EP1374011A2 - Procede destine a securiser une transaction sur un reseau informatique - Google Patents
Procede destine a securiser une transaction sur un reseau informatiqueInfo
- Publication number
- EP1374011A2 EP1374011A2 EP01980382A EP01980382A EP1374011A2 EP 1374011 A2 EP1374011 A2 EP 1374011A2 EP 01980382 A EP01980382 A EP 01980382A EP 01980382 A EP01980382 A EP 01980382A EP 1374011 A2 EP1374011 A2 EP 1374011A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- service user
- service
- transmitted
- transaction
- service provider
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
- G06Q20/425—Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
Definitions
- the invention relates to a method for securing a transaction on a computer or similar network, for example on the Internet or also in a larger intranet within the organization, in which a unique transaction password is transmitted to a service user, which is used to confirm the transaction by the service user via the computer network a service provider is transmitted.
- Such a method is currently used for example in the usual online banking method.
- the bank customer is also sent additional transaction numbers, so-called TANs, which can only be used for one single transaction and then lose their validity.
- the transaction will only be carried out if the PIN and TAN match the values stored with the online banking provider. Since the TAN is only used once, it is ensured that unauthorized persons who succeed in spying on the data transfer between the bank and the customer cannot abuse the data obtained.
- the TAN thus offers additional security for the customer, as such. Misuse of the online bank account is significantly reduced. On the other hand, it also offers additional security for the online banking provider, since the interaction of the correct PIN and correct TAN confirms the authenticity of the customer.
- Methods can of course also be used to carry out transactions in connection with other transactions on the Internet, for example when buying goods.
- the more secure alternative to this means that the customer does not save the TAN on his computer, but instead stores it in a safe place in writing. However, since it is usually impractical for the customer to memorize several of these TANs, this also means that the customer must carry the written TANs with them if he wants to carry out his banking transactions from different locations and different computers. In addition, with this storage there is also the possibility that the TAN may be lost or lost to the customer, for example due to theft, and end up in unauthorized hands.
- a unique transaction password is also transmitted to the service user, ie the customer, which the latter transmits back to a service provider via the computer network for the transaction confirmation in order to carry out a payment.
- the transaction password can be any password. It is preferably a number, ie a common TAN.
- the personal data of a service user are checked before a transaction password is transmitted. This is primarily the data that is required for the transaction, for example the name, the address, a credit card number and a mobile subscriber number of the communication terminal of the service user. In addition to this data Of course, as an alternative or in addition to the name and address, further data, for example an ID or passport number of the service user, can be registered.
- the transaction password serves to secure the service user and to authenticate the service user to the service provider. It is used only once for a single transaction and then loses its validity.
- the service provider compares the transaction password with a transaction password stored there and only for
- the transaction password is not sent to the service user via the computer network, but via a mobile radio network to a mobile communication terminal of the customer.
- the mobile radio network can be any mobile radio network, for example GSM or UMTS.
- the term mobile radio network also includes corresponding pager networks.
- the mobile communication terminal is, for example, a commercially available mobile radio device, a pager or a PDA with a corresponding mobile radio function.
- the service user can receive the transaction password directly from the service provider.
- the transaction password can be transmitted to the service user from another location, for example a credit card organization or a mobile radio network provider which is connected to the service provider.
- the security-sensitive data that the service user is supposed to send to the service provider via the computer network to confirm a transaction does not occur via the same network, but rather that the transaction password is sent the Service users a completely different way is used. This increases security considerably, since misuse by an unauthorized person no longer only needs to know the name, address, etc. of the service user, but also that he must be in the possession of the communication terminal of the service user.
- the transmission of the transaction password is quick and uncomplicated, in contrast to a transmission by special mail as in the previous online banking method, it is possible for the transaction password to be sent directly during or immediately before a transaction is transmitted to the service user. That it is no longer necessary to transmit several numbers in advance. It is therefore no longer necessary for the service user to keep several numbers safe so that he has the number at hand at the appropriate time. At the same time, this prevents unauthorized persons from gaining possession of a TAN block.
