EP1218861A1 - Systeme et procede d'identification numerique globale sur internet - Google Patents

Systeme et procede d'identification numerique globale sur internet

Info

Publication number
EP1218861A1
EP1218861A1 EP00968720A EP00968720A EP1218861A1 EP 1218861 A1 EP1218861 A1 EP 1218861A1 EP 00968720 A EP00968720 A EP 00968720A EP 00968720 A EP00968720 A EP 00968720A EP 1218861 A1 EP1218861 A1 EP 1218861A1
Authority
EP
European Patent Office
Prior art keywords
recited
response message
network
authorization
identification data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP00968720A
Other languages
German (de)
English (en)
Inventor
Michael D. S. Harris
John Wankmueller
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mastercard International Inc
Original Assignee
Mastercard International Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mastercard International Inc filed Critical Mastercard International Inc
Publication of EP1218861A1 publication Critical patent/EP1218861A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • G06Q20/4037Remote solvency checks

Definitions

  • This invention relates to digital identification (hereinafter “digital ID”) applications used to purchase goods or services.
  • a digital ID is a set of digital data associated with an individual or entity.
  • the ID can be, for example, a digital document (e.g., a digital certificate) which associates a digital key with the individual or entity.
  • Digital ID applications for use over the
  • One model for digital ID applications allows a third party service provider on the Internet to perform an exchange with a cardholder accessing the third party site and to retrieve from the cardholder a digital ID that the service provider can then validate with a "central point" before providing service.
  • the service provider goes to the "central point” for each validation and is charged based on the level of assurance that the "central point" is prepared to provide (e.g., 0.100 for a guarantee that digital ID is good for $100, l for a guarantee that digital ID is good for $1000, etc.).
  • the present invention provides a unique system and method for performing a digital ID function using currently existing payment system building blocks (such as the "EMV” standard promulgated jointly by Europay International S.A., MasterCard International Incorporated, and Visa International Service Association, and the "SET” standard promulgated by SET Secure Electronic Transaction, LLC) and currently existing credit/debit card payment system contractual relationships.
  • EMV Europay International S.A., MasterCard International Incorporated, and Visa International Service Association
  • SET promulgated by SET Secure Electronic Transaction, LLC
  • each digital ID issuer has one contractual relationship with a "central switch" and each service provider has one contractual relationship with the "central switch.”
  • issuers of digital IDs may choose to use some or all of the assurance levels.
  • FIG. 1 is a diagram of information flow in an exemplary system for performing digital ID in accordance with the invention.
  • a digital ID issuer issues a digital ID to a digital ID holder.
  • the request for digital ID verification is routed to the digital ID issuer over a distributed communication network.
  • the distributed communication network may include the Internet and an existing legacy payment system infrastructure (such as the Banknet infrastructure of MasterCard International Incorporated).
  • the Internet and the existing legacy payment system infrastructure are connected by a "central switch" or gateway (such as a SET gateway).
  • Digital ID holders are, with the present invention, able to anonymously identify themselves in remote environments, such as the Internet, to other parties.
  • the digital ID is a portable identity object that is simple for digital ID holders to use and can eliminate the need by digital ID holders to remember different passwords and user-ID combinations required to gain access to protected Internet sites. While not revealing any other details of the identity to the identity verification requester, the present invention can release only agreed identity data to the identity verification requester. It is the digital ID issuer who provides and controls all data.
  • the present invention uses a set of separate, stand-alone, non-payment messages which utilize existing legacy payment system message formats and payment-related data.
  • the digital ID verification request involves the use of a shared secret (of any type) possessed only by the digital ID issuer and the digital ID holder. High security is enabled since the number and types of secrets shared and algorithms used by the parties are varied and potentially non-standard.
  • the digital ID issuer will receive and validate a digital ID payment object, which is created by the digital ID holder with the shared secret.
  • the digital ID payment object is passed as an opaque block (an object that cannot be read) through all intermediary nodes to the digital ID issuer.
  • the digital ID issuer When a digital ID issuer receives a digital ID verification request, the digital ID issuer has a number of response options available to it. One option is to simply respond with a binary "yes" or “no" to the digital ID verification request. A second option is to respond with other data which is related to the digital ID holder, such as demographic data, payment history data, and/or other marketing data. Preferably, this other data is non-personally identifiable data, and the dissemination of this other data is pre-approved by the digital ID holder. The data may also include passwords for accessing a service provider's web site.
  • Previous digital identification technology has employed asymmetric key technology with private/public key pairs and digital certificates, sometimes combined with secured integrated circuit (IC) chip cards.
  • the present invention can be deployed without chip cards or any secure hardware deployed by the digital ID issuer.
  • the present invention may use shared symmetric key technology, instead of asymmetric key technology, to provide a digital ID function.
  • digital ID verification may occur before and/or after a payment transaction, and the digital ID verification is capable of being linked with the payment transaction through cryptography.
  • the linking is accomplished through the use of a cryptogram, which is an object containing the result of a cryptographic operation.
  • the present invention uses time-sensitive data.
  • the basic cryptographic techniques utilize parts of the EMV credit or debit payment specification and an EMV infrastructure.
  • An EMV- compliant chip card may be used with this embodiment, but (as already mentioned) chip card use is not required.
