 |
CN102939613A (zh) | 2010-06-04 | 2013-02-20 | 维萨国际服务协会 | 支付令牌化装置、方法和系统 |
US20120079281A1 (en) | 2010-06-28 | 2012-03-29 | Lionstone Capital Corporation | Systems and methods for diversification of encryption algorithms and obfuscation symbols, symbol spaces and/or schemas |
US8723941B1 (en) | 2010-06-29 | 2014-05-13 | Bank Of America Corporation | Handicap-accessible ATM |
WO2012001624A1 (en) | 2010-07-01 | 2012-01-05 | Ishai Binenstock | Location-aware mobile connectivity and information exchange system |
US8500031B2 (en) | 2010-07-29 | 2013-08-06 | Bank Of America Corporation | Wearable article having point of sale payment functionality |
US9916572B2 (en) | 2010-08-18 | 2018-03-13 | International Business Machines Corporation | Payment card processing system |
US8312519B1 (en) | 2010-09-30 | 2012-11-13 | Daniel V Bailey | Agile OTP generation |
US8799087B2 (en) | 2010-10-27 | 2014-08-05 | Mastercard International Incorporated | Systems, methods, and computer readable media for utilizing one or more preferred application lists in a wireless device reader |
US9965756B2 (en) | 2013-02-26 | 2018-05-08 | Digimarc Corporation | Methods and arrangements for smartphone payments |
US9004365B2 (en) | 2010-11-23 | 2015-04-14 | X-Card Holdings, Llc | One-time password card for secure transactions |
US20120143754A1 (en) | 2010-12-03 | 2012-06-07 | Narendra Patel | Enhanced credit card security apparatus and method |
US8807440B1 (en) | 2010-12-17 | 2014-08-19 | Google Inc. | Routing secure element payment requests to an alternate application |
US8726405B1 (en) | 2010-12-23 | 2014-05-13 | Emc Corporation | Techniques for providing security using a mobile wireless communications device having data loss prevention circuitry |
US8977195B2 (en) | 2011-01-06 | 2015-03-10 | Texas Insruments Incorporated | Multiple NFC card applications in multiple execution environments |
US8475367B1 (en) | 2011-01-09 | 2013-07-02 | Fitbit, Inc. | Biometric monitoring device having a body weight sensor, and methods of operating same |
WO2012097310A1 (en) | 2011-01-14 | 2012-07-19 | Visa International Service Association | Healthcare prepaid payment platform apparatuses, methods and systems |
JP5692244B2 (ja) | 2011-01-31 | 2015-04-01 | 富士通株式会社 | 通信方法、ノード、およびネットワークシステム |
AU2011200445B8 (en) * | 2011-02-03 | 2013-03-07 | Idondemand Pty Ltd | Method and apparatus for dynamic authentication |
US10373160B2 (en) | 2011-02-10 | 2019-08-06 | Paypal, Inc. | Fraud alerting using mobile phone location |
EP2487629B1 (en) | 2011-02-10 | 2016-11-30 | Nxp B.V. | Secure smart poster |
US20120239417A1 (en) | 2011-03-04 | 2012-09-20 | Pourfallah Stacy S | Healthcare wallet payment processing apparatuses, methods and systems |
US8811959B2 (en) | 2011-03-14 | 2014-08-19 | Conner Investments, Llc | Bluetooth enabled credit card with a large data storage volume |
US20120238206A1 (en) | 2011-03-14 | 2012-09-20 | Research In Motion Limited | Communications device providing near field communication (nfc) secure element disabling features related methods |
US20120284194A1 (en) | 2011-05-03 | 2012-11-08 | Microsoft Corporation | Secure card-based transactions using mobile phones or other mobile devices |
CA2835508A1 (en) | 2011-05-10 | 2012-11-15 | Dynamics Inc. | Systems, devices, and methods for mobile payment acceptance, mobile authorizations, mobile wallets, and contactless communication mechanisms |
US9547861B2 (en) * | 2011-05-11 | 2017-01-17 | Mark Itwaru | System and method for wireless communication with an IC chip for submission of pin data |
US20120296818A1 (en) | 2011-05-17 | 2012-11-22 | Ebay Inc. | Method for authorizing the activation of a spending card |
US8868902B1 (en) | 2013-07-01 | 2014-10-21 | Cryptite LLC | Characteristically shaped colorgram tokens in mobile transactions |
RU2602394C2 (ru) | 2011-06-07 | 2016-11-20 | Виза Интернешнл Сервис Ассосиэйшн | Устройства, способы и системы токенизации конфиденциальности платежей |
WO2012170895A1 (en) | 2011-06-09 | 2012-12-13 | Yeager C Douglas | Systems and methods for authorizing a transaction |
US9042814B2 (en) | 2011-06-27 | 2015-05-26 | Broadcom Corporation | Measurement and reporting of received signal strength in NFC-enabled devices |