- a consistency comparison is then carried out between the service provider, a mobile network provider and a credit card company, i.e. the service provider carries out, for example, a comparison of the data by means of a database query from the mobile radio network provider and a simultaneous database query from the credit card company. This ensures that the mobile subscriber number and the credit card number belong to the same service user.
- the service provider carries out, for example, a comparison of the data by means of a database query from the mobile radio network provider and a simultaneous database query from the credit card company.
- a registration process is preferably carried out before a first-time transaction, in which at least some of the service user data are transmitted to the service provider.
- the service user data is then checked immediately, for example the complete consistency comparison. If the registration is successful, the service user is finally sent a personal identification number, hereinafter referred to as PIN, which is assigned to this service user.
- PIN personal identification number
- the PIN is first transmitted from the service user to the service provider, with which the service provider is automatically informed of the data of the current service user.
- the service provider then preferably only checks the PIN instead of the complete service user data.
- the personal identification number can, for example - like the transaction password - be transmitted to the customer's mobile communication terminal via a mobile radio network.
- the service user transmits the service user data, specifying the PIN, which is used in subsequent transactions. This is, so to speak, a second registration level in which the service provider is sent the service user data that he did not receive when he registered for the first time. Alternatively, do this Of course, a change in service user data is also possible, for example if the service user wants to use a different communication terminal with a mobile radio subscriber number or wants to use another credit card with a different credit card number for payment.
- Computer network is preferably done in a secure manner, i.e. a secure channel, for example the SSL method, is used, in which this sensitive data is transmitted in encrypted form.
- a secure channel for example the SSL method
- the transaction password or the personal identification number is transmitted to the mobile communication terminal of the service user, preferably as a text message, for example SMS.
- This method is extremely inexpensive because it requires little transmission capacity.
- the service user can read the PIN or the transaction password in plain text from the display of his communication terminal and enter it in the appropriate place in an input mask on his PC. ,
- the service user receives the PIN from a mobile radio network provider or a service provider connected thereto.
- the mobile network provider or the associated service provider are the name, address and mobile subscriber number of the Service user already known.
- the service user transmits a credit card number to the service provider, which is used in subsequent transactions.
- the service provider checks the PIN by comparing it with the PIN that he also received from the mobile network provider or the associated service provider together with the personal data and assigns the credit card number to this data and / or carries out a corresponding consistency comparison using a database. Query with the relevant credit card organization.
- the service operator only forwards the received PIN to the mobile network provider or the associated service provider for checking and only receives information back from the provider that the data is correct. If the check is successful, the service is activated and can be used by the service user at any time. In this case, the service only works with the cell phone subscriber number via which the user is originally known to the cell phone network provider. The service user can change the credit card number at any time using this procedure.
- the PIN is from a
- the service user can use the PIN received to register with the service provider and to specify his mobile subscriber number.
- all data is first checked here.
- the service is then activated, in which case the service only works in conjunction with the credit card number initially known, under which the service user is also registered with the credit card organization that transmitted the PIN.
- the mobile user number can be changed at any time by the service user by registering again with the PIN.
- the ner driving according to the invention for securing transactions can be used in any processes. For example, it can be used directly in the online banking process. It can also be used for online purchases and subsequent payments.
- the service provider does not necessarily need to use the. Internet Höp operators to be identical.
- shop operator and service provider are, for example, contractual partners or are connected to one another via a common contractual partner.
- the service provider can also be, for example, the credit card organization or the mobile radio network provider itself. However, it can also be a completely independent organization that has a business relationship with the various other organizations and operators.
- the method according to the invention also offers the possibility of using the transaction password and / or the PI ⁇ to transmit further information to the mobile communication terminal of the service user.
- This additional information can be, for example, current information about the service itself. But it can also be advertising or something similar.
