EP3095080A1 - Procédé pour autoriser une transaction - Google Patents

Procédé pour autoriser une transaction

Info

Publication number
EP3095080A1
EP3095080A1 EP15701935.7A EP15701935A EP3095080A1 EP 3095080 A1 EP3095080 A1 EP 3095080A1 EP 15701935 A EP15701935 A EP 15701935A EP 3095080 A1 EP3095080 A1 EP 3095080A1
Authority
EP
European Patent Office
Prior art keywords
mobile device
transaction
password
data
background system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP15701935.7A
Other languages
German (de)
English (en)
Inventor
Florian Gawlas
Jan Eichholz
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient Mobile Security GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Publication of EP3095080A1 publication Critical patent/EP3095080A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/321Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wearable devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3276Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/33Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Definitions

  • the present invention relates to a method for authorizing a transaction, for example a money transfer.
  • a method for authorizing a transaction for example a money transfer.
  • at least two mobile devices are used, such as, for example, a mobile phone, a tablet PC, data glasses, a wristwatch with a display device (smartwatch), etc.
  • This method essentially corresponds to the so-called m-TAN method in which a user first enters transaction data in the browser of an Internet-capable computer or a tablet PC. Subsequently, the user receives a text message (SMS) on his mobile phone, which displays the transaction data to him and also includes a code (one-time password) to authorize the transaction. This code must be entered by the user to authorize the transaction on their computer.
  • SMS text message
  • a disadvantage of this method is that it is not permitted for security reasons that the user initiates the transaction with the mobile phone, on which he then receives the text message. This is to prevent that an unauthorized person in possession of the mobile phone will freely conduct transactions. For this reason, it is checked before the transmission of the SMS, whether the transaction data has been entered in the browser of the mobile phone or in an application of the mobile phone. If so, there will be no text message with the
  • One-time password sent but it is issued an error message or the transaction aborted.
  • a disadvantage of the known methods is further that the user is limited in its mobility to the effect that he always has to use a larger device, such as a computer or a tablet PC for entering the transaction data.
  • a larger device such as a computer or a tablet PC for entering the transaction data.
  • cell phones or a tablet PC may want to be able to
  • the PUSH-T AN method is also known, in which a user carries out an additional application on his mobile telephone, by means of which he receives a password for authorizing a transaction. Because all steps are performed on a single device (the mobile phone) in this procedure, it is questionable whether a sufficient
  • the object is achieved by the subject matter of the main claim 1. Preferred embodiments of the method according to the invention will become apparent from the dependent claims.
  • the invention is based on the idea of using, in addition to a first mobile device, a second mobile device for authorizing a transaction, the second device having a
  • Background system is connected in such a way that the data to be transmitted to the second device to be transmitted encrypted by the first mobile device.
  • the method of authorizing a transaction includes entering transaction data on a first mobile device, transmitting the transaction data from the first device
  • a "transaction" within the meaning of the invention is for example a money transfer to a recipient.
  • Bank code the name of the recipient, and the one to be transferred Amount.
  • This data must be secured, ie encrypted, transmitted to a background system, which may be, for example, a server of a bank.
  • a background system which may be, for example, a server of a bank.
  • a mobile network and / or a wireless network can be used.
  • the second mobile device does not have to be connected directly to the background system, but it is sufficient if a connection to the background system takes place with the interposition of the first mobile device. Because the transmission of at least the password from the background system to the second mobile device is encrypted, the first mobile device can not begin with the data even though the data passes through it because the data is encrypted. Accordingly, any installed on the first mobile device malicious software (Trojan) nothing with the encrypted
  • the first mobile device may be a mobile phone and / or a tablet PC. These facilities usually have an internet browser or one
  • the second mobile device may be data glasses, a watch with a smartwatch, and / or a wearable display device, such as a ring with display, a bracelet with display, a necklace with display, at least partially In the skin of the wearer implantable display, etc. This can be advantageously ensured that the user always carries the second device with him.
  • data glasses and smartwatches are becoming more and more popular, so it is likely that users will increasingly wear and use these devices.
  • the second mobile devices connect directly to the first one
  • the second air interface may be as
  • the second device and the background system exchange a cryptographic key, in particular a symmetric or asymmetric key.
  • the key is unknown to the first device. In this way it can be ensured that a secure data exchange between the second device and the
  • the second device and the background system may establish a secure end-to-end encrypted channel, wherein the first device is not aware of the key required to encrypt / decrypt the channel.
  • a suitable protocol such as PACE (Password Authenticated Connection Establishment), can be used.
  • At least part of the input can be used together with the password
  • Transaction data are transmitted to the second, mobile device.
  • the user of the method according to the invention can quickly check whether the password really fits an entered transaction.
  • the account number, the name of the recipient and the amount could be transmitted to the second mobile device and displayed there. In this way, the security increases significantly in the inventive method.