EP2541458B1 (en) | 2011-06-27 | 2017-10-04 | Nxp B.V. | Resource management system and corresponding method |
US9209867B2 (en) | 2011-06-28 | 2015-12-08 | Broadcom Corporation | Device for authenticating wanted NFC interactions |
US8620218B2 (en) | 2011-06-29 | 2013-12-31 | Broadcom Corporation | Power harvesting and use in a near field communications (NFC) device |
US9026047B2 (en) | 2011-06-29 | 2015-05-05 | Broadcom Corporation | Systems and methods for providing NFC secure application support in battery-off mode when no nonvolatile memory write access is available |
US9390411B2 (en) | 2011-07-27 | 2016-07-12 | Murray Jarman | System or method for storing credit on a value card or cellular phone rather than accepting coin change |
US9075979B1 (en) | 2011-08-11 | 2015-07-07 | Google Inc. | Authentication based on proximity to mobile device |
CN102956068B (zh) | 2011-08-25 | 2017-02-15 | 富泰华工业(深圳)有限公司 | 自动柜员机及其语音提示方法 |
CN110111087B (zh) | 2011-08-30 | 2024-01-02 | 欧威环公司 | 用于授权利用不可预期密码的交易的系统和方法 |
US9954578B2 (en) * | 2011-09-08 | 2018-04-24 | Yubico Inc. | Devices and methods for identification, authentication and signing purposes |
FR2980055B1 (fr) | 2011-09-12 | 2013-12-27 | Valeo Systemes Thermiques | Dispositif de transmission de puissance inductif |
WO2013039395A1 (en) | 2011-09-14 | 2013-03-21 | Ec Solution Group B.V. | Active matrix display smart card |
US10032036B2 (en) | 2011-09-14 | 2018-07-24 | Shahab Khan | Systems and methods of multidimensional encrypted data transfer |
US8977569B2 (en) | 2011-09-29 | 2015-03-10 | Raj Rao | System and method for providing smart electronic wallet and reconfigurable transaction card thereof |
US8577810B1 (en) | 2011-09-29 | 2013-11-05 | Intuit Inc. | Secure mobile payment authorization |
US9152832B2 (en) | 2011-09-30 | 2015-10-06 | Broadcom Corporation | Positioning guidance for increasing reliability of near-field communications |
US20140279479A1 (en) | 2011-10-12 | 2014-09-18 | C-Sam, Inc. | Nfc paired bluetooth e-commerce |
US10510070B2 (en) | 2011-10-17 | 2019-12-17 | Capital One Services, Llc | System, method, and apparatus for a dynamic transaction card |
US10489774B2 (en) * | 2011-10-17 | 2019-11-26 | Capital One Services, Llc | System, method, and apparatus for updating an existing dynamic transaction card |
US10332102B2 (en) | 2011-10-17 | 2019-06-25 | Capital One Services, Llc | System, method, and apparatus for a dynamic transaction card |
US9318257B2 (en) | 2011-10-18 | 2016-04-19 | Witricity Corporation | Wireless energy transfer for packaging |
US9000892B2 (en) | 2011-10-31 | 2015-04-07 | Eastman Kodak Company | Detecting RFID tag and inhibiting skimming |
WO2013064493A1 (en) | 2011-10-31 | 2013-05-10 | Money And Data Protection Lizenz Gmbh & Co. Kg | Authentication method |
CN104040555B (zh) | 2011-11-14 | 2017-02-22 | 威斯科数据安全国际有限公司 | 具有安全记录特征的智能卡读取器 |
US8818867B2 (en) | 2011-11-14 | 2014-08-26 | At&T Intellectual Property I, L.P. | Security token for mobile near field communication transactions |
US9064253B2 (en) | 2011-12-01 | 2015-06-23 | Broadcom Corporation | Systems and methods for providing NFC secure application support in battery on and battery off modes |
US20140040139A1 (en) | 2011-12-19 | 2014-02-06 | Sequent Software, Inc. | System and method for dynamic temporary payment authorization in a portable communication device |
US9740342B2 (en) | 2011-12-23 | 2017-08-22 | Cirque Corporation | Method for preventing interference of contactless card reader and touch functions when they are physically and logically bound together for improved authentication security |
US9154903B2 (en) | 2011-12-28 | 2015-10-06 | Blackberry Limited | Mobile communications device providing near field communication (NFC) card issuance features and related methods |
US8880027B1 (en) | 2011-12-29 | 2014-11-04 | Emc Corporation | Authenticating to a computing device with a near-field communications card |
US20130179351A1 (en) | 2012-01-09 | 2013-07-11 | George Wallner | System and method for an authenticating and encrypting card reader |
US20130185772A1 (en) | 2012-01-12 | 2013-07-18 | Aventura Hq, Inc. | Dynamically updating a session based on location data from an authentication device |
