EP1374011A2 - Procede destine a securiser une transaction sur un reseau informatique - Google Patents

Procede destine a securiser une transaction sur un reseau informatique

Info

Publication number
EP1374011A2
EP1374011A2 EP01980382A EP01980382A EP1374011A2 EP 1374011 A2 EP1374011 A2 EP 1374011A2 EP 01980382 A EP01980382 A EP 01980382A EP 01980382 A EP01980382 A EP 01980382A EP 1374011 A2 EP1374011 A2 EP 1374011A2
Authority
EP
European Patent Office
Prior art keywords
service user
service
transmitted
transaction
service provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP01980382A
Other languages
German (de)
English (en)
Inventor
Stefan Grünzig
Tschangiz Scheybani
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Publication of EP1374011A2 publication Critical patent/EP1374011A2/fr
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • the invention relates to a method for securing a transaction on a computer or similar network, for example on the Internet or also in a larger intranet within the organization, in which a unique transaction password is transmitted to a service user, which is used to confirm the transaction by the service user via the computer network a service provider is transmitted.
  • Such a method is currently used for example in the usual online banking method.
  • the bank customer is also sent additional transaction numbers, so-called TANs, which can only be used for one single transaction and then lose their validity.
  • the transaction will only be carried out if the PIN and TAN match the values stored with the online banking provider. Since the TAN is only used once, it is ensured that unauthorized persons who succeed in spying on the data transfer between the bank and the customer cannot abuse the data obtained.
  • the TAN thus offers additional security for the customer, as such. Misuse of the online bank account is significantly reduced. On the other hand, it also offers additional security for the online banking provider, since the interaction of the correct PIN and correct TAN confirms the authenticity of the customer.
  • Methods can of course also be used to carry out transactions in connection with other transactions on the Internet, for example when buying goods.
  • the more secure alternative to this means that the customer does not save the TAN on his computer, but instead stores it in a safe place in writing. However, since it is usually impractical for the customer to memorize several of these TANs, this also means that the customer must carry the written TANs with them if he wants to carry out his banking transactions from different locations and different computers. In addition, with this storage there is also the possibility that the TAN may be lost or lost to the customer, for example due to theft, and end up in unauthorized hands.
  • a unique transaction password is also transmitted to the service user, ie the customer, which the latter transmits back to a service provider via the computer network for the transaction confirmation in order to carry out a payment.
  • the transaction password can be any password. It is preferably a number, ie a common TAN.
  • the personal data of a service user are checked before a transaction password is transmitted. This is primarily the data that is required for the transaction, for example the name, the address, a credit card number and a mobile subscriber number of the communication terminal of the service user. In addition to this data Of course, as an alternative or in addition to the name and address, further data, for example an ID or passport number of the service user, can be registered.
  • the transaction password serves to secure the service user and to authenticate the service user to the service provider. It is used only once for a single transaction and then loses its validity.
  • the service provider compares the transaction password with a transaction password stored there and only for
  • the transaction password is not sent to the service user via the computer network, but via a mobile radio network to a mobile communication terminal of the customer.
  • the mobile radio network can be any mobile radio network, for example GSM or UMTS.
  • the term mobile radio network also includes corresponding pager networks.
  • the mobile communication terminal is, for example, a commercially available mobile radio device, a pager or a PDA with a corresponding mobile radio function.
  • the service user can receive the transaction password directly from the service provider.
  • the transaction password can be transmitted to the service user from another location, for example a credit card organization or a mobile radio network provider which is connected to the service provider.
  • the security-sensitive data that the service user is supposed to send to the service provider via the computer network to confirm a transaction does not occur via the same network, but rather that the transaction password is sent the Service users a completely different way is used. This increases security considerably, since misuse by an unauthorized person no longer only needs to know the name, address, etc. of the service user, but also that he must be in the possession of the communication terminal of the service user.
  • the transmission of the transaction password is quick and uncomplicated, in contrast to a transmission by special mail as in the previous online banking method, it is possible for the transaction password to be sent directly during or immediately before a transaction is transmitted to the service user. That it is no longer necessary to transmit several numbers in advance. It is therefore no longer necessary for the service user to keep several numbers safe so that he has the number at hand at the appropriate time. At the same time, this prevents unauthorized persons from gaining possession of a TAN block.
  • a consistency comparison is then carried out between the service provider, a mobile network provider and a credit card company, i.e. the service provider carries out, for example, a comparison of the data by means of a database query from the mobile radio network provider and a simultaneous database query from the credit card company. This ensures that the mobile subscriber number and the credit card number belong to the same service user.
  • the service provider carries out, for example, a comparison of the data by means of a database query from the mobile radio network provider and a simultaneous database query from the credit card company.
  • a registration process is preferably carried out before a first-time transaction, in which at least some of the service user data are transmitted to the service provider.
  • the service user data is then checked immediately, for example the complete consistency comparison. If the registration is successful, the service user is finally sent a personal identification number, hereinafter referred to as PIN, which is assigned to this service user.
  • PIN personal identification number
  • the PIN is first transmitted from the service user to the service provider, with which the service provider is automatically informed of the data of the current service user.