  • an digital ID application may be stored, for example, on a computer that is connected to the Internet. The stored digital ID application stored on the computer could function as a "virtual" chip card.
  • a digital ID issuer 500 (such as a bank) preferably issues a physical or virtual chip card 100 based on the EMV specification.
  • the chip card 100 can, optionally, be direct mailed to an end user.
  • the chip card 100 may contain a single application or multiple applications on it, and can, optionally, be based on the MULTOSTM operating system or on another operating system. It is assumed that the reader is familiar with the MULTOSTM standard, which is maintained by the MAOSCO Consortium. The standard is described in the
  • the digital ID issuer 500 assigns a payment-related or non-payment-related digital ID account number within the MasterCard Payment Application (MCPA) function in the chip card 100.
  • the digital ID account number is not required to be a credit/debit card account number (and, indeed, for security purposes, it is preferred that the digital ID not be such a number).
  • the digital ID issuer may deploy digital ID EMV-based applications which do not use credit/debit card account numbers but assign an account number only for digital ID use.
  • the cardholder logs onto the Internet and requests a service from a service provider web site (this request represented by arrow 1 of Fig.
  • the service provider 200 may decide to verify the cardholder's identity. It is up to the service provider to decide the frequency with which it requests verification from its customers. The service provider may request verification each and every time a service is requested, or it may request verification only occasionally.
  • the service provider 200 decides to request verification, the service provider preferably initiates a SET specification based transaction (for confidentiality and integrity of messaging over the Internet) and asks the cardholder (this request represented by arrow 2 of Fig. 1) to use its chip card (virtual or physical) to initiate a digital ID verification transaction (shown as arrow 3).
  • the digital ID verification transaction uses the credit/debit payment message formats of the MCPA and EMV specifications. These message formats may be used in a number of ways. For example, the payment amount field may be set to zero and the request may be treated as an authorization for a payment transaction of zero amount. Alternatively, a new message type may be added (for example, a "digital ID request" type) to the existing payment infrastructure. This new message type can be used to redefine certain fields. In particular, the payment field may no longer represent a payment amount, but a validation level amount. For example, if the payment field contains $100, the digital ID issuer will validate the identity of the digital ID at this validation level.
  • EMV -formatted cryptogram shown as arrow 3
  • ARQC authorization request cryptogram
  • the cryptogram is then transported (arrow 4) securely over the Internet, protected by (for example) the SET protocol.
  • the cryptogram can be a digital certificate.
  • the service provider passes this transaction request (arrow 4) over the Internet, using (preferably) the SET protocol, to a "central switch" 300, which may provide a SET payment gateway function. Since the transaction is not a payment, a bank- provided payment gateway is not necessary.
  • the central switch 300 can, optionally, be a SET acquirer.
  • the switch 300 reformats the verification transaction request to the format for message transmission over a trusted back-end network 400 (such as MasterCard International Inc.'s Banknet network).
  • a trusted back-end network 400 such as MasterCard International Inc.'s Banknet network
  • the verification request message is formatted as a "0100" chip formatted authorization request message.
  • the reformatted message is then passed (arrow 5) into the trusted back-end network 400, which routes the verification request (arrow 6) to the digital ID issuer 500.
  • the digital ID issuer 500 authenticates the digital ID verification transaction and stores the transaction for possible service provider fee collection at a level identified and requested on the verification request message.
  • the response by the digital ID issuer may be a simple "yes” or “no” or it may include other digital ID holder-related data.
  • the response also preferably includes an Authorization Response Cryptogram ("ARPC").
  • the digital ID issuer 500 responds to the switch via the trusted back-end network 400 with an authorization response message (arrow 7). If the back-end network is MasterCard's Banknet network, the message is a "01 10" formatted authorization response message. It is formatted as a payment authorization request but carries digital ID response data.
  • the back-end network 400 then passes the message (arrow 8) to the switch 300.
  • the switch formats the authorization response message as a SET/EMV response message (arrow 9) to the service provider 200.
  • the response message confirms or denies the digital ID authentication at the requested service level. This response message is similar to an authorization for purchase response.
  • the service provider 200 When the service provider 200 receives the SET/EMV response message, it decides whether to provide service to the cardholder.
  • the service provider may optionally complete the EMV-like transaction by sending a SET message (arrow 10) back to the physical or virtual card.
  • the digital ID number is preferably a fully "routable" credit or debit primary account number (PAN), but the number is not necessarily related to a payment account. In a preferred embodiment, the digital ID number is not the account number used for payment.
  • PAN credit or debit primary account number
  • This final TC (arrow 1 1 ) is a cryptographic object that may be used to link a digital ID verification transaction to a payment transaction.
  • the TC is based on the same shared secret as that used in generating the ARQC and on the ARPC received from the digital ID issuer.
  • the TC (along with the data needed to generate the TC) provides a strong linkage between the digital ID verification transaction and a payment authorization request.
  • the TC may be bundled into a payment transaction as the "random number" used in the initiate payment transaction stage.
  • MAOSCO Information Bulletin No. 7 -Export Controls, Sept. 29, 1998 (available at http://dh007-00.web.dircon.net/present.ihtml).
  • MAOSCO Information Bulletin No. 9 - Export Controls, End-User Undertaking Guidance, Mar. 4, 1999 (available at http://dh007-00.web.dircon.net/present.ihtml).