US20130191279A1 (en) | 2012-01-20 | 2013-07-25 | Bank Of America Corporation | Mobile device with rewritable general purpose card |
US9218624B2 (en) | 2012-02-03 | 2015-12-22 | Paypal, Inc. | Adding card to mobile/cloud wallet using NFC |
KR101443960B1 (ko) | 2012-02-22 | 2014-11-03 | 주식회사 팬택 | 사용자 인증 전자 장치 및 방법 |
US9020858B2 (en) | 2012-02-29 | 2015-04-28 | Google Inc. | Presence-of-card code for offline payment processing system |
US8898088B2 (en) | 2012-02-29 | 2014-11-25 | Google Inc. | In-card access control and monotonic counters for offline payment processing system |
US20130232082A1 (en) | 2012-03-05 | 2013-09-05 | Mark Stanley Krawczewicz | Method And Apparatus For Secure Medical ID Card |
EP3012981B1 (en) | 2012-03-15 | 2019-11-13 | Intel Corporation | Near field communication (nfc) and proximity sensor for portable devices |
WO2013155562A1 (en) | 2012-04-17 | 2013-10-24 | Secure Nfc Pty. Ltd. | Nfc card lock |
US20130282360A1 (en) | 2012-04-20 | 2013-10-24 | James A. Shimota | Method and Apparatus for Translating and Locating Services in Multiple Languages |
US9953310B2 (en) | 2012-05-10 | 2018-04-24 | Mastercard International Incorporated | Systems and method for providing multiple virtual secure elements in a single physical secure element of a mobile device |
US20130303085A1 (en) | 2012-05-11 | 2013-11-14 | Research In Motion Limited | Near field communication tag data management |
US9306626B2 (en) | 2012-05-16 | 2016-04-05 | Broadcom Corporation | NFC device context determination through proximity gestural movement detection |
US8681268B2 (en) | 2012-05-24 | 2014-03-25 | Abisee, Inc. | Vision assistive devices and user interfaces |
US10248949B2 (en) * | 2012-05-29 | 2019-04-02 | CardLab ApS. | Method for encrypting transactions at a dynamic transaction card |
US8862113B2 (en) | 2012-06-20 | 2014-10-14 | Qualcomm Incorporated | Subscriber identity module activation during active data call |
US9589399B2 (en) | 2012-07-02 | 2017-03-07 | Synaptics Incorporated | Credential quality assessment engine systems and methods |
US20140032410A1 (en) | 2012-07-24 | 2014-01-30 | Ipay International, S.A. | Method and system for linking and controling of payment cards with a mobile |
KR101421568B1 (ko) | 2012-07-27 | 2014-07-22 | 주식회사 케이티 | 스마트카드, 스마트카드 서비스 단말 및 스마트카드 서비스 방법 |
US9530130B2 (en) | 2012-07-30 | 2016-12-27 | Mastercard International Incorporated | Systems and methods for correction of information in card-not-present account-on-file transactions |
KR101934293B1 (ko) | 2012-08-03 | 2019-01-02 | 엘지전자 주식회사 | 이동 단말기의 이동 단말기 및 그의 nfc결제 방법 |
US9361619B2 (en) | 2012-08-06 | 2016-06-07 | Ca, Inc. | Secure and convenient mobile authentication techniques |
EP2698756B1 (en) | 2012-08-13 | 2016-01-06 | Nxp B.V. | Local Trusted Service Manager |
US9332587B2 (en) | 2012-08-21 | 2016-05-03 | Blackberry Limited | Smart proximity priority pairing |
US20140074655A1 (en) | 2012-09-07 | 2014-03-13 | David Lim | System, apparatus and methods for online one-tap account addition and checkout |
US10192216B2 (en) | 2012-09-11 | 2019-01-29 | Visa International Service Association | Cloud-based virtual wallet NFC apparatuses, methods and systems |
US9275218B1 (en) | 2012-09-12 | 2016-03-01 | Emc Corporation | Methods and apparatus for verification of a user at a first device based on input received from a second device |
US8888002B2 (en) | 2012-09-18 | 2014-11-18 | Sensormatic Electronics, LLC | Access control reader enabling remote applications |
US20140081720A1 (en) | 2012-09-19 | 2014-03-20 | Mastercard International Incorporated | Method and system for processing coupons in a near field transaction |
US9338622B2 (en) | 2012-10-04 | 2016-05-10 | Bernt Erik Bjontegard | Contextually intelligent communication systems and processes |
US9665858B1 (en) | 2012-10-11 | 2017-05-30 | Square, Inc. | Cardless payment transactions with multiple users |
US10075437B1 (en) | 2012-11-06 | 2018-09-11 | Behaviosec | Secure authentication of a user of a device during a session with a connected server |
US8584219B1 (en) | 2012-11-07 | 2013-11-12 | Fmr Llc | Risk adjusted, multifactor authentication |