- the service can also be financed through advertising sent with the transaction password or PI ⁇ , so that no additional costs arise for the shop operator, the service user, the credit card organization involved or the mobile network provider.
- the method is extremely flexible, ie the service user does not have to rely on the transactions from his own PC at a fixed location, but can use any computer available to him.
- the method according to the invention can consequently be used wherever the customer can be reached with his mobile communication terminal, ie also internationally where roaming is possible when using a mobile radio device. No special infrastructure such as a smart card terminal is required on the computer that the customer is currently using.
- the various data can be checked fully automatically via a suitable computer, for example a server of the service operator, on which a corresponding computer program is implemented.
- a suitable computer for example a server of the service operator, on which a corresponding computer program is implemented.
- the transaction password is a number, i.e. a TAN.
- the various TANs and PINs are transmitted via SMS to a mobile device of the service user.
- the final payment is always made via a credit card from the service user, and the service provider's credit card can be charged by the service provider in a generally known, customary manner.
- the invention is not limited to these specific exemplary embodiments.
- the first embodiment is a spontaneous purchase by a service user who has not previously been registered with the service provider.
- a prerequisite for processing a secure credit card payment is a consistency comparison of the service user data, namely the credit card number, the mobile phone number and the address and name of the service user. This consistency comparison is carried out between the service provider, the mobile network provider and the credit card organization.
- the service user While shopping on the PC, after activating a payment process, the service user is forwarded to the Internet server or a website of the service operator.
- the service user enters his credit card number and his mobile number in a corresponding dialog mask on his PC, which are transmitted to the server by means of secure transmission, for example using SSL.
- Name and address can also be entered here and transferred with.
- the data has already been specified on the website of the Internet shop, since this data is also required for the delivery of the goods. This data can therefore be forwarded directly from the shop operator to the service operator when the service user is forwarded to the Internet server or the website of the service operator.
- the service provider then carries out the necessary comparison of all service user data by means of a corresponding database query from the mobile operator and a simultaneous database query from the credit card company. If the result of the query is positive, the service is activated and the service user is sent a one-time TAN for this payment process by SMS to his mobile device. The TAN is then entered by the service user on the PC in a corresponding input mask. Finally, the TAN is sent from the PC to the background system, for example to the service provider's Internet server. The TAN sent to the service user is then compared with the TAN stored there. at successful comparison, the debit is made on the credit card account of the service user. The service user himself receives confirmation of the successful credit card payment.
- Service user is already registered with the service provider and has received a unique PIN in the course of the registration process.
- the registered service user logs in on the 10th PC while shopping on the service provider's Internet server using his PIN via a secure channel.
- the PIN is then checked by the service operator and the service is activated for the current session.
- Service users can then, for example, put together a shopping cart within an Internet shop. After the shopping cart has been compiled, the service user then only has to activate the payment process, for example using a button on the website of the service provider.
- the TAN is then immediately transmitted to the mobile device of the service user. Here, too, the TAN is entered into an input mask by the service user on the PC and transmitted back to the computer network via 20. After a successful comparison of the TAN, the credit card account of the service user is in turn debited and the successful credit card payment is confirmed.
- the service user can choose from among 25 different credit card companies, each of which has a credit card. This can be queried within an input mask on the website of the service provider. Even in the case of a previous registration, this possibility exists if the service user specified the various credit card companies with the 3 o corresponding credit card numbers when registering. Likewise, different mobile devices with different Mobile phone numbers can be dialed, provided this has been specified in the registration.
- the service provider already knows the service user as a credit card holder, i.e. his name, address and credit card number are known to him. This is the case, for example, if the service operator himself is the credit card organization in question or is in business connection with one and exchanges the data with one another.
- Mobile number can be changed at any time by logging in again by entering the PIN.
- the service provider already knows the service user 25 as a mobile phone user, i.e.
