GB2475033A - Transaction Verification Token - Google Patents

Transaction Verification Token Download PDF

Info

Publication number
GB2475033A
GB2475033A GB0918073A GB0918073A GB2475033A GB 2475033 A GB2475033 A GB 2475033A GB 0918073 A GB0918073 A GB 0918073A GB 0918073 A GB0918073 A GB 0918073A GB 2475033 A GB2475033 A GB 2475033A
Authority
GB
United Kingdom
Prior art keywords
token
transaction
message
user
home banking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0918073A
Other versions
GB0918073D0 (en
Inventor
Mario Guido Finetti
Riccardo Anzil
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0918073A priority Critical patent/GB2475033A/en
Publication of GB0918073D0 publication Critical patent/GB0918073D0/en
Publication of GB2475033A publication Critical patent/GB2475033A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/26Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition using a biometric sensor integrated in the pass
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Human Computer Interaction (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Biomedical Technology (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

For home banking Web applications, a solution is required to authenticate user's transactions when the client computer is not a trusted environment. A device is provided with cryptographic capabilities integrated with a small display 4 and biometric sensors 3. It is designed to receive a short message from an external home banking application including transaction details. The message is shown on the display 4. If the user passes identity verification with the fingerprint reader 3, the message is electronically signed and returned to the home banking application. The financial transaction is confirmed only if the signed message is received and verified by the server. Otherwise, the transaction is cancelled. The device has a control unit 1 and a memory 2 and may have an internal clock 6, buttons and a battery. The device may interface with the client computer via a USB connection 5, Ethernet or a wireless connection. The device can also be used to authenticate a connection between the computer and the bank website.

Description

Description
The present invention relates to an electronic device for transaction verification purposes The Transaction Verification Token (also referred to as TOKEN throughout this document) is a token or device with cryptographic capabilities integrated with a small display and fingerprint reader. In a home banking scenario or any other secure access, authentication or verification application, a token with these features is required to mitigate the security threat described below.
Let us take, for example, a Web site managed by a financial institution and provide the users with the ability to perform money transfers through the Internet. Assuming that the server is properly managed by trustworthy personnel and that the connection between the client computer and the server is properly encrypted, the major security threat comes from the usage of untrusted client computers by users.
This problem was first pointed out by Bruce Schneier in 2005 [BS], but became a real issue only in December 2007, when Symantec detected a virus called "Trojan.Silentbanker" [SY] . The Silent Banker Trojan takes advantage of a home banking session initiated by a legitimate user and performs malicious transactions on his behalf. Common two-factor authentication tokens like, for example, one-time password generators, smart cards and USB crypto tokens cannot mitigate this threat.
The solution described below mitigates this threat and allows to securely perform financial transactions through a Internet Web site, even if the client computer is untrusted and possibly controlled by a malicious third party.
According to the present invention, there is provided a device comprising means to verify and/or authenticate transactions.
The TOKEN comprises: 1. Connectivity means (5) to interface to a computer, a network or any other system. The TOKEN could be part of a system or external to it. An example of the first scenario is integrated into a PC and an example of the second scenario is a removable device connected to a PC or other system through USB cable, Firewire, Ethernet cable, optical device, CAN or any other wired or wireless connectivity 2. A trusted output device (4) made of a display (e.g. LCD, LCD-zero-power, TFT, OLED or others) and/or audio generating device(s) aimed at presenting to the user(s) of the TOKEN an input message, like for example a transaction sunimary originated by said external system 3. A trusted input device (3) made of button(s) and/or biometric sensor(s) aimed at collecting user's approval on the transaction and, possibly, authenticating the person or the people involved, carrying or in any way interacting with the transaction 4. A memory (2), responsible for storing any useful information like for example the keys required for the message signature process and the biometric template(s) required for user's authentication 5. A clock (6) as a support to the cryptographic process carried out by the control unit (1) 6. A control unit (1) responsible for: a. getting one or more input message(s) from said external system; b. have the input message(s) presented to the user(s) through said output device(s); c. collect user(s)'s approval on said input message and, possibly, authenticate TOKEN's user(s) through said input device; d. apply a cryptographic process to said input message(s); e. provide said external system with the output of said cryptographic process through said connectivity means A scenario where such device could be used is in a secure application requiring one or more of the following: physical access control, session authentication, transaction verification with or without time stamping and granted delivery of the transaction confirmation message.
For physical access control the TOKEN could be used in order to authenticate TOKEN's holder using the TOKEN's biometric sensor(s) (3), like for example a fingerprint reader.
For session authentication, like for example user access to an Internet Web site, the TOKEN could be used as described below.
In this scenario, the TOKEN works like the authentication crypto tokens already available on the market. Specifically, the TOKEN could support any combination of the authentication methods described below.
1. The TOKEN generates a new one-time password each time the user authenticates with the TOKEN's fingerprint reader (3) or pushes TOKEN's button (3) . The one-time password is shown on TOKEN's display (4).
2. Using its internal clock, the TOKEN calculates a new one-time password every few seconds and shows it on the display (4) 3. The TOKEN takes part in a SSL/TLS mutual authentication handshake, based on a public/private key pair stored in the TOKEN's memory (2) . Optionally, user's authentication through TOKEN's biometric sensor (3) could be required before initiating the SSL/TLS handshake.
4. The TOKEN receives a personal identification number (PIN) or a password from the external computing environment, through TOKEN's USE interface (5). The token participate in a SSL/TLS mutual authentication handshake only if the PIN / password provided is correct. Again, user's authentication through TOKEN's biometric sensor (3) could be required before initiating the SSL/TLS handshake.
For transaction verification / confirmation in a home banking scenario, the TOKEN could be used as described below.
The Web server generates a short summary of the transaction being requested by the user, including the beneficiary account number, the transaction ID and the transaction amount. This input message is then transferred to the TOKEN through a USB interface (5) and then shown on TOKEN's display (4), so the user can read it. The user authenticates with TOKEN'S fingerprint reader or pushes TOKEN's button (3) only if he agrees to the input message shown. The TOKEN then generates a signed message by applying any suitable cryptographic process to the input message. The TOKEN then forwards the signed message back to said Web server. It the Web server receives and successfully verifies the signed message, the transaction is authorized. Otherwise the transaction is canceled. In this usage scenario, the TOKEN could rely on the USB interface (5) for power supply. Otherwise, internal batteries are required for autonomous power supply. For additional security, TOKEN's clock (6) could be used by the control unit (1) to generate random numbers and use them in the abovementioned cryptographic process.
For transaction verification with time stamping and granted delivery of the confirmation message, the TOKEN could be used as described below.
The Web server generates a short summary of the transaction being requested by the user, including the beneficiary account number, the transaction ID and the transaction amount. This input message is then transferred to the TOKEN through a tJSB interface (5) and then shown on TOKEN's display (4), so the user can read it. The user authenticates with TOKEN's fingerprint reader or pushes TOKEN's button (3) only if he agrees to the transaction shown. The TOKEN then generates a timestamp using its internal clock (6) . The timestamp is processed together with the input message coming from the Web server in order to generate a signed message that is related to both the input message and the timestamp. The TOKEN then forwards the signed message back to the Web application. Any communication protocol based on secure acknowledgements can be used in order to ensure that either the signed message is delivered to the Web server or the user is alerted. If the Web server receives and successfully verifies the signed message, the transaction is authorized.
Otherwise the transaction is canceled. The authorized transaction is associated with the timestamp generated by the TOKEN, no matter how long did it take to transmit the signed message to the Web application. The exact time when the transaction took place is critical, for example, in on-line trading applications. In this scenario, batteries may be required for autonomous power supply.
The above mentioned signed messages are to be intended as the output of an algorithm applied to the input message(s) taking secret key(s) stored in TOKEN's memory (2) as input parameter(s). This process is aimed at providing the recipient of the signed message with a proof that the signed message was generated by the holder of a secret key that is supposed to be unambiguously associated with the holder of the TOKEN. Many cryptographic algorithms can be used for this purpose, including: 1. asymmetric key algorithms, like for example RSA; 2. symmetric key algorithms, like for example AES; 3. one-way hash functions, like for example SHA; 4. any combination of the above mentioned algorithms (e.g.: generate the signed message as a hash of the input message, encrypted with a private RSA key and appended to the input message itself) Fig. 1 is a top view of an embodiment of the TOKEN; Fig. 2 is a block diagram of the control system of an embodiment of the present invention; Fig. 3 describes an alternative embodiment including a clock for timestamp certification.
As an additional example usage scenario, a Web based home banking application is described below. Our example architecture is very simple: a personal computer is connected to a Web server through the Internet. The Web server is running a Web application. We assume that the Web server is a trusted environment, while the personal computer is untrusted and could be entirely controlled by a malicious third party.
1. The customer of the bank is provided with the TOKEN. It is critical that the token is unambiguously associated with the user. Several solutions exist to associate an authentication token to his user, as described in [PKI].
The same applies to the TOKEN.
2. The customer connects to the bank's Web site using the personal computer.
3. The user authenticates with the bank Web site using the TOKEN. The TOKEN takes part in a SSL/TLS handshake with bank's Web server, using a private key stored in its memory (2).
4. After a successful authentication, the bank's Web site allows the user to perform read-only operations, like for
example reading the account summary.
5. A Web page is provided for wire transfers. The user enters the transaction details in a Web form (e.g. the beneficiary account number, the transaction amount, the beneficiary postal address, etc) 6. The user is then redirected on a transaction confirmation page including a custom ActiveX control responsible for the interaction with the TOKEN. The custom ActiveX control is a piece of software downloaded from the Web server and running on the client personal computer.
7. The Web application generates a short summary of the transaction being requested by the user. The summary must include: the beneficiary account number, the transaction amount and a randomly generated transaction ID to prevent reply attacks.
B. The transaction summary is sent to the TOKEN as an input message, through the abovementioned interface (5) . The ActiveX control works as an intermediary between the software running on the Web server and the TOKEN.
9. The transaction summary is shown on TOKEN's display (4) or presented through TOKEN's audio generating device (4).
10. The user puts his/her finger on the TOKEN's fingerprint reader (3). If user's fingerprint matches the biometric template stored in TOKEN's memory (2), the input message is signed and the signed message is sent back to the ActiveX control. As an alternative usage scenario, the user could approve the message shown in TOKEN's display (4) simply by pushing TOKEN's button (3) 11. The ActiveX control sends the signed message to the Web server wrapped in a I-ITTP POST request.
12. The Web server verifies that the signed message is valid and it was generated by the TOKEN associated with the legitimate user. Otherwise the transaction is cancelled.
References [SY] Symantec report on Trojan.Silentbanker is available at the JRL below: http://www.symantec.com/security response/writeup.jsp?docid=2007 -121718-1009-99 [BS] Bruce Schneier, "Two-Factor Authentication: Too Little, Too Late", Communications of the ACM, Volume n. 48, Issue n. 4, Page n. 136, published by ACM (New York, NY, USA) in April 2005 [PKI] The Internet Society, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 3647)", November 2003, available at URL: http: //www.ietf.org/rfc/rfc3647.txt
GB0918073A 2009-10-15 2009-10-15 Transaction Verification Token Withdrawn GB2475033A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0918073A GB2475033A (en) 2009-10-15 2009-10-15 Transaction Verification Token

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0918073A GB2475033A (en) 2009-10-15 2009-10-15 Transaction Verification Token

Publications (2)

Publication Number Publication Date
GB0918073D0 GB0918073D0 (en) 2009-12-02
GB2475033A true GB2475033A (en) 2011-05-11

Family

ID=41462391

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0918073A Withdrawn GB2475033A (en) 2009-10-15 2009-10-15 Transaction Verification Token

Country Status (1)

Country Link
GB (1) GB2475033A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106991800A (en) * 2017-03-28 2017-07-28 北京小米移动软件有限公司 Power information harvester and system
EP3699790A1 (en) * 2019-02-19 2020-08-26 Nxp B.V. Method for enabling a biometric template

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002091669A1 (en) * 2001-05-04 2002-11-14 Telefonaktiebolaget Lm Ericsson (Publ) Device for digitally signing electronic documents
EP1773018A1 (en) * 2005-10-05 2007-04-11 Privasphere AG Method and devices for user authentication
US20070150419A1 (en) * 2005-12-23 2007-06-28 Douglas Kozlay Internet transaction authentication apparatus, method, & system for improving security of internet transactions
US20070192601A1 (en) * 2005-08-03 2007-08-16 Spain John D System and method for user identification and authentication
US20090199006A1 (en) * 2008-02-01 2009-08-06 Maik Stohn Method and Device for Secure Mobile Electronic Signature

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002091669A1 (en) * 2001-05-04 2002-11-14 Telefonaktiebolaget Lm Ericsson (Publ) Device for digitally signing electronic documents
US20070192601A1 (en) * 2005-08-03 2007-08-16 Spain John D System and method for user identification and authentication
EP1773018A1 (en) * 2005-10-05 2007-04-11 Privasphere AG Method and devices for user authentication
US20070150419A1 (en) * 2005-12-23 2007-06-28 Douglas Kozlay Internet transaction authentication apparatus, method, & system for improving security of internet transactions
US20090199006A1 (en) * 2008-02-01 2009-08-06 Maik Stohn Method and Device for Secure Mobile Electronic Signature

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106991800A (en) * 2017-03-28 2017-07-28 北京小米移动软件有限公司 Power information harvester and system
EP3699790A1 (en) * 2019-02-19 2020-08-26 Nxp B.V. Method for enabling a biometric template
US11321437B2 (en) 2019-02-19 2022-05-03 Nxp B.V. Method for enabling a biometric template

Also Published As

Publication number Publication date
GB0918073D0 (en) 2009-12-02

Similar Documents

Publication Publication Date Title
ES2887258T3 (en) Procedure for performing two-factor authentication
JP6703151B2 (en) Authentication device with bluetooth interface
EP3175578B1 (en) System and method for establishing trust using secure transmission protocols
CN106575416B (en) System and method for authenticating a client to a device
US10075437B1 (en) Secure authentication of a user of a device during a session with a connected server
EP3138265B1 (en) Enhanced security for registration of authentication devices
US20180144114A1 (en) Securing Blockchain Transactions Against Cyberattacks
US8112787B2 (en) System and method for securing a credential via user and server verification
CN101421968B (en) Authentication system for networked computer applications
US9117324B2 (en) System and method for binding a smartcard and a smartcard reader
US8943311B2 (en) System and methods for online authentication
TW200402224A (en) Biometric private key infrastructure
TW200818838A (en) Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords
Gupta et al. A new framework for credit card transactions involving mutual authentication between cardholder and merchant
KR20110081104A (en) Secure transaction systems and methods
GB2434724A (en) Secure transactions using authentication tokens based on a device "fingerprint" derived from its physical parameters
CN113711560A (en) System and method for efficient challenge-response verification
CN114830092A (en) System and method for protecting against malicious program code injection
JP2003338816A (en) Service providing system for verifying personal information
EP2602735B1 (en) Secure authentication
GB2475033A (en) Transaction Verification Token
US20220407693A1 (en) Method and device for secure communication
EP2251812A1 (en) Transaction verification USB token
WO2011060739A1 (en) Security system and method
Nali et al. CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud (Extended Version)

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)