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un système et un procédé permettant d'authentifier un code d'identification numérique à l'aide d'un commutateur central pour transmettre des données entre un réseau relié à un fournisseur d'accès et un réseau relié à un émetteur d'identifications numériques. Ce système peut être configuré pour fournir une autorisation « oui/non » ou une validation à un niveau de validation sélectionné. Ce système peut recevoir un message de demande d'autorisation codé, et peut générer un message de réponse d'autorisation codé. Ce message de réponse peut être utilisé par le fournisseur d'accès pour décider s'il convient de fournir un accès à un détenteur de code d'identification numérique.
EP00968720A 1999-10-08 2000-10-05 Systeme et procede d'identification numerique globale sur internet Ceased EP1218861A1 (fr)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US15860899P 1999-10-08 1999-10-08
US158608P 1999-10-08
US16388699P 1999-11-05 1999-11-05
US163886P 1999-11-05
PCT/US2000/027458 WO2001027887A1 (fr) 1999-10-08 2000-10-05 Systeme et procede d'identification numerique globale sur internet

Publications (1)

Publication Number Publication Date
EP1218861A1 true EP1218861A1 (fr) 2002-07-03

Family

ID=26855201

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00968720A Ceased EP1218861A1 (fr) 1999-10-08 2000-10-05 Systeme et procede d'identification numerique globale sur internet

Country Status (6)

Country Link
EP (1) EP1218861A1 (fr)
JP (1) JP2003511802A (fr)
AU (1) AU772372B2 (fr)
CA (1) CA2385954C (fr)
HK (1) HK1047337A1 (fr)
WO (1) WO2001027887A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0020108D0 (en) * 2000-08-15 2000-10-04 Nokia Mobile Phones Ltd Devices
US20030217148A1 (en) * 2002-05-16 2003-11-20 Mullen Glen H. Method and apparatus for LAN authentication on switch

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999022291A1 (fr) * 1997-10-24 1999-05-06 Ge Capital Systeme et procede de pre-autorisation d'operations comptables individuelles