- the service provider knows the name, address and mobile phone number. This is the case, for example, if the service operator is the cellular network operator himself or is in connection with it.
- Mobile network operator or an associated service provider PIN to use the service delivered.
- the service user logs in on the server of the service provider and enters his credit card number to use the service.
- the service only works with the mobile phone number already known to the service provider.
- the credit card number can be changed at any time by entering the PIN.
- registration takes place in a mobile radio shop. Name, address and mobile phone number are also registered here, and the service user receives, for example, a PIN letter.
- Registration can also be done with the postman or in the post office.
- the service user can use the PIN supplied to log on to the service provider's server and in turn enter his credit card number to use the service. Even then, the service is only carried out with the initially registered mobile phone number.
- the credit card number is registered with the relevant credit card organization at the postman or in the post office instead of the mobile phone number and then the mobile phone subscriber number is specified and possibly changed by means of the PIN.
- the fourth registration example is a purely online registration.
- a prerequisite for this purely online registration is again a consistency comparison of the specified service user data between the service provider, the relevant mobile network provider and the credit card organization.
- the service user logs on to a special registration website of the service provider and specifies his name, address, credit card number and mobile phone subscriber number.
- the service provider then carries out a comparison of the service user data 5 by means of a database query from the mobile radio network provider and one
- the service is only activated if the query results are positive, and the service user receives a PIN to use the service.
- This PIN can be transmitted in any way, for example by post. However, this PIN is preferably also transmitted via the mobile radio network to the
- the PIN can also be transmitted via SMS. This method has the advantage that the service user does not have to wait for a letter to be delivered, but the PIN 5 can be transmitted immediately after the online registration, and the service is thus immediately available to the service user.
- a further exemplary embodiment for use after a previous registration has been described below with the aid of the figure, wherein in this special exemplary embodiment the internet shop (web shop) is not in direct contact with the service provider, but a further service provider, here a payment service provider (PSP) is interposed.
- the internet shop web shop
- PSP payment service provider
- the service user first logs in to the desired web shop over the Internet and carries out an order there.
- the web shop sends the amount, for example, together with the name and address of the service user to the payment service provider.
- the latter finally places an order with the service provider 0 for customer identification.
- the service user is automatically taken to the website of the service provider forwarded.
- the user must first enter the PIN to activate the payment service.
- the data or the PIN of the service user is then checked for consistency and also compared with the data received from the payment service provider.
- the service provider After a successful check, the service provider sends a TAN via the GSM network to the mobile device of the service user, who in turn reads the TAN from the display of the mobile device and enters it in an input mask on his PC at the appropriate place to confirm the transaction.
- the TAN is then sent to the service provider over the Internet for review. If the TAN is checked successfully, a "customer OK" signal is transmitted to the payment service provider.
- the payment service provider finally takes the amount from a credit card account of the service user and confirms the successful payment to the web shop with a "Payment-OK" signal.