  • the service provider then preferably only checks the PIN instead of the complete service user data.
  • the personal identification number can, for example - like the transaction password - be transmitted to the customer's mobile communication terminal via a mobile radio network.
  • the service user transmits the service user data, specifying the PIN, which is used in subsequent transactions. This is, so to speak, a second registration level in which the service provider is sent the service user data that he did not receive when he registered for the first time. Alternatively, do this Of course, a change in service user data is also possible, for example if the service user wants to use a different communication terminal with a mobile radio subscriber number or wants to use another credit card with a different credit card number for payment.
  • Computer network is preferably done in a secure manner, i.e. a secure channel, for example the SSL method, is used, in which this sensitive data is transmitted in encrypted form.
  • a secure channel for example the SSL method
  • the transaction password or the personal identification number is transmitted to the mobile communication terminal of the service user, preferably as a text message, for example SMS.
  • This method is extremely inexpensive because it requires little transmission capacity.
  • the service user can read the PIN or the transaction password in plain text from the display of his communication terminal and enter it in the appropriate place in an input mask on his PC. ,
  • the service user receives the PIN from a mobile radio network provider or a service provider connected thereto.
  • the mobile network provider or the associated service provider are the name, address and mobile subscriber number of the Service user already known.
  • the service user transmits a credit card number to the service provider, which is used in subsequent transactions.
  • the service provider checks the PIN by comparing it with the PIN that he also received from the mobile network provider or the associated service provider together with the personal data and assigns the credit card number to this data and / or carries out a corresponding consistency comparison using a database. Query with the relevant credit card organization.
  • the service operator only forwards the received PIN to the mobile network provider or the associated service provider for checking and only receives information back from the provider that the data is correct. If the check is successful, the service is activated and can be used by the service user at any time. In this case, the service only works with the cell phone subscriber number via which the user is originally known to the cell phone network provider. The service user can change the credit card number at any time using this procedure.
  • the PIN is from a
  • the service user can use the PIN received to register with the service provider and to specify his mobile subscriber number.
  • all data is first checked here.
  • the service is then activated, in which case the service only works in conjunction with the credit card number initially known, under which the service user is also registered with the credit card organization that transmitted the PIN.
  • the mobile user number can be changed at any time by the service user by registering again with the PIN.
  • the ner driving according to the invention for securing transactions can be used in any processes. For example, it can be used directly in the online banking process. It can also be used for online purchases and subsequent payments.
  • the service provider does not necessarily need to use the. Internet Höp operators to be identical.
  • shop operator and service provider are, for example, contractual partners or are connected to one another via a common contractual partner.
  • the service provider can also be, for example, the credit card organization or the mobile radio network provider itself. However, it can also be a completely independent organization that has a business relationship with the various other organizations and operators.
  • the method according to the invention also offers the possibility of using the transaction password and / or the PI ⁇ to transmit further information to the mobile communication terminal of the service user.
  • This additional information can be, for example, current information about the service itself. But it can also be advertising or something similar.
  • the service can also be financed through advertising sent with the transaction password or PI ⁇ , so that no additional costs arise for the shop operator, the service user, the credit card organization involved or the mobile network provider.
  • the method is extremely flexible, ie the service user does not have to rely on the transactions from his own PC at a fixed location, but can use any computer available to him.
  • the method according to the invention can consequently be used wherever the customer can be reached with his mobile communication terminal, ie also internationally where roaming is possible when using a mobile radio device. No special infrastructure such as a smart card terminal is required on the computer that the customer is currently using.
  • the various data can be checked fully automatically via a suitable computer, for example a server of the service operator, on which a corresponding computer program is implemented.
  • a suitable computer for example a server of the service operator, on which a corresponding computer program is implemented.
  • the transaction password is a number, i.e. a TAN.
  • the various TANs and PINs are transmitted via SMS to a mobile device of the service user.
  • the final payment is always made via a credit card from the service user, and the service provider's credit card can be charged by the service provider in a generally known, customary manner.
  • the invention is not limited to these specific exemplary embodiments.
  • the first embodiment is a spontaneous purchase by a service user who has not previously been registered with the service provider.
  • a prerequisite for processing a secure credit card payment is a consistency comparison of the service user data, namely the credit card number, the mobile phone number and the address and name of the service user. This consistency comparison is carried out between the service provider, the mobile network provider and the credit card organization.
  • the service user While shopping on the PC, after activating a payment process, the service user is forwarded to the Internet server or a website of the service operator.
  • the service user enters his credit card number and his mobile number in a corresponding dialog mask on his PC, which are transmitted to the server by means of secure transmission, for example using SSL.
  • Name and address can also be entered here and transferred with.
  • the data has already been specified on the website of the Internet shop, since this data is also required for the delivery of the goods. This data can therefore be forwarded directly from the shop operator to the service operator when the service user is forwarded to the Internet server or the website of the service operator.
