GB2328310A - Electronic transaction authorisation system - Google Patents

Electronic transaction authorisation system Download PDF

Info

Publication number
GB2328310A
GB2328310A GB9709748A GB9709748A GB2328310A GB 2328310 A GB2328310 A GB 2328310A GB 9709748 A GB9709748 A GB 9709748A GB 9709748 A GB9709748 A GB 9709748A GB 2328310 A GB2328310 A GB 2328310A
Authority
GB
United Kingdom
Prior art keywords
user
transaction
code
receiver
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9709748A
Other versions
GB9709748D0 (en
GB2328310B (en
Inventor
Ho Keung Tse
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GBGB9610194.4A external-priority patent/GB9610194D0/en
Priority claimed from GBGB9610522.6A external-priority patent/GB9610522D0/en
Application filed by Individual filed Critical Individual
Publication of GB9709748D0 publication Critical patent/GB9709748D0/en
Priority to EP98928306A priority Critical patent/EP1147497A2/en
Priority to CN98814026A priority patent/CN1322334A/en
Priority to PCT/EP1998/002995 priority patent/WO1998054943A2/en
Publication of GB2328310A publication Critical patent/GB2328310A/en
Publication of GB2328310B publication Critical patent/GB2328310B/en
Application granted granted Critical
Priority to HK02103518.5A priority patent/HK1041962A1/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An electronic transaction and authorisation system comprises a receiver, eg a pager, for receiving information of a transaction to be authorised and a one time, non-predictable code; and for conveying the information and the code to its user. The user, after checking the transaction information is correct, sends the code to an authentication centre directly or through the payee, via an existing communication(s) network system, for authorising the transaction.