Abstract
L'invention concerne un procédé destiné à sécuriser une transaction sur un réseau informatique, consistant à transmettre à un utilisateur de services un mot de passe de transaction unique, ledit mot de passe étant transmis de l'utilisateur de services au prestataire de services par l'intermédiaire du réseau informatique pour la confirmation de transaction. Le mot de passe de transaction est transmis à un terminal de communication mobile de l'utilisateur de services par l'intermédiaire d'un réseau de téléphonie mobile.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10045924 | 2000-09-14 | ||
DE10045924A DE10045924A1 (de) | 2000-09-14 | 2000-09-14 | Verfahren zum Absichern einer Transaktion auf einem Computernetzwerk |
PCT/EP2001/010606 WO2002023303A2 (fr) | 2000-09-14 | 2001-09-13 | Procede destine a securiser une transaction sur un reseau informatique |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1374011A2 true EP1374011A2 (fr) | 2004-01-02 |
Family
ID=7656498
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP01980382A Ceased EP1374011A2 (fr) | 2000-09-14 | 2001-09-13 | Procede destine a securiser une transaction sur un reseau informatique |
Country Status (9)
Country | Link |
---|---|
US (1) | US20040039651A1 (fr) |
EP (1) | EP1374011A2 (fr) |
JP (1) | JP2004509409A (fr) |
CN (1) | CN1478260A (fr) |
AU (1) | AU2002212238A1 (fr) |
DE (1) | DE10045924A1 (fr) |
PL (1) | PL365731A1 (fr) |
RU (1) | RU2003109605A (fr) |
WO (1) | WO2002023303A2 (fr) |
Families Citing this family (52)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE10229477A1 (de) * | 2002-07-01 | 2004-01-29 | Siemens Ag | Bezahlsystem für bargeldlosen Zahlungsverkehr |
DE10230848A1 (de) * | 2002-07-04 | 2004-01-22 | Fiducia Ag Karlsruhe/Stuttgart | Verfahren und Datenverarbeitungssystem zur datentechnisch gesicherten Kommunikation zwischen Behörden und Bürgern |
EP1406459A1 (fr) * | 2002-10-04 | 2004-04-07 | Stephan Kessler | Méthode d'authentification de plusieurs facteurs par transmission d'un mot de passe par l'intermédiane de termineaux mobiles avec PIN optinel |
US9064281B2 (en) | 2002-10-31 | 2015-06-23 | Mastercard Mobile Transactions Solutions, Inc. | Multi-panel user interface |
DE10343566A1 (de) | 2003-09-19 | 2005-05-04 | Brunet Holding Ag | Verfahren zur Abwicklung einer elektronischen Transaktion |
WO2006049585A1 (fr) * | 2004-11-05 | 2006-05-11 | Mobile Money International Sdn Bhd | Systeme de paiement |
FI20050777L (fi) * | 2005-07-21 | 2007-01-22 | Vesa Juvonen | Menetelmä ja järjestelmä palvelujen käyttämiseksi tietoliikenneverkossa |
DE102005046376B4 (de) * | 2005-09-28 | 2007-07-05 | Siemens Ag | Verfahren und Vorrichtung zur Vermeidung des Empfangs unerwünschter Nachrichten in einem IP-Kommunikationsnetzwerk |
CA2962648C (fr) | 2005-10-06 | 2019-07-23 | Mastercard Mobile Transactions Solutions, Inc. | Authentification de transaction tridimensionnelle |
US10032160B2 (en) | 2005-10-06 | 2018-07-24 | Mastercard Mobile Transactions Solutions, Inc. | Isolating distinct service provider widgets within a wallet container |
US20130332343A1 (en) | 2005-10-06 | 2013-12-12 | C-Sam, Inc. | Multi-tiered, secure mobile transactions ecosystem enabling platform comprising a personalization tier, a service tier, and an enabling tier |
US8934865B2 (en) | 2006-02-02 | 2015-01-13 | Alcatel Lucent | Authentication and verification services for third party vendors using mobile devices |
JP4693171B2 (ja) * | 2006-03-17 | 2011-06-01 | 株式会社日立ソリューションズ | 認証システム |