  • the service provider then carries out the necessary comparison of all service user data by means of a corresponding database query from the mobile operator and a simultaneous database query from the credit card company. If the result of the query is positive, the service is activated and the service user is sent a one-time TAN for this payment process by SMS to his mobile device. The TAN is then entered by the service user on the PC in a corresponding input mask. Finally, the TAN is sent from the PC to the background system, for example to the service provider's Internet server. The TAN sent to the service user is then compared with the TAN stored there. at successful comparison, the debit is made on the credit card account of the service user. The service user himself receives confirmation of the successful credit card payment.
  • Service user is already registered with the service provider and has received a unique PIN in the course of the registration process.
  • the registered service user logs in on the 10th PC while shopping on the service provider's Internet server using his PIN via a secure channel.
  • the PIN is then checked by the service operator and the service is activated for the current session.
  • Service users can then, for example, put together a shopping cart within an Internet shop. After the shopping cart has been compiled, the service user then only has to activate the payment process, for example using a button on the website of the service provider.
  • the TAN is then immediately transmitted to the mobile device of the service user. Here, too, the TAN is entered into an input mask by the service user on the PC and transmitted back to the computer network via 20. After a successful comparison of the TAN, the credit card account of the service user is in turn debited and the successful credit card payment is confirmed.
  • the service user can choose from among 25 different credit card companies, each of which has a credit card. This can be queried within an input mask on the website of the service provider. Even in the case of a previous registration, this possibility exists if the service user specified the various credit card companies with the 3 o corresponding credit card numbers when registering. Likewise, different mobile devices with different Mobile phone numbers can be dialed, provided this has been specified in the registration.
  • the service provider already knows the service user as a credit card holder, i.e. his name, address and credit card number are known to him. This is the case, for example, if the service operator himself is the credit card organization in question or is in business connection with one and exchanges the data with one another.
  • Mobile number can be changed at any time by logging in again by entering the PIN.
  • the service provider already knows the service user 25 as a mobile phone user, i.e.
  • the service provider knows the name, address and mobile phone number. This is the case, for example, if the service operator is the cellular network operator himself or is in connection with it.
  • Mobile network operator or an associated service provider PIN to use the service delivered.
  • the service user logs in on the server of the service provider and enters his credit card number to use the service.
  • the service only works with the mobile phone number already known to the service provider.
  • the credit card number can be changed at any time by entering the PIN.
  • registration takes place in a mobile radio shop. Name, address and mobile phone number are also registered here, and the service user receives, for example, a PIN letter.
  • Registration can also be done with the postman or in the post office.
  • the service user can use the PIN supplied to log on to the service provider's server and in turn enter his credit card number to use the service. Even then, the service is only carried out with the initially registered mobile phone number.
  • the credit card number is registered with the relevant credit card organization at the postman or in the post office instead of the mobile phone number and then the mobile phone subscriber number is specified and possibly changed by means of the PIN.
  • the fourth registration example is a purely online registration.
  • a prerequisite for this purely online registration is again a consistency comparison of the specified service user data between the service provider, the relevant mobile network provider and the credit card organization.
  • the service user logs on to a special registration website of the service provider and specifies his name, address, credit card number and mobile phone subscriber number.
  • the service provider then carries out a comparison of the service user data 5 by means of a database query from the mobile radio network provider and one
  • the service is only activated if the query results are positive, and the service user receives a PIN to use the service.
  • This PIN can be transmitted in any way, for example by post. However, this PIN is preferably also transmitted via the mobile radio network to the
  • the PIN can also be transmitted via SMS. This method has the advantage that the service user does not have to wait for a letter to be delivered, but the PIN 5 can be transmitted immediately after the online registration, and the service is thus immediately available to the service user.
  • a further exemplary embodiment for use after a previous registration has been described below with the aid of the figure, wherein in this special exemplary embodiment the internet shop (web shop) is not in direct contact with the service provider, but a further service provider, here a payment service provider (PSP) is interposed.
  • the internet shop web shop
  • PSP payment service provider
  • the service user first logs in to the desired web shop over the Internet and carries out an order there.
  • the web shop sends the amount, for example, together with the name and address of the service user to the payment service provider.
  • the latter finally places an order with the service provider 0 for customer identification.
  • the service user is automatically taken to the website of the service provider forwarded.
  • the user must first enter the PIN to activate the payment service.
  • the data or the PIN of the service user is then checked for consistency and also compared with the data received from the payment service provider.
  • the service provider After a successful check, the service provider sends a TAN via the GSM network to the mobile device of the service user, who in turn reads the TAN from the display of the mobile device and enters it in an input mask on his PC at the appropriate place to confirm the transaction.
  • the TAN is then sent to the service provider over the Internet for review. If the TAN is checked successfully, a "customer OK" signal is transmitted to the payment service provider.
  • the payment service provider finally takes the amount from a credit card account of the service user and confirms the successful payment to the web shop with a "Payment-OK" signal.

