LU91488A1 - Multifactor Authentication - Google Patents

Multifactor Authentication Download PDF

Info

Publication number
LU91488A1
LU91488A1 LU91488A LU91488A LU91488A1 LU 91488 A1 LU91488 A1 LU 91488A1 LU 91488 A LU91488 A LU 91488A LU 91488 A LU91488 A LU 91488A LU 91488 A1 LU91488 A1 LU 91488A1
Authority
LU
Luxembourg
Prior art keywords
information
mobile device
location
token
transaction
Prior art date
Application number
LU91488A
Inventor
Robert Carter
Original Assignee
Robert Carter
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Carter filed Critical Robert Carter
Priority to LU91488 priority Critical
Priority to LU91488A priority patent/LU91488A1/en
Publication of LU91488A1 publication Critical patent/LU91488A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • H04W12/0602Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/023Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Description

MULTIFACTOR AUTHEN1CAT10N

This invention relates to apparatus, methods and systems for verifying the authenticity of an action, and in particular to apparatus, methods and systems for providing multifactor authentication for transaction processing systems such as those involved in debit or credit card payments.

Current card payment schemes using credit, debit and bank cards but also corporate ID and loyalty cards all use so-called single factor authentication (or not even that). Also the majority of current physical and virtual access systems use this basic form of authentication. An example of a single factor authentication system is the past use of a user’s signature in order to prove their identity and entitlement to use a card. Another example is the current “Chip and PIN" system used in the UK, where a user must enter a Personal Identification Number (PIN) to confirm their authenticity.

Recent studies conducted by Gartner Research estimated that single factor systems amount to some 94% of all systems, including the authentication related to card systems. Security experts are of the opinion that this is notoriously insecure and is the reason why payment schemes continue to be defrauded.

The card system as it actually functions is already some 30 years old and has not changed much over time. The single factor authentication method used may have been considered as sufficient in earlier days but now security requirements are much higher.

The card holds details that are included in the card’s magnetic stripe or on the microchip of more modern cards. This data is stored using some protection mechanism like encryption and in systems such as Automated Teller Machines (ATMs) the card can be used when the associated Personal Identification Number (PIN) is provided in conjunction with the card to authorise the use.

In order to pay for a good or service when the user is physically present, the user of a card inserts it (or it is inserted by the retailer or other person accepting payment, or it may be swiped) into a Point Of Sale terminal (POS terminal). This terminal connects to the card system in order to inform the system of the details of the transaction, e.g. cost. Before the transaction can proceed, the transaction must be authorised by e.g. entering a correct PIN into the POS terminal or the retailer (or otherwise) verifying that the signature provided matches that on the card.

After this authorisation, other checks are performed by the card system, such as the status of the card (still valid, not stolen, no known issues) and the user (creditworthiness, actual credit standing, outstanding issues).

After these checks are performed by the central payment system the card can be used usually up to a certain credit ceiling per period, depending on the user’s standing and the agreement with the issuing bank.

From the commercial and the acceptance point of view, the system is a great success and nearly everywhere in the world cards are used to pay for goods and services. From the security point of view the card system is prone to abuse and fraud.

From the introduction of these cards the PIN - a four digits numerical code - has typically been attributed to each individual card and used as a single factor authentication means. Even at their introduction, these four digit PINs were already not such a good example of how security should be implemented, and certainly as of today this measure cannot be considered as a safe means to protect the card against abuse.

Making this authentication measure even more useless and obsolete is the fact that PINs normally do not change during the life or validity of the card and often the same PIN continues to be valid for subsequently issued cards. Comparing the method of authentication for such systems, which manage huge sums of money, with user id and password authentication of simple email systems where money is not involved at all, it is clear that the security for such systems is far inferior.

A security feature that is part of the credit card system and which was the main authentication used in the past, before electronic systems made them de facto obsolete is the signature of the cardholder. In the past a cardholder needed to sign the card in the presence of issuing banks’ personnel before the card was formally handed over to the cardholder. This procedure assured that the signature on the card was that of the person supposed to be signing the card and in addition, as a bank customer the identity of the person was implicitly checked.

Nowadays this procedure does not take place anymore and signatures on the card have lost any value as cards are sent out to the customer’s address without any serious “prior signature” security checks whatsoever. Signatures do not need to be forged anymore to appear falsely on the card. Some card issuing companies require that a call is placed by the recipient of the card (usually and hopefully the cardholder) to the card issuer to confirm that the card has been received and can be activated, but still no check can be made by the issuing party if the signature on the card is the proper one.

Despite the problems associated with on-card signatures, the scheme remains an acceptable standard in e.g. Australia where customers can choose when purchasing at merchants between authentication by PIN or by signature. Single-factor authentication will continue to exist and in this case the customer further has the option between different "keys”, evidently this will increase the risks of fraud.

In some cases where PIN Codes cannot be verified, such as with internet based payments, another code (like the Credit Verification Value (CW or CW2) Code, a 3 or 4 digit code printed on the card) needs to be conveyed. Viewed from a security point of view this is a totally inadequate verification methodology.

In the past, great effort has been put into better protecting electronic payment schemes in general and card systems in particular. Despite these elaborate efforts, a constant rise in fraud and abuse can be noted. One of the main reasons may be in fact that the technology used to produce these cards has not advanced much and not as fast as code breaking and hacking technologies have advanced over time.

Cards with a magnetic stripe were enhanced with security features ranging from the additional Credit Verification Value/Card Validation Code (CW) codes on the card, a photograph of the credit card holder printed on the backside of the card to cards that included a microchip or other security features.

However none of these card enhancements have led to a significant improvement in the level of security that protects the card, partly due to the fact that the low acceptance rate of the cards meant that improved security measures needed to be switched off (a good example is the microchip before the development of e.g. “Chip and Pin" in the UK).

Even worse, the development of electronics in terms of capabilities and costs resulted in a situation that hacker equipment is easily available at prices that are easily affordable. These devices can read and copy the contents of a credit card and, together with free software available on the internet, have resulted in dramatically lowering the technical threshold to skimming credit and similar cards.

Nowadays, online payment transactions, where no physical presence at the moment of the transaction is required, are becoming more common and so-called face-to-face transactions are representing an ever smaller proportion of overall payment transactions. In the USA, these transactions are referred to as MOTO (Mail Order Telephone Order) transactions or generically CND (Card Not Present) transactions. From a security point of view, this situation requires that the card and its holder are obliged to provide additional authentication information to the merchant and the clearing house. Nowadays, in most cases, an internet gateway and card processing agent is involved. The inherent weaknesses of such methods lacking the physical means to conduct further checks remains a great problem to credit card companies.

A new development in the field of card payments and financial transactions is the Single EURO Payment Area, SEPA. SEPA is a unified payment area within the EU-27 zone plus 4 other European countries where the Euro will be regarded as the domestic currency for payments within that area. The Euro Banking Association through the European Payment Council with the European Central Bank and the European Commission are setting rules and standards to facilitate and speed up the processes and procedures of inter-SEPA area Euro payments. Also the legal context of financial transactions, which sometimes differs in its principles and its applications, will be aligned between the SEPA countries.

The main issue tackled by SEPA is to facilitate the handling of cross border (but intra-SEPA) EURO payments (including credit card payments and direct debits) as if they were domestic payments. Despite the fact that security has been one of the main topics amongst many other issues at stake, it has never been regarded as a core requirement of SEPA. Therefore after starting the full introduction of SEPA within the 31 SEPA countries, expected to take place in 2010, the security concerns present in current financial transactions will still apply.

Recently it has even been argued by the British Retail Association that SEPA would even increase the risks of fraud and abuse due to the fact that SEPA cross border automated procedures will allow criminals to gain access to cards and bank accounts from those SEPA countries which do not have sophisticated anti-fraud mechanisms in place or do not provide the legal context to effectively combat criminal activities in this area.

As such, there is a need for a new way to authenticate transactions, and in particular card transactions, to ameliorate the problems encountered today with fraud and the various other card-related crimes.

According to a first aspect of the invention, there is provided a method for use in authenticating transactions comprising receiving a request from a terminal to authenticate a transaction; receiving information from the terminal identifying a token that is being used to initiate the transaction; identifying a mobile device that is associated with the token; determining the location of the mobile device; comparing the location of the mobile device with the location of the terminal; and authenticating the transaction if the location of the mobile device is within a predetermined area relative to the location of the remote terminal.

According to a second aspect of the invention, there is provided a method for multi-factor transaction authentication comprising determining token identifying details for a token that is to be used to initiate the transaction; obtaining an authentication key; identifying a mobile device that is associated with the token; determining the location of the mobile device; and authenticating the transaction if the location of the mobile device is within a predetermined area relative to the location of the transaction and the authentication key is successfully validated with the token identifying details.

The result of the application of these methods is a secure transaction authentication system, that checks for not just a first authentication factor of using a token and associated authentication key, but also the proximity of a separate device, making the system substantially harder to trick into authenticating an invalid transaction. This renders cloned tokens are essentially useless, without the proximity of the registered token holder.

Preferably, the method further comprises an initial step of receiving a signal from a mobile device identifying a token to be enabled for transactions; validating the identity of the mobile device using a unique identifier received from the mobile device; and recording that said token has been enabled for transactions wherein said authenticating includes determining if said token has been enabled for transactions. This introduces a further securing step that can be used to prevent the token being used to initiate unauthorised transactions when, for example, the location of the mobile device is undeterminable.

Preferably, the location of the mobile device is determined using information received from the mobile device, the information being received by the mobile device from a Global Navigation Satellite System (GNSS). This provides a highly accurate fix on the location of the mobile device.

The identity of the mobile device may be verified by receiving from the mobile device a unique identifier, the unique identifier comprising a code derived from information relating to the mobile device hardware and information received from a GNSS. This unique identifier is therefore secure, and difficult to fake.

According to a third aspect of the invention there is provided a method for use in authenticating a transaction comprising determining token identifying details for a token that is to be used in the transaction; obtaining an authentication key; validating the authentication key with the token identifying details; transmitting information associated with the location of the transaction and the token identifying details to a remote security apparatus; and receiving authorisation information to determine if the transaction can be processed.

This method therefore provides location information relating to a transaction that can be compared with the location of a mobile device in order to determine whether to authenticate a transaction.

Preferably, the information associated with the location of the transaction is derived from information received from a GNSS. As above, this results in a highly accurate fix on the location of the transaction.

Optionally, the information received from the GNSS is unprocessed GNSS constellation and timing information. This means that the transmitted signal that is used to determine the location is significantly more complicated, and is much more difficult to fake than a signal containing processed location data e.g. a grid reference.

Advantageously, the token is a bank card. This means that the methods can be used to provide a further authentication factor for credit and debit card transactions, as well as transactions at ATMs and even the “transaction" of initiating a bank transfer.

According to a fourth aspect of the invention, there is provided transaction authentication apparatus comprising terminal communication means for communicating with a remote terminal, adapted to receive information identifying a token being used to initiate a transaction; identifying means for identifying a mobile device associated with said token; determining means for determining the location of said mobile device; and comparing means for comparing the location of said mobile device with the location of said remote terminal.

According to a fifth aspect of the invention, there is provided an apparatus for use in multifactor transaction authentication comprising token reading means; authentication key input means; validating means for validating an authentication key with token identifying information; identifying means for identifying a mobile device associated with said token; determining means for determining the location of said mobile device; and comparing means for comparing the location of said mobile device with the location of said remote terminal.

These apparatus can be used in a highly secure, multi-factor authentication system that compares not just traditional single factor authentication keys, such as a PIN or signature, but also checks and compares the location of a separate mobile device, that means the system cannot be tricked by stolen or cloned tokens when used without the presence of the registered token holder.

Preferably, the apparatus further comprises storage means for recording receipt of a signal indicating that a token is enabled for transactions. The storage means provide for a further layer of security in which a token must first be enabled for transactions before it can be used, meaning that even in the event of the theft of the mobile device and token the system is not necessarily compromised.

Preferably, the apparatus comprises mobile device communication means for receiving GNSS information from the mobile device for determining the location of said mobile device. The apparatus can therefore communicate easily with the mobile device, and receive highly accurate location information from it in the medium of GNSS information.

Optionally, the identifying means may be adapted to identify the mobile device by receiving from the mobile device a unique identifier code comprising a code derived from information relating to the mobile device hardware and GNSS information. Such an identifier code is therefore a complicated unique code, and difficult to hoax.

According to a sixth aspect of the invention there is provided terminal apparatus for use in authenticating a transaction comprising token reading means for obtaining token identifying information; authentication key input means for receiving an authentication key; validating means for validating the authentication key with the token identifying information; communication means for transmitting information associated with the location of the terminal apparatus and the token identifying information to a remote security apparatus, and further adapted for receiving token authentication information; and authentication means for authenticating said transaction according to said token authentication information and the output from said validity means.

Such terminal apparatus can communicate location information to a remote security apparatus for comparison with other information, such as that relating to the location of a mobile device.

Preferably, the information associated with the location of the terminal apparatus is derived from GNSS information received by the terminal apparatus. This provides an accurate indication of the location of the apparatus.

Optionally, the GNSS information may be unprocessed GNSS constellation and timing information. This means that the location information is significantly more complicated, and is much more difficult to fake than processed location data e.g. a grid reference.

According to a seventh aspect of the invention, there is provided a method for use in authenticating a transaction comprising obtaining an instruction for a mobile device to enter a transaction enabled mode; and transmitting to a remote security apparatus mobile device location information and a unique identifier code.

Following this method, a mobile device can be enabled in order to use it in conjunction with the aspects described elsewhere, providing an extra source of authentication information.

Preferably, the method further includes obtaining token information for specifying a token to be enabled for transactions; transmitting token identification information relating to the specified token; receiving confirmation that the token is enabled for transactions; and indicating that the specified token is enabled for transactions. As such a user of this method is able to selectively enable one of a selection of tokens and receive confirmation that the token is enabled.

Preferably, the method further comprises receiving GNSS information for providing the location information that is transmitted. This GNSS information can be used to accurately determine location information.

Optionally, the unique identifier code comprises a code derived from information relating to the mobile device hardware and GNSS information. This code is a complicated code that is difficult to fake, and helps ensure that the code is unique.

Optionally, the GNSS information used may be unprocessed GNSS constellation and timing information. This information is substantially more complicated than processed location information, and consequently more difficult to fake. This information is further less susceptible to “replay" attacks as GNSS constellation and timing information is constantly changing.

According to an eighth aspect of the invention there is provided a mobile device for use in authenticating a transaction comprising an interface for receiving instructions from a user and displaying information; means for selectively switching said mobile device to a transaction enabled mode; location determining means for determining location information relating to the location of the mobile apparatus; a unique identifier code for identifying the apparatus; and communication means for transmitting the location information and unique identifier code when in said transaction enabled mode.

Said mobile device can be used to provide location information to the other aspects of the invention in the selectively switchable transaction enabled mode.

Preferably, the location determining means comprises GNSS receiving means for obtaining GNSS information. This GNSS receiving means can be used to provide a highly accurate location fix on the mobile device.

Optionally, the unique identifier code comprises a code derived from information relating to the mobile device hardware and GNSS information. Such a unique identifier code is complicated and difficult to fake.

Optionally, the GNSS information used is unprocessed GNSS constellation and timing information. This means that the location information is significantly more complicated, and is much more difficult to fake than processed location data e.g. a grid reference.

This invention provides a secure and easy way to use multi-factor authentication methodology, and can be used in conjunction with a single-factor authentication methodology to provide an extra layer of security. The invention is particularly suitable for use in the financial services market, especially for protecting current (card based) electronic payment schemes. The invention can be used in a card payment environment enabling the safe execution of payments, of mobile transfers or cash withdrawals or any similar financial transaction with any credit, bank card or similar instrument using electronic means and the current infrastructure.

The invention offers smart and secure protection mechanisms to avoid the abuse and the compromising of the payment scheme, as is presently the case with only single factor authentication.