US20070239621A1 (en) * | 2006-04-11 | 2007-10-11 | Igor Igorevich Stukanov | Low cost, secure, convenient, and efficient way to reduce the rate of fraud in financial and communication transaction systems |
CN101512576A (zh) * | 2006-09-15 | 2009-08-19 | 康法特公司 | 用于确保电子交易的真实性的方法和计算机系统 |
WO2008156424A1 (fr) * | 2007-06-21 | 2008-12-24 | Fredrik Schell | Procédé de vérification d'un paiement, et dispositif de sécurité personnel pour effectuer une telle vérification |
DE102007032469A1 (de) * | 2007-07-10 | 2009-01-15 | Biotronik Crm Patent Ag | Anordnung für die Fernprogrammierung eines persönlichen medizinischen Gerätes |
DE102007035534A1 (de) | 2007-07-28 | 2009-01-29 | Biotronik Crm Patent Ag | Anordnung und Verfahren für die Fernprogrammierung eines persönlichen medizinischen Gerätes |
DE102008037793A1 (de) | 2008-08-14 | 2010-02-18 | Giesecke & Devrient Gmbh | Phototoken |
DE102008045119A1 (de) * | 2008-09-01 | 2010-03-04 | Deutsche Telekom Ag | Verfahren zur Durchführung eines Bezahlvorgangs |
EP2216742A1 (fr) * | 2009-02-09 | 2010-08-11 | C. Patrick Reich | Procédé de paiement mobile et dispositifs |
US8326759B2 (en) * | 2009-04-28 | 2012-12-04 | Visa International Service Association | Verification of portable consumer devices |
US9715681B2 (en) | 2009-04-28 | 2017-07-25 | Visa International Service Association | Verification of portable consumer devices |
US20100276484A1 (en) * | 2009-05-01 | 2010-11-04 | Ashim Banerjee | Staged transaction token for merchant rating |
US8893967B2 (en) | 2009-05-15 | 2014-11-25 | Visa International Service Association | Secure Communication of payment information to merchants using a verification token |
US9038886B2 (en) | 2009-05-15 | 2015-05-26 | Visa International Service Association | Verification of portable consumer devices |
US9105027B2 (en) | 2009-05-15 | 2015-08-11 | Visa International Service Association | Verification of portable consumer device for secure services |
US8534564B2 (en) | 2009-05-15 | 2013-09-17 | Ayman Hammad | Integration of verification tokens with mobile communication devices |
CA2774713A1 (fr) | 2009-08-14 | 2011-02-17 | Payfone, Inc. | Systeme et procede pour payer un commercant a l'aide d'un compte de telephone cellulaire |
WO2011032263A1 (fr) * | 2009-09-17 | 2011-03-24 | Meir Weis | Système de paiement mobile avec authentification en deux points |
WO2011032596A1 (fr) * | 2009-09-18 | 2011-03-24 | Bankgirocentralen Bgc Ab | Transfert d'argent électronique |
EP2502192A2 (fr) * | 2009-11-18 | 2012-09-26 | Magid Joseph Mina | Systèmes et procédés de paiement en transaction anonyme |
CN102906776A (zh) * | 2010-03-31 | 2013-01-30 | 帕特尔有限公司 | 一种用于用户和服务提供商之间双向认证的方法 |
US8527417B2 (en) * | 2010-07-12 | 2013-09-03 | Mastercard International Incorporated | Methods and systems for authenticating an identity of a payer in a financial transaction |
EP2490165A1 (fr) * | 2011-02-15 | 2012-08-22 | Mac Express Sprl | Procédé d'autorisation de transaction |
KR101895243B1 (ko) | 2011-03-04 | 2018-10-24 | 비자 인터네셔널 서비스 어소시에이션 | 지불 능력을 컴퓨터들의 보안 엘리먼트들에 통합 |
ITPI20110028A1 (it) * | 2011-03-28 | 2012-09-29 | Iamboo S R L | Metodo e apparecchiatura per l'autenticazione forte di un utente |
EP2562704A1 (fr) * | 2011-08-25 | 2013-02-27 | TeliaSonera AB | Procédé de paiement en ligne et élément de réseau, système et produit de programme informatique correspondant |
CN104106276B (zh) | 2011-10-12 | 2019-03-19 | 万事达移动交易方案公司 | 多层安全移动交易使能平台 |