  • the password may be a
  • the password may be a number that prompts the user to select from a list the transaction number associated with that number (iT AN method).
  • the password may be a code readable by means of a camera of the first mobile device,
  • Device in particular a mobile phone or a tablet PC, is used in a method according to any one of the preceding claims for authorizing a transaction.
  • the method according to the invention finds application when a second mobile device, in particular data goggles, smartwatch and / or a wearable artefact device, is used to authorize a transaction.
  • Fig. 1 is a schematic representation of the in one
  • FIG. 2 shows a flowchart representing the sequence of a method according to the invention.
  • a first mobile device 10 is shown in the form of a mobile phone.
  • the first mobile device 10 is provided with a display device 30 and a keypad 32, wherein instead of the keypad 32 also a touch-sensitive display device 30 may be provided, so that the input can be made directly on the display device 30.
  • the first mobile device 10 is connected to a background system 12 via a first air interface 20 in connection.
  • the background system 12 may, for example, be a bank server responsible for the execution and handling of transfers.
  • Air interface 28 may transmit data, for example via the mobile network or via WLAN between the first device 10 and the background system 12.
  • the transmission of data between the first device 10 and the background system 12 via the first air interface 20 can be encrypted.
  • the first mobile device 10 is connected to a second mobile device 14 via a second air interface 22.
  • the second mobile device 14 has at least one Ari Adjuste issued on which, for example, a password 40 can be displayed.
  • the second mobile device 10 is designed as a smart phone, as a watch with Ari Adjuste Sk (smartwatch) and / or as a wearable display device.
  • a wearable display device may be, for example, an at least partially implantable under the skin display device which is designed so that a carrier can read them.
  • the second air interface 22 can be embodied as a Bluetooth, as an infrared and / or as a WLAN air interface. It provides a direct connection between the first mobile device 10 and the second mobile
  • a user who wants to make a transaction such as a transfer of a sum of money, invokes the corresponding application or the corresponding website in the browser on the first mobile device 10. He then enters necessary data for the transaction on the display device 30 or the keypad 32 and transmits this transaction data from the first mobile device 10 to the background system 12 by means of the first air interface 20
  • Transmission of the transaction data can be encrypted.
  • the user is prompted by the display device 30 of the mobile first device 10 to enter a password 40 to authorize the transaction.
  • the password is transmitted in encrypted form from the background system 12 via the first air interface 20 through the first mobile device 10 and via the second air interface 22 to the second mobile device 14.
  • the password data is encrypted in the transmission in such a way that the first mobile device 10 can only "pass the data.”
  • the first mobile device 10 can not read out the password data in the absence of the corresponding key Is malware (Trojan) on the first mobile device 10 installed, it can not do anything with the data concerning the password 40, since it is not in possession of the key necessary for decryption.
  • the user can read the password 40 transmitted to the second mobile device 14 on the display device of the second mobile device 14. According to one alternative, not only is the password 40
  • Device 14 is then displayed on the first mobile device 10 so as to authorize the transaction.
  • Key exchange method can be used. For example, an asymmetric key pair can be generated, wherein the second mobile device 14 a public key to the
  • Background system 12 transmits.
  • a secure channel may be created between the second mobile device 14 and the background system 12 using a shared "secret" and a suitable protocol, such as the PACE protocol.
  • transaction data are entered in a first mobile device 10 in a first step S1.
  • the transaction data is transmitted from the first device to a background system 12. The transmission can take place via the first air interface 20.
  • the first means 10 the user to enter a the transaction.
  • step S3 confirming passwords on the first device 10
  • This password is encrypted in the fourth step S4 of the
  • Background system 12 to the second mobile device 14 transmitted.
  • the transmission takes place via the first 20 and the second 22 air interface, the encrypted password data being passed through the first mobile device 10 during the transmission.
  • the first mobile device 10 is not aware of the decryption information and thus can not do anything with the password data.
  • step S5 Authorization of the transaction is made by inputting the password 40 on the first device 10 (step S5).
  • the user overruns the password 40 from the display device of the second device 14 and inputs it into the first device 10.
  • the user can
  • the password 40 is additionally displayed as a 2D barcode, in particular as a QR code.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Finance (AREA)
  • Software Systems (AREA)
  • Telephone Function (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé pour autoriser une transaction, qui comprend les étapes suivantes : entrer des données de transaction dans un premier dispositif mobile (10), transférer les données de transaction du premier dispositif (10) à un système d'arrière plan (12) au moyen d'une première interface radio (20), transmettre de manière cryptée au moins un mot de passe à un deuxième dispositif mobile par l'intermédiaire du premier dispositif mobile et autoriser la transaction par entrée du mot de passe (40) affiché sur le second dispositif (14) dans le premier dispositif (10).
EP15701935.7A 2014-01-17 2015-01-19 Procédé pour autoriser une transaction Ceased EP3095080A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102014000644.1A DE102014000644A1 (de) 2014-01-17 2014-01-17 Verfahren zum Autorisieren einer Transaktion
PCT/EP2015/000083 WO2015106971A1 (fr) 2014-01-17 2015-01-19 Procédé pour autoriser une transaction