CA2930752A1 (en) | 2012-11-15 | 2014-05-22 | Behzad Malek | System and method for location-based financial transaction authentication |
CN110351693A (zh) | 2012-11-19 | 2019-10-18 | 艾利丹尼森公司 | 禁用未经授权的nfc安全系统和方法 |
US9038894B2 (en) | 2012-11-20 | 2015-05-26 | Cellco Partnership | Payment or other transaction through mobile device using NFC to access a contactless transaction card |
CN103023643A (zh) | 2012-11-22 | 2013-04-03 | 天地融科技股份有限公司 | 一种动态口令牌及动态口令生成方法 |
US9224013B2 (en) | 2012-12-05 | 2015-12-29 | Broadcom Corporation | Secure processing sub-system that is hardware isolated from a peripheral processing sub-system |
US9064259B2 (en) | 2012-12-19 | 2015-06-23 | Genesys Telecomminucations Laboratories, Inc. | Customer care mobile application |
US10147086B2 (en) | 2012-12-19 | 2018-12-04 | Nxp B.V. | Digital wallet device for virtual wallet |
US20150339474A1 (en) | 2012-12-24 | 2015-11-26 | Cell Buddy Network Ltd. | User authentication system |
US8934837B2 (en) | 2013-01-03 | 2015-01-13 | Blackberry Limited | Mobile wireless communications device including NFC antenna matching control circuit and associated methods |
US9942750B2 (en) | 2013-01-23 | 2018-04-10 | Qualcomm Incorporated | Providing an encrypted account credential from a first device to a second device |
US20140214674A1 (en) | 2013-01-29 | 2014-07-31 | Reliance Communications, Llc. | Method and system for conducting secure transactions with credit cards using a monitoring device |
US20140229375A1 (en) | 2013-02-11 | 2014-08-14 | Groupon, Inc. | Consumer device payment token management |
US9785946B2 (en) | 2013-03-07 | 2017-10-10 | Mastercard International Incorporated | Systems and methods for updating payment card expiration information |
US10152706B2 (en) | 2013-03-11 | 2018-12-11 | Cellco Partnership | Secure NFC data authentication |
US9307505B2 (en) | 2013-03-12 | 2016-04-05 | Blackberry Limited | System and method for adjusting a power transmission level for a communication device |
US9763097B2 (en) | 2013-03-13 | 2017-09-12 | Lookout, Inc. | Method for performing device security corrective actions based on loss of proximity to another device |
CN105122284A (zh) | 2013-03-15 | 2015-12-02 | 英特尔公司 | 便于计算系统的动态和定向广告的机制 |
US20140339315A1 (en) | 2013-04-02 | 2014-11-20 | Tnt Partners, Llc | Programmable Electronic Card and Supporting Device |
WO2014170741A2 (en) | 2013-04-15 | 2014-10-23 | Pardhasarthy Mahesh Bhupathi | Payback payment system and method to facilitate the same |
KR101924683B1 (ko) | 2013-04-26 | 2018-12-03 | 인터디지탈 패튼 홀딩스, 인크 | 요구된 인증 보증 레벨을 달성하기 위한 다중요소 인증 |
CA2851895C (en) | 2013-05-08 | 2023-09-26 | The Toronto-Dominion Bank | Person-to-person electronic payment processing |
US9104853B2 (en) | 2013-05-16 | 2015-08-11 | Symantec Corporation | Supporting proximity based security code transfer from mobile/tablet application to access device |
US10043164B2 (en) | 2013-05-20 | 2018-08-07 | Mastercard International Incorporated | System and method for facilitating a transaction between a merchant and a cardholder |
US20140365780A1 (en) | 2013-06-07 | 2014-12-11 | Safa Movassaghi | System and methods for one-time password generation on a mobile computing device |
US10475027B2 (en) | 2013-07-23 | 2019-11-12 | Capital One Services, Llc | System and method for exchanging data with smart cards |
US8994498B2 (en) | 2013-07-25 | 2015-03-31 | Bionym Inc. | Preauthorized wearable biometric device, system and method for use thereof |
GB2516861A (en) | 2013-08-01 | 2015-02-11 | Mastercard International Inc | Paired Wearable payment device |
CN103417202B (zh) | 2013-08-19 | 2015-11-18 | 赵蕴博 | 一种腕式生命体征监测装置及其监测方法 |
BR112016003676B1 (pt) | 2013-09-24 | 2022-10-18 | Intel Corporation | Método implantado por computador, dispositivo e sistema para controle de acesso de nfc em uma arquitetura de nfc centrada em elemento seguro |
EP2854332A1 (en) | 2013-09-27 | 2015-04-01 | Gemalto SA | Method for securing over-the-air communication between a mobile application and a gateway |
US10878414B2 (en) | 2013-09-30 | 2020-12-29 | Apple Inc. | Multi-path communication of electronic device secure element data for online payments |