JP5675662B2 (ja) * | 2012-01-11 | 2015-02-25 | Aosテクノロジーズ株式会社 | ショートメッセージ決済システム |
DE102012003859A1 (de) * | 2012-02-27 | 2013-08-29 | Giesecke & Devrient Gmbh | Verfahren und System zum Durchführen eines Bezahlvorgangs |
US10282724B2 (en) | 2012-03-06 | 2019-05-07 | Visa International Service Association | Security system incorporating mobile device |
US9672519B2 (en) | 2012-06-08 | 2017-06-06 | Fmr Llc | Mobile device software radio for securely passing financial information between a customer and a financial services firm |
US8639619B1 (en) | 2012-07-13 | 2014-01-28 | Scvngr, Inc. | Secure payment method and system |
US20140279554A1 (en) * | 2013-03-12 | 2014-09-18 | Seth Priebatsch | Distributed authenticity verification for consumer payment transactions |
NL2010810C2 (en) * | 2013-05-16 | 2014-11-24 | Reviva B V | System and method for checking the identity of a person. |
US8770478B2 (en) | 2013-07-11 | 2014-07-08 | Scvngr, Inc. | Payment processing with automatic no-touch mode selection |
SE538681C2 (sv) | 2014-04-02 | 2016-10-18 | Fidesmo Ab | Koppling av betalning till säker nedladdning av applikationsdata |
US11206266B2 (en) | 2014-06-03 | 2021-12-21 | Passlogy Co., Ltd. | Transaction system, transaction method, and information recording medium |
US9619636B2 (en) * | 2015-02-06 | 2017-04-11 | Qualcomm Incorporated | Apparatuses and methods for secure display on secondary display device |
US20190385143A1 (en) * | 2018-06-19 | 2019-12-19 | McNabb Technologies, LLC a/k/a TouchCR | System and method for confirmation of credit transactions |
FR3114181A1 (fr) * | 2020-09-14 | 2022-03-18 | Adel BEDADI | Procede et systeme de securisation et protection des paiements realises par carte bancaire et/ou de credit et cheque bancaire. |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5809144A (en) | 1995-08-24 | 1998-09-15 | Carnegie Mellon University | Method and apparatus for purchasing and delivering digital goods over a network |
FI112895B (fi) * | 1996-02-23 | 2004-01-30 | Nokia Corp | Menetelmä ainakin yhden käyttäjäkohtaisen tunnistetiedon hankkimiseksi |
US6058250A (en) * | 1996-06-19 | 2000-05-02 | At&T Corp | Bifurcated transaction system in which nonsensitive information is exchanged using a public network connection and sensitive information is exchanged after automatically configuring a private network connection |
EP0855069B1 (fr) * | 1996-07-12 | 1999-04-28 | Ulrich Seng | Procédé de paiement sans espèces pour les services pouvant être commandés à travers un réseau réparti de transmission de données |
DE19718103A1 (de) * | 1997-04-29 | 1998-06-04 | Kim Schmitz | Verfahren zur Autorisierung in Datenübertragungssystemen |
JPH1125046A (ja) * | 1997-07-03 | 1999-01-29 | Oki Electric Ind Co Ltd | 通信情報の保護方法 |
FR2769446B1 (fr) * | 1997-10-02 | 2000-01-28 | Achille Joseph Marie Delahaye | Systeme d'identification et d'authentification |
WO2002007110A2 (fr) * | 2000-07-17 | 2002-01-24 | Connell Richard O | Systeme et procede d'authentification d'un utilisateur autorise d'une carte de paiement, et autorisation d'une transaction par carte de paiement |
-
2000
- 2000-09-14 DE DE10045924A patent/DE10045924A1/de not_active Ceased
-
2001
- 2001-09-13 WO PCT/EP2001/010606 patent/WO2002023303A2/fr not_active Application Discontinuation
- 2001-09-13 JP JP2002527888A patent/JP2004509409A/ja not_active Withdrawn
- 2001-09-13 RU RU2003109605/09A patent/RU2003109605A/ru not_active Application Discontinuation
- 2001-09-13 US US10/362,367 patent/US20040039651A1/en not_active Abandoned