Abstract

L'invention concerne un procédé destiné à sécuriser une transaction sur un réseau informatique, consistant à transmettre à un utilisateur de services un mot de passe de transaction unique, ledit mot de passe étant transmis de l'utilisateur de services au prestataire de services par l'intermédiaire du réseau informatique pour la confirmation de transaction. Le mot de passe de transaction est transmis à un terminal de communication mobile de l'utilisateur de services par l'intermédiaire d'un réseau de téléphonie mobile.
EP01980382A 2000-09-14 2001-09-13 Procede destine a securiser une transaction sur un reseau informatique Ceased EP1374011A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE10045924 2000-09-14
DE10045924A DE10045924A1 (de) 2000-09-14 2000-09-14 Verfahren zum Absichern einer Transaktion auf einem Computernetzwerk
PCT/EP2001/010606 WO2002023303A2 (fr) 2000-09-14 2001-09-13 Procede destine a securiser une transaction sur un reseau informatique

Publications (1)

Publication Number Publication Date
EP1374011A2 true EP1374011A2 (fr) 2004-01-02

Family

ID=7656498

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01980382A Ceased EP1374011A2 (fr) 2000-09-14 2001-09-13 Procede destine a securiser une transaction sur un reseau informatique

Country Status (9)

Country Link
US (1) US20040039651A1 (fr)
EP (1) EP1374011A2 (fr)
JP (1) JP2004509409A (fr)
CN (1) CN1478260A (fr)
AU (1) AU2002212238A1 (fr)
DE (1) DE10045924A1 (fr)
PL (1) PL365731A1 (fr)
RU (1) RU2003109605A (fr)
WO (1) WO2002023303A2 (fr)