US11748746B2 (en) | 2013-09-30 | 2023-09-05 | Apple Inc. | Multi-path communication of electronic device secure element data for online payments |
JP6293276B2 (ja) | 2013-11-15 | 2018-03-14 | 深▲セン▼光啓智能光子技術有限公司Kuang−Chi Intelligent Photonic Technology Ltd. | コマンド情報の送信方法、受信方法及びその装置 |
US9516487B2 (en) | 2013-11-19 | 2016-12-06 | Visa International Service Association | Automated account provisioning |
UA115501C2 (uk) | 2013-12-02 | 2017-11-10 | Мастеркард Інтернешнл Інкорпорейтед | Спосіб і система для захищеної передачі повідомлень послуги віддалених сповіщень в мобільні пристрої без захищених елементів |
SG11201604906QA (en) | 2013-12-19 | 2016-07-28 | Visa Int Service Ass | Cloud-based transactions methods and systems |
US20150205379A1 (en) | 2014-01-20 | 2015-07-23 | Apple Inc. | Motion-Detected Tap Input |
US9420496B1 (en) | 2014-01-24 | 2016-08-16 | Sprint Communications Company L.P. | Activation sequence using permission based connection to network |
US9773151B2 (en) | 2014-02-06 | 2017-09-26 | University Of Massachusetts | System and methods for contactless biometrics-based identification |
US20160012465A1 (en) | 2014-02-08 | 2016-01-14 | Jeffrey A. Sharp | System and method for distributing, receiving, and using funds or credits and apparatus thereof |
US20150371234A1 (en) | 2014-02-21 | 2015-12-24 | Looppay, Inc. | Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data |
EP2924914A1 (en) | 2014-03-25 | 2015-09-30 | Gemalto SA | Method to manage a one time password key |
US9251330B2 (en) | 2014-04-09 | 2016-02-02 | International Business Machines Corporation | Secure management of a smart card |
US20150317626A1 (en) | 2014-04-30 | 2015-11-05 | Intuit Inc. | Secure proximity exchange of payment information between mobile wallet and point-of-sale |
WO2015168334A1 (en) | 2014-05-01 | 2015-11-05 | Visa International Service Association | Data verification using access device |
AU2015255887A1 (en) | 2014-05-07 | 2016-10-13 | Visa International Service Association | Enhanced data interface for contactless communications |
US10475026B2 (en) | 2014-05-16 | 2019-11-12 | International Business Machines Corporation | Secure management of transactions using a smart/virtual card |
US20150339663A1 (en) | 2014-05-21 | 2015-11-26 | Mastercard International Incorporated | Methods of payment token lifecycle management on a mobile device |
US10043185B2 (en) | 2014-05-29 | 2018-08-07 | Apple Inc. | User interface for payments |
US9449239B2 (en) | 2014-05-30 | 2016-09-20 | Apple Inc. | Credit card auto-fill |
US9455968B1 (en) | 2014-12-19 | 2016-09-27 | Emc Corporation | Protection of a secret on a mobile device using a secret-splitting technique with a fixed user share |
KR101508320B1 (ko) | 2014-06-30 | 2015-04-07 | 주식회사 인포바인 | Nfc 카드를 이용한 otp 발급 장치, otp 생성 장치, 및 이를 이용한 방법 |
US9780953B2 (en) | 2014-07-23 | 2017-10-03 | Visa International Service Association | Systems and methods for secure detokenization |
US20160026997A1 (en) | 2014-07-25 | 2016-01-28 | XPressTap, Inc. | Mobile Communication Device with Proximity Based Communication Circuitry |
US9875347B2 (en) | 2014-07-31 | 2018-01-23 | Nok Nok Labs, Inc. | System and method for performing authentication using data analytics |
US20160048913A1 (en) | 2014-08-15 | 2016-02-18 | Mastercard International Incorporated | Systems and Methods for Assigning a Variable Length Bank Identification Number |
US9775029B2 (en) | 2014-08-22 | 2017-09-26 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US10242356B2 (en) | 2014-08-25 | 2019-03-26 | Google Llc | Host-formatted select proximity payment system environment response |
RU2710897C2 (ru) | 2014-08-29 | 2020-01-14 | Виза Интернэшнл Сервис Ассосиэйшн | Способы безопасного генерирования криптограмм |
CN104239783A (zh) | 2014-09-19 | 2014-12-24 | 东软集团股份有限公司 | 一种特定信息安全输入系统及方法 |
US9953323B2 (en) | 2014-09-23 | 2018-04-24 | Sony Corporation | Limiting e-card transactions based on lack of proximity to associated CE device |
GB2530726B (en) | 2014-09-25 | 2016-11-02 | Ibm | Distributed single sign-on |
CA2960319A1 (en) | 2014-09-26 | 2016-03-31 | Visa International Service Association | Remote server encrypted data provisioning system and methods |