Publications (1)

Publication Number Publication Date
EP3095080A1 true EP3095080A1 (fr) 2016-11-23

Family

ID=52440637

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15701935.7A Ceased EP3095080A1 (fr) 2014-01-17 2015-01-19 Procédé pour autoriser une transaction

Country Status (4)

Country Link
US (1) US10050790B2 (fr)
EP (1) EP3095080A1 (fr)
DE (1) DE102014000644A1 (fr)
WO (1) WO2015106971A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3023640B1 (fr) * 2014-07-10 2016-08-12 Roam Data Inc Procede de gestion d'une transaction, serveur, produit programme d'ordinateur et medium de stockage correspondants.
KR101652625B1 (ko) 2015-02-11 2016-08-30 주식회사 이베이코리아 온라인 웹사이트의 회원 로그인을 위한 보안인증 시스템 및 그 방법
ITUB20160900A1 (it) * 2016-02-19 2017-08-19 Eng Team Srl Bracciale smart con circuito elettronico per attivita’ multifunzione con smartphone nfc, ed attivita’ di autenticazione dati combinata (cda) per pagamenti in sicurezza e contactless.
CN113411317B (zh) * 2016-05-11 2023-05-26 创新先进技术有限公司 一种验证身份的方法和系统、智能穿戴设备
DE102016211424A1 (de) * 2016-06-27 2017-12-28 Robert Bosch Gmbh Industrielles Gerät mit Benutzererkennung
SG10201610472XA (en) * 2016-12-14 2018-07-30 Mastercard International Inc Processing electronic payments on a mobile computer device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040143515A1 (en) * 2003-01-16 2004-07-22 Nec Corporation System for authentication in electronic commerce and method of carrying out the same

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6926200B1 (en) * 1989-09-06 2005-08-09 Fujitsu Limited Electronic cashless system
US20010045451A1 (en) * 2000-02-28 2001-11-29 Tan Warren Yung-Hang Method and system for token-based authentication
US20010047335A1 (en) * 2000-04-28 2001-11-29 Martin Arndt Secure payment method and apparatus
JP2002163584A (ja) * 2000-11-24 2002-06-07 Fujitsu Ltd 携帯情報端末を利用したカード決済方法及びシステム
US7606771B2 (en) * 2001-01-11 2009-10-20 Cardinalcommerce Corporation Dynamic number authentication for credit/debit cards
US20020101988A1 (en) 2001-01-30 2002-08-01 Jones Mark A. Decryption glasses
AU2003271923A1 (en) * 2002-10-17 2004-05-04 Vodafone Group Plc. Facilitating and authenticating transactions
US7213766B2 (en) * 2003-11-17 2007-05-08 Dpd Patent Trust Ltd Multi-interface compact personal token apparatus and methods of use
US7194438B2 (en) * 2004-02-25 2007-03-20 Nokia Corporation Electronic payment schemes in a mobile environment for short-range transactions
US8108317B2 (en) * 2005-08-31 2012-01-31 Hand Held Products, Inc. System and method for restricting access to a terminal
EP1802155A1 (fr) 2005-12-21 2007-06-27 Cronto Limited Système et procédé pour authentification dynamique basée sur plusieurs facteurs
US20070241183A1 (en) * 2006-04-14 2007-10-18 Brown Kerry D Pin-secured dynamic magnetic stripe payment card
JP2008103786A (ja) * 2006-10-17 2008-05-01 Sharp Corp 有料番組提供システムおよびテレビ放送受信装置
IL187492A0 (en) 2007-09-06 2008-02-09 Human Interface Security Ltd Information protection device
EP2166483A1 (fr) * 2008-09-17 2010-03-24 Tds Todos Data System Ab Procédé et dispositif pour créer une signature numérique
ES2381293B1 (es) * 2009-04-20 2012-11-07 Alter Core, S.L. Sistema y método de acreditación personal mediante dispositivo móvil.
WO2010140876A1 (fr) 2009-06-01 2010-12-09 Bemobile Sdn. Bhd. Procede, systeme et serveur securise d'authentification multifactorielle de transaction
US8365264B2 (en) * 2009-10-12 2013-01-29 Microsoft Corporation Protecting password from attack
US20110219427A1 (en) * 2010-03-04 2011-09-08 RSSBus, Inc. Smart Device User Authentication
DE102010013202A1 (de) 2010-03-29 2011-09-29 Giesecke & Devrient Gmbh Verfahren zum sicheren Übertragen einer Anwendung von einem Server in eine Lesegeräteinheit
TW201314579A (zh) * 2011-09-26 2013-04-01 Anica Corp 智慧卡及其通訊方法
US9642005B2 (en) * 2012-05-21 2017-05-02 Nexiden, Inc. Secure authentication of a user using a mobile device
US10515363B2 (en) * 2012-06-12 2019-12-24 Square, Inc. Software PIN entry
US20140059351A1 (en) * 2012-08-21 2014-02-27 General Instrument Corporation Method and device for connecting to a wireless network using a visual code
US8909933B2 (en) * 2012-10-25 2014-12-09 International Business Machines Corporation Decoupled cryptographic schemes using a visual channel
US9412283B2 (en) * 2012-12-31 2016-08-09 Piyush Bhatnagar System, design and process for easy to use credentials management for online accounts using out-of-band authentication
EP2979235A4 (fr) * 2013-03-28 2016-12-21 Ezetap Mobile Solutions Private Ltd Système et procédé destinés à une transaction électronique sécurisée utilisant un dispositif lecteur de cartes portatif universel
KR102124575B1 (ko) * 2013-05-02 2020-06-18 삼성전자주식회사 사용자 프라이버시 보호를 위한 전자 장치 및 그 제어 방법
US20150229751A1 (en) * 2014-02-07 2015-08-13 Microsoft Corporation Securely determining the location of a user
US20150317626A1 (en) * 2014-04-30 2015-11-05 Intuit Inc. Secure proximity exchange of payment information between mobile wallet and point-of-sale

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040143515A1 (en) * 2003-01-16 2004-07-22 Nec Corporation System for authentication in electronic commerce and method of carrying out the same

Also Published As

Publication number Publication date
US10050790B2 (en) 2018-08-14
WO2015106971A1 (fr) 2015-07-23
US20160337126A1 (en) 2016-11-17
DE102014000644A1 (de) 2015-07-23

Similar Documents

Publication Publication Date Title
EP3574625B1 (fr) Procédé de réalisation d'une authentification
WO2015106971A1 (fr) Procédé pour autoriser une transaction
EP3175384B1 (fr) Procédé et dispositif de connexion à des appareils médicinaux
EP2533172B1 (fr) Accès sécurisé aux données d'un appareil
DE102012219618B4 (de) Verfahren zur Erzeugung eines Soft-Tokens, Computerprogrammprodukt und Dienst-Computersystem
EP2751950B1 (fr) Procédé de génération d'un jeton logiciel, produit-programme d'ordinateur et système informatique de service
EP2765752B1 (fr) Procédé destiné à pourvoir un terminal mobile d'un certificat d'authentification
EP2289016B1 (fr) Utilisation d'un appareil de télécommunication mobile comme carte de santé électronique
EP2856437A1 (fr) Procédé et dispositif pour commander un mécanisme de verrouillage au moyen d'un terminal mobile
DE102009052389A1 (de) Verfahren zur sicheren Interaktion mit einem Sicherheitselement
EP3198826B1 (fr) Clé d'authentification
EP2512090A1 (fr) Procédé destiné à l'authentification d'un participant
EP2965490B1 (fr) Procédé d'authentification de personnes
EP1915718B1 (fr) Procede pour proteger l'authentification d'un support de donnees portable vis-a-vis d'un lecteur par une voie de communication non securisee
WO2015043732A1 (fr) Procédé de mise à disposition d'une information
EP3111393A1 (fr) Procédé pour autoriser une transaction
WO2014023802A1 (fr) Ensemble dispositif pour exécuter ou lancer un service électronique et procédé pour la saisie sécurisée de données d'autorisation
DE102008037794A1 (de) Einmalpasswort-Generator
WO2015114160A1 (fr) Procédé de transmission sécurisée de caractères
DE102011015967B4 (de) Verfahren zur Entschlüsselung von digitalen Daten
DE102011110898A1 (de) Verfahren zur Authentifizierung eines Benutzers zum Gewähren eines Zugangs zu Diensten eines Computersystems, sowie zugehöriges Computersystem, Authentifizierungsserver und Kommunikationsgerät mit Authentifizierungsapplikation
EP3401821A1 (fr) Procédé et système de traitement de données permettant de fournir et d'utiliser une session pin pour un processus d'authentification d'un utilisateur et/ou objet de données critique en termes de sécurité
WO2016188636A1 (fr) Authentification d'application
DE102009024986A1 (de) Verfahren zum Sichern von Transaktionsdaten
DE102005050878A1 (de) Verfahren zur datentechnisch gesicherten elektronischen Kommunikation sowie eine Vorrichtung zur Ausführung dieses Verfahrens

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20160817

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: GIESECKE+DEVRIENT MOBILE SECURITY GMBH

17Q First examination report despatched

Effective date: 20171206

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20190803