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5557518A (en) * 1994-04-28 1996-09-17 Citibank, N.A. Trusted agents for open electronic commerce
CA2100134C (fr) * 1992-09-29 1999-06-22 Raymond Otto Colbert Systeme d'autorisation securitaire pour cartes de credit/debit
US5826245A (en) * 1995-03-20 1998-10-20 Sandberg-Diment; Erik Providing verification information for a transaction
US5590197A (en) * 1995-04-04 1996-12-31 V-One Corporation Electronic payment system and method
FR2733068B1 (fr) * 1995-04-14 1997-07-04 G C Tech Procede de paiement electronique permettant d'effectuer des transactions liees a l'achat de biens sur un reseau informatique
US5757917A (en) * 1995-11-01 1998-05-26 First Virtual Holdings Incorporated Computerized payment system for purchasing goods and services on the internet
US5943424A (en) * 1996-06-17 1999-08-24 Hewlett-Packard Company System, method and article of manufacture for processing a plurality of transactions from a single initiation point on a multichannel, extensible, flexible architecture
US5903882A (en) * 1996-12-13 1999-05-11 Certco, Llc Reliance server for electronic transaction system
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
EP0921487A3 (fr) * 1997-12-08 2000-07-26 Nippon Telegraph and Telephone Corporation Méthode et système de facturation sur internet

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999022291A1 (fr) * 1997-10-24 1999-05-06 Ge Capital Systeme et procede de pre-autorisation d'operations comptables individuelles

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"SET SECURE ELECTRONIC TRANSACTION SPECIFICATION BOOK 1: BUSINESS DESCRIPTION", SET SECURE ELECTRONIC TRANSACTION SPECIFICATION. BOOK 3: FORMAL PROTOCOL DEFINITION (VERSION 1.0), 31 May 1997 (1997-05-31), pages I-V - 1-72, XP001051175, Retrieved from the Internet <URL:http://www.hta-bi.bfh.ch/Projects/eftpos/extern/set_bk3.pdf> *
See also references of WO0127887A1 *

Also Published As

Publication number Publication date
WO2001027887A1 (fr) 2001-04-19
CA2385954C (fr) 2008-05-06
HK1047337A1 (zh) 2003-02-14
AU772372B2 (en) 2004-04-22
CA2385954A1 (fr) 2001-04-19
JP2003511802A (ja) 2003-03-25
AU7859300A (en) 2001-04-23

Similar Documents

Publication Publication Date Title
US6681328B1 (en) System and method for global internet digital identification
US7680736B2 (en) Payment system
US7058611B2 (en) Method and system for conducting secure electronic commerce transactions with authorization request data loop-back
US6941285B2 (en) Method and system for a virtual safe
US20030069792A1 (en) System and method for effecting secure online payment using a client payment card
US20010047335A1 (en) Secure payment method and apparatus
EP1687725B1 (fr) Système de paiement securisé
AU2001248198A1 (en) A method and system for a virtual safe
AU2001283489A1 (en) Method and system for conducting secure electronic commerce transactions with authorization request data loop-back
CA2385954C (fr) Systeme et procede d&#39;identification numerique globale sur internet
Van Herreweghen et al. Risks and Potentials of Using EMV for Internet Payments.
KR100458526B1 (ko) 유·무선 복합 전자 결제 방법 및 시스템
ZA200202364B (en) System and method for global internet digital identification.
Asokan et al. Electronic payment systems
Balasubramanian et al. Electronic payment systems and their security
AU2011203165B2 (en) Secure payment system
Watson Electronic cash and set
Waidner Electronic Payment Systems
R3 Project Number AC026 Project Title Secure Electronic MarketPlace for Europe SEMPER Deliverable Security Class Public CEC Deliverable Number AC026/SMP/CT2/DS/P/015/b1
Pfitzmann et al. Smartcard-Supported Internet Payments
Van Herreweghen et al. USENIX Technical Program-Paper-Smartcard 99 [Technical Program] Risks and Potentials of using EMV for Internet Payments

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020423

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

APBN Date of receipt of notice of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA2E

APBR Date of receipt of statement of grounds of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA3E

APAF Appeal reference modified

Free format text: ORIGINAL CODE: EPIDOSCREFNE

APBT Appeal procedure closed

Free format text: ORIGINAL CODE: EPIDOSNNOA9E

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20101210

REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1047337

Country of ref document: HK