US9473509B2 (en) | 2014-09-29 | 2016-10-18 | International Business Machines Corporation | Selectively permitting or denying usage of wearable device services |
US9432339B1 (en) | 2014-09-29 | 2016-08-30 | Emc Corporation | Automated token renewal using OTP-based authentication codes |
CN104463270A (zh) | 2014-11-12 | 2015-03-25 | 惠州Tcl移动通信有限公司 | 一种基于rfid的智能终端、金融卡以及金融管理系统 |
US9379841B2 (en) | 2014-11-17 | 2016-06-28 | Empire Technology Development Llc | Mobile device prevention of contactless card attacks |
US10223689B2 (en) | 2014-12-10 | 2019-03-05 | American Express Travel Related Services Company, Inc. | System and method for over the air provisioned wearable contactless payments |
GB2533333A (en) | 2014-12-16 | 2016-06-22 | Visa Europe Ltd | Transaction authorisation |
US20170374070A1 (en) | 2015-01-09 | 2017-12-28 | Interdigital Technology Corporation | Scalable policy based execution of multi-factor authentication |
US10333696B2 (en) | 2015-01-12 | 2019-06-25 | X-Prime, Inc. | Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency |
US20170011406A1 (en) | 2015-02-10 | 2017-01-12 | NXT-ID, Inc. | Sound-Directed or Behavior-Directed Method and System for Authenticating a User and Executing a Transaction |
US20160253651A1 (en) | 2015-02-27 | 2016-09-01 | Samsung Electronics Co., Ltd. | Electronic device including electronic payment system and operating method thereof |
US20160267486A1 (en) | 2015-03-13 | 2016-09-15 | Radiius Corp | Smartcard Payment System and Method |
US11736468B2 (en) | 2015-03-16 | 2023-08-22 | Assa Abloy Ab | Enhanced authorization |
US20160277383A1 (en) | 2015-03-16 | 2016-09-22 | Assa Abloy Ab | Binding to a user device |
US20170289127A1 (en) | 2016-03-29 | 2017-10-05 | Chaya Coleena Hendrick | Smart data cards that enable the performance of various functions upon activation/authentication by a user's fingerprint, oncard pin number entry, and/or by facial recognition of the user, or by facial recognition of a user alone, including an automated changing security number that is displayed on a screen on a card's surface following an authenticated biometric match |
WO2016160816A1 (en) | 2015-03-30 | 2016-10-06 | Hendrick Chaya Coleena | Smart data cards that enable the performance of various functions upon activation/authentication by a user's fingerprint, oncard pin number entry, and/or by facial recognition of the user, or by facial recognition of a user alone, including an automated changing security number that is displayed on a screen on a card's surface following an authenticated biometric match |
US10360557B2 (en) | 2015-04-14 | 2019-07-23 | Capital One Services, Llc | Dynamic transaction card protected by dropped card detection |
EP4109372A1 (en) | 2015-04-14 | 2022-12-28 | Capital One Services, LLC | A system, method, and apparatus for a dynamic transaction card |
US10482453B2 (en) | 2015-04-14 | 2019-11-19 | Capital One Services, Llc | Dynamic transaction card protected by gesture and voice recognition |
US9674705B2 (en) | 2015-04-22 | 2017-06-06 | Kenneth Hugh Rose | Method and system for secure peer-to-peer mobile communications |
US10007913B2 (en) | 2015-05-05 | 2018-06-26 | ShoCard, Inc. | Identity management service using a blockchain providing identity transactions between devices |
US20160335531A1 (en) | 2015-05-12 | 2016-11-17 | Dynamics Inc. | Dynamic security codes, tokens, displays, cards, devices, multi-card devices, systems and methods |
FR3038429B1 (fr) | 2015-07-03 | 2018-09-21 | Ingenico Group | Conteneur de paiement, procede de creation, procede de traitement, dispositifs et programmes correspondants |
US20170039566A1 (en) | 2015-07-10 | 2017-02-09 | Diamond Sun Labs, Inc. | Method and system for secured processing of a credit card |
US10108965B2 (en) | 2015-07-14 | 2018-10-23 | Ujet, Inc. | Customer communication system including service pipeline |
US11120436B2 (en) | 2015-07-17 | 2021-09-14 | Mastercard International Incorporated | Authentication system and method for server-based payments |
US20170024716A1 (en) | 2015-07-22 | 2017-01-26 | American Express Travel Related Services Company, Inc. | System and method for single page banner integration |