Description

UNIVERSAL ELECTRONIC TRANSACTION SYSTEM AND METHOD THEREFOR Field of the invention The present invention relates to electronic transaction system, and particularly, to an electronic money transaction system with high portability and flexibility for enabling user to effect transactions of any kinds or for any purposes.
Background of the invention Nowadays, electronic money transaction systems are easily found in the services/products providers such as restaurants and shops for receiving payments.
Among such conventional systems, the IC credit card is regarded as a secure means for effecting transactions, and even though, it does have a problem as lacking the capability for providing reliable information about the transaction to be authorised, and as a consequent, it can not be used to ensure a transaction being authorised is exactly the transaction being intended by its holder. Further that, the use of a credit card requires the co-operation of a dedicated terminal, which generally being limited for receiving payments to a particular services/products provider only, and inwhich a number of security problems inherent.
Such a dedicated terminal is necessary for interfacing the IC card and coupling it to a remote central computer which responsible for authenticating the IC card, by establishing a communication link. It should be noted that, the communication link need not be a secure one as far as communication between the IC card and central computer is concerned because when an authentication process take place, the central computer will generate and send a random number to the IC card through the communication link, and the IC card will encrypt the random number and return the encryption result back to the central computer through the communication link. If the encryption result is correct, the central computer will permit the transaction. If a secure communication between the IC card and the central computer is to be used, this will only mean that the random number will be encrypted one more time, this should be unnecessary and even if it was necessary, it should be carried out byfinside the IC card instead.
In additional thereto, the terminal is also necessary for providing reliable transaction information, particularly, the transaction amount, to the cardholder by means of, for e.g., a display. This means that the terminal has to be a secure device, i.e., it cannot be modified or interfered with. Further, the terminal also has to establish a secure communication link with the central computer to ensure the transaction information communicated thereto cannot be intercepted and modified.
To ensure no card fraud by, for e.g., the cashier of a services/products provider or even the provider itself, a IC card holder has to get into close vicinity of the terminal to monitor the transaction procedure handled by the cashier and desirably, should insert and remove the card into and from the terminal on his own.
In situations where such a terminal does not exist, the IC card will become useless, or it may take the card holder walk a long way if the location of the terminal is remote from the location where the cardholder receives the service/product, this may happen in a shop or restaurant with thousands of sq. ft. in size.
It may also be necessary for a cardholder to get out of his car to make payment for car park fee or fuel intake.
Finally, an I.C. card cannot be used for purchasing in internet environment Recently, efforts have been made in developing specialised telephone/intemet computer with security functions and capability of interfacing an I.C. card, for enabling people to perform a variety of transactions related to banking and shopping. However, unless all the existing telephones/computers are being replaced by such specialised telephoneshlnternet computers, a cardholder can only expect his I.C. cards will still be basically restricted for making payments to those services/products providers with a dedicated terminal as mentioned above installed Objects of the present invention: Accordingly, it is therefore an object of the present invention to provide an apparatus to a user, rather than the services/products providers, for conveying to the user directly reliable information of a transaction to be authorised, and for enabling the user to authorise that transaction; and a method therefor.
It is therefore another object of the present invention to provide an apparatus to a user, rather than the services/products providers, for enabling a electronic transaction to take place with the aid of any existing general purpose communication(s) network system such as telephone, internet computer or the like, without modification thereof for the security problems as mentioned above; and a method therefor.
It is therefore a further another object of the present invention to provide a universal electronic transaction system which being low cost, secure, not dedicated for any particular purpose; and a method therefor.
Brief description of the invention: According to one embodiment of the present invention, there is provided a pager for receiving a paging signal representative of information of a transaction, for e.g., on a user account, to be authorised, and representative of a non-predictable code for use by the user to authorise that transaction. The user of the pager, after checking the transaction information including transaction amount and receiver's identity, being correct, sends or gives the non-predictable code to the receiver who will communicate the non-predictable code to the bank for authorising the transaction.
According to another embodiment of the present invention, there is provided a pager with an IC card receiving port therein for receiving an external conventional IC credit card. The pager being for receiving a paging signal representative of information of a transaction to be authorised and representative of a non-predictable code. The IC card being for transforming the non-predictable code according to an encryption algorithm specified to the user, and the encryption result being for use by the user to authorise that transaction.
Brief description of drawing FIG.1 is a block diagram of a present paging receiver according to a first embodiment.
FIG.2 is a flow chart of a method for a present authentication process.
Detailed description of the preferred embodiments Referring to Fig.1, there is shown a block diagram of a paging receiver 1, according to a first embodiment of the present invention, in which comprising: 1) a receiver circuit 23 for receiving paging signals including signals representative of electronic money transaction information (herein below referred as E signals); 2) an address comparator 25 for checking whether a signal is assigned to the paging receiver 1 and which may comprise a plurality of addresses for reception of different kinds of signals; 3) a CPU 21 for fetching a message following the call signal is determined to be assigned to the receiver 1; 4) a message memory 28 for storing a received message; 5) a display 34 for displaying the message received; 6) a cryptographic algorithm memory 27 for transforming at least a part of the E signals, of which details will be described herein below later; 7) a speaker 33 and led 31 for providing sound and light signal respectively to a user for indicating a paging signal received.
When in operation, the paging receiver 1 will receive any paging signals transmitted from a base station of the same pager based broadcast system Such a paging signal contains 4 field, namely as, 1) address field for containing an address of the paging receiver assigned for receiving the signal ; 2) type field for indicating whether the signal is a E signal or not; 3) information field for containing information to be displayed to user ; 4) signal number identity for indicating to the paging receiver 1 that, a signal which being broadcasted by the base station more than one time for ensuring it will be received by paging receiver 1 be the same signal, so that pager receiver 1 will ignore the successively identical signals and will not alert the user unnecessarily. The receiving circuit 23, after amplifying the incoming paging signal, supplies the signal to the address comparator 25 which will compare the address field of the signal with one or a number of stored address(es) representative of the user's identity therein, and if a coincidence occurs, the address comparator will feed the rest of the signal to the CPU 21, otherwise, the rest of the signal will be ignored.
According to the first embodiment, the present paging receiver is for to be used to achieve authentication of user identity for a secure operation on a user's account.
Referring to Fig.2, which is a flow chart of a method for the authentication process. As read on Fig.2, when an authentication process takes place, an internet computer which desirably has a card reader therein for obtaining the user account number by, for instance, reading a magnetic card or a IC card or the like of the user, otherwise the user account number will have to be entered by hand. Then, it supplies the account number together with the transaction information, which may be entered into the computer with the aid of a keyboard by the payee and which may include information such as identity of payee, transaction amount, purpose of payment, e.g., deposit or flill payment for a particular product or service or the like, identity of product(s) and services concerned etc., to a central computer through an existing communication(s) network system which in this case, the internet. The central computer, in response thereto, generates a one time, non-predictable code which being a random number and searches in a user accounts storage thereof the user identity corresponding to the user account number received and then supplies the user identity searched, the transaction information received together with the random number to the base station mentioned above.
The base station will then search in an address storage thereof an address of the paging receiver of the user, according to the user identity received, and generate a paging E signal, in a format as mentioned above and in which the information field contains the transaction information and the random number, and broadcast the signal.
The paging receiver 1, after receiving the signal, transforms the random number therein by the algorithm stored in cryptographic algorithm memory 27, which being specific to the user, and then alerts the user and displays the transaction information and the transformed random number to the user. The user, after seeing that the transaction information being correct, enters the transformed random number read on display 34 into the keypad of the internet computer which again sends it to the central computer.
The central computer, in response thereto, searches in a cryptographic algorithm storage thereof a corresponding cryptographic algorithm of the user and transforms the random number it generated previously by the cryptographic algorithm searched and compared the result with that of the paging receiver 1, and if the comparison result is favourable, the user's identity is authentic.
It should be noted that the cryptographic process in the paging receiver 1 and the central computer may be omitted to simplify the authentication process and at the same time, it can still provide a acceptable degree of security. This is possible for the reason that although the paging signal can be received by anyone, they can not use it unless they know the correct address of the paging receiver of the user because nowadays, thousands of similar signals may occur and be receivable at the same instant of time.
On the other hand, security of such a system may be enhanced by having the address stored in address comparator 25 be changeable and be changed when a specific paging signal, send by the base station, containing a command of a first predetermined bit pattern and followed by a new address which being encrypted is received. CPU 21, after receiving such a command, will decrypt the encrypted address by using the encryption algorithm stored in memory 27 and put the decrypted address into the address storage of address comparator 25.
Similarly, the cryptographic algorithm memory may also be updated in this way. Specifically, another specific paging signal containing a command of a second predetermined bit pattern and followed by a new algorithm which being encrypted is used therefor. CPU 21, after receiving such a command, will decrypt the encrypted algorithm by using the original cryptographic algorithm in memory 27 and put the decrypted one into memory 27 for to be used thereafter. Other skills well known to those in the art may well be used for updating the address storage in address comparator 25 or algorithm in memory 27, for instance, a terminal may be included in the paging receiver for interfacing a memory card or a computer or the like for that purpose.
Further, the paging receiver may includes a keypad thereon for receiving, by CPU 21, a password and without it CPU 21 will not perform the cryptographic process. Altematively, it may also be desirable that once a password is entered, CPU 21 will perform the cryptographic process on the random numbers of E signals received within a predetermined period of time thereafter, or will perform the cryptographic process on the random numbers of any E signals until the total transaction amount authorised thereby exceeds a predetermined value, so that the user need not to enter the password every time a transaction take place.
Further still, to enhance the security of the present system, the E signal may be modified as 2 separate signals, 1) El signal which being similar to the E signal as mentioned above, except that it contains no random number therein ; 2) the random number signal for containing the random number which being disguised as an ordinary telephone number. And, the address comparator 25 may contains a specific address dedicated for receiving the random number signal. In the random number signal, there is no type field for indicating to CPU 21 that it being a part of a E signal or the type field therein will not indicates it as a E signal, instead, the address comparator 25 will interrupt CPU 21 in a specific manner when it detect a random number signal is received, thereby informing CPU 21 of this fact.
According to another embodiment of the present invention, there is provided a pager with an IC card receiving port therein for receiving an external conventional IC credit card. Similar to the first embodiment, the pager is also being for receiving a paging E signal representative of information of a transaction to be authorised on a user's bank account, or the like, and representative of a non-predictable code which being a random number, but in this case, the CPU 21 in the pager will not perform an cryptographic process on the random number, instead, it supplies it to the external IC card in the receiving port. The IC card, upon reception of the random number, will transform it according to an cryptographic algorithm therein, and the result will be communicated to CPU 21 which will cause it, together with the transaction information received, to be displayed in display 34.
It should be noted that, as the user relies on the transaction information received by his pager in making a transaction, it is therefore no longer necessary or a must for the services/products providers to install a dedicated secure terminal as mentioned above. Rather, an existing general purpose communication(s) network system can be used for communicating the transaction information as well as the nonpredictable code for authorising the transactions to the central computer.
If merely communicating the account numbers of the money payer and receiver as well as the transaction amount is required, then a dual tone telephone will be sufficient If further details of the transaction information is required, such as the purpose of the transaction, e.g. to purchase a Benz, model # 380s, serial # 1234 or even personal loan etc., then the transaction information may be communicated to an operator of the bank, who will be responsible for the data entry of the transaction information by means of a keyboard. In this case, it is desirable that both the money payer and receiver to have a respective pager of their own for receiving the transaction information and a different one time, non-predictable code for use by them respectively to authorise the transaction, so as to prevent loss to any one of them should there are errors in data entry.
If the transaction is a business agreement or contract, information may be communicated to the central computer by means of an internet computer, as mentioned above.
The most important of all, is of course the central computer should keep a digital record of the transaction information for future reference, for e.g., by internet access. In this way, it is possible to achieve a real "paperless" transaction in which no paper money, no paper receipt or record of the like involved.
It should be noted that the above embodiments are given by way of example only, and it will be obvious to those skilled in the art that various change and modifications may be made without departing from the spirit of the present invention.
For instance, the non-predictable code may be transformed by the central computer by means of an encryption process before sending to the pager, and the pager, in this case, will decrypt and display the non-predictable code in its original form to the user, for to be used for enabling the transaction.
Similarly, the transaction information may also be encrypted by the central computer in this way before transmitting to the pager. This can eliminate the possibility of the reception of E signal by the pager be interfered by an extremely strong disturbance signal and the pager be fooled by another fake E signal with the same nonpredictable code therein but a false transaction information to deceive the user.
It should further be noted that, in the present electronic transaction system, an existing communication(s) network system is required for the purpose of communicating the non-predictable code or a transformation of it back to the central computer. The term "existing communication(s) network system" used herein above, or in the claims herein below, is intended to be interpreted as not only including the communication(s) network systems exist now, but also the communication(s) network system which may exist in the future and be applicable for that purpose and at the time in future when the present invention is to be used, it actually exists.

Claims (19)

What is claimed is:
1) An electronic transaction apparatus, comprising: A receiver, comprising: means for receiving a first signal which being broadcasted for to be received by said receiver and representative of information related to a transaction for to be authorised by said user, means for receiving a second signal which being broadcasted for to be received by said receiver and representative of a one time, non-predictable code for use by said user to authorise said transaction, means for conveying said information and said code to said user; Wherein said one-time, non-predictable code being for to be communicated to an authentication means directly or indirectly through a first existing communication(s) network system and said authentication means will determine said transaction as authorised if receives said one-time, non-predictable code.
2) An electronic transaction apparatus as claimed in claim 1, wherein there is a human operator for communication of said one-time, non-predictable code through said first existing communication(s) network system from another person, and for communication of said one-time, non-predictable code to said authentication means by means of an information entry means.
3) An electronic transaction apparatus as claimed in claim 1, wherein said first signal being in an encrypted form and said receiver will decrypt it before conveying it to said user.
4) An electronic transaction apparatus as claimed in claim 1, wherein said second signal being in an encrypted form and said receiver will decrypt it before conveying it to said user.
5) An electronic transaction apparatus as claimed in claim 1, wherein said one-time, non-predictable code being communicated to said authentication means through said first communication(s) network system which being not dedicated for this purpose.
6) An electronic transaction apparatus as claimed in claim 1, wherein said first existing communication(s) network system being a telephone network and said non-predictable code being entered by means of a dual tone telephone.
7) An electronic transaction apparatus as claimed in claim 1, wherein said first existing communication(s) network system being the internet and said non-predictable code being entered by means of an internet computer.
8) An electronic transaction apparatus as claimed in claim 1, wherein said receiver further comprising a means for receiving an external module for transforming said second signal representative of said one-time, non-predictable code by means of a predetermined cryptographic algorithm specific to said user, thereby obtaining said one time, non-predictable code therefrom.
9) An electronic transaction apparatus as claimed in claim 1, wherein said one-time, non-predictable code being a random number.
10) An electronic transaction apparatus as claimed in claim 1, wherein said means for conveying being a display.
11) An electronic transaction apparatus as claimed in claim 1, wherein further comprising said authentication means.
12) An electronic transaction apparatus as claimed in claim 1, wherein said transaction being an electronic money transaction on an account under the control of said user.
13) An electronic transaction apparatus as claimed in claim 12, wherein said information related to said transaction is being received by said authentication means through a second existing communication(s) network system directly or indirectly.
14) Apparatus for effecting an electronic transaction, comprising: means for generating a one time, non-predictable code; means for broadcasting a signal representative of information related to a transaction for to be authorised by a user and said code, said signal being for to be received by a receiver means of said user and to be conveyed to said user by said receiver means; means for receiving said code through an existing communication(s) network system directly or indirectly; means for determining said transaction as authorised if said code is received by said means for receiving.
15) Apparatus as claimed in claim 14, wherein further comprising said receiver means.
16) Apparatus claimed in claim 14, wherein said signal representative of said code being in an encrypted form and said receiver means will decrypt it before conveying it to said user.
17) Apparatus claimed in claim 14, wherein said signal representative of said information being in an encrypted form and said receiver means will decrypt it before conveying it to said user.
18) An electronic transaction system, comprising: means for receiving information related to a transaction for to be authorised by a user; means for generating a one time, non-predictable code; means for broadcasting a signal representative of said information and said code for to be received by a receiver means of said user and to be conveyed to said user by said receiver means; wherein there is a human operator for communication of said one-time, nonpredictable code through a communication network from another person and then communication of said one-time, non-predictable code to said system and said system will determine said transaction as authorised if receives said code.
19) An electronic transaction system as claimed in claim 1t, wherein further comprising said broadcasting means.
19) An electronic transaction system as claimed in claim 18, wherein further comprising said receiver means.
20) An electronic transaction system as claimed in claim 18, wherein further comprising: means for receiving said code from said human operator; means for determining said transaction as authorised if receives said code.
21) A method for effecting an electronic transaction, comprising the steps of: generating, by an authenticating means, a one time, non-predictable code; transmitting, by a transmitting means, a signal representative of information related to said transaction and said code, for to be received by a receiver means of said user; conveying, by said receiver means, said transaction information and said code to said user; Wherein said one-time, non-predictable code being for to be communicated to said authentication means directly or indirectly through an existing communication(s) network system and said authentication means will determine said transaction as authorised if receives said one-time, non-predictable code.
Amendments to the claims have been filed as follows
1) In an electronic transaction apparatus for use in a system having a control means for obtaining first information of proposed transactions from third information at least a part received from a remote 2-way communication device , comprising: a receiver, comprising: means for receiving said first information of a first proposed transaction which being caused to be broadcasted in the air by said control means for to be received by said receiver; means for receiving second information which being broadcasted in the air for to be received by said receiver, for use in generation of a one time, non-predictable code for use by the user of said receiver to confirm fairness of said first transaction; means for conveying said received first information to said user, so as for assuring said user(s) that said control means has obtained correct and sufficient information for defining said first transaction , before said user make said confirmation; wherein said user being located at said communication device's location.
2) A apparatus as claimed in claim 1, wherein said first information being in an encrypted form and said receiver will decrypt it before conveying it to said user.
3) An electronic transaction apparatus as claimed in claim 1, wherein said second information being in an encrypted form and said receiver will decrypt it before conveying it to said user.
4) An electronic transaction apparatus as claimed in claim 1, wherein said receiver further comprising a means for receiving an external module for generating said one time, non-predictable code.
5) An electronic transaction apparatus as claimed in claim 1, wherein said one-time, non-predictable code being a random number.
'o)An electronic transaction apparatus as claimed in claim 1, wherein said means for conveying being a display.
5 ) An electronic transaction apparatus as claimed in claim 1, wherein said transaction being an electronic money transaction on an account under the control of said user.
g ) Electronic transaction apparatus, comprising: means for obtaining information of a proposed transaction for to be authorised by a user; broadcasting means to broadcast said information in the air, to a receiver means of said user and to be conveyed to said user by said receiver means, so as for assuring said user(s) that said control means has obtained correct and sufficient information for defining said transaction , before said user authorise said transaction.
9 ) Apparatus as claimed in claim 8, wherein further comprising said receiver means and said broadcasting means.
io) Apparatus as claimed in claim , wherein said information being in an encrypted form and said receiver means will decrypt it before conveying it to said user.
II ) An electronic transaction system, comprising: means for receiving information related to a transaction for to be authorised by a user; means for generating a one time, non-predictable code; means for broadcasting a signal representative of said information and said code for to be received by a receiver means of said user and to be conveyed to said user by said receiver means; wherein there is a human operator for communication of said one-time, nonpredictable code through a communication network from another person and then communication of said one-time, non-predictable code to said system and said system will determine said transaction as authorised if receives said code.
iZ) An electronic transaction system as claimed in claim l, wherein further comprising said receiver means.
13) An electronic transaction system as claimed in claim 11, wherein further comprising: means for receiving said code from said human operator; means for determining said transaction as authorised if receives said code.
4) A method for effecting an electronic transaction, comprising the steps of: obtaining, by a control means, first information related to a transaction for to be authorised by a user; transmitting in the air, by a transmitting means, second information related to said first information for to be received by a receiver means of said user; providing, by said receiver means, said second information to said user, so as for assuring said user(s) that said control means has obtained correct and sufficient information for defining said transaction , before said user confirm fairness of said transaction.
15) An electronic transaction apparatus as claimed in claim 1, wherein said publicly accessible data communication network is a telephone network.
6) An electronic transaction apparatus as claimed in claim 1, wherein further comprising said electronic transaction system.
17 ) An electronic transaction apparatus as claimed in claim 1, wherein further comprising a broadcasting means for broadcasting said first and second information.
I ) An electronic transaction system, comprising: means for obtaining information related to a transaction for to be authorised by a user; means for generating a one time, non-predictable code; means for broadcasting said information and information for generating said code to a receiver means of said user; means for receiving a code intended for authorisation of said transaction; means for determining said transaction as authorised if said means for receiving receives said code.
GB9709748A 1996-05-15 1997-05-14 Electronic transaction apparatus and method therefor Expired - Fee Related GB2328310B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
PCT/EP1998/002995 WO1998054943A2 (en) 1997-05-14 1998-05-12 Universal electronic transaction system and method therefor
CN98814026A CN1322334A (en) 1997-05-14 1998-05-12 Universal Electronic transaction system and method therefor
EP98928306A EP1147497A2 (en) 1997-05-14 1998-05-12 Universal electronic transaction system and method therefor
HK02103518.5A HK1041962A1 (en) 1997-05-14 2002-05-09 Universal electronic transaction system and method therefor

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB9610194.4A GB9610194D0 (en) 1996-05-15 1996-05-15 Method and apparatus for effecting secure electronic funds transfer
GBGB9610522.6A GB9610522D0 (en) 1996-05-20 1996-05-20 Method and apparatus for effecting secure electronic fund transactions

Publications (3)

Publication Number Publication Date
GB9709748D0 GB9709748D0 (en) 1997-07-02
GB2328310A true GB2328310A (en) 1999-02-17
GB2328310B GB2328310B (en) 1999-12-08

Family

ID=26309339

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9709748A Expired - Fee Related GB2328310B (en) 1996-05-15 1997-05-14 Electronic transaction apparatus and method therefor

Country Status (1)

Country Link
GB (1) GB2328310B (en)

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999023617A3 (en) * 1997-11-04 1999-07-15 Gilles Kremer Method for transmitting data and implementing server
GB2360383A (en) * 2000-03-17 2001-09-19 Tradesafely Com Ltd Payment authorisation
WO2002001516A2 (en) * 2000-06-26 2002-01-03 Intel Corporation Method and apparatus for using a cellular telephone as an authentification device
WO2002021354A1 (en) * 2000-09-04 2002-03-14 Sonera Oyj Payment system
GB2371136A (en) * 2000-08-31 2002-07-17 Martin Ranicar-Breese Transaction authorisation
GB2373616A (en) * 2001-03-24 2002-09-25 Merlin Analysis Ltd Remote cardholder verification process
FR2829647A1 (en) * 2001-09-11 2003-03-14 Mathieu Schnee Authentication of a transaction relating to acquisition and payment for goods and services, whereby authentication makes use of both Internet and mobile phone technology for transmission and validation of codes and passwords
FR2831297A1 (en) * 2001-10-22 2003-04-25 Bosch Gmbh Robert Method of provision of service by service provider over communication network, uses secret key sent to user to encrypt part of offer of service which is returned to provider as evidence of correct identification of user
GB2387002A (en) * 2002-02-20 2003-10-01 1Revolution Group Plc Personal identification system and method using a mobile device
WO2003083793A2 (en) * 2002-04-03 2003-10-09 Swivel Secure Limited System and method for secure credit and debit card transactions
GB2377523B (en) * 2001-04-12 2003-11-26 Netdesigns Ltd User identity verification system
US7089208B1 (en) 1999-04-30 2006-08-08 Paypal, Inc. System and method for electronically exchanging value among distributed users
EP1840814A1 (en) * 2006-03-17 2007-10-03 Hitachi Software Engineering Co., Ltd. Verification system
GB2438651A (en) * 2006-06-02 2007-12-05 Michael Arnold Secure financial transactions
EP2062209A1 (en) * 2006-09-15 2009-05-27 Comfact Ab Method and computer system for ensuring authenticity of an electronic transaction
EP2209095A1 (en) * 2000-07-10 2010-07-21 Paypal, Inc. System and method for verifying a financial instrument
EP2472465A2 (en) * 2009-08-25 2012-07-04 Sang Wook Hong Network dart game system for selecting players, and method for controlling same
ITRM20110125A1 (en) * 2011-03-16 2012-09-17 Solidonet S R L PROCEDURE AND SYSTEM TO AUTHORIZE A BUSINESS TRANSACTION.
US8725607B2 (en) 2004-01-30 2014-05-13 The Clearing House Payments Company LLC Electronic payment clearing and check image exchange systems and methods
US8943548B2 (en) 2005-12-21 2015-01-27 Vasco Data Security, Inc. System and method for dynamic multifactor authentication
US10387879B2 (en) 2002-04-23 2019-08-20 The Clearing Housse Payments Company L.L.C. Payment identification code and payment system using the same
US10567385B2 (en) 2010-02-25 2020-02-18 Secureauth Corporation System and method for provisioning a security token
EP1623388B1 (en) * 2003-05-13 2021-01-20 Panasonic Intellectual Property Corporation of America Value holding system, value holding method, value holding program, and transaction system
US10922694B2 (en) 2007-10-19 2021-02-16 Paypal, Inc. Automatic teller machine (ATM) electronic push requests
US11042882B2 (en) 2015-07-01 2021-06-22 The Clearing House Payments Company, L.L.C. Real-time payment system, method, apparatus, and computer program
US11295308B1 (en) 2014-10-29 2022-04-05 The Clearing House Payments Company, L.L.C. Secure payment processing
US11436577B2 (en) 2018-05-03 2022-09-06 The Clearing House Payments Company L.L.C. Bill pay service with federated directory model support
US11694168B2 (en) 2015-07-01 2023-07-04 The Clearing House Payments Company L.L.C. Real-time payment system, method, apparatus, and computer program

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4536647A (en) * 1983-07-15 1985-08-20 Atalla Corporation Pocket banking terminal, method and system
US4797920A (en) * 1987-05-01 1989-01-10 Mastercard International, Inc. Electronic funds transfer system with means for verifying a personal identification number without pre-established secret keys
WO1996000485A2 (en) * 1994-06-24 1996-01-04 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4536647A (en) * 1983-07-15 1985-08-20 Atalla Corporation Pocket banking terminal, method and system
US4797920A (en) * 1987-05-01 1989-01-10 Mastercard International, Inc. Electronic funds transfer system with means for verifying a personal identification number without pre-established secret keys
WO1996000485A2 (en) * 1994-06-24 1996-01-04 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus

Cited By (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999023617A3 (en) * 1997-11-04 1999-07-15 Gilles Kremer Method for transmitting data and implementing server
US9996826B2 (en) 1999-04-30 2018-06-12 Paypal, Inc. System and methods for facilitating value exchanges using mobile devices
US7089208B1 (en) 1999-04-30 2006-08-08 Paypal, Inc. System and method for electronically exchanging value among distributed users
GB2360383B (en) * 2000-03-17 2003-12-03 Tradesafely Com Ltd Payment authorisation method and apparatus
GB2360383A (en) * 2000-03-17 2001-09-19 Tradesafely Com Ltd Payment authorisation
WO2002001516A2 (en) * 2000-06-26 2002-01-03 Intel Corporation Method and apparatus for using a cellular telephone as an authentification device
WO2002001516A3 (en) * 2000-06-26 2003-04-17 Intel Corp Method and apparatus for using a cellular telephone as an authentification device
EP2209095A1 (en) * 2000-07-10 2010-07-21 Paypal, Inc. System and method for verifying a financial instrument
GB2371136A (en) * 2000-08-31 2002-07-17 Martin Ranicar-Breese Transaction authorisation
WO2002021354A1 (en) * 2000-09-04 2002-03-14 Sonera Oyj Payment system
GB2373616A (en) * 2001-03-24 2002-09-25 Merlin Analysis Ltd Remote cardholder verification process
GB2377523B (en) * 2001-04-12 2003-11-26 Netdesigns Ltd User identity verification system
FR2829647A1 (en) * 2001-09-11 2003-03-14 Mathieu Schnee Authentication of a transaction relating to acquisition and payment for goods and services, whereby authentication makes use of both Internet and mobile phone technology for transmission and validation of codes and passwords
FR2831297A1 (en) * 2001-10-22 2003-04-25 Bosch Gmbh Robert Method of provision of service by service provider over communication network, uses secret key sent to user to encrypt part of offer of service which is returned to provider as evidence of correct identification of user
GB2387002A (en) * 2002-02-20 2003-10-01 1Revolution Group Plc Personal identification system and method using a mobile device
WO2003083793A2 (en) * 2002-04-03 2003-10-09 Swivel Secure Limited System and method for secure credit and debit card transactions
WO2003083793A3 (en) * 2002-04-03 2003-12-31 Swivel Technologies Ltd System and method for secure credit and debit card transactions
US10387879B2 (en) 2002-04-23 2019-08-20 The Clearing Housse Payments Company L.L.C. Payment identification code and payment system using the same
EP1623388B1 (en) * 2003-05-13 2021-01-20 Panasonic Intellectual Property Corporation of America Value holding system, value holding method, value holding program, and transaction system
US10636018B2 (en) 2004-01-30 2020-04-28 The Clearing House Payments Company L.L.C. Electronic payment clearing and check image exchange systems and methods
US11301824B2 (en) 2004-01-30 2022-04-12 The Clearing House Payments Company LLC Electronic payment clearing and check image exchange systems and methods
US10685337B2 (en) 2004-01-30 2020-06-16 The Clearing House Payments Company L.L.C. Electronic payment clearing and check image exchange systems and methods
US8725607B2 (en) 2004-01-30 2014-05-13 The Clearing House Payments Company LLC Electronic payment clearing and check image exchange systems and methods
US10643190B2 (en) 2004-01-30 2020-05-05 The Clearing House Payments Company L.L.C. Electronic payment clearing and check image exchange systems and methods
US9799011B2 (en) 2004-01-30 2017-10-24 The Clearing House Payments Company L.L.C. Electronic payment clearing and check image exchange systems and methods
US10555169B2 (en) 2005-12-21 2020-02-04 Onespan North America Inc. System and method for dynamic multifactor authentication
US8943548B2 (en) 2005-12-21 2015-01-27 Vasco Data Security, Inc. System and method for dynamic multifactor authentication
EP1840814A1 (en) * 2006-03-17 2007-10-03 Hitachi Software Engineering Co., Ltd. Verification system
GB2438651A (en) * 2006-06-02 2007-12-05 Michael Arnold Secure financial transactions
EP2062209A4 (en) * 2006-09-15 2011-04-20 Comfact Ab Method and computer system for ensuring authenticity of an electronic transaction
EP2062209A1 (en) * 2006-09-15 2009-05-27 Comfact Ab Method and computer system for ensuring authenticity of an electronic transaction
US10922694B2 (en) 2007-10-19 2021-02-16 Paypal, Inc. Automatic teller machine (ATM) electronic push requests
EP2472465A2 (en) * 2009-08-25 2012-07-04 Sang Wook Hong Network dart game system for selecting players, and method for controlling same
EP2472465A4 (en) * 2009-08-25 2014-11-19 Hong Int Corp Network dart game system for selecting players, and method for controlling same
US10567385B2 (en) 2010-02-25 2020-02-18 Secureauth Corporation System and method for provisioning a security token
WO2012123885A1 (en) * 2011-03-16 2012-09-20 Solidonet S.R.L. Method and system for authorizing a commercial transaction
ITRM20110125A1 (en) * 2011-03-16 2012-09-17 Solidonet S R L PROCEDURE AND SYSTEM TO AUTHORIZE A BUSINESS TRANSACTION.
US11295308B1 (en) 2014-10-29 2022-04-05 The Clearing House Payments Company, L.L.C. Secure payment processing
US11816666B2 (en) 2014-10-29 2023-11-14 The Clearing House Payments Company L.L.C. Secure payment processing
US11042882B2 (en) 2015-07-01 2021-06-22 The Clearing House Payments Company, L.L.C. Real-time payment system, method, apparatus, and computer program
US11694168B2 (en) 2015-07-01 2023-07-04 The Clearing House Payments Company L.L.C. Real-time payment system, method, apparatus, and computer program
US11436577B2 (en) 2018-05-03 2022-09-06 The Clearing House Payments Company L.L.C. Bill pay service with federated directory model support
US11829967B2 (en) 2018-05-03 2023-11-28 The Clearing House Payments Company L.L.C. Bill pay service with federated directory model support

Also Published As

Publication number Publication date
GB9709748D0 (en) 1997-07-02
GB2328310B (en) 1999-12-08

Similar Documents

Publication Publication Date Title
GB2328310A (en) Electronic transaction authorisation system
US11605074B2 (en) System and method for secured account numbers in proximily devices
US10163100B2 (en) Location based authentication
US7634804B2 (en) Information providing system and method thereof
US5539189A (en) Card holder's paging system for commercial card data network
US10043178B2 (en) Secure mobile payment system
EP0032193B1 (en) Communication apparatus
US20100138345A1 (en) Financial transaction system having location based fraud protection
MXPA04009725A (en) System and method for secure credit and debit card transactions.
JP2009507308A5 (en)
KR100725146B1 (en) System and method for settlement by using card recognition equipment
GB2398159A (en) Electronic payment authorisation using a mobile communications device
WO1998054943A2 (en) Universal electronic transaction system and method therefor
AU773789B2 (en) Universal electronic transaction system and method therefor
JP2002133100A (en) Card use situation notifying method
AU2008268373B9 (en) Secure mobile payment system

Legal Events

Date Code Title Description
710B Request of alter time limits
RJ Reinstated under rule 110(4) or 100(2) - alteration of time limits
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20070514