If current systems were enabled with this multi-factor authentication method, high value financial transactions could be more securely executed, and if needed larger sums of cash could be withdrawn from standard Automatic Teller Machines (ATMs) while credit cards could be used without ceiling or limitations as long as these are backed by a sufficiently high credit standing and creditworthiness of the person involved. Furthermore no supplementary cards, mini calculators, dongles or other devices will need to be used, apart from a cellular phone or similar mobile device with wireless communication (such as a PDA with GSM/UMTS [Universal Mobile Telecommunications System, also known as 3G] capabilities), herein also referred to as an MS, mobile device or mobile component.

The invention introduces a second level of high grade authentication using a device that is already used by the overwhelming majority population over 12, in the industrialised world. A standard cellular phone (referred to as MS) with a built-in or connected GPS or equivalent receiver (or other location determining capability) and the appropriate software can be used. No significant hardware modifications to the MS are needed. The invention can also be adopted from this base for other purposes where multifactor authentication is needed.

The invention will now be described, by way of example, with reference to the drawings in which:

Figure 1 is a schematic diagram of the card system according to the present invention; and Figure 2 is a schematic representation of the DNA generation of the present invention.

The embodiments described depict the use of the invention in enhancing the security of credit and debit card transactions. However, the principles described may readily be adapted for use in almost any other transaction/interaction where authentication is required. Specific examples are listed of some of the potential applications of the invention.

It will be obvious to the skilled man that the various features described herein may be further combined or adapted for combined use in order to improve or provide alternatives to the specific embodiments described herein.

General Summary

As previously discussed, credit and debit card transactions are currently carried out using single factor authentication - either the entering of a user’s PIN (as used at ATMs worldwide and in the UK at the Point Of Sale (POS)) or providing of a signature (as used to be the case in the UK, and can still be the case in Australia).

In this embodiment, a second authentication factor can be used, in conjunction with current authentication methods, in order to provide a highly secure payment system that is difficult to defraud. To avoid confusion, the current card transaction processing system will be referred to herein as a “card system", and the system introduced by the invention in this embodiment as a “security system”. Additionally, credit cards, debit cards, cash cards and the like may be referred to as "bank cards”.

Reference is now made to figure 1. In this embodiment, a user of the security system has a mobile phone or MS 1 in addition to their bank card 2 and usual method of authentication, e.g. PIN 3. The MS device incorporates a unique identifier herein referred to as the ‘MS DNA’ or simply ‘DNA. The DNA is unique to a particular phone. This DNA serves to establish a unique relationship between a MS 1 and a card 2. There may be more than one card associated with a particular MS, for example in the case where a user has a credit and a debit card. The DNA is created by a sequencing procedure that uses, amongst other data, Global Navigation Satellite System (GNSS) signals 5. The GNSS 6 may be the current

Global Positioning System (GPS) system as implemented by the US, or other systems such as the European Galileo System. Furthermore, any future in-space or terrestrial locating system may be used in place of GNSS. The MS 1, by having a DNA such as this enables it to be used as a security token in authentication transactions, in a manner that will be described below.

The purpose of this uniquely identifiable MS 1 (via the DNA) is to enable a two-factor authentication system, exchanging session tokens between the MS and a central component, server 7 of the security system that opens a time and location transaction window in which trusted payments and transaction requests can be initiated and "passed on" to the present existing card system 8 via a communications gateway 9. In this embodiment, the security system provides an additional security check for the card system.

It is possible that in other embodiments of the invention, the security system 7 may be integrated into the card system 8, so that there are not separate servers for each. Of course, in such an embodiment, the security system 7 would probably be limited to operating to authenticate financial transactions, and would not be capable of the more diverse applications listed below. Furthermore, it is possible to envision a scenario where the card system 8 may override an indication from the security system not to proceed with a transaction, for instance in the case where a user’s mobile device is out of battery charge or in case the mobile device is otherwise out of order, and an urgent transaction needs to be made, although procedures would need to be in place to ensure that this did not provide a significant security flaw in the system.

In another embodiment, security system 7 may in fact completely isolate card system 8 and only “pass on’1 transaction requests when their authenticity has been verified by the security system. In such a case, the security system 7 would communicate with MS 1 via wireless link 10 as before. The security system 7 would however communicate with the boundary terminals 11 via communications network 22. Upon performing the checks relating to the location of the MS with respect to the location of the boundary terminal, the security network can permit access to the “back end” or central components of the card system 8. It can either forward information from the boundary terminal via communications link 9 or a communications link 12 may be established directly between the boundary terminal 11 and the card system 8. The decision to permit access to the “back end” 8 may be made, in its simplest form, as a simple yes or no. In this embodiment, the security system is acting as a “shield” or “gatekeeper” with respect to the card system, allowing the card system to run its normal payment processes but with the security system providing additional confirmation of the authenticity of the requested transaction. In effect, the security system 7 may prevent authorisation requests from a boundary terminal 11 ever reaching the card system 8, when the location verification fails.

In this “shield” embodiment, in order to process a transaction the boundary terminal 11 may first initiate a communications link 22 with security system 7. On processing the request and determining its authenticity, security system 7 may then pass on the information to card system 8. Card system 8, on performing its own checks, may then initiate a communications link 12 with the boundary terminal 11 to confirm that the transaction can go ahead.

Within the two-factor system of the invention, once a transaction window is opened the user can initiate safely a financial transaction. When a transaction window is initiated, firstly the security system effectively switches the bank or credit card from being locked to unlocked, i.e. from a payment-disabled mode to a temporary payment-enabled mode. Secondly, the security system will execute a series of plausibility checks regarding the current position of the MS, and hence the user, in relation to the card or place of use of the card and it continues to perform certain checks during the period the transaction window is open.

This position related checks are referred to herein as Perimeter Compliance Tests to continue to provide proof to the system that the MS continues to be in the vicinity (= perimeter) of the place where the card is used. The vicinity may be defined in different ways. It may for example simply be that the locations must be within a certain distance of each other or that one location is within an area defined relative to the other location. Other definitions of vicinity may be used according to the specific application.

On the broadest level, the security system 7 interfaces with or relates to the card system on two levels. On a first level, the MS 1 is associated with one or more cards, using the DNA to uniquely identify the MS. On a second level, the server or servers of the security system 7 interface with the servers of the card system 8 - which may be the issuing bank, a clearing house or a payment/settlement agent

The central server of the security system 7 interfaces with the MS 1 via a standard wireless communications link 10 provided by a mobile operator, although it is possible to envision a system with a dedicated and separate communications network e.g. over two way satellite communication links using as an example S-Band frequencies. Assuming a card 2 is ready to be used in a transaction, i.e. is in the payment-enabled mode (mentioned above and described in detail later), when a card transaction is initiated, the terminal requests authorisation from the card system server 8 over the network 12. The server of the card system 8 communicates with the security system server 7 when authorising a transaction on the card. The security server 7 checks the location of the MS 1 associated with the card 2 to be authorised, and if it is within a predetermined distance of the terminal 11, from which the authorisation is being sought, it returns an authorisation to the card server to propose to permit the transaction to take place.

The payment request from the terminal may then be authorised by the card system (or not) based upon other checks and verifications on - as an example - the credit standing of the cardholder, as is already the case in current transaction authorisation and approval procedures applied by such systems.

Different procedural steps exist depending on the type of card transaction the user would like to execute.

In the case of a credit card payment the procedure is as follows: 1) The user (card holder) uses his mobile device MS 1 to send to the security system 7 a request via a wireless network 10, indicating that he intends to use a specific credit card 2 to make payments. This is done using an application on the MS 1 that may be integral to the MS, or may have to be selectively started. The user then enters a code or other identifier into the MS that identifies and possibly verifies the card the user wants to use. This may be a non security critical and thus short code used only to identify the card, for instance where the user has more than one payment card known to the system.

There may alternatively be a more secure code that has to be entered in order to check the identity of the user, although this functionality may be replaced to some extent by the requirement to enter a PIN into most MS devices on switching them on. After authentication by the security server 7 using the unique DNA code of the MS, a session (transaction time) window is opened. This information (that the window is open) may be stored on the security system server 7, or alternatively relayed at once to the server of the card system 8. The user may receive some kind of notification that the card is now in payment enabled mode. This process may also allow the user to set an expiry time or conditions on the transaction window, or this may be automatic. Now a check is performed to define the precise location and the area or perimeter the user is currently in.

2) After security system checks are satisfactorily performed, which comprises inter alia a coded handshake and encrypted exchange of keys, a transaction window is opened for a certain time within the security system (and shown on the MS) and a payment session starts, enabling the card for payments. The user is now given the opportunity to request that his intended purchases will be charged against the card, which is currently enabled, in the usual way.

3) When the user decides to request a charge against the card, the merchant will follow the payment procedures he is used to following, without any change and in fact may not be aware at all that this card has additional associated security features. The usual authentication process, be it via the user entering a PIN or the merchant confirming a matched signature will be followed. This involves inserting or introducing the card 2 to a POS terminal or boundary terminal 11 of the card system. The user then enters their PIN and an authorisation request is sent to the card system 8. The response time of the card system will not be longer than is the case with current card systems regarding the return authorisation feedback from the card system.

4) The usual card verifications will be performed by the card system including the checks on the associated PIN (the normal authentication factor 3), the card details such as the validity or eventual customer related issues, creditworthiness etc. At the same time the security system 7 continues to monitor the location of the MS, whilst the transaction window is open and thus the card is enabled, and performs a series of plausibility checks. Amongst other things, the proximity between the use of the card at the terminal 11 and the location of the MS is checked. The security system is able to inform the card system of the results of the checks, allowing a transaction to be terminated in the case that the MS moves outside of the acceptable vicinity.

5) The check to determine if the boundary terminal and the MS are in each other’s vicinity can be performed as follows. On the basis of information about where the merchant1 s shop is located (e.g. on the basis of a Cartesian representation of the physical address) a calculation is made of the difference between that location and the actual MS’s location. The difference may not exceed a certain predetermined threshold. Alternatively, as may be the case when more accurate GNSS locating techniques become available e.g. through EGNOS, the check may be based on whether the MS is in a predetermined area based on the shop layout, size etc ensuring that in cases when e.g. the terminal used is near a wall the permitted area does not extend to outside the shop.

6) A further possibility is to obtain the IP (Internet Protocol) address of the subscriber of the telecom connection 12 to which the POS terminal 11 is attached. There are basically two sorts of IP addresses, the dynamic IP address which belongs to an Internet Service Provider (ISP) who typically attribute these addresses randomly to its customers, usually the moment they switch on. The second type of IP address is the static one, an address which is uniquely attributed by the ISP to one of its customers. In this latter case, a direct relationship can be established between the static IP address and the merchant who is the subscriber to the IP network services, allowing an alternative methodology of determining the location of the terminal 11 and whether that is acceptable relative to the location of the MS to enable payment.

7) Assuming no relevant inconsistencies were found by the security system and all the pre-authentication and pre-validation checks were found in consistent, reliable and order, the card system operators (the clearing house and the issuing bank) 8 may decide at their own discretion - also on the basis of their own checks and verifications - whether the card may be debited with the amount of money requested in the transaction. If this is the case the retailer receives the “OK” for the transaction and the transaction may be completed.

8) The customer may decide to continue to shop and leave the transaction window open. Alternatively the customer may decide to close the transaction window using the mobile terminal 1 and the mode of the card will be set to disabled again.

The above scheme is the generic procedure which can be adapted based on the standard card payment procedures actually in force. For example, some countries currently deviate from the above e.g. by not requiring a PIN Code in case the purchase does not exceed a token amount.

It will be appreciated that the verification of the location can be implemented without modifying existing boundary terminals and even without the knowledge of merchants. The verification of the location can be implemented by simple modification of the card system servers 8 by carrying out an additional check either based on location information previously provided or obtained on demand. Thus existing systems can be easily modified by adding the additional functionality to the one or few card servers 8 and by utilising a card holders existing mobile handset.

In addition, the security system described above may be further modified by the incorporation of the following features:

Feature 1 : In between the steps 3 and 4, as mentioned above, a further security measure may be incorporated in the security system. Instead of fully relying on the data obtained by the card system from reading the card, the card system requests such data or asks for confirmation of said data from the MS which at that specific moment is a logical and functional part of the same transaction, i.e. payment validation process. Different variations are possible within this enhancement leading to an even more improved security.

The advantages are obvious as the clearing house 8 receives data it obtains from two different sources. On the one hand data is received which is derived from the card which is used in a merchant POS terminal 11, which relies on a wireline network 12 like a DSL connection. On the other hand, it receives (confirmation) data from the MS 1 which is totally independent of the merchant’s connection 12 as it is over a wireless network 10. Any attempt by a 3rd party to defraud the system without access to both the card, its verification details and the mobile device 1 and its verification details, would need to have gained access to two different communication networks, different terminal infrastructures and different overall systems at the same moment in time. Such situation is of course extremely unlikely or even impossible, particularly since GSM/UMTS communications may be (partly) encrypted.

Feature 2: In addition to the enhancement above or independent of it, a further security measure can be incorporated. Referring to step 6 discussed before and in particular to the POS terminal 11 functions in the payment process, an important improvement can be obtained by assigning similar identification characteristics as used within the MS to the POS terminal.

In other words if the POS 11, most likely in a portable version, was to be equipped with or attached to a GPS receiver in the form of e.g. an on-board device, the exact current location of the POS can be established in a way that is more reliable and more precise than the location by referencing IP addresses allows. This is particularly useful where the POS 11 may be portable and so its exact location is not fixed. Furthermore, in order to improve the indoor coverage of the GPS signals, Satellite Based Augmentation System (SBAS) functionality may be added by using the European Geostationary Navigation Overlay Service (EGNOS), the US Wide Area Augmentation System (WAAS) or any similar Differential GPS, DGPS, Assisted GPS, AGPS technologies or any variations of such technologies. Moreover this procedure will enable the security system to relate the actual MS position with the actual current position of the POS terminal and a further vicinity plausibility check is now also possible.

Enabling precise and accurate location based security measures can be reliably achieved using GNSS technology. Other locating technologies do exist, such as using e.g. GSM/UMTS, WiFi and other terrestrial radio based technology. These systems are currently less accurate than GNSS systems and so do not provide the same level of localisation and so lower security. In the future as they improve, such techniques could be used in the security system. In the very near future further accuracy and security related measures can be incorporated into the security system, when EGNOS becomes available. Even so, as a second factor security system, even low accuracy systems can provide additional security to counter fraud that is attempted from distances outside the effective range of such systems.

Furthermore it should be mentioned that currently the only full-coverage GNSS is the US financed GPS system. A 2nd system is currently in a pre-operational state, the Russian GLONASS, while the EU/ESA sponsored Galileo system may become available around 2013. Other countries like India, Japan and China are working on their own systems. Any future enhancement such as enhanced SBAS or new GNSS systems in combination (or not) with terrestrial based systems can be used to further optimise the accuracy and security of systems according to the present invention.

Feature 3: The security system 7 detects if the current combination of time, location and other parameters are in line with the predetermined conditions before it gives an authorisation to the payment scheme that the card can be enabled for payments. Previously it has been mentioned that the card system has its own set of verification methodologies to decide whether the card payment request can be honoured.

This enhancement refers to the possibility by the card user or, in the case the card is a corporate card used by an employee or a card used by a child, by a card administrator, to further increase the security to define in more detail the times and places the card can be used, the global spending limits, the type of usage of the card and so on. These personal settings will usually reduce the available options attributed to the cardholder.

Such an additional layer of security can be achieved when the card owner or card administrator will be given the possibility to create independent database entries which can be read by the security system and/or the card system. Access to this independent database may itself be governed by the security system as a second factor of authentication, and would likely be through a PC and perhaps via an online interface.

The security warranted by the multi-factor authentication, the enhanced authorisation and approval processes of the security system coupled with the traditional security mechanisms of the payment clearing system mean that payments of this kind now become highly secure. The dual security measures will thus reduce or even prevent the losses due to stolen or compromised credit and bank cards.

Of course, it is possible to envision a system that does not require the card to be entered into a payment enabled state - that is, the default for a card is payment enabled. Although such an embodiment would perhaps offer a lower level of security, it would be a very simple and unobtrusive system to be adopted by an end user. In such an arrangement, the card is always in the enabled state but the location verification step is still carried out at each transaction.

In the case of an ATM withdrawal using a credit/debit/cash card the process is similar to that above, with the boundary terminal 11 in this case being the ATM. The summary procedure is as follows: 1) The user sends to the security system a request, through the MS 1 via a wireless network 10, indicating that he intends to use a specific credit card to make a withdrawal. This procedure is virtually identical to the one for making a credit card payment. The user keys in a code into the MS to indicate which card the user wants to use as described above. After authentication with the unique DNA code a session (transaction time) window is opened and withdrawals can now be made. A system check is performed to define the precise location and the area or perimeter the user is currently in.

2) After the system checks were satisfactorily performed which comprises inter alia a coded handshake and encrypted exchange of keys, a transaction window is opened for a certain time within the system (and shown on the MS) and a payment session starts enabling the card for cash withdrawals. The user can now make an ATM request for an unlimited withdrawal if he wishes so.

3) The request that is made through the ATM (while the card is in a payment enabled mode) is processed by the clearing agent 8 and the usual card verifications will be performed by the payment scheme including the checks on the associated PIN, the card’s validity and customer related issues, e.g. creditworthiness etc.

4) At the same time the security system ensures that the ATM location (which is normally stationary and so can therefore be known to the central system) is in the vicinity of the MS. The system continues to monitor the location of the MS during the ATM request. Inter alia the proximity between the user of the card (via the ATM location) and the MS is established.

5) Assuming no relevant inconsistencies were found by the security system and all the pre-authentication and pre-validation checks were found to be consistent, reliable and in order, the card system operators 8 (the clearing house and the issuing bank) may decide at their own discretion - also on the basis of their own checks and verifications - whether the cardholder is “good enough” for the amount he requested. If this is the case, the ATM will pay the amount requested, return the card to the user and close the ATM transaction.

6) Hereafter the security system is notified of the closure of the ATM transaction and may close its payment session accordingly by resetting the card into its default status, i.e. payments are not enabled. This automatic step is of course not necessary if the user wishes to keep the transaction window open, and the closure of the ATM transaction may instead result in, e.g. a query by the MS as to whether to keep the payment window open.

The transaction information provided by the user under the system described above comes from three different sources: 1 ) The first source is the card containing crucial information such as the card number 2) Second is the MS providing the payment enable session and the location data 3) Finally, the cardholder provides the PIN code and the amount he would like to withdraw

The data from source 1 and 3 pass through the ATM and the communication network 12 before it arrives at the processing centre 8 of the clearing agent. In this scenario the ATM is the single component used to pass on the payment data to the system.

An improved security can be obtained when the payment data is split over two independent terminal stations and sent over two independent communication networks instead of one. If such protocol would be feasible without unduly burdening the process a user friendly security feature can be introduced.

Such feature may be integrated into the security system as it is possible to use the MS as the “terminal” that sends PIN Code and withdrawal amount to the clearing agent using another communication network 10 than the one the ATM is connected to. Moreover the security system can send these data in a strong hash encrypted format so that the four digit PIN and the amount is not human readable and only understood by the processing clearing agent.

Such a “dual-terminal” feature may also be useful during normal credit card transactions, allowing a user to e.g. enter their PIN on the MS potentially making it harder for criminals to see what the PIN is, providing a further level of security.

The Security System with reference to the Card System

From the above summary description it is clear that the embodiment is not a stand-alone payment solution but complements current existing card systems, offering high security authentication features. It plays a dual role in providing first of all a mechanism to uniquely identify a device which in an unambiguous way is linked with a set of (personal) assets, i.e. in this case the client’s bank accounts and associated cards, including credit cards.

Secondly the security system provides, executes and monitors a series of rules, procedures and protocols to shield the existing card systems from abuse, fraud and unauthorised access, thereby also functioning as a gatekeeper for the current systems.

Together with the operators of the card systems, databases of card numbers and other details will be kept The security system’s databases however do not need to include any personal or other financial information such as creditworthiness. Per card, and per group of cards e.g. belonging to an identical group of owners, a status code is stored by the security system. Basically 3 levels of card status are maintained: 1. A Black Status indicates that never under any circumstances the “enable payment mode” instruction may be triggered by the security system and optionally that any request to do so will be flagged as a serious threat to signal that further anti-fraud actions are required.

2. The White Status code groups all the card numbers that are now in payment enabled mode and that are being monitored by the security system, including the perimeter compliance control. Different variation levels of white codes may exist.

3. A Grey Status lists all the card numbers that enjoy security system privileges and which do not have any known issues and which are not enabled (as yet) for security reasons. They may migrate to a White Status whenever a session request is made but only if all the required associated conditions are met.

The security system’s main role is as a gatekeeper to existing card systems offering sophisticated innovative features such as surveillance methodologies by using GNSS signalling and timing thereby preventing a priori the fraudulent usage of bank and credit cards.

Card reader hardware and other equipment is installed in shops that is used to read and (pre-)validate card data at the edge or boundary of current card systems. These POS terminals accept the cards and their associated PIN codes (or alternatively confirmation from an operator that the signature supplied matches that on the card). These terminals communicate the information obtained to the operator or card processor of the card system (usually the clearing house), and they await a return message or code that indicates that payment has been verified and considered in order (or not).

This boundary terminal equipment installed at a merchant’s premises is an important component of the current card system. Still the POS terminals are often the main target of hacker and criminal attacks due to the technology applied and the nature of the equipment. A similar remark can be made in respect of the numerous networked ATM terminals installed in nearly every country of the world. The ATM is in fact a combination of a card reader as described above and a cash dispenser.

Currently the card readers’ function of the above terminals are a “soft spot" within the overall security of the payment scheme and series of measures have already been taken to improve the security of notably portable POS terminals. Still they are a vulnerable component not only because in the majority of cases these mobile terminals are connected to a merchant’s base station using weak encrypted (or sometimes not even that) wireless connections. The relay of card numbers with the associated PINs over unsecured connections have already lead to serious problems whereby millions of cards and PINs were illegally recorded by gangs. A growing number of these POS terminals themselves have also been found to be modified such that they record the card details and PIN of any card passing through them, allowing criminals to easily harvest card details by replacing legitimate POS terminals with the modified variants.

Eavesdropping and other* attacks on these networks are becoming a daily threat and at this level also hardware identity issues are a growing problem. Therefore, if not further improved from the security point of view, they may have had their longest time in terms of required system component.

With this in mind, technologies are now under development that will reduce the risks in terms of reading cards and transmitting them over a communications network. These technologies that inter alia address the need that the card must be in direct contact with the reader are focussed to offer methods with contactless technologies such as Radio-Frequency I Dentification (RFID) and Near Field Communication (NFC).

It should be noted that modifying the payment scheme using different but single authentication will not really solve the weaknesses of the present payment scheme and unless a multifactor authentication based on, if possible, independent communication means will be deployed any payment scheme remains vulnerable to this kind of abuse and fraud. The security system will still be able to provide a second, security-increasing authentication factor. Even if such technology like NFC was incorporated into the MS, having a requirement to enter e.g. a further PIN into the MS in order to open a payment window means that theft of the MS and the primary authentication details (e.g. a PIN to be entered into a terminal), the security system is not necessarily compromised.

Current card systems must make use of (usually) wired communication facilities for their system components such as the communication via a standard Public Switched Telephone Network (PSTN) line in combination with a modem device, a dedicated PSTN telephone line with communication capabilities (analogue or digital (Integrated Services Digital Network or ISDN)) or via IP techniques using DSL (Digital Subscriber Line) or similar technologies and eventually supplemented by router and/or switching equipment.

During recent years a shift can be seen in the use of the communications networks that are deployed for POS and ATM terminals as well as for other communication requirements within the card systems. The need for “always-on" connections resulted in the change from traditional PSTN to IP centric solutions and secondly more and more mobile POS terminals are being used.

The traditional card systems, which were well protected in a closed and wireline PSTN environment, are now also facing the threats of IP communications (often using the standard, open internet protocols) and wireless communication links between the terminals and the local base stations.

There is therefore a need for an independent communication channel that relays sensitive data in a secure method to overcome many of the security issues currently being faced by current systems. The security system described here uses such an independent communication channel in the form of GSM/UMTS technology providing for options to request independent confirmation or for relay of data deliberately broken into separate blocks to limit the risks of eavesdropping.

Moreover a further alternative is offered by the security system. Communications between the MS and the central server can also be provided by non-terrestrial communications such as by satellite communications. Space technology companies are introducing a new such technology using the S-band (2.0 to 2.2 GHz) frequency spectrum recently allotted by the EU regulator.

This allows the use of satellite communications instead of GSM/UMTS technologies for the security system. Not only will S-band technology offer downlink capabilities it can even be configured so that return channel features become available making terrestrial communications totally obsolete.

When coupling this technology with other wireless but terrestrial technologies certain weaknesses of the current GPS system in terms of indoor coverage can be improved and the security system would benefit accordingly.

The core system used by the security system to locate and position of the MS and terminal devices is the current GPS satellite system. The use of these so-called GNSS earth orbiting satellites will see an enormous expansion in terms of numbers of space vehicles as well as services in the coming years. Presently they form a highly accurate, reliable and secure base for the provision of these elementary data to the security system.

Still alternative sources exist and the security system will also be able to operate with other terrestrial radio networks if needed. Especially in a hybrid configuration whereby two or more different technologies are used in combination and supplementing each other may prove to offer a good alternative. These technologies that may be useful include the wireless 802.11x IEEE (Institute of Electrical and Electronics Engineers) standard and the 802.16 WiMAX (Worldwide Interoperability for Microwave Access) standard. In the future, other communication and/or ranging techniques such as those using laser of microwave radiation may be practically applied to the present invention.

The details and examples given herein use some way of authentication based on the exchange of encrypted positioning information. Other encrypted information derived from data that has been processed to uniquely identify an object, person or transaction may also be used.

The identity verification may also be performed in combination with other known methods such as biometric verifications methods including fingerprint recognition or retinal or full hand scans, voice or facial recognition systems etc.

Under certain circumstances such as access to high security sub-surface areas where radio networks are not available these known identity verification methods may prove useful in combination with the other security system features thereby allowing the security system to continue to validate the authenticity of a transaction based on these further identifying criteria, rather than necessarily geographical proximity (although the location of the MS upon losing the radio network signal may be useful when a limited time period has lapsed).

It should be underlined that a major advantage of this embodiment is that it will use the current existing card systems and infrastructure without requiring major changes or additions to it and its deployment does not need the complete redesign, overhaul and/or total replacement of the existing credit card or ΑΤΜ/POS systems. The new security system only requires small upgrades to current hardware, software, procedures and systems that can be made within the schedule of planned maintenance.

Areas where these systems may require an upgrade are likely to be at the boundaries of the system, i.e. the terminals as well as at the transaction procedural level. In fact, current systems depend on a global network of heterogeneous ATM or POS terminals which may require some minor upgrades. This can easily be done and can be part of the usual applicable regular maintenance cycle for this equipment. Similar considerations are valid for core components of current systems.

Furthermore as this embodiment is an add-on to the present systems it will remain within the technical boundaries of the present systems and will continue to require the full support of the operators of the current systems (i.e. banks, credit card companies and clearing agents). Therefore it does not compete with present systems.

It is also important is to underline this embodiment’s user friendliness in that it does not require a complex system or involve new and different hardware. The user’s attitude towards the use of their cell phone, their credit card and the boundary devices such as their bank’s ATMs and the merchant’s POS terminal remains substantially the same, with the exception of including an extra step at e.g. the beginning and end of a shopping trip to enable and disable a card, the latter may in any case be invoked by the security system after a certain period has lapsed. In a potential, although less secure, alternative to the present embodiment where the card is in a default enabled state, or enabled in for example certain areas such as the office or a shopping centre, the user need not do anything with their cell phone except carry it with them, which many people do as a matter of course.

The GNSS enabled mobile handset is currently not part of the card systems. Furthermore, the availability of this multipurpose device not exclusively used for payment transactions is an important factor for this invention to be adopted by the public, and its user friendliness. However GNSS enabled mobile handsets are becoming increasingly common, and the announcement of the current market leader Nokia that 40% of their phones that will be sold in 2008 have a GPS receiver inside backs this view.

The different core components of the security system, with reference to figure 1, are as follows: 1) The basis of the security system is a GNSS enabled cell phone 1 or equivalent that contains a (possibly embedded) piece of software and a security protocol making the cell phone absolutely uniquely identifiable by the security system and by authorised other parties such as the payment scheme’s clearing house. The fingerprinting of individual components in the first instance and the subsequent second step of including GNSS time stamping signals and constellations or other locating data to create the so-called DNA signature is extremely powerful and can be used in many different areas. The DNA is preferably extremely very well encrypted and protected. The MS element of the security system allows two-factor authentication without requiring additional security token devices.

2) The existing ATM and credit card terminal infrastructure 11 can be used with only a slight adaptation via some software upgrade. The Clearing and Settlement Agent operating the payment network(s) will have to deploy a few new security measures and certain software will need minimal upgrades to cater for the new layer of security, and the enable/disable functionality of the security system.

3) Some adaptations need to be made to the operations and back-end systems 8 currently in place and operated by the Authorising Bank or Credit Card Company and the Clearing Agent.

The DNA Sequence

The DNA used to identify the MS can be a simple identifier for the MS but can play an important element in the security of the system. The method used for sequencing the unique DNA structure of the cellular phone (or similar device) may use, in part, the GNSS system. In such an embodiment, the device DNA is sequenced or “manufactured” by adding, mixing and injecting different device and radio network connection derived system characteristics. The unique GNSS timing signals in conjunction with their in-orbit constellation forms the basis of this important and unique component.

Of course, in other (less secure) embodiments, the unique identifier or DNA may be based on other information or factors, such as telephone number in the case of a cell phone, and may even not include GNSS information; in which case the GNSS information would be transmitted separately from the DNA. In such a case, the GNSS information may be processed location data, meaning only e.g. a latitude and longitude need to be sent to the security system central component. Equally the GNSS data may be raw unprocessed data which is sent to the security server 7 for processing there.

Reference is made to figure 2. In this embodiment, three ingredients or fingerprints are required to establish the device DNA: 1) Fingerprint code A 13 is based on identification elements of the hardware of the MS such as the equivalent of the IMEI (International Mobile Equipment Identity = the serial number of a cellular phone).

2) Fingerprint Code B 14 is based on similar elements relating to the radio link and, in a GSM/UMTS network, the SIM (Subscriber Identity Module) card which is put into the device such as the IMSI (International Mobile Subscriber Identity = identifier of the SIM) is used.

3) Fingerprint Code C15 is the most advanced fingerprint and is generated on the basis of unique time-stamped GPS system message data that is continuously broadcasted by each individual satellite of the GNSS system (note GNSS is currently equivalent to GPS but this will soon be complemented with other satellite based location systems). This data may be raw constellation and timing data, or in other embodiments may be processed to provide location data or otherwise.

In this particular embodiment, Fingerprint Code C 15 is actually derived from two codes, C1 16 and C2 17. Potential modifications to the invention may use either more of such codes, or even only one. These relate to the constellation arrangement (that is, the in-orbit position of the satellites) and timing data at two separate places and moments in time. C1 in this case is the constellation and timing at a given time, such as on setting up the MS or first registering it with the security system. C2 is preferably measured 45 minutes later or more, and in a different location, as this leads to a suitably separate data point. The main concern in the difference between C1 and C2 is that the satellite constellations are preferably significantly different, and so the location at which they are measured is less important if enough time is left between measurements to change the satellite constellation significantly. Code C1 and C2 will be merged and encrypted 18 into a Code C using, for example, AES encryption whereby the key is derived from parts of certain GNSS messages. These are composed of blocks and certain blocks or parts of these blocks are taken to serve as the encryption key.

Fingerprint Codes A and B are transformed and complemented with random “noise” or “salt” and hashed 19 into a Fingerprint Code D 20. The latter plus Fingerprint Code C are combined and sequenced into the device DNA 21 using encryption techniques which make the MS identity unique and unbreakable (using today’s available techniques).

A different way of looking at the DNA sequence of a MS is its comprising of two fingerprints. The first fingerprint, the SIM/Handset fingerprint 20, relates to the device and the SIM data/codes, and may be a highly secure hashed fingerprint that need only be calculated on initialisation or association with a card. The second fingerprint is the GNSS signal fingerprint 15. In this embodiment, it is described as being the locations of at least four satellites at two different points in time and geographical locations, including the exact times. However, this could be any data or information derived from the GNSS signals, such as a processed location as mentioned above. As this data is variable and less important for identifying the device itself (which is already uniquely identified by the first fingerprint), the encryption and security methods used may be reduced or non-existent for processing efficiency. Of course, the inclusion of fingerprint C improves security, particularly as it is determined by the system based on GNSS information and not based on information originating from another third party (as the serial numbers do).

Furthermore, to simplify the transition process e.g. when a user buys a -new MS and transfers their SIM, it is actually possible to envisage the first fingerprint being simply a SIM fingerprint, that is to say Fingerprint code A 13 would not be used to authenticate the MS. However, this may in itself introduce additional security problems, and would result in a system that could be defrauded if the SIM identifier e.g. IMSI could be cloned onto a copy SIM. Furthermore, the GNSS data would not be included on the SIM and thus fingerprint C would need to be re-created and registered, unless the data was held on a removable data card - which would in itself pose an additional security risk.

In addition to partly using the embedded security features of the GSM/UMTS network (i.e. encryption techniques, partially secure data-links, and a system identifiers and randomiser which is related to the SIM card) use is also made of high security AES (Advanced Encryption Standard) cryptography and state-of-the-art hashing methodologies optionally with VPN-like tunnelling techniques.

The Advanced Encryption Standard (AES) is an industry standard symmetric-key with block cipher algorithm. This standard, which has been approved by the US National Institute of Standards and Technology NIST in 2001, has become worldwide the de facto encryption methodology. AES, which is in fact a sub-set of the Rijndae! algorithm, exists in different variations using different key sizes, 128, 192 or 256 bits long. For all the three different variations a standard block size of 128 bits is used. In this embodiment, the security system uses AES 256 version with the standard 128 bit block size.

Hashing is a kind of one-way encryption acting like a random process and producing one single unique result on the basis of a given input which does not allow the restoration of the original input. As previously mentioned the security system uses different hash functions to strengthen its security and to reduce its dependency on a single function. The hash functions may be used separately and individually or may be cascaded utilising different functions in sequence.

Specifically, in this embodiment, Fingerprints A & B, 13 & 14, are salted with IMSI data and then hashed independently using a first algorithm. These two hashes are then combined and hashed using a second algorithm, resulting in fingerprint D 20. The original information is then discarded, as fingerprint D is what is actually used in the DNA.

Fingerprint C 15 is made from fingerprints C1 and C2,16 and 17. C1 and C2 each comprise 4 complete message streams from 4 GPS satellites (one stream per satellite), preferably comprising 5 messages each. Different numbers of satellites and messages may be used in other embodiments, which may improve the security of the system if more satellites are used. When C1 and C2 are obtained, they are combined by frame (1500 bits of GPS data, which takes 30 s to send) and message before being encrypted using AES to form fingerprint C. Fingerprint C is then hashed in cascade with two algorithms.

As such, it is actually the raw, unprocessed GNSS data that is being used in this embodiment in the identifier. C1 is preferably data derived from a fixed, known location that is used when initialising the DNA, and may be used for identifying the MS. This data will be different if an appreciable period of time expires between any two measurements taken from this location. C2 may be the location of the MS at any particular point in time, and hence be used in locating the MS, or a different fixed location that further identifies the device. If the MS transmits timing data in relation to the raw GNSS data, for example the relative times of arrival of each message, the receiving device can calculate its location from the transmitted data. As mentioned elsewhere, the device DNA could be made using only fingerprint D, with location information (be it unprocessed GNSS data, data processed to provide a location, encrypted or otherwise) being sent separately once the identity of the MS is confirmed. However, the GNSS provides a useful source of identifying data that is difficult to fake. Furthermore, the use in this embodiment of raw GNSS data sent by the MS makes the system more difficult to defraud. In particular, whilst it is easy for a criminal to send a claimed grid reference or latitude/longitude to a remote server to fake the presence of an MS at the location of an attempted fraudulent transaction, it is much more difficult for the criminal to calculate the GNSS data and timing for that location at a given point of time, without actually being there. As such, protection is offered against “replay" attacks, in which a signal that was previously used e.g. to permit a transaction is replayed, in order to have the same effect. Furthermore, as there will normally be more than four satellites “visible" to a receiver at any one time, a predetermined preference for certain satellites may be established, so that anyone wishing to produce GNSS data to defraud the system must also know which of the visible satellites are preferred in order to successfully trick the system.

Before transmitting fingerprint D, it is encrypted using a SIM encryption key. The remote security server or mobile operator (receiver) will also have a similarly encrypted key for authenticating the validity of the ID being provided. Fingerprint C can then be further encrypted using AES with the encrypted fingerprint D being the key. Upon receiving the encrypted fingerprint C, it can use encrypted fingerprint D (which it has compared with its own data) to decrypt fingerprint C. Cryptographic nonces, based on the GNSS data, may be used to relay information between the various components. Furthermore, the receiver may transmit its own record of fingerprint D with which it is validating the MS to the MS in a suitably encrypted format to allow the MS to confirm that it is dealing with a genuine receiver. This form of communication may also be spread to the central server of the card system, and involve transmission of existing or re-calculated fingerprints and encrypted fingerprints between the various components to confirm that they are “in synch”.

Three different hash functions suitable for the security system are listed below; all three are presently not compromised and do not have any known weaknesses: a. RIPEMD-160 b. SHA-512 c. Whirlpool RIPEMD-160 (RACE [Research and development in Advanced Communications technologies in Europe] integrity Primitives Evaluation Message Digest) is a strengthened version of the original RIPEMD developed under the EU’s RIPE programme. RIPEMD-160 has a fixed output of 160 bits and has been adopted by ISO (International Organisation for Standardisation) and the IEC (International Electrotechnical Commission) as an international standard.

The SHA-512 algorithm has been developed by the US NSA (National Security Agency) and adopted by the NIST (National Institute of Standards and Technology) in 2002. It has a fixed output of 512 bits.

Whirlpool as used by the security system is the third and final version of the function initially developed as a contender in the NESSIE (New European Schemes for Signatures, Integrity and Encryption) project. This version has a 512-bit long output and is adopted by the ISO and the IEC as an international standard.

These cryptography and hash methods have not been compromised to date and in view of the fact that they all comply with the highest international (and military) standards the likelihood of compromise is considered more than remote on the basis of the current state of computer technology. Of course, other cryptographic and hashing algorithms may be appropriate depending on their security and ease of use, and may become useful as the technology or field of cryptography progresses.

Furthermore the security system uses more than one hashing method and their underlying calculation principles completely differ from each other. Moreover they are used sometimes individually but also in a cascading manner. Thus even if one of the hashing methods might be compromised in the near future it is extremely unlikely that all three will be compromised at the same moment in time.

Within the security system the unique GNSS timing and positioning technologies play a crucial role on three different distinct levels: A) On the MS level

The MS is a mobile device such as a cellular phone, a Personal Digital Assistant (PDA) or a Personal Navigation Device (PND) with telecommunication capabilities or similar devices together with a QNSS receiver, either integral to the device or connected. After the initialisation and set-up of the MS a device unique DNA is produced which is used by the software on the device, and the central components of the security system, for the core authentication and validation of the MS device. This DNA may be further updated as the QNSS data changes.

The DNA production is a highly secure process where at different times and locations random raw data is obtained for use in the DNA. These raw data are derived from the combination of GNSS timing signals and the satellites' unique once-in-a-lifelime constellations in combination with hardware and communication specific elements.

This means that this embodiment of the security system does not use location data processed by a GNSS receiver as its basis. The raw message data broadcasted by the GNSS system is used, enabling the security system to independently calculate from the MS a more accurate positioning of the reception equipment thereby closing the doors for traditional attacks such as spoofing, man-in-the-middle, replay and similar techniques.

By using the DNA in conjunction with the device the security system will now be able to authenticate the integrity and trustworthiness of the data and its origin and will shield the payment scheme from intrusion by unauthorised parties in addition to the authentication and validation of the MS device as mentioned earlier.

Whenever a Commercial Off-The-Shelf (COTS) MS device with so called EGNOS (European Geostationary Navigation Overlay Service) functionality becomes available the MS device will have even better access to improved accuracy capabilities and this extra feature will enhance the perimeter compliance possibilities of the MS.

The EGNOS and Galileo systems will also enable a new security system feature, integrity compliance, in which the location data derived from the different GNSSs can be compared. This feature complements the perimeter compliance tests and will improve security to yet another level. The MS may optionally include an E112/eCall (the provision of location data on calling 112 in the EU) kind of functionality useful when the device is stolen. This EGNOS functionality will become available to all SBAS (Satellite Based Augmented System) compliant technologies such as the already operational US WAAS.

B) On the system level

The current card system infrastructure will need some upgrades, notably the association of GNSS coordinates with the POS and ATM terminals. This may be a one-time operation for stationary terminals, or alternatively involve integration with some GNSS receiving equipment, for example in the case of mobile terminals. The software (and possibly hardware) may also need to be updated to enable the implementation of the new security features, including the enable/disable status of the credit card and the check of the precise location of the MS at the moment of the transaction requests, the geographical perimeter in which the card and the MS device need to be as well as the integrity compliance which inter alia will be validating the proper source and quality of the GNSS signals.

Naturally the usual payment procedures and rules currently in place and applied by the banks and clearing agents must be adhered to as well before the bank customer will be in a position to properly execute a payment or a withdrawal.

Reference has already been made to upgrading the terminal devices in the form of (portable) POS terminals and the ATM equipment with GPS and eventually SBAS functionality. By equipping these terminals with GNSS receiver equipment card readers which now are increasingly being manipulated and tampered with can undergo similar DNA sequencing as the MS to ensure the unique identification of the equipment. Such identification will improve authentication procedures especially in the case of portable POS equipment.

G) On the operators’ level

The traditional main operators of such card systems are: 1 ) The Authorising Bank (where the user is customer) or 2) The Company that issues the credit cards (whereby this may be identical to the above) and 3) The Clearing Agent responsible for the transactions

In addition to the currently existing interchange of payment transaction information between the parties, supplementary GNSS and security system related data (such as the DNA) can be communicated. The messages will contain information on the transaction window plus any other data needed to perform the checks securing the integrity of the security system.

In this context it should be remarked that the European system using a Clearing House settlement agent is not always identical to systems in other countries or regions in the world.

Often, like in the USA the netting and clearance is directly settled between banks and the money flow is between an "acquiring" and an “issuing” bank. This however does not have an effect on the methods employed by the present embodiment.

Also in such an organisational set-up, the majority of the modifications that need to be made in order to make the current card system compliant with and ready for the security system of the present invention are strictly of a procedural and organisational nature. The majority of measures will have to be implemented in the back end of the current payment schemes.

The identification methodology using GNSS satellite positions in orbit produces an identifier which is based on an in-space satellite constellation that will never occur again due to the fact that inter alia exact identical GNSS satellite constellations and positions involving the same in-space satellites will never reoccur.

Hereafter a brief summary is given why such a constellation will never reoccur and why as a result the identifier will be unique and cannot be reverse engineered.

As part of the DNA sequencing procedure the security system uses two different sets of GNSS data (until the availability of other GNSS systems the GPS signals are used) that may be derived from 4 different satellites each at two different constellations recorded at two different moments in time.

In order to be sure that the constellation positions can be used as an absolutely unique identifier it is important to understand if the GNSS satellites will ever be in the same orbital position again; and if so to what extent this applies to a set of 4 different satellites (noting that the GPS system uses some 30 satellites to complete full system coverage).

In order to understand the context one needs to consult the basics of celestial mechanics. If the satellites were point masses, and the planet earth were the only gravitational source in the universe, and it had a perfectly spherically symmetric gravitational field, and there were no magnetic fields, no atmosphere, no other forces, then the satellites would follow perfect Keplerian orbits. Since the universe contains a huge number of other objects, each exerting gravitational forces on each satellite and planet earth has a decidedly non-spherically symmetric gravitational field, the positions are non-repeating (using an earth-centred frame).

There are other forces, like radiation pressure, atmospheric drag, and the geomagnetic field as well as relativistic effects. Because of all these various forces, adjustments are made to the orbits of the satellites from time to time to keep the satellites close to their nominal 12 sidereal hour orbits, in the assigned orbital planes, and in the assigned slots within the plane.

The nominal orbital period of all vehicles in the GPS constellation is 12 sidereal hours. To the extent that they are all at the correct period, the locations of the satellites repeat every 12 sidereal hours. The variation in the orbital parameters is the reason that the navigation messages broadcast gives the current set of orbital elements. The small amount of deviation that builds up between the time the navigation message is updated and the time at which you are making your position observation is one of the contributors to the inherent error budget.

Moreover a further important element of GNSS satellite systems can be found in the ultra accurate atomic clocks on board of the space vehicles. These docks record time at a level of accuracy unheard of before the introduction of GPS in the 1980s. The GNSS time is so accurate that it deviates from the time recording we have been using in daily life and in fact there is a synchronisation process required between GNSS time and UTC time. This is a result of the introduction of “leap seconds” into the time used in daily life as a result of the slowing of the Earth’s rotation.

The combination of a per satellite unique orbit which never repeats itself plus the ultra accurate GNSS time which continuously progresses and where the same time will never reoccur means that the combination of positioning data of four different satellites captured at two distinct different moments in time (and possibly locations) will warrant a unique result.

The Card System Terminals POS Terminals and ATMs are referred to In this document as “terminals”, which phrase can be used to include any equipment that operates at the border or edge of an electronic system to guard in some way or another a protected zone. In current systems, these terminals accept one authentication key, be it a PIN code; a confirmation from a merchant that a supplied signature matches that on the card; or any other method such as electronic signature detection, biometric identifying equipment etc. The principles described here with reference to ATMs and POS terminals may be readily adapted to any other terminal.

Automatic Teller Machines (ATM) comprise a card reader component, a cash dispenser part and sometimes proprietary or off the shelf software running on an (often) Windows

Operating System. Usually they are interconnected through a wireline telecommunication network and thus have access to real time updated information stored in the card systems' central databases.

Recent estimations of the number of ATM terminals used within 20 of the EU-27 countries made by an ATM security working group of the EU estimated the number of installed ATMs at 337,000 in mid-2007. According to the same group, it is safe to assume that within the 31 SEPA countries the number of installed ATMs is over 362,000 of which two thirds are in the UK, Spain, Germany, France and Italy.

ATM terminals are not standardised and no common certification exists across the SEPA countries which means that common actions against fraud deploying technical means are rather complicated to agree upon and to deploy. Until now not even the agreed measures in the framework of SEPA have been implemented by all countries, this being an indication of the administrative complexity.

The different interest groups within the different EU countries have problems agreeing on a series of common measures to combat the fraud that is currently spreading at an alarming speed.

SEPA countries that implement the ATM SEPA requirements such as the EMV (Europay, Mastercard and VISA) initially reported lower losses due to the difficulties of abusing these improved cards despite the fact that still over 80.000 ATM terminals are as yet not EMV compliant.

However on the basis of statistics released in May 2008, monetary losses are again dramatically rising while the number of attempts has decreased dramatically. This is a clear signal that security measures have now been overtaken again by professional gangs who know how these improved systems can be defrauded.

A further sign of the problem is that on top of criminal gangs, now terrorist organisations are fully exploiting the loopholes in these systems. Terrorist gangs have successfully planted highly sophisticated small electronic bugs in POS terminals that were installed at supermarkets across the UK and continental Europe that intelligently cloned customers’ data and transmitted them via a wireless link to a remote server. These “embedded” bugs were even remotely reprogrammable so that cloning patterns could be randomly changed.

Counter-action is often late in properly responding and measures are too often inadequate. A good example of measures that are taken on the basis of the lowest common denominator principle is the choice for the encryption technology that should be deployed at ATM level. It has been decided to use the Triple DES technology as encryption standard, despite the fact that it should be known that Triple DES is slow and already compromised.

Regarding POS or Point of Sales terminals, the installed base situation is unknown and no reliable statistics are available as to their number within the EU. POS equipment, in fact a simple card reader device that can be purchased in any electronic shop for less than € 50 is manufactured by mass market electronics manufacturers usually in Asian countries and therefore any attempt to try to standardise these systems will clearly fail.

POS terminals used by merchants must have a higher degree of security and are usually certified by the operator of a POS network. However a similar attitude towards these POS terminals can be observed as with telephone handsets in the past. Users were obliged to only call using the telecom operator certified equipment but many disregarded this and used non certified phones, leading to sometimes serious disturbances of the PSTN network. The introduction of portable POS terminals communicating with a base stations over a wireless network has resulted in many problems due to the fact that the wireless communication was not protected and card with PIN information was sent in the clear ready for anyone with a laptop to pick up this data.

Basically the security problems surrounding POS equipment is very similar to those associated with ATM terminals. Attacks on ATM and POS terminals usually take the form of Skimming

Fake and replica devices PIN capture

Card hacking during transaction Card and cash trapping Transaction reversal

Any cardholder including those that uses the enhanced security system described above can fall victim to these manipulations of the hardware, as the equipment is not sufficiently protected and the authentication of these devices is not warranted. It is assuring however that the cardholder using the security system above will notice that despite the theft of his card details, his bank nor the cardholder himself will incur any losses due to the protection mechanisms deployed. This is not the case for those not using the security system.

In this respect it should be mentioned that some of the system operators do not always comply to basic preventive measures to combat fraud. It is counter productive when obsolete equipment is not destroyed but sold into the second hand market. De-installed ATM equipment is for sale at eBay and other internet sites and it is evident that such equipment may be used to abuse the payment system by simply impersonating a real genuine ATM making skimming very simple.

The easy ways POS and ATM terminals can be tampered with partially lies in the non standardisation and not uniform certification of the terminal equipment. Especially regarding the POS terminals one can speak of a proliferation of available equipment some of which do not adhere to the most basic security standards.

The technology used to generate the DNA for the MS equipment to produce a unique identifier and authentication token may also be applied to ATM and POS equipment. The device requires inter alia two way communication capabilities, such as over a radio network, and a built-in or connected GPS (or rather GNSS receiver) enabling the positioning and GNSS fingerprinting of the device.

Both ATM and POS have the two way communication capabilities, usually over a wireline connection, whereby it should be noted that a portable POS also has a wireless section to bridge (between the POS and base unit). The main element that is missing is the GPS receiver.

GPS receivers are now available “on-a-chip” and are as cheap as € 8 when bought in certain quantities. This means that there is no real inhibiting factor to equip GPS receiving chips in a POS. For ATM equipment, in view of their investment and operational cost such amount is clearly marginal. On top of this, ATMs are normally fixed and stationary so that their exact location is known anyway. As such, the requirement for a GNSS receiver may be avoided by initialising the DNA of the device using a connectable receiver, although this removes some of the potential benefits of the system. However, in such scenario the ATM would not be able to collect actual raw constellation data in normal use.

Producing the ATM terminal DNA is a process that is similar to the procedures that need to be followed for the MS device. Individual operators each have a responsibility for creating such DNA and in the case of the ATM the following steps are required in this embodiment: a) The trusted ATM manufacturer installs the required GPS hardware and will also be responsible for installing a security system component. This is usually software but may also be a hardware component like an ASIC, containing certain procedural instructions; b) Upon installing the operating system and application software, the instructions will -in analogy with the MS device hardware Fingerprint Code A procedure - produce an equivalent hardware fingerprint for the terminal reading specific hardware information; c) Hereafter, at the manufacturer’s production site the first part of the GNSS Fingerprint Code C, i.e. C1 is produced; d) After the ATM has been shipped to the place of installation the following steps are required before the ATM is put into operation;

e) The ATM will be connected to the telecommunication network to enable the processing of withdrawal requests. Upon the establishment of the definite ATM

configuration, the secure software (or the ASIC etc. for that matter) will be triggered and the communication Fingerprint Code B is established; f) In addition the 2nd GNSS constellation dataset can now be obtained and the Fingerprint Code C2 is produced - Note that here a clear distinction of place and time of the constellation data is evident; g) Now a similar procedure to generate the device DNA is followed as in the case of a MS device, whereby Code A and Code B will be transformed, complemented, noised and salted to arrive at a hashed Code D; h) Code C is produced by taking Code C1 and merging this with Code C2 using AES encryption and taking certain message data as the passkey. As AES-256 is used this passkey is 256 bits long whereby the Codes C1 and C2 are sized into blocks of 128 bits long. The result is hashed in cascade to arrive at the Code C; i) In this ATM example, the combined Code D typically refers to the ATM device as such, while the Code C refers to the ATM that at a given time and moment was located at one location where a certain 4 satellites constellation existed and at another time and moment at another location where a further 4 satellites constellation existed; and

j) Putting Code C and Code D together to produce a unique ATM DNA

As can be expected, the POS procedure is somewhat different due to the diversity of available hardware and the possible unfriendly environment where the POS will be installed. First of all the DNA sequencing will only be possible with hardware that complies with a minimum set of security standards. Secondly these POS terminals must have a system design that enables the inclusion of a GPS receiver and warrants that the security components will remain internal. Other requirements may be defined also on the basis of certification granted by recognised certification authorities. Of course other, more lax standards could be used, but in such embodiments the system is likely to offer substantially less security.

a) The POS operator installs the required GPS hardware and will also be responsible to install a security system component in pre-validated POS terminal equipment. The hardware independent security software will be embedded to the extent possible to avoid that software code is hacked and abused to simulate the DNA sequencing b) Before installing the POS equipment at the merchant’s site the POS operator will have to trigger the production of the Fingerprint Code A, identical to the procedure applicable for the MS and ATM devices c) Hereafter still at the site of the POS operator the first part of the GNSS Fingerprint Code C1 is produced d) After the POS has been installed at the merchant’s site the following steps are required before the POS is put into operation e) The POS will be connected to the telecommunication network to enable the processing of payment requests. Upon the establishment of the definite POS configuration (portable and base station), the secure software will be triggered and the communication Fingerprint Code B is established f) Hereafter the 2nd GNSS constellation dataset can be obtained and the Fingerprint Code C2 is produced. Note that also in the POS case a clear distinction of place and time of the constellation data is evident

g) Now a similar procedure to generate the device DNA is followed as the MS or ATM. Code A and Code B will be transformed, complemented, noised and salted to arrive at a hashed Code D

h) Code C is produced by taking Code C1 and merging this with Code C2 using AES encryption and taking certain message data as the passkey. Note that Rijndael, the origin of AES was developed to run on a smartcard so AES is a small and versatile technique that can be used in a low tech environment such as a POS. Using a 256-bit long passkey and cascaded hash functions, Code C is generated

i) Putting Code C and Code D together produces a unique POS DNA

After the ATM and POS terminals functioning as boundary hardware in the traditional card systems have been upgraded with their unique device DNA a series of additional security options become available. Hereafter, follows a summary of the additional security features that can be implemented within the secure card system:

First of all, the addition of GNSS functionality in conjunction with the secure system allows improved and authenticated monitoring of the exact location of the terminal equipment as regular automated checks can be performed by the central system regarding the whereabouts of the unique ATM or POS device together with the status condition of the ΑΤΜ/POS (e.g. not malfunctioning, not tampered with and in the case of an ATM the availability of sufficient money etc.). This may be used in setting up authentication services for visiting persons and tourists as an example.

A further security feature is provided in case a careless cardholder uses without knowing a fake or replica ATM terminal that copies card details for use by criminal gangs. In such case the user will notice that the requested transaction (i.e. the cash withdrawal) is not executed and he is automatically warned that an exceptional situation seems to occur. Through his MS device he will be able to request the authenticity of the ATM terminal using the MS

location details and will receive information that no authenticated ATM is available at that location.

This will give the user ample time to close the card’s payment enable mode and alarm the competent authorities. A more attentive cardholder though might have requested an a priori authentication confirmation, and he would have been warned and would not have to face the hassle of stolen card details.

A further enhancement is the possibility to perform reverse authentication verification. The ATM or stationary POS that have incorporated the secure card system may be informed through an exchange of a simple code received from the central system that the card presented belongs to the community that uses enhanced security. In case such situation arises the ATM or POS may request a return reply from the associated MS without the need of an intervention by the user and comes in lieu of requesting the entry of the PIN code in the terminal. This reverse authentication method builds on the reasoning that the MS device is in the immediate vicinity of the ATM or stationary POS and thus creates a direct device-to-device verification means increasing not only the security (as no PIN will be entered anymore in the terminal) but also the user friendliness of the payment system (as no user interaction is required anymore). However, in theory such a system may increase the risks associated with theft or mugging, as a thief who stole a person’s card and mobile phone would be able to withdraw cash without needing to know the card’s PIN in the case where the card is enabled or he is familiar with the procedure (such as requesting the opening of the transaction window, the initiation code to identify that particular card amongst others) and that he tries to abuse the payment system immediately after the theft (else the card and/or the MS would already been de-activated). In case of mugging the practical chances to defraud the system are close to nil as the victim would usually immediately alarm the competent authorities and the responsible card system operators..

In addition more beneficial use of such secured terminals can be found by improved security at the level of portable POS terminals that needs to communicate via a protected (or not) radio network with its local base station. This station is connected to the central system usually through a wireline PSTN or IP solution. The chances of intercepting crucial card data whenever the wireless network is not sufficiently protected are rather high as many portable systems do not even use encrypted communication lines to their base station or use outdated and easily breakable technology such as WEP.

In such a delicate situation, from a security perspective, it may be considered that all relevant data will be passed on to the central system using the MS device without the need to use the credit card as an authentication means but will solely be used as an identification means. Or, in other words, the reverse authentication verification is extended to provide PIN equivalent data as well as card equivalent data not originating from the card but directly from the MS device.

The process will be that the secure card system detects that a card transaction is requested by a card that uses the enhanced security through a portable POS terminal. Such detection is possible due to the fingerprinting mechanism that shows such details when access is possible to the raw pre-processed data and on the basis of the register of authenticated POS terminals holding such details. Until that moment only the card details needed for identification purposes are handed over to the POS and nothing more than that.

The central system requests the opening of a data exchange session with the MS and assuming the availability of the GSM or better the UMTS network, information is exchanged between the MS and the central system using encryption and tunnelling technologies. The technique of challenge/response will be applied. The central system informs the MS that a payment request is pending and asks which amount should be paid to the merchant (or hotel etc). Furthermore the central system requests the corresponding PIN code plus the associated initiation key (confirming the charge against that particular card). Hereafter it confirms that the payment is processed and if all is in order it acknowledges the transaction, closes the session and sends a payment confirmation to the POS terminal as payment proof. A payment slip will be printed for administrative purposes.

In such situation security concerns have been dealt with, the merchant receives confirmation and independently the cardholder has been informed. Eavesdropping, man in the middle attacks, use of cloned or stolen cards or any other known attack against the system would have been unsuccessful.

Protection Offered

As was mentioned before and with reference to figure 1 the security system 7 uses different methods to protect the current payment schemes against fraud and abuse on a system level. At the one hand the security system can be considered as a super access control or gatekeeper, only allowing authorised users into the payment zone (i.e. the current card system 8). In addition the system can be viewed as an always-on, highly reliable watchdog and guardian angel.

The explicit continuous requirement that the security system needs assurance that the payment enabled card is within the perimeter means that the MS 1 becomes a supervising safety mechanism. In fact, this security feature has three different functions: 1. It can monitor continuously the position where the MS 1 is currently located (however this is normally only required when a card is switched to payment enabled mode).

2. In enabled mode it can measure and monitor continuously whether the payment terminal 11 location (i.e. the POS) or the place where the card is requesting a transaction approval is within the direct vicinity of the MS or within a close and well defined perimeter (e.g. tax free shop within an airport environment should be dose to the last known location).

3. It can execute plausibility checks in enabled mode i.e. by verifying the present location against blacklisted regions or refusing the opening of the transaction window if an impossible constellation becomes apparent, like requests from two different totally separated locations at more or less the same time.

The security system disable/enable function is also a new ability, which currently does not exist and is not provided for by the present card systems. The only, albeit extreme, variation of such mechanism is to request a de-activation of the card 2 forever and apply for a new card (plus number) from the issuing bank. The associated administrative process is often extremely cumbersome and costly and might be an indication that switching cards on and off are not an option within the current system. In this context it should be noted that refusing a transaction request as card systems sometimes do as a result of an issue with the (temporary) credit standing of the cardholder is not identical to disabling the use of a credit card. The only option a card issuer has in the present system is to block the card. This will result in a situation that the cardholder will need a new card as unblocking is not possible. This is very similar to card de-activation.

However, with the security system features of the present invention, a method of disabling and enabling authentication procedures is made possible, as it is a series of procedures which require fulfilment before the usual payment checks and routines take place. Thus even though current systems do not support the disable/enable option, the security system makes such switching possible by preventing the usual authorisation process when the card is in disabled mode. This results in the security system holding a typical gatekeeper’s role.

All cards are by definition shut off or disabled unless a prior green light from the security system has been received. This gives the current system an additional series of authentication and validation checks to ascertain that all the pre-conditions are fulfilled. The payment scheme will then modify the default restriction from initiation refusal to initiation of acceptance of any transaction requested from the system (taking into account other conditions which need to be met).

Fraud protection is also provided for at the MS level. It should be recalled that the green light to access the payment scheme will only be given whenever the proper DNA is issued by the MS to the security system, a challenge is properly answered and that the MS is located in a pre-defined perimeter based on geo-location information.

The DNA of each MS should be unique and different for any device and, in fact, for combinations of different devices and radio network access keys (e.g. in a GSM/UMTS network 10 when a different SIM Card is used). The DNA is a result of inter alia the combination of device and SIM characteristics and so should correspond with the DNA known to the security system. Also the inverse applies, i.e. using the known SIM in combination with another known or with an unknown device creates different and hence invalid DNA or possibly no DNA will be available at all in such a situation.

In the theoretical extremely unlikely situation whereby the card, its associated PIN plus the cellular phone and initiation key would be stolen from the legitimate owner (e.g. in a situation of physical threats or extortion), it would still be difficult to defraud the security system enhanced card system. Assuming that the criminal was aware of the characteristics and the way the system should be used, it would be extremely risky for him to try to abuse the system.

Immediately using a (skimmed) copy of the card in a far away country or away from the place of theft is useless as the card would not work as it will be located outside the authorised perimeter as defined by the MS and the security system. Moreover, if the criminal waits too long before he tries to abuse the card system the transaction window will be closed (if open at the moment of theft), the card will be disabled, the associated bank(s) warned and accounts blocked and ultimately the SIM in the cell phone and the MS itself may both be de-activated. This situation may in theory occur when the MS would be shipped or transported to a remote location to attempt a fraudulent act far away from the place of theft.

Thus, in order to be successful, an attempt to defraud the system must be made quickly and so in the vicinity of the place of theft.

This is contrary to the way criminal gangs usually operate as they are aware of the high risks when using a card immediately after a theft and prefer the so-called cross border fraud whereby a card issued in one country is fraudulently used in another country. In any event when the criminal is not careful, the open transaction session can immediately locate him and would make his whereabouts known to the judiciary authorities.

Where a card is lost, even in combination with the associated PIN, no danger exists of defrauding the security system and thus the card system. As the physical link between the MS device and the card (with or without PIN) has been broken, even if the card were enabled, it would not be able to be used in transactions as the location of the transaction would not match that of the MS. Similarly this situation will apply whenever the card number and PIN are stolen without physical theft of the card itself e.g. in the case of skimming. Also in this case the bank customer as well as the bank remains untouched by such an incident.

Where the MS with DNA is lost or stolen, without the associated credit card, nothing can happen as firstly the person in possession of the MS may not know of or may not be familiar with the special features of the MS, and secondly payment transaction requests are made by the card (plus PIN) and not by the MS. Also in this situation no financial harm can be done to the card payment scheme or the personal assets of the customer, apart from the loss of the phone and possible associated call charges etc.

Use in other Transaction Systems

The security system can be used to add a high level of security through multi-factor authentication to mobile payments, internet payments, or payments in general where wireless technology is used (i.e. payments where in the communication network somewhere in the chain wireless technology is used) or in cases when the purchaser is not physically present at the place of purchase as is in the case with distance and mail-order selling, as well as internet sales (also known as non-face-to-face, MOTO - Mail Order Telephone Order or CNP - Card not Present transactions).

Other financial transactions systems such as mobile asset management (e.g. of a stocks and bonds portfolio) or supervisory surveillance systems or even for managing more domestic related matters will also benefit and the security system may be modified to enable direct device-to-device transactions.

In fact, in addition to the above the security system may be used to facilitate and speed up the execution of “normal" bank transfers thanks to the built in security measures which mean that some of the traditional checks and verifications become obsolete. Moreover the security system can be used as an electronic purse system, keeping relatively small amounts of “electronic” money in the MS, that is used to pay for small ticket expenses such as newspapers, parking fees, public transport or the daily espresso.

Alternatively the user may receive small amounts of money from friends or family or also as change from merchants that do not keep cash in the form of coins. In such situations, the security system can be compared with an enhanced chip-card system managing certain amounts of electronic money.

Summarising, the security system’s core technology can be used for any transaction, financial or nor, for which a card based payment scheme is currently used such as, but not limited to: •Face-to-face purchases of goods or services in a merchant/store environment Unattended direct transactions using ATM terminals operated by a banks’ network •Transactions using a 3rd party in-between the operators and the cardholder: a) Telephone payment systems (to merchants but in a non-physical environment) b) Electronic payment schemes (using hard- or software provided by banks) c) Internet payment schemes (using payment gateway services) d) Other internet based financial transaction system (e.g. stockbrokerage)

Direct MS-to-MS payment schemes

Electronic purse systems

Special purpose card systems (petrol cards)

Company card systems Medical & healthcare card systems •Loyalty card systems

The security system is presented here as a payment transaction authentication and surveillance system. However, any system requiring high grade security features such as access and identity control systems, secure registration system and any security mechanism that relies an a card (or rather token) based system can rely on the core technology to improve their already existing security.

In particular, the security system may be adapted for use in securing mobile bank transfers when the user has no ability to make a “regular" bank transfer e.g. when being abroad These procedures take into account to the extent possible the requirements applicable to the Single EURO Payment Area (SEPA) in the European Union.

It should be noted that in spite of the introduction of SEPA it will be virtually impossible to make a regular bank transfer from a domestic bank account to another within a reasonable period of time without having recourse to a telephone or fax instruction in case one is outside his home country. However the majority of banks usually refuse such instructions unless the bank customer has signed an agreement to absolve the bank of liability for any abuse of such instruction methods, thereby fully transferring the risk to the customers. The security system can be adapted in order to provide a higher level of security for such a transaction, allowing a higher level of trust in such transactions and therefore avoiding the need for signed agreements as above. One embodiment of such a security system may operate in the following way: 1) The user sends to the security system a request through the MS via a wireless network indicating that he intends to make a payment or transfer for which he will use one of his (bank) cards as the authentication token for this transaction. For security reasons a card may be chosen which does not refer to the user’s bank account, which is not stored locally in the MS. In other words, when seeking to transfer money from account A to account B, the user may use a card associated with account C in order to authenticate the transaction. The user keys in a code into the MS which is associated with the card the user wishes to use and starts a program within the MS that enables the user to create a single request or alternatively a batch of payment requests, which are stored in an encrypted format inside the MS.

This initiation will be made based upon the usual handshakes and other security system security checks. The payment requests are deliberately kept incomplete to ensure that in this stage these requests are not complete and may not be validly relayed to the central security system. For example, one aspect of the request that may be withheld is the amount of the individual payment request(s).

2) This batch of payment requests or the single request will be released after the payment intention session has been completed and the batch will subsequently be sent upon the closure of the transaction window in an encrypted format.

3) After having received the payment intention batch with the incomplete payment details the security system notifies the user through the MS that he is required to complete his payment intentions within a certain period (default is the end of the day) otherwise the batch will be considered as not valid and will be destroyed automatically.

4) Moreover the system makes available certain reconciliation keys to the user, referring to the relayed batch and to each individual payment therein. These keys will have to be used to combine and complete the set of transaction information required to make the transfer from the sending account to the receiving account.

5) The user will have to complete the transactions which awaiting validation in the form of the reconciliation key and the corresponding transaction amount at the clearing agent responsible for managing the card which has been used as the token mentioned above.

6) This completion will be done using a different communication network than that used for the first set of payment details and the preferred network is the ATM terminal available at any city in the world (note that the user is likely to be abroad and does not have access to his bank in his home country).

7) By inserting the card in the ATM and after the usual checks the user will provide the reconciliation keys plus associated amounts to the “local” clearing agent, who will relay this apparently meaningless information having no value whatsoever to any 3rd party to the domestic clearing house.

8) Now the clearing house will follow similar procedures as with cash withdrawals. In case the clearing house will also be used as a settlement agent (a matter outside the scope of the security system) then the payment instructions may be considered as cash withdrawals from an ATM terminal whereby the cash taken will have to be paid by the cash receiving user while the cash pay out will have to be paid back to the bank operating the ATM that "dispensed” the cash - that is, the receiving bank.

In between the steps 3) and 4), as mentioned above, a further security measure can be incorporated in the security system. Instead of fully relying on the data required by the system by reading the card, the card payment system requests such data or asks for confirmation of said data from the MS which at that specific moment is or rather must be located in the vicinity of the ATM (whose fixed location is known to the card system whenever the territory in which the user is supports the security systems and at least some of its features).

Use in Other Areas

The security system is based on a generic concept that is designed to offer security features and mechanisms to so-called transaction processing systems. However other areas of industry will also benefit from this basic concept.

Notably the methodology used by the security system, to produce unique identities by a procedure referred to as DNA sequencing of (electronic) devices such as a computer or computer-like hardware can be applied to other applications. In particular, the unique identifying DNA can be beneficially used in the areas of: 1) Digital Rights Management 2) Information Rights Management 3) Business Continuity and Disaster Recovery 4) Identity Protection/Theft and Privacy 5) Telecom spectrum management and usage 6) Network equipment incl. Routers, Switches, ATM and POS terminals 7) Gaming Tools 8) Escrow Management & Execution 9) Transaction Processing (as discussed above) the list above is not exclusive and other areas may benefit from the DNA sequencing, the core of the security system. In fact any application requiring high-grade identity assurance and authentication could be improved by the invention. The above listed applications are described in more detail below. The term “IDNAID” is used to describe in a general way the authentication technology of the invention, in particular with relation to the DNA sequencing.

1. Digital Rights Management

In the domain of digital right management it is of the upmost importance that the use of content such as audio, video, text, pictures and published matter in different formats ranging from printed books to digital streams is properly managed and that the proper parties to whom goods or services were rendered pay the appropriate and agreed sums in time.

The digitalisation of the current available content has meant that past methods and systems are no longer suitable for application in devices supporting modern technologies. Even newly designed standards specifically made for addressing the specific problems such as the illegal copying of music or film have not been successful. Often, devices and the DRM protection were hacked before the official launch of the products as was the case with the latest DVD-DRM standard Blu-Ray.

A solution to this problem can be brought about by a device i.e. a Blu-Ray player or a set-top box which connects to an MS which has the IDNAID technology inside. Connection can be made by cable e.g. direct using a (mini) USB link, or wireless through e g. WiFi or even Infrared. As was shown earlier in the transaction processing example it is possible to exchange sensitive financial and personal data from and to a central system that process the information further. In these DRM applications the MS is the carrier of certain key codes it may receive (or pick up) in regular intervals and that it needs to relay to the device to allow the device to continue to work properly.

One of the great weaknesses of current DRM systems is that the devices are equipped with certain codes, most of the time “programmed” at the moment of manufacturing. These codes cannot be changed afterwards unless use is made of cumbersome upgrade procedures that even may endanger the proper functioning of such device or even void the warranty of the device in case the owner does not properly executes the procedure.

With IDNAID, the owner has a unique device that securely receives or collects these codes from the manufacturer through terrestrial or spatial radio transmissions and relays them to the electronic device. Now this device has the new codes it is capable to continue to read (and to write to) the data streams.

2. Information Rights Management

Information Rights Management (IRM) is sometimes understood to be equivalent to DRM. This is not the case as IRM is more focussed on the protection of enterprise and corporate documentary assets, than on protecting digital products although the latter is surely an important element of IRM policy. IRM is presently strongly linked to text related documentation but will more and more evolve towards information flows, its sources and its destinations.

Furthermore IRM has everything to do with procedures on how to store information, whereto and how it is in transit from one place to another and how and by whom the information is used, all this in often sensitive areas such as corporate R&D departments or in the healthcare industry.

This complex environment where business know-how and knowledge, trade secrets, in-house R&D, patents and other intellectual property is at stake must be well protected and failure to do so may adversely affect the business.

A simple but straightforward example is the worldwide B2B and B2C invoicing. At this moment still 97% is performed on paper and industry is expecting a great potential for electronic invoicing and electronic billing.

The IDNAID technology is not offering an end-to-end solution to IRM related issues, however it offers an innovative means to uniquely Identify, the different stages, the different actors, the data storage and processing facilities, the communication network and last but not least the whole corporate information flow with a means to securely authenticate the processes, and the information in a proper and trustworthy manner. In particular, the location data available via e.g. GNSS may be of importance.

Also on this area IDNAID may support other IRM specific technologies to improve and secure corporate information flow processes going out or coming in from customers.

3. Business Continuity Management and Disaster Recovery

Business Continuity Management and Disaster Recovery (BCMDR) services have everything to do with corporate survival and staying in business after a disaster (natural or induced by human interaction) has taken place. Such a disaster, which can be a fire, a flood, an attack on the IP infrastructure, sabotage by personnel etc., may have a devastating effect on the organisation and its performance.

Therefore corporate records, documents and other important elements need to be available as soon as possible after such a disaster struck the business. Also original contracts and documents, which are usually kept safe at 3rd party premises, need to be secured. On the other hand having business critical copies of the above laying around in an insecure way is not sensible either so a well designed strategy needs to be in place.

An important part of BCMDR is a policy on secured back-up, its safe storage and the consistent and complete recovering of data whenever needed. Together with other IDNAID technology explained here an important contribution to BCMDR can be made.

4. Identity Protection/Theft and Privacy

The fastest growing area of criminal activity in the USA is identity theft probably caused by the improper way social security numbers are managed and stored. It may also be argued that the legislation on privacy, which is considered less strict in the USA compared to the EU, is also a reason behind this, as private companies can undertake huge data-mining exercises combining different databases without being hindered by legislation.

The result is that these private numbers become quasi public and are available In criminal circles. This, in conjunction with other private information that can be obtained, is often sufficient to create new identities or steal existing ones and allow the opening of bank accounts and may in itself be the basis for obtaining official documents such as driver’s licenses from state or local authorities.

According to recent figures released by the US Federal Trade Commission (FTC) some 8 million US citizens fall victim to identity theft and they estimate the annual damage to amount to some US$52 billion. This amount includes the losses caused by card fraud, an issue that is directly linked to identity theft.

It is not likely that similar levels of theft or damage are attained within the EU but ID theft is a global issue and thus also a main area of concern.

The current IDNAID technology can be used to help secure these personal details, possibly by using an MS itself as a form of identifier, or alternatively requiring the MS enable the SSN to be used in a similar manner to the transaction processing described above.

5. Telecom spectrum management and usage

The amount of data streamed across the world is currently doubling in volume every 12 to 14 months mainly caused by Internet traffic that is increasingly carrying multimedia data such as audio and video streams.

With this in mind the efficient use of telecom bandwidth will significantly improve the telecom operator’s profitability. The associated marginal capital expenditure cost for the operator will be practically zero while at the same time the use of bandwidth will be optimised resulting in a situation whereby more data can be handled within the same infrastructure (this is of course within certain boundaries) and as a consequence dramatically increasing the per time unit revenues.

Moreover as currently data communication systems rely more and more on the secure relay of the sometimes highly sensitive data over public or closed networks secure relay and the absolute certification of the origin of the data has become a top priority for most Internet Service Providers (ISPs).

Therefore ISPs need improved efficiency in their data network at the one hand and improved security at the other, two requirements that usually are not really compatible. IDNAID offers the possibility to satisfy both requirements at the same time without unduly delaying the forwarding of data leading to possible congestion. Furthermore the invention ensures network neutrality; a principle that is regarded as one of the highest priorities in the internet community.

6. Network equipment ind. Routers, Switches etc.

The secure identification of core or boundary equipment in a high security network such as payment schemes is of crucial importance. Hackers and other criminals often try to gain access by pretending to be somebody else or in this particular case something else.

Forging network identities such as IDs that relate to so-called IP addresses can easily be replicated (or in jargon “spoofed”) and recently we have seen tremendous problems with the Domain Name System (DNS) a backbone redirection and crucial “phone book” service of the internet. It appeared that the DNS, especially its look-up mechanism, is extremely vulnerable to hijacking by third parties.

Earlier the case was made that terminal equipment such as ATM and POS devices are also prone to identity attacks and certainly the portable and easy to use POS equipment has been targeted relatively often. Attacks on ATM terminals are now being mentioned so often in the news media that the majority do not even take notice anymore.

The checks performed by the current payment scheme whereby the location of such terminal is checked by relating its IP address to a position is vulnerable to spoofing and DNS attacks which can easily overcome any checking mechanism in that respect.

IDNAID offers equipment DNA similar to the one used by the MS in the abovementioned system. It can continuously monitor the real location of the POS or ATM terminal and it is much better equipped to protect networks against attacks by professional criminal gangs or occasional individual hackers.

7. Gaming Tools

Networked gaming has always been one of the cornerstones of the internet, generating a huge level of data traffic and bringing together a large community of online gamers. Now gaming has become a commercial service offered by a whole range of gaming providers problems of the real world are becoming visible in the virtual world of gaming.

Identity issues combined with the sometimes important sums of money at stake (i.e. online poker tournaments) results in a situation whereby the secure settlement of the financial matters have become a high priority for the organisers of these gaming events. IDNAID is a suitable solution for service providers requiring a secure and effective mechanism.

8. Escrow Management & Execution

Escrow management is a range of professional services offered by specialised agents (including banks) to third parties to facilitate business dealings between these third parties who typically have not done business before, are geographically apart, whose transaction value is high and where normally no high levels of trust have (yet) been established.

The escrow agent who acts as a kind middle-man ensures that both parties keep their contractual obligations vis-à-vis the other and, after having been satisfied that no issues remain outstanding, initiates the settlement of the payment against the release of (usually) the goods.

Escrow services are especially welcomed by parties who want to formalise a transactions involving the internet, but are wary of making the first step (i.e. sending the goods without having received payment, or making an advance payment without having access to the goods).

IDNAID enables the speeding up of the escrow procedure whilst still warranting that security remains at the forefront notably regarding establishing the identity of the counterparty and the undisrupted trace of the money flow.

9. T ransaction Processing (of which I DN AID is part)

Transaction processing in the financial services industry will greatly benefit from the IDNAID technology as previously explained in detail. Similar benefits can be achieved in other areas of transaction processing outside the scope of card payment schemes or financial services in general.

Transaction processing’s main security issues are the consistent keeping and surveillance of the unbroken chain of the current, preceding and subsequent steps in a process or procedural chain. Particularly in highly complex environments or systems, requiring an ultra high processing speed such as is the case in massive database applications, this issue may be potentially compromised.

The IDNIAD technology uses highly accurate timing signals at the nano-second level from the GNSS satellite systems to produce unique identifiers, an approach which enables clear identification and monitoring of flows of events required in a transaction processing environment.

Generally speaking, the technology and methodology described may be adapted to almost any situation where authentication of identity is required, either as a supplementary authentication factor leading to highly secure card transactions, or even as a primary authentication factor in the more general situations described above. Taking a normal mobile device, it can be adapted through software to become an authentication key, being used in conjunction with a remote server (which may be more or less remote depending on the application) to prove, or go some way to proving, the identity of a person. The various embodiments such as DRM described above may in a way be likened to transactions, with the request e.g. to access the DRM protected media being viewed as a transaction in the system, and following similar steps as laid out above. In these cases the “terminals” are likely to be the equipment being authenticated or at the place where authentication is to take place, e.g. an optical disk player or an access panel for a secure area. The area protected by these terminals may be virtual (the DRM media) or physical (a secure area).

Claims (26)

1. A method for use in authenticating transactions comprising: receiving a request from a terminal to authenticate a transaction; receiving information from the terminal identifying a token that is being used to initiate the transaction; identifying a mobile device that is associated with the token; determining the location of the mobile device; comparing the location of the mobile device with the location of the terminal; and authenticating the transaction if the location of the mobile device is within a predetermined area relative to the location of the remote terminal.
2. A method for multi-factor transaction authentication comprising: determining token identifying details for a token that is to be used to initiate the transaction; obtaining an authentication key; identifying a mobile device that is associated with the token; determining the location of the mobile device; and authenticating the transaction if the location of the mobile device is within a predetermined area relative to the location of the transaction and the authentication key is successfully validated with the token identifying details.
3. A method according to claim 1 or 2 further comprising an initial step of: receiving a signal from a mobile device identifying a token to be enabled for transactions; validating the identity of the mobile device using a unique identifier received from the mobile device; and recording that said token has been enabled for transactions wherein said authenticating includes determining if said token has been enabled for transactions.
4. A method according to any one of claims 1 to 3, wherein the location of the mobile device is determined using information received from the mobile device, the information being received by the mobile device from a Global Navigation Satellite System (GNSS).
5. A method according to any one of claims 1 to 4, wherein the identity of the mobile device is verified by receiving from the mobile device a unique identifier, the unique identifier comprising a code derived from information relating to the mobile device hardware and information received from a GNSS.
6. A method for use in authenticating a transaction comprising: determining token identifying details for a token that is to be used in the transaction; obtaining an authentication key; validating the authentication key with the token identifying details; transmitting information associated with the location of the transaction and the token identifying details to a remote security apparatus; and receiving authorisation information to determine if the transaction can be processed.
7. A method according to claim 6, wherein the information associated with the location of the transaction is derived from information received from a GNSS.
8. A method according to claim 4, 5 or 7, wherein the information received from the GNSS is unprocessed GNSS constellation and timing information.
9. A method according to any one of claims 1 to 8 wherein: the token is a bank card.
10. A transaction authentication apparatus comprising: terminal communication means for communicating with a remote terminal, adapted to receive information identifying a token being used to initiate a transaction; identifying means for identifying a mobile device associated with said token; determining means for determining the location of said mobile device; and comparing means for comparing the location of said mobile device with the location of said remote terminal.
11. An apparatus for use in multi-factor transaction authentication comprising: token reading means; authentication key input means; validating means for validating an authentication key with token identifying information; identifying means for identifying a mobile device associated with said token; determining means for determining the location of said mobile device; and comparing means for comparing the location of said mobile device with the location of said remote terminal.
12. An apparatus according to claim 10 or 11 further comprising: storage means for recording receipt of a signal indicating that a token is enabled for transactions.
13. An apparatus according to any one of claims 10 to 12, further comprising mobile device communication means for receiving GNSS information from the mobile device for determining the location of said mobile device.
14. An apparatus according to any one of claims 10 to 13, wherein the identifying means are adapted to identify the mobile device by receiving from the mobile device a unique identifier code comprising a code derived from information relating to the mobile device hardware and GNSS information.
15. A terminal apparatus for use in authenticating a transaction comprising: token reading means for obtaining token identifying information; authentication key input means for receiving an authentication key; validating means for validating the authentication key with the token identifying information; communication means for transmitting information associated with the location of the terminal apparatus and the token identifying information to a remote security apparatus, and further adapted for receiving token authentication information; and authentication means for authenticating said transaction according to said token authentication Information and the output from said validity means.
16. A terminal apparatus according to claim 15, wherein the information associated with the location of the terminal apparatus is derived from GNSS information received by the terminal apparatus.
17. An apparatus according to claim 13, 14 or 16, wherein the GNSS information is unprocessed GNSS constellation and timing information.
18. A method for use in authenticating a transaction comprising: obtaining an instruction for a mobile device to enter a transaction enabled mode; and transmitting to a remote security apparatus mobile device location information and a unique identifier code.
19. A method according to claim 18, further including: obtaining token information for specifying a token to be enabled for transactions; transmitting token identification information relating to the specified token; receiving confirmation that the token is enabled for transactions; and indicating that the specified token is enabled for transactions.
20. A method according to claim 18 or 19, further comprising: receiving GNSS information for providing the location information that is transmitted.
21. A method according to claim 20, wherein the unique identifier code comprises a code derived from information relating to the mobile device hardware and GNSS information.
22. A method according to claim 20 or 21, wherein the GNSS information used is unprocessed GNSS constellation and timing information.
23. A mobile device for use in authenticating a transaction comprising: an interface for receiving instructions from a user and displaying information; means for selectively switching said mobile device to a transaction enabled mode; location determining means for determining location information relating to the location of the mobile apparatus; a unique identifier code for identifying the apparatus; and communication means for transmitting the location information and unique identifier code when in said transaction enabled mode.
24. A mobile device according to claim 23, wherein the location determining means comprises GNSS receiving means for obtaining GNSS information.
25. A mobile device according to claim 24, wherein the unique identifier code comprises a code derived from information relating to the mobile device hardware and GNSS information.
26. A mobile device according to claim 24 or 25, wherein the GNSS information used is unprocessed GNSS constellation and timing information.
LU91488A 2008-10-17 2008-10-17 Multifactor Authentication LU91488A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
LU91488 2008-10-17
LU91488A LU91488A1 (en) 2008-10-17 2008-10-17 Multifactor Authentication

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
LU91488A LU91488A1 (en) 2008-10-17 2008-10-17 Multifactor Authentication
AU2009305365A AU2009305365A1 (en) 2008-10-17 2009-10-19 Multifactor authentication
PCT/EP2009/063694 WO2010043722A1 (en) 2008-10-17 2009-10-19 Multifactor authentication
RU2011119760/08A RU2011119760A (en) 2008-10-17 2009-10-19 Multi-factor authentication
EP16174286.1A EP3107051A1 (en) 2008-10-17 2009-10-19 Multifactor authentication
EP09741279A EP2350941A1 (en) 2008-10-17 2009-10-19 Multifactor authentication
US13/124,598 US20110202466A1 (en) 2008-10-17 2009-10-19 Multifactor Authentication

Publications (1)

Publication Number Publication Date
LU91488A1 true LU91488A1 (en) 2010-04-19

Family

ID=40622230

Family Applications (1)

Application Number Title Priority Date Filing Date
LU91488A LU91488A1 (en) 2008-10-17 2008-10-17 Multifactor Authentication

Country Status (6)

Country Link
US (1) US20110202466A1 (en)
EP (2) EP3107051A1 (en)
AU (1) AU2009305365A1 (en)
LU (1) LU91488A1 (en)
RU (1) RU2011119760A (en)
WO (1) WO2010043722A1 (en)

Families Citing this family (144)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9830589B2 (en) * 2002-10-01 2017-11-28 Zhou Tian Xing Systems and methods for mobile application, wearable application, transactional messaging, calling, digital multimedia capture, payment transactions, and one touch payment, one tap payment, and one touch service
US20090112767A1 (en) 2007-10-25 2009-04-30 Ayman Hammad Escrow system and method
US20100131415A1 (en) * 2008-11-24 2010-05-27 Research In Motion Limited Electronic payment system including merchant server and associated methods
DE202009019188U1 (en) 2008-12-03 2018-03-06 Entersekt International Limited Authentication of secure transactions
US8121618B2 (en) 2009-10-28 2012-02-21 Digimarc Corporation Intuitive computing methods and systems
US8175617B2 (en) * 2009-10-28 2012-05-08 Digimarc Corporation Sensor-based mobile search, related methods and systems
US8533460B2 (en) * 2009-11-06 2013-09-10 Computer Associates Think, Inc. Key camouflaging method using a machine identifier
US20110213711A1 (en) * 2010-03-01 2011-09-01 Entrust, Inc. Method, system and apparatus for providing transaction verification
DE102010028217A1 (en) * 2010-04-26 2011-10-27 Bundesdruckerei Gmbh Electronic device, telecommunication system and method for reading data from an electronic device
US10002466B2 (en) * 2010-07-21 2018-06-19 Verizon Patent And Licensing Inc. Method and system for providing autonomous car errands
US8576818B2 (en) * 2010-08-10 2013-11-05 Digi International Inc. Location of mobile network nodes
ZA201105985B (en) * 2010-08-31 2012-06-27 Sean Kaplan A method of authorising a transaction
US20120094596A1 (en) * 2010-10-14 2012-04-19 Research In Motion Limited Near-field communication (nfc) system providing nfc tag geographic position authentication and related methods
US8639926B2 (en) * 2010-10-29 2014-01-28 Novell, Inc. Techniques for mobile device authentication
US9489669B2 (en) 2010-12-27 2016-11-08 The Western Union Company Secure contactless payment systems and methods
US8532619B2 (en) * 2010-12-30 2013-09-10 Samsung Electronics Co., Ltd. System for authorizing the use of communication devices by proximity
US9916619B2 (en) * 2011-02-14 2018-03-13 Paypal, Inc. Payment system with location restrictions
US10375133B2 (en) 2011-02-22 2019-08-06 Theatro Labs, Inc. Content distribution and data aggregation for scalability of observation platforms
WO2012115988A2 (en) 2011-02-22 2012-08-30 Expeditus Of Melitene Llc Observation platform for using structured communications
US9407543B2 (en) 2011-02-22 2016-08-02 Theatrolabs, Inc. Observation platform for using structured communications with cloud computing
US9542695B2 (en) 2011-02-22 2017-01-10 Theatro Labs, Inc. Observation platform for performing structured communications
US9686732B2 (en) 2011-02-22 2017-06-20 Theatrolabs, Inc. Observation platform for using structured communications with distributed traffic flow
US10134001B2 (en) 2011-02-22 2018-11-20 Theatro Labs, Inc. Observation platform using structured communications for gathering and reporting employee performance information
US9053449B2 (en) 2011-02-22 2015-06-09 Theatrolabs, Inc. Using structured communications to quantify social skills
US9602625B2 (en) 2011-02-22 2017-03-21 Theatrolabs, Inc. Mediating a communication in an observation platform
US20130060568A1 (en) * 2011-02-22 2013-03-07 Steven Paul Russell Observation platform for performing structured communications
US10204524B2 (en) 2011-02-22 2019-02-12 Theatro Labs, Inc. Observation platform for training, monitoring and mining structured communications
US8688559B2 (en) 2011-03-08 2014-04-01 Bank Of America Corporation Presenting investment-related information on a mobile communication device
US8718612B2 (en) 2011-03-08 2014-05-06 Bank Of American Corporation Real-time analysis involving real estate listings
US8929591B2 (en) 2011-03-08 2015-01-06 Bank Of America Corporation Providing information associated with an identified representation of an object
US8922657B2 (en) 2011-03-08 2014-12-30 Bank Of America Corporation Real-time video image analysis for providing security
US8660951B2 (en) 2011-03-08 2014-02-25 Bank Of America Corporation Presenting offers on a mobile communication device
US9317860B2 (en) 2011-03-08 2016-04-19 Bank Of America Corporation Collective network of augmented reality users
US8582850B2 (en) 2011-03-08 2013-11-12 Bank Of America Corporation Providing information regarding medical conditions
US8721337B2 (en) 2011-03-08 2014-05-13 Bank Of America Corporation Real-time video image analysis for providing virtual landscaping
US8811711B2 (en) 2011-03-08 2014-08-19 Bank Of America Corporation Recognizing financial document images
US9773285B2 (en) 2011-03-08 2017-09-26 Bank Of America Corporation Providing data associated with relationships between individuals and images
US9317835B2 (en) 2011-03-08 2016-04-19 Bank Of America Corporation Populating budgets and/or wish lists using real-time video image analysis
US8611601B2 (en) 2011-03-08 2013-12-17 Bank Of America Corporation Dynamically indentifying individuals from a captured image
US8438110B2 (en) 2011-03-08 2013-05-07 Bank Of America Corporation Conducting financial transactions based on identification of individuals in an augmented reality environment
US9224166B2 (en) 2011-03-08 2015-12-29 Bank Of America Corporation Retrieving product information from embedded sensors via mobile device video analysis
US8873807B2 (en) 2011-03-08 2014-10-28 Bank Of America Corporation Vehicle recognition
US8668498B2 (en) 2011-03-08 2014-03-11 Bank Of America Corporation Real-time video image analysis for providing virtual interior design
US9406031B2 (en) 2011-03-08 2016-08-02 Bank Of America Corporation Providing social impact information associated with identified products or businesses
US20120239572A1 (en) * 2011-03-15 2012-09-20 Ing Bank, Fsb (Dba Ing Direct) Systems and methods for performing financial transactions using active authentication
US10453062B2 (en) 2011-03-15 2019-10-22 Capital One Services, Llc Systems and methods for performing person-to-person transactions using active authentication
US20120239570A1 (en) * 2011-03-15 2012-09-20 Ing Bank, Fsb (Dba Ing Direct) Systems and methods for performing ATM transactions using active authentication
US8904289B2 (en) * 2011-04-21 2014-12-02 Touchstream Technologies, Inc. Play control of content on a display device
WO2012174427A2 (en) * 2011-06-16 2012-12-20 OneID Inc. Method and system for determining authentication levels in transactions
US20130018787A1 (en) * 2011-07-14 2013-01-17 Bank Of America Corporation Atm provided payment process
US9557807B2 (en) * 2011-07-26 2017-01-31 Rackspace Us, Inc. Using augmented reality to create an interface for datacenter and systems management
EP2551814A1 (en) * 2011-07-29 2013-01-30 Pacifica Beteiligungsgesellschaft mbH Method for authenticating a person authorised to access a transaction terminal
US20130036050A1 (en) * 2011-08-02 2013-02-07 Bank Of America Corporation System and method for using a near field communication device to conduct a transaction with an alias
EP2748801B1 (en) * 2011-08-26 2020-04-29 Life Technologies Corporation Systems and methods for identifying an individual
US8433288B2 (en) * 2011-09-13 2013-04-30 Bank Of America Corporation Multilevel authentication
US9204298B2 (en) * 2011-09-13 2015-12-01 Bank Of America Corporation Multilevel authentication
US9239916B1 (en) * 2011-09-28 2016-01-19 Emc Corporation Using spatial diversity with secrets
US10225242B2 (en) 2011-10-25 2019-03-05 Salesforce.Com, Inc. Automated authorization response techniques
EP2772078B1 (en) * 2011-10-25 2018-02-21 Salesforce.Com, Inc. Two-factor authentication systems and methods
US9210150B2 (en) 2011-10-25 2015-12-08 Salesforce.Com, Inc. Two-factor authentication systems and methods
US10225264B2 (en) 2011-10-25 2019-03-05 Salesforce.Com, Inc. Automated authorization response techniques
US10212588B2 (en) 2011-10-25 2019-02-19 Salesforce.Com, Inc. Preemptive authorization automation
RU2576586C2 (en) 2011-10-31 2016-03-10 Мани Энд Дэйта Протекшн Лиценц Гмбх Унд Ко.Кг Authentication method
US20130127591A1 (en) 2011-11-20 2013-05-23 International Business Machines Corporation Secure facilities access
US8918855B2 (en) * 2011-12-09 2014-12-23 Blackberry Limited Transaction provisioning for mobile wireless communications devices and related methods
US20130151411A1 (en) * 2011-12-09 2013-06-13 Worldpasskey, Inc. Digital authentication and security method and system
ES2552048T3 (en) * 2012-02-07 2015-11-25 Izettle Merchant Services Ab PIN check on a "Hub and Spoke" network
US20140053250A1 (en) * 2012-02-10 2014-02-20 University Of Utah Research Foundation Access to Web Application via a Mobile Computing Device
US9151823B2 (en) * 2012-02-24 2015-10-06 Broadcom Corporation Wireless communication device capable of accurately performing position estimations
US9697346B2 (en) * 2012-03-06 2017-07-04 Cisco Technology, Inc. Method and apparatus for identifying and associating devices using visual recognition
US9047602B2 (en) * 2012-06-08 2015-06-02 GM Global Technology Operations LLC In-vehicle mobile transactions
US20150142544A1 (en) * 2012-06-15 2015-05-21 Edatanetworks Inc. Systems and method for incenting consumers
WO2014008922A1 (en) * 2012-07-09 2014-01-16 Izettle Merchant Services Ab Method for hub and spokes pin verification for credit cards with card information stored in a magnetic stripe
US8738454B2 (en) * 2012-07-23 2014-05-27 Wal-Mart Stores, Inc. Transferring digital receipt data to mobile devices
US8843398B2 (en) * 2012-07-23 2014-09-23 Wal-Mart Stores, Inc. Transferring digital receipt data to mobile devices
US8787902B2 (en) * 2012-10-31 2014-07-22 Irevo, Inc. Method for mobile-key service
US9355231B2 (en) * 2012-12-05 2016-05-31 Telesign Corporation Frictionless multi-factor authentication system and method
US9026787B2 (en) * 2012-12-09 2015-05-05 International Business Machines Corporation Secure access using location-based encrypted authorization
US9858571B2 (en) * 2013-01-02 2018-01-02 Mastercard International Incorporated Methods and systems for mitigating fraud losses during a payment card transaction
US10386492B2 (en) * 2013-03-07 2019-08-20 Trimble Inc. Verifiable authentication services based on global navigation satellite system (GNSS) signals and personal or computer data
US20150012451A1 (en) * 2013-03-12 2015-01-08 Scala Hosting Llc Social network prestige program
US9510193B2 (en) 2013-03-15 2016-11-29 Qualcomm Incorporated Wireless networking-enabled personal identification system
US9246892B2 (en) 2013-04-03 2016-01-26 Salesforce.Com, Inc. System, method and computer program product for managing access to systems, products, and data based on information associated with a physical location of a user
WO2014163530A1 (en) * 2013-04-04 2014-10-09 Klochkov Alexey Anatolievich Interactive system for monitoring the sale of motor fuel in a filling station chain by processing geotagged data
US9438576B2 (en) * 2013-06-12 2016-09-06 Luiz M Franca-Neto Apparatus and method for validation and authorization of device and user by global positioning and non-prompted exchange of information
WO2014204368A1 (en) * 2013-06-20 2014-12-24 Telefonaktiebolaget L M Ericsson (Publ) A method and a network node in a communication network for correlating information of a first network domain with information of a second network domain
US20150019394A1 (en) * 2013-07-11 2015-01-15 Mastercard International Incorporated Merchant information correction through transaction history or detail
GB2516828A (en) * 2013-07-25 2015-02-11 Visa Europe Ltd Processing electronic tokens
US9948359B2 (en) 2013-09-20 2018-04-17 At&T Intellectual Property I, L.P. Secondary short-range wireless assist for wireless-based access control
EP2869176A3 (en) * 2013-10-10 2015-06-24 Lg Electronics Inc. Mobile terminal and method of controlling therefor
WO2015061977A1 (en) 2013-10-30 2015-05-07 Hewlett-Packard Development Company, L.P. User authentication
US10489778B2 (en) 2013-11-24 2019-11-26 Zanguli Llc Secure payment card
SG10201400156QA (en) * 2014-02-04 2015-09-29 Smart Communications Inc Transaction system and method
US20150242840A1 (en) * 2014-02-25 2015-08-27 Jpmorgan Chase Bank, N.A. Systems and methods for dynamic biometric configuration compliance control
US9344419B2 (en) 2014-02-27 2016-05-17 K.Y. Trix Ltd. Methods of authenticating users to a site
US9721248B2 (en) * 2014-03-04 2017-08-01 Bank Of America Corporation ATM token cash withdrawal
JP2015172884A (en) * 2014-03-12 2015-10-01 株式会社東芝 Electronic apparatus, system and method
US9332018B2 (en) 2014-04-03 2016-05-03 Prote. Us Converged Systems Corporation Method and system for secure authentication
CN105099673A (en) * 2014-04-15 2015-11-25 阿里巴巴集团控股有限公司 Authorization method, authorization requesting method and devices
US10021563B2 (en) * 2014-04-29 2018-07-10 Alcatel Lucent Enhanced authentication for provision of mobile services
US9064376B1 (en) 2014-06-06 2015-06-23 Aviel David Rubin Utilization of multiple devices to secure online transactions
CN104134140A (en) * 2014-07-23 2014-11-05 南宁市锋威科技有限公司 Mobile phone payment system
US9679152B1 (en) 2014-07-24 2017-06-13 Wells Fargo Bank, N.A. Augmented reality security access
US9477852B1 (en) 2014-07-24 2016-10-25 Wells Fargo Bank, N.A. Augmented reality numberless transaction card
CN105376286B (en) * 2014-08-29 2019-12-10 阿里巴巴集团控股有限公司 Method and device for acquiring position information
US9508207B2 (en) * 2014-09-12 2016-11-29 Storycloud Incorporated Method and apparatus for network controlled access to physical spaces
US9576255B2 (en) 2014-09-12 2017-02-21 Storycloud Incorporated Method and apparatus for network controlled ticket access
JP6413627B2 (en) * 2014-10-27 2018-10-31 凸版印刷株式会社 User authentication system and user authentication method
EP3018876B1 (en) * 2014-11-05 2020-01-01 Vodafone IP Licensing limited Monitoring of signalling traffic
US9380421B1 (en) 2014-11-07 2016-06-28 Wells Fargo Bank, N.A. Multi-channel geo-fencing systems and methods
US10154372B1 (en) 2014-11-07 2018-12-11 Wells Fargo Bank, N.A. Real-time custom interfaces through multi-channel geo-fencing
EP3029960A1 (en) * 2014-12-05 2016-06-08 Greenspider gmbh Resource control apparatus, server apparatus and method for controlling a resource
GB2533333A (en) * 2014-12-16 2016-06-22 Visa Europe Ltd Transaction authorisation
AU2015372419A1 (en) * 2014-12-22 2017-04-20 In4Ma Pty Ltd Unlocking of a computer readable medium or of an electronic process using a computer readable medium
US20160189158A1 (en) * 2014-12-29 2016-06-30 Ebay Inc. Authenticating requests to access accounts based on prior requests
US20160267516A1 (en) 2015-03-11 2016-09-15 Comenity Llc Providing mobile loyalty services in a geo-fencing area via a single native mobile application
IN2015DE02096A (en) * 2015-07-10 2015-07-31 Comviva Technologies Ltd
CN106485488A (en) * 2015-08-26 2017-03-08 中兴通讯股份有限公司 Based on the existing determination method and device of point-of-sale terminal POS sleeve
CN106529952A (en) * 2015-09-09 2017-03-22 腾讯科技(深圳)有限公司 Verification realizing method and system in data transfer
US10069781B2 (en) 2015-09-29 2018-09-04 Theatro Labs, Inc. Observation platform using structured communications with external devices and systems
US20170148018A1 (en) * 2015-11-10 2017-05-25 Pavel Levin Method and system for network communication
US20170345006A1 (en) * 2016-05-27 2017-11-30 Mastercard International Incorporated Systems and methods for location data verification
US10453060B2 (en) 2016-05-27 2019-10-22 Mastercard International Incorporated Systems and methods for authenticating a requestor at an ATM
US10581988B2 (en) 2016-06-08 2020-03-03 Bank Of America Corporation System for predictive use of resources
US10129126B2 (en) 2016-06-08 2018-11-13 Bank Of America Corporation System for predictive usage of resources
US10178101B2 (en) 2016-06-08 2019-01-08 Bank Of America Corporation System for creation of alternative path to resource acquisition
US10433196B2 (en) 2016-06-08 2019-10-01 Bank Of America Corporation System for tracking resource allocation/usage
US10291487B2 (en) 2016-06-08 2019-05-14 Bank Of America Corporation System for predictive acquisition and use of resources
RU2616154C1 (en) * 2016-06-09 2017-04-12 Максим Вячеславович Бурико Means, method and system for transaction implementation
EP3276561A1 (en) * 2016-07-27 2018-01-31 Centre National d'Etudes Spatiales Authentication tag, device, system and method
RU2642360C1 (en) * 2016-09-14 2018-01-24 Общество с ограниченной ответственностью "Мобильные платежные технологии" (ООО "МПТ") Method of initializing bank transactions without using pos-terminals and system for its implementation
US10380567B2 (en) * 2016-09-30 2019-08-13 Capital One Services, Llc Systems and methods for providing cash redemption to a third party
RU2659744C1 (en) * 2016-12-15 2018-07-03 Общество с ограниченной ответственностью "Технологии" Method of verification of payment transactions by the personal buyer's device
US20180181955A1 (en) * 2016-12-22 2018-06-28 Mastercard International Incorporated Systems and methods for processing data messages from a user vehicle
DE102017002682A1 (en) 2017-03-20 2018-09-20 Saša Kostić Procedures around without credit cards, debit cards or other cards with at least one chip or magnetic stripe on which at least one card record is stored, and without Internet, Intranet, Bluetooth, W-LAN, LAN, TCP / IP or other protocols, cash at all ATM (cash dispensers) in the world, where GPS and SMS reception is possible, to shop in all shops or to withdraw money
US10122889B1 (en) 2017-05-08 2018-11-06 Bank Of America Corporation Device for generating a resource distribution document with physical authentication markers
US10621363B2 (en) 2017-06-13 2020-04-14 Bank Of America Corporation Layering system for resource distribution document authentication
US10511692B2 (en) 2017-06-22 2019-12-17 Bank Of America Corporation Data transmission to a networked resource based on contextual information
US10313480B2 (en) 2017-06-22 2019-06-04 Bank Of America Corporation Data transmission between networked resources
US10524165B2 (en) 2017-06-22 2019-12-31 Bank Of America Corporation Dynamic utilization of alternative resources based on token association
US10216917B2 (en) 2017-07-17 2019-02-26 International Business Machines Corporation Identity validation using local environment information
CN107835247A (en) * 2017-11-08 2018-03-23 中国科学技术大学 A kind of credit accreditation, safeguards system and method
FR3076922A1 (en) * 2018-01-12 2019-07-19 Ingenico Group Method for determining an association between a banking card and a communication terminal, device, system and program thereof
EP3641348A1 (en) * 2018-10-16 2020-04-22 Telia Company AB Access to a service

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020070273A1 (en) * 2000-10-04 2002-06-13 Nec Corporation Authentication system using information on position
WO2003067506A2 (en) * 2002-02-06 2003-08-14 Citibank, N.A. Method and system of transaction card fraud mitigation utilizing location based services
WO2004070492A2 (en) * 2003-02-03 2004-08-19 Mega-Tel Ag/Sa Verification of credit card transactions
WO2005073934A1 (en) * 2004-01-28 2005-08-11 Aron Matalon Method and system for authenticating credit transactions

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6114991A (en) * 1997-09-11 2000-09-05 Lucent Technologies, Inc. Auxiliary system for assisting a wireless terminal in determining its position from signals transmitted from a navigation satellite
WO2001017298A1 (en) * 1999-09-02 2001-03-08 Automated Business Companies Communication and proximity authorization systems
SE518059C2 (en) * 2000-12-22 2002-08-20 Payment Security Sweden Ab Method for increasing the security of payments made with credit and debit cards
JP2002269350A (en) * 2001-03-14 2002-09-20 Hitachi Ltd Transaction settlement method, transaction settlement system and portable communication terminal used therefor and settlement terminal for member store
US7606560B2 (en) * 2002-08-08 2009-10-20 Fujitsu Limited Authentication services using mobile device
US7548886B2 (en) * 2003-06-12 2009-06-16 International Business Machines Corporation System and method for early detection and prevention of identity theft
US7559081B2 (en) * 2003-09-18 2009-07-07 Alcatel-Lucent Usa Inc. Method and apparatus for authenticating a user at an access terminal
EP2797020A3 (en) * 2003-09-30 2014-12-03 Broadcom Corporation Proximity authentication system
US7221949B2 (en) * 2005-02-28 2007-05-22 Research In Motion Limited Method and system for enhanced security using location-based wireless authentication
WO2007004224A1 (en) * 2005-07-05 2007-01-11 Mconfirm Ltd. Improved location based authentication system
US20070084913A1 (en) * 2005-10-18 2007-04-19 Capital One Financial Corporation Systems and methods for authorizing a transaction for a financial account
EP1802155A1 (en) * 2005-12-21 2007-06-27 Cronto Limited System and method for dynamic multifactor authentication
EP1901088A1 (en) * 2006-09-18 2008-03-19 Cambridge Positioning Systems Limited Integrated mobile-terminal navigation
US9135620B2 (en) * 2008-02-08 2015-09-15 Microsoft Technology Licensing, Llc Mobile device security using wearable security tokens
US8615465B2 (en) * 2008-07-08 2013-12-24 International Business Machines Corporation Real-time security verification for banking cards
US8295898B2 (en) * 2008-07-22 2012-10-23 Bank Of America Corporation Location based authentication of mobile device transactions

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020070273A1 (en) * 2000-10-04 2002-06-13 Nec Corporation Authentication system using information on position
WO2003067506A2 (en) * 2002-02-06 2003-08-14 Citibank, N.A. Method and system of transaction card fraud mitigation utilizing location based services
WO2004070492A2 (en) * 2003-02-03 2004-08-19 Mega-Tel Ag/Sa Verification of credit card transactions
WO2005073934A1 (en) * 2004-01-28 2005-08-11 Aron Matalon Method and system for authenticating credit transactions

Also Published As

Publication number Publication date
EP2350941A1 (en) 2011-08-03
EP3107051A1 (en) 2016-12-21
RU2011119760A (en) 2012-11-27
WO2010043722A1 (en) 2010-04-22
US20110202466A1 (en) 2011-08-18
AU2009305365A1 (en) 2010-04-22

Similar Documents

Publication Publication Date Title
US20170308894A1 (en) Systems and methods for performing file distribution and purchase
US10049360B2 (en) Secure communication of payment information to merchants using a verification token
US20180114210A1 (en) Secure payments with untrusted devices
RU2710897C2 (en) Methods for safe generation of cryptograms
US9467292B2 (en) Hardware-based zero-knowledge strong authentication (H0KSA)
US9531548B2 (en) Security system for handheld wireless devices using time-variable encryption keys
US10120993B2 (en) Secure identity binding (SIB)
US9372971B2 (en) Integration of verification tokens with portable computing devices
US10289999B2 (en) System and method for secured account numbers in proximity devices
US20180068298A1 (en) Trusted remote attestation agent (traa)
US9904919B2 (en) Verification of portable consumer devices
JP6479769B2 (en) Method and system for providing locking function of customer control account
AU2012303620B2 (en) System and method for secure transaction process via mobile device
KR20160101117A (en) Cloud-based transactions methods and systems
US8827154B2 (en) Verification of portable consumer devices
US20160155114A1 (en) Smart communication device secured electronic payment system
US8281991B2 (en) Transaction secured in an untrusted environment
US7784106B2 (en) Manufacturing unique devices that generate digital signatures
US8229852B2 (en) Secure mobile payment system
JP5959410B2 (en) Payment method, payment server for executing the method, program for executing the method, and system for executing the same
Heydt-Benjamin et al. Privacy for public transportation
JP4097040B2 (en) Tokenless identification system for approval of electronic transactions and electronic transmissions
US8527427B2 (en) Method and system for performing a transaction using a dynamic authorization code
US7021534B1 (en) Method and apparatus for providing secure document distribution
EP2248295B1 (en) System and method for wireless device based user authentication