- 2001-09-13 EP EP01980382A patent/EP1374011A2/fr not_active Ceased
- 2001-09-13 CN CNA018152414A patent/CN1478260A/zh active Pending
- 2001-09-13 AU AU2002212238A patent/AU2002212238A1/en not_active Abandoned
- 2001-09-13 PL PL01365731A patent/PL365731A1/xx not_active Application Discontinuation
Non-Patent Citations (1)
Title |
---|
See references of WO0223303A2 * |
Also Published As
Publication number | Publication date |
---|---|
RU2003109605A (ru) | 2004-09-27 |
DE10045924A1 (de) | 2002-04-04 |
PL365731A1 (en) | 2005-01-10 |
CN1478260A (zh) | 2004-02-25 |
WO2002023303A2 (fr) | 2002-03-21 |
US20040039651A1 (en) | 2004-02-26 |
AU2002212238A1 (en) | 2002-03-26 |
JP2004509409A (ja) | 2004-03-25 |
WO2002023303A3 (fr) | 2003-10-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1374011A2 (fr) | Procede destine a securiser une transaction sur un reseau informatique | |
DE69830993T2 (de) | Elektronische transaktion und chipkarte für eine elektronische transaktion | |
DE69904570T3 (de) | Verfahren, anordnung und einrichtung zur authentifizierung durch ein kommunikationsnetz | |
DE69913929T2 (de) | Gesichertes Bezahlungsverfahren | |
EP1240632B1 (fr) | Procede et systeme de transaction de paiement | |
EP1240631B1 (fr) | Procede et systeme de transaction de paiement | |
DE60308385T2 (de) | Verfahren zur Unterstützung bargeldloser Zahlung | |
AT512070B1 (de) | Verfahren und vorrichtung zum durchführen von bargeldlosen zahlungen | |
EP1178444A1 (fr) | Paiement électronique utilisant des SMS | |
EP1203357A1 (fr) | Commerce electronique pour services d'envoi de messages courts | |
EP2174281A2 (fr) | Carte prépayée ou de crédit virtuelle et procédé ainsi que système de fourniture de celle-ci et de gestion de paiement électronique | |
DE212010000059U1 (de) | Veränderbarer Sicherheitswert | |
WO2006108831A1 (fr) | Procede de confirmation d'une demande de prestation de service | |
DE10054633C2 (de) | Verfahren und System zum Kontrollieren des Zugangs zu Waren und Dienstleistungen | |
EP1374189A2 (fr) | Procede pour securiser des produits numeriques lors d'un achat sur un reseau informatique | |
EP1326216A1 (fr) | Procédé et dispositif pour paiements électroniques avec des dispositifs de communication portables | |
DE60122912T2 (de) | Verfahren zum liefern von identifikationsdaten einer bezahlkarte an einen anwender | |
EP1915729B1 (fr) | Dispositif, procede et systeme pour assurer une interaction avec un utilisateur et procede pour accueillir un utilisateur dans un groupe ferme d'utilisateurs | |
DE3619566C2 (fr) | ||
DE60017794T2 (de) | Zahlungsendgerät für chipkarten | |
DE10008280C1 (de) | Verfahren und System zur automatischen Abwicklung von bargeldlosen Kaufvorgängen | |
EP1277185B1 (fr) | Procede pour reduire les risques dans des transactions de commerce electronique | |
DE10065067B4 (de) | Verfahren zum Verifizieren nutzerspezifischer Informationen in einem Daten- und/oder Kommunikationssystem sowie Daten- und/oder Kommunikationssystem | |
WO2001081875A2 (fr) | Procede de paiement securise de livraisons et de services dans des reseaux ouverts | |
WO2005008608A1 (fr) | Systeme de paiement, terminal de systeme de paiement et procede pour realiser un paiement electronique |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK RO SI |
|
17P | Request for examination filed |
Effective date: 20040503 |
|
17Q | First examination report despatched |
Effective date: 20040714 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20051013 |