US10492163B2 (en) | 2015-08-03 | 2019-11-26 | Jpmorgan Chase Bank, N.A. | Systems and methods for leveraging micro-location devices for improved travel awareness |
KR20170028015A (ko) | 2015-09-03 | 2017-03-13 | 엔에이치엔엔터테인먼트 주식회사 | 휴대용 단말기를 이용한 온라인 신용카드 결제 시스템 및 결제 방법 |
FR3041195A1 (fr) | 2015-09-11 | 2017-03-17 | Dp Security Consulting | Procede d'acces a un service en ligne au moyen d'un microcircuit securise et de jetons de securite restreignant l'utilisation de ces jetons a leur detenteur legitime |
WO2017042400A1 (en) | 2015-09-11 | 2017-03-16 | Dp Security Consulting Sas | Access method to an on line service by means of access tokens and secure elements restricting the use of these access tokens to their legitimate owner |
ITUB20155318A1 (it) | 2015-10-26 | 2017-04-26 | St Microelectronics Srl | Tag, relativo procedimento e sistema per identificare e/o autenticare oggetti |
US20170140379A1 (en) | 2015-11-17 | 2017-05-18 | Bruce D. Deck | Credit card randomly generated pin |
CA2944935A1 (en) | 2015-11-27 | 2017-05-27 | The Toronto-Dominion Bank | System and method for remotely activating a pin-pad terminal |
US9965911B2 (en) | 2015-12-07 | 2018-05-08 | Capital One Services, Llc | Electronic access control system |
US9948467B2 (en) | 2015-12-21 | 2018-04-17 | Mastercard International Incorporated | Method and system for blockchain variant using digital signatures |
KR101637863B1 (ko) | 2016-01-05 | 2016-07-08 | 주식회사 코인플러그 | 본인인증용 정보 보안 전송시스템 및 방법 |
AU2017216289A1 (en) | 2016-02-04 | 2018-09-27 | Nasdaq Technology Ab | Systems and methods for storing and sharing transactional data using distributed computer systems |
US9619952B1 (en) | 2016-02-16 | 2017-04-11 | Honeywell International Inc. | Systems and methods of preventing access to users of an access control system |
US10148135B2 (en) | 2016-02-16 | 2018-12-04 | Intel IP Corporation | System, apparatus and method for authenticating a device using a wireless charger |
FR3049083A1 (fr) | 2016-03-15 | 2017-09-22 | Dp Security Consulting Sas | Procede de duplication des donnees d'un microcircuit securise vers un autre microcircuit securise permettant, au plus, a un seul microcircuit securise d'etre operationnel a un instant donne |
US9961194B1 (en) | 2016-04-05 | 2018-05-01 | State Farm Mutual Automobile Insurance Company | Systems and methods for authenticating a caller at a call center |
ES2822997T3 (es) | 2016-04-07 | 2021-05-05 | Contactoffice Group | Método para satisfacer una solicitud criptográfica que requiere un valor de una clave privada |
US10255816B2 (en) | 2016-04-27 | 2019-04-09 | Uber Technologies, Inc. | Transport vehicle configuration for impaired riders |
US10333705B2 (en) | 2016-04-30 | 2019-06-25 | Civic Technologies, Inc. | Methods and apparatus for providing attestation of information using a centralized or distributed ledger |
KR20170126688A (ko) | 2016-05-10 | 2017-11-20 | 엘지전자 주식회사 | 스마트 카드 및 그 스마트 카드의 제어 방법 |
US9635000B1 (en) | 2016-05-25 | 2017-04-25 | Sead Muftic | Blockchain identity management system based on public identities ledger |
GB201609460D0 (en) | 2016-05-30 | 2016-07-13 | Silverleap Technology Ltd | Increased security through ephemeral keys for software virtual contactless card in a mobile phone |
US10097544B2 (en) | 2016-06-01 | 2018-10-09 | International Business Machines Corporation | Protection and verification of user authentication credentials against server compromise |
CN109997177A (zh) * | 2016-07-13 | 2019-07-09 | 博托索夫特科技有限公司 | 文档认证系统 |
US10680677B2 (en) | 2016-08-01 | 2020-06-09 | Nxp B.V. | NFC system wakeup with energy harvesting |
US10032169B2 (en) | 2016-08-08 | 2018-07-24 | Ellipse World, Inc. | Prepaid, debit and credit card security code generation system |
US20180039986A1 (en) | 2016-08-08 | 2018-02-08 | Ellipse World S.A. | Method for a Prepaid, Debit and Credit Card Security Code Generation System |
US10084762B2 (en) | 2016-09-01 | 2018-09-25 | Ca, Inc. | Publicly readable blockchain registry of personally identifiable information breaches |
US10748130B2 (en) | 2016-09-30 | 2020-08-18 | Square, Inc. | Sensor-enabled activation of payment instruments |
US10462128B2 (en) | 2016-10-11 | 2019-10-29 | Michael Arthur George | Verification of both identification and presence of objects over a network |
