SG175858A1

SG175858A1 - Remote user authentication and apparatus verification

Info

Publication number: SG175858A1
Application number: SG2011080603A
Authority: SG
Inventors: Pui Wa Billy Au; Fung Ying Ho
Original assignee: Pui Wa Billy Au; Fung Ying Ho
Priority date: 2009-05-04
Filing date: 2009-05-04
Publication date: 2011-12-29
Also published as: WO2010128356A3; WO2010128356A2

Abstract

The present application provides a method and system for remote user authentication and apparatus verification applicable to secured mobile payment using pre-paid stored value cards and general multi-factor authentication employing one-time passcodes (OTPs). A user having knowledge of a user security code, an apparatus OTP and a transformation function easily derives a transformed security code for submission to a service provider. Data encryption is not required to secure the code nor the communication channel. The service provider system retrieves from its database a valid user security code associated with the user, a plurality of valid appliance OTPs and the corresponding transformation functions in a verification process wherein the system determines whether the submitted transformed security code can be mapped to any one of the valid apparatus OTPs.

Description

REMOTE USER AUTHENTICATION AND APPARATUS VERIFICATION

FIELD OF THE INVENTION

The present invention relates to user authentication and apparatus verification.

More particularly, remote user authentication and verification of an apparatus capable of displaying or generating a one-time passcode (OTP), which may be the card number as- sociated with a pre-paid scratch card or a one-time password generated by an OTP secu- rity token, are achieved by means of an unencrypted security code transformed from a user security code and the OTP.

BACKGROUND OF THE INVENTION

Without the use of application-level cryptographic protection, conventional pre-paid cards are not directly usable for mobile payment, reload and remittance applications as user-submitted card numbers in clear text may be intercepted along the paths of commu- nication between the user mobile devices and the remote server application hosted by a service provider. This is particularly vulnerable when mobile originated payment messages are routed through communications gateways, such as short message services (SMS) gateways, over which the operator providing such payment and remittance services has little control.

The present invention ensures secure payment transactions by accomplishing user authentication and card verification without resorting to additional data encryption other than that provided by the native cellular systems. The requirements for such additional en- cryption capabilities are not easily achieved in mass-market cellular telephony devices as a result of limited device processing power available for cryptographic computations, com- plex encryption key management and tedious hardware and software installation neces- sary for enabling user mobile devices to protect data as desired. The problems have hin- dered the commercialization of general mobile payment applications.

The present invention transforms the unique card number of a pre-paid card with a user security code using a transformation function. The user security code and transforma- tion function are secrets shared between the user and the service provider. The trans- formed security code, which can easily be worked out or looked up by the user, is sent to the payment operator or service provider via a mobile device. No application-level encryp-

tion is required to protect the payment text message. Each transformed security code is embedded with sufficient information for the service provider to perform card verification as well as user authentication.

The present invention is effective against a variety of security attacks including brute force, dictionary, replay, phishing and Man-in-the-Middle attacks.

In the above-described mobile payment application, the pre-paid cards are the ap- paratus to be verified and the card number printed and protected on each of the pre-paid cards is the unique one-time passcode (OTP) known to the service provider. In addition, the present invention can be used to boost the security level of a general OTP verification process employed in a two- or multi-factor authentication system, commonly used to au- thenticate a user by verifying the user password, login code, and other identifications in- cluding session- or time-based OTP generated by a hardware token, mobile application or transmitted from the service provider to the user mobile device via text messaging.

For conventional multi-factor authentication using one-time passcodes, the submit- ted OTP helps prevent replay attacks. Nonetheless, the use of conventional OTP has little effect on the prevention of phishing and Man-in-the-Middle attacks in which the OTP to- gether with the user credentials are intercepted, such as using a forged website, by an im- poster for illegitimate use. Thereby, the present invention can be used to strengthen gen- eral OTP applications.

SUMMARY OF THE INVENTION

A method of remote user authentication and apparatus verification is provided. In the method, a user has knowledge of a user security code (Cyser'), an apparatus one-time passcode (Cotp') associated with an apparatus and a transformation function (f;') associ- ated with the apparatus one-time passcode (OTP) or the user, and a service provider sys- tem has system database for storing records of a plurality of valid user identifiers, a plural- ity of valid user security codes (Cuser) One of which may match the user security code

Cuser, a plurality of valid appliance one-time passcodes (Cotp) One of which may match the apparatus one-time passcode Cotp', and a plurality of valid transformation functions (f;) each of which is associated with at least one of the valid appliance one-time passcodes

Corp Or at least one of the user identifiers, and the method begins with the user deriving a transformed security code Ct' using the user security code Cser', apparatus one-time passcode Cotp' and the transformation function f, followed by the user submitting the transformed security code C+’ to the service provider system, followed by the service pro- vider system retrieving and identifying a valid user security code Cyser associated with the user, followed by the service provider system examining the valid user security code Cyser retrieved, the submitted transformed security code Ct, the valid apparatus one-time pass- codes Corp and valid transformation functions f; in a verification process wherein the ser- vice provider system determines whether the submitted transformed security code C+' can be mapped to any one of the valid apparatus one-time passcodes Corp, and the user be- ing a legitimate user and the apparatus being a legitimate apparatus if the verification process yields a positive outcome in which the submitted transformed security code Ct’ can be mapped to one valid apparatus one-time passcode Corp.

Each of the apparatus one-time passcodes Cote’, user security code Cyser', trans- formed security code C+', valid apparatus one-time passcodes Corp and valid user security codes Cyser iS a data string comprising a plurality of characters which belong to a character set S comprising one or a plurality of character types including alphabets, numbers, ideo- grams and logograms of any language, and the members of the character set S being as- signed with position values derived from a predetermined transformation, sequence or lookup table that uniquely maps each member of S to a value indicating, directly or indi- rectly, the positions of the members in S.

The transformation function fi’ is capable of uniquely mapping an apparatus one- time passcode Cotp' and a user security code Cyser' tO a transformed security code Ct’, and each of the valid transformation functions f;is capable of uniquely mapping a valid ap- paratus one-time passcode Corp and a valid user security code Csr to a possible trans- formed security code (p_Cr) used for comparison against the transformed security code

C+' submitted by the user in the verification process.

The transformation function f{ comprises a mapping function f' that uses the user security code Csr to convert K out of the total of | characters of the apparatus one-time passcode Corp’ to K transformed characters which are combined with the remaining (K — I) un-transformed characters of the apparatus one-time passcode Corp’ to form the trans- formed security code C+’, and each of the valid transformation functions f; comprises a mapping function f, which uses the valid user security code Cyser to convert K out of the total of | characters of the corresponding valid apparatus one-time passcode Corp to K transformed characters which are combined with the remaining (K — I) un-transformed characters of the valid apparatus one-time passcode Corp to form the possible trans-

formed security code p_Cr, where | is the number of characters in each of the apparatus one-time passcode Corp’, valid apparatus one-time passcode Corp, transformed security code Ct' and possible transformed security codes p_Cr, and K is the number of trans- formed characters and the number of characters in the user security code Cyser' and valid user security code Cyser, and | is greater than or equal to K.

The positions of the un-transformed characters in the transformed security code C+' and possible transformed security code p_Ct may be identical to their respective positions in the apparatus one-time passcode Cotp' and valid apparatus one-time passcode Corp respectively. The positions of the transformed characters in the transformed security code

Ct and possible transformed security code p_Ct may be identical to their respective posi- tions in the apparatus one-time passcode Cotp' and valid apparatus one-time passcode

Corp respectively.

Each of the valid transformation functions may be an inverse of the f; and denoted asf’, and f;’ comprises an inverse mapping function f,”" which is an inverse of the f,,, and fuses the valid user security code Cuser to recover the K original characters of the appa- ratus one-time passcode Cotp' from the K transformed characters out of the total of | char- acters of the received transformed security code C+' and the K original characters are combined with the remaining (K — I) un-transformed characters of the received trans- formed security code C+' to recover the apparatus one-time passcode Cotp'.

The mapping function 7,’ may derive each of the transformed characters in the transformed security code C+' by replacing the characters to be transformed in the appara- tus one-time passcode Corp’ by the corresponding characters of the user security code

Cuser , and the mapping function f,, may derive each of the transformed characters in the possible transformed security code p_Cr by replacing the characters to be transformed in the valid apparatus one-time passcode Corp by the corresponding characters of the valid user security code Cyser.

The mapping function 7, may derive each of the transformed characters in the transformed security code Ct’ using a mapping process in which the position of each of the transformed characters in the character set S is the position value of the character to be transformed offset by a value associated with the position value of the corresponding character of the user security code Cs,’ in the same character set S, and the mapping function 7, may derive each of the transformed characters in the possible transformed se- curity code p_Cr using a mapping process in which the position of each of the transformed characters in the character set S is the position value of the character to be transformed offset by a value associated with the position value of the corresponding character of the valid user security code Cyser in the same character set S. The mapping process may be a count up process in which the position of each of the transformed characters in the charac- terset Sis the position value of the character to be transformed incremented by the posi- tion value of the corresponding character of the user security code Cyser Or valid user se- curity code Cyser in the character set S. The mapping process may also be a count down process in which the position of each of the transformed characters in the character set S is the position value of the character to be transformed subtracted by the position value of the corresponding character of the user security code C,se' Or valid security code Cyger in the character set S. The position value of each of the transformed characters may be sub- tracted by the total number of characters in the character set S if the position value is greater than the total number of characters in the character set S, and the position value of each of the transformed characters may be incremented by the total number of characters in the character set S if the position value is less than the total number of characters in the character set S.

The mapping function 7, may be a random function mapping each of the apparatus one-time passcode Corp’ characters to be transformed and the corresponding character of the user security code Cyser tO the corresponding transformed character, and the mapping function f,; may also be a random function mapping each of the valid apparatus one-time passcode Corp characters to be transformed and the corresponding character of the valid user security code Cser t0 the corresponding transformed character. The possible inputs and outputs of the random mapping function 7,’ may be printed or displayed on the appa- ratus in the form of a lookup table tabulating transformed characters as a function of each of the possible characters in the user security code Cyser' and, if applicable, of each of the possible characters to be transformed.

The positions of the characters to be transformed in the apparatus one-time pass