Families Citing this family (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10229477A1 (de) * 2002-07-01 2004-01-29 Siemens Ag Bezahlsystem für bargeldlosen Zahlungsverkehr
DE10230848A1 (de) * 2002-07-04 2004-01-22 Fiducia Ag Karlsruhe/Stuttgart Verfahren und Datenverarbeitungssystem zur datentechnisch gesicherten Kommunikation zwischen Behörden und Bürgern
EP1406459A1 (fr) * 2002-10-04 2004-04-07 Stephan Kessler Méthode d'authentification de plusieurs facteurs par transmission d'un mot de passe par l'intermédiane de termineaux mobiles avec PIN optinel
US9064281B2 (en) 2002-10-31 2015-06-23 Mastercard Mobile Transactions Solutions, Inc. Multi-panel user interface
DE10343566A1 (de) 2003-09-19 2005-05-04 Brunet Holding Ag Verfahren zur Abwicklung einer elektronischen Transaktion
WO2006049585A1 (fr) * 2004-11-05 2006-05-11 Mobile Money International Sdn Bhd Systeme de paiement
FI20050777L (fi) * 2005-07-21 2007-01-22 Vesa Juvonen Menetelmä ja järjestelmä palvelujen käyttämiseksi tietoliikenneverkossa
DE102005046376B4 (de) * 2005-09-28 2007-07-05 Siemens Ag Verfahren und Vorrichtung zur Vermeidung des Empfangs unerwünschter Nachrichten in einem IP-Kommunikationsnetzwerk
CA2962648C (fr) 2005-10-06 2019-07-23 Mastercard Mobile Transactions Solutions, Inc. Authentification de transaction tridimensionnelle
US10032160B2 (en) 2005-10-06 2018-07-24 Mastercard Mobile Transactions Solutions, Inc. Isolating distinct service provider widgets within a wallet container
US20130332343A1 (en) 2005-10-06 2013-12-12 C-Sam, Inc. Multi-tiered, secure mobile transactions ecosystem enabling platform comprising a personalization tier, a service tier, and an enabling tier
US8934865B2 (en) 2006-02-02 2015-01-13 Alcatel Lucent Authentication and verification services for third party vendors using mobile devices
JP4693171B2 (ja) * 2006-03-17 2011-06-01 株式会社日立ソリューションズ 認証システム
US20070239621A1 (en) * 2006-04-11 2007-10-11 Igor Igorevich Stukanov Low cost, secure, convenient, and efficient way to reduce the rate of fraud in financial and communication transaction systems
CN101512576A (zh) * 2006-09-15 2009-08-19 康法特公司 用于确保电子交易的真实性的方法和计算机系统
WO2008156424A1 (fr) * 2007-06-21 2008-12-24 Fredrik Schell Procédé de vérification d'un paiement, et dispositif de sécurité personnel pour effectuer une telle vérification
DE102007032469A1 (de) * 2007-07-10 2009-01-15 Biotronik Crm Patent Ag Anordnung für die Fernprogrammierung eines persönlichen medizinischen Gerätes
DE102007035534A1 (de) 2007-07-28 2009-01-29 Biotronik Crm Patent Ag Anordnung und Verfahren für die Fernprogrammierung eines persönlichen medizinischen Gerätes
DE102008037793A1 (de) 2008-08-14 2010-02-18 Giesecke & Devrient Gmbh Phototoken
DE102008045119A1 (de) * 2008-09-01 2010-03-04 Deutsche Telekom Ag Verfahren zur Durchführung eines Bezahlvorgangs
EP2216742A1 (fr) * 2009-02-09 2010-08-11 C. Patrick Reich Procédé de paiement mobile et dispositifs
US8326759B2 (en) * 2009-04-28 2012-12-04 Visa International Service Association Verification of portable consumer devices
US9715681B2 (en) 2009-04-28 2017-07-25 Visa International Service Association Verification of portable consumer devices
US20100276484A1 (en) * 2009-05-01 2010-11-04 Ashim Banerjee Staged transaction token for merchant rating
US8893967B2 (en) 2009-05-15 2014-11-25 Visa International Service Association Secure Communication of payment information to merchants using a verification token
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US9105027B2 (en) 2009-05-15 2015-08-11 Visa International Service Association Verification of portable consumer device for secure services
US8534564B2 (en) 2009-05-15 2013-09-17 Ayman Hammad Integration of verification tokens with mobile communication devices
CA2774713A1 (fr) 2009-08-14 2011-02-17 Payfone, Inc. Systeme et procede pour payer un commercant a l'aide d'un compte de telephone cellulaire
WO2011032263A1 (fr) * 2009-09-17 2011-03-24 Meir Weis Système de paiement mobile avec authentification en deux points
WO2011032596A1 (fr) * 2009-09-18 2011-03-24 Bankgirocentralen Bgc Ab Transfert d'argent électronique
EP2502192A2 (fr) * 2009-11-18 2012-09-26 Magid Joseph Mina Systèmes et procédés de paiement en transaction anonyme
CN102906776A (zh) * 2010-03-31 2013-01-30 帕特尔有限公司 一种用于用户和服务提供商之间双向认证的方法
US8527417B2 (en) * 2010-07-12 2013-09-03 Mastercard International Incorporated Methods and systems for authenticating an identity of a payer in a financial transaction
EP2490165A1 (fr) * 2011-02-15 2012-08-22 Mac Express Sprl Procédé d'autorisation de transaction
KR101895243B1 (ko) 2011-03-04 2018-10-24 비자 인터네셔널 서비스 어소시에이션 지불 능력을 컴퓨터들의 보안 엘리먼트들에 통합
ITPI20110028A1 (it) * 2011-03-28 2012-09-29 Iamboo S R L Metodo e apparecchiatura per l'autenticazione forte di un utente
EP2562704A1 (fr) * 2011-08-25 2013-02-27 TeliaSonera AB Procédé de paiement en ligne et élément de réseau, système et produit de programme informatique correspondant
CN104106276B (zh) 2011-10-12 2019-03-19 万事达移动交易方案公司 多层安全移动交易使能平台
JP5675662B2 (ja) * 2012-01-11 2015-02-25 Aosテクノロジーズ株式会社 ショートメッセージ決済システム
DE102012003859A1 (de) * 2012-02-27 2013-08-29 Giesecke & Devrient Gmbh Verfahren und System zum Durchführen eines Bezahlvorgangs
US10282724B2 (en) 2012-03-06 2019-05-07 Visa International Service Association Security system incorporating mobile device
US9672519B2 (en) 2012-06-08 2017-06-06 Fmr Llc Mobile device software radio for securely passing financial information between a customer and a financial services firm
US8639619B1 (en) 2012-07-13 2014-01-28 Scvngr, Inc. Secure payment method and system
US20140279554A1 (en) * 2013-03-12 2014-09-18 Seth Priebatsch Distributed authenticity verification for consumer payment transactions
NL2010810C2 (en) * 2013-05-16 2014-11-24 Reviva B V System and method for checking the identity of a person.
US8770478B2 (en) 2013-07-11 2014-07-08 Scvngr, Inc. Payment processing with automatic no-touch mode selection
SE538681C2 (sv) 2014-04-02 2016-10-18 Fidesmo Ab Koppling av betalning till säker nedladdning av applikationsdata
US11206266B2 (en) 2014-06-03 2021-12-21 Passlogy Co., Ltd. Transaction system, transaction method, and information recording medium
US9619636B2 (en) * 2015-02-06 2017-04-11 Qualcomm Incorporated Apparatuses and methods for secure display on secondary display device
US20190385143A1 (en) * 2018-06-19 2019-12-19 McNabb Technologies, LLC a/k/a TouchCR System and method for confirmation of credit transactions
FR3114181A1 (fr) * 2020-09-14 2022-03-18 Adel BEDADI Procede et systeme de securisation et protection des paiements realises par carte bancaire et/ou de credit et cheque bancaire.

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5809144A (en) 1995-08-24 1998-09-15 Carnegie Mellon University Method and apparatus for purchasing and delivering digital goods over a network
FI112895B (fi) * 1996-02-23 2004-01-30 Nokia Corp Menetelmä ainakin yhden käyttäjäkohtaisen tunnistetiedon hankkimiseksi
US6058250A (en) * 1996-06-19 2000-05-02 At&T Corp Bifurcated transaction system in which nonsensitive information is exchanged using a public network connection and sensitive information is exchanged after automatically configuring a private network connection
EP0855069B1 (fr) * 1996-07-12 1999-04-28 Ulrich Seng Procédé de paiement sans espèces pour les services pouvant être commandés à travers un réseau réparti de transmission de données
DE19718103A1 (de) * 1997-04-29 1998-06-04 Kim Schmitz Verfahren zur Autorisierung in Datenübertragungssystemen
JPH1125046A (ja) * 1997-07-03 1999-01-29 Oki Electric Ind Co Ltd 通信情報の保護方法
FR2769446B1 (fr) * 1997-10-02 2000-01-28 Achille Joseph Marie Delahaye Systeme d'identification et d'authentification
WO2002007110A2 (fr) * 2000-07-17 2002-01-24 Connell Richard O Systeme et procede d'authentification d'un utilisateur autorise d'une carte de paiement, et autorisation d'une transaction par carte de paiement

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0223303A2 *

Also Published As

Publication number Publication date
RU2003109605A (ru) 2004-09-27
DE10045924A1 (de) 2002-04-04
PL365731A1 (en) 2005-01-10
CN1478260A (zh) 2004-02-25
WO2002023303A2 (fr) 2002-03-21
US20040039651A1 (en) 2004-02-26
AU2002212238A1 (en) 2002-03-26
JP2004509409A (ja) 2004-03-25
WO2002023303A3 (fr) 2003-10-30

Similar Documents

Publication Publication Date Title
EP1374011A2 (fr) Procede destine a securiser une transaction sur un reseau informatique
DE69830993T2 (de) Elektronische transaktion und chipkarte für eine elektronische transaktion
DE69904570T3 (de) Verfahren, anordnung und einrichtung zur authentifizierung durch ein kommunikationsnetz
DE69913929T2 (de) Gesichertes Bezahlungsverfahren
EP1240632B1 (fr) Procede et systeme de transaction de paiement
EP1240631B1 (fr) Procede et systeme de transaction de paiement
DE60308385T2 (de) Verfahren zur Unterstützung bargeldloser Zahlung
AT512070B1 (de) Verfahren und vorrichtung zum durchführen von bargeldlosen zahlungen
EP1178444A1 (fr) Paiement électronique utilisant des SMS
EP1203357A1 (fr) Commerce electronique pour services d'envoi de messages courts
EP2174281A2 (fr) Carte prépayée ou de crédit virtuelle et procédé ainsi que système de fourniture de celle-ci et de gestion de paiement électronique
DE212010000059U1 (de) Veränderbarer Sicherheitswert
WO2006108831A1 (fr) Procede de confirmation d'une demande de prestation de service
DE10054633C2 (de) Verfahren und System zum Kontrollieren des Zugangs zu Waren und Dienstleistungen
EP1374189A2 (fr) Procede pour securiser des produits numeriques lors d'un achat sur un reseau informatique
EP1326216A1 (fr) Procédé et dispositif pour paiements électroniques avec des dispositifs de communication portables
DE60122912T2 (de) Verfahren zum liefern von identifikationsdaten einer bezahlkarte an einen anwender
EP1915729B1 (fr) Dispositif, procede et systeme pour assurer une interaction avec un utilisateur et procede pour accueillir un utilisateur dans un groupe ferme d'utilisateurs
DE3619566C2 (fr)
DE60017794T2 (de) Zahlungsendgerät für chipkarten
DE10008280C1 (de) Verfahren und System zur automatischen Abwicklung von bargeldlosen Kaufvorgängen
EP1277185B1 (fr) Procede pour reduire les risques dans des transactions de commerce electronique
DE10065067B4 (de) Verfahren zum Verifizieren nutzerspezifischer Informationen in einem Daten- und/oder Kommunikationssystem sowie Daten- und/oder Kommunikationssystem
WO2001081875A2 (fr) Procede de paiement securise de livraisons et de services dans des reseaux ouverts
WO2005008608A1 (fr) Systeme de paiement, terminal de systeme de paiement et procede pour realiser un paiement electronique

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

17P Request for examination filed

Effective date: 20040503

17Q First examination report despatched

Effective date: 20040714

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20051013