US10719771B2 (en) | 2016-11-09 | 2020-07-21 | Cognitive Scale, Inc. | Method for cognitive information processing using a cognitive blockchain architecture |
US20180160255A1 (en) | 2016-12-01 | 2018-06-07 | Youngsuck PARK | Nfc tag-based web service system and method using anti-simulation function |
US10133979B1 (en) | 2016-12-29 | 2018-11-20 | Wells Fargo Bank, N.A. | Wearable computing device-powered chip-enabled card |
US10237070B2 (en) | 2016-12-31 | 2019-03-19 | Nok Nok Labs, Inc. | System and method for sharing keys across authenticators |
DE102017000768A1 (de) | 2017-01-27 | 2018-08-02 | Giesecke+Devrient Mobile Security Gmbh | Verfahren zum Durchführen einer Zweifaktorauthentifizierung |
US20180240106A1 (en) | 2017-02-21 | 2018-08-23 | Legacy Ip Llc | Hand-held electronics device for aggregation of and management of personal electronic data |
US20180254909A1 (en) | 2017-03-06 | 2018-09-06 | Lamark Solutions, Inc. | Virtual Identity Credential Issuance and Verification Using Physical and Virtual Means |
US10764043B2 (en) | 2017-04-05 | 2020-09-01 | University Of Florida Research Foundation, Incorporated | Identity and content authentication for phone calls |
US10129648B1 (en) | 2017-05-11 | 2018-11-13 | Microsoft Technology Licensing, Llc | Hinged computing device for binaural recording |
US20190019375A1 (en) | 2017-07-14 | 2019-01-17 | Gamblit Gaming, Llc | Ad hoc customizable electronic gaming table |
US9940571B1 (en) | 2017-08-25 | 2018-04-10 | Capital One Services, Llc | Metal contactless transaction card |
US10019707B1 (en) | 2017-10-24 | 2018-07-10 | Capital One Services, Llc | Transaction card mode related to locating a transaction card |
US11102180B2 (en) | 2018-01-31 | 2021-08-24 | The Toronto-Dominion Bank | Real-time authentication and authorization based on dynamically generated cryptographic data |
US10467622B1 (en) * | 2019-02-01 | 2019-11-05 | Capital One Services, Llc | Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms |
-
2021
- 2021-01-04 US US17/140,698 patent/US11216799B1/en active Active
- 2021-11-22 US US17/531,981 patent/US11763287B2/en active Active
- 2021-12-14 EP EP21844456.0A patent/EP4272410A1/en active Pending
- 2021-12-14 WO PCT/US2021/063281 patent/WO2022146672A1/en active Application Filing
- 2021-12-14 CA CA3204039A patent/CA3204039A1/en active Pending
- 2021-12-14 KR KR1020237023287A patent/KR20230125226A/ko unknown
- 2021-12-14 AU AU2021415999A patent/AU2021415999A1/en active Pending
- 2021-12-14 CN CN202180094058.5A patent/CN116848833A/zh active Pending
- 2021-12-14 JP JP2023540776A patent/JP2024502434A/ja active Pending
-
2023
- 2023-08-17 US US18/451,237 patent/US20230394462A1/en active Pending
Also Published As
Publication number | Publication date |
---|---|
CA3204039A1 (en) | 2022-07-07 |
EP4272410A1 (en) | 2023-11-08 |
KR20230125226A (ko) | 2023-08-29 |
US20220215377A1 (en) | 2022-07-07 |
US11216799B1 (en) | 2022-01-04 |
US11763287B2 (en) | 2023-09-19 |
WO2022146672A1 (en) | 2022-07-07 |
US20230394462A1 (en) | 2023-12-07 |
JP2024502434A (ja) | 2024-01-19 |
AU2021415999A1 (en) | 2023-07-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11373169B2 (en) | Web-based activation of contactless cards | |
US11930120B2 (en) | Call center web-based authentication using a contactless card | |
CN113316784A (zh) | 基于存储在非接触式卡中的身份数据的安全认证 | |
WO2022272038A1 (en) | Cryptographic authentication to control access to storage devices | |
US20230394462A1 (en) | Secure generation of one-time passcodes using a contactless card | |
US20230162187A1 (en) | Autofilling data based on account authentication using a contactless card | |
US20240021041A1 (en) | Techniques for personal identification number management for contactless cards | |
US20230419295A1 (en) | Mobile web browser authentication and checkout using a contactless card | |
US20220414648A1 (en) | Server-side redirect of uniform resource locator generated by contactless card | |
CN114667713A (zh) | 基于存储在非接触式卡中的护照数据的安全认证 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40093533 Country of ref document: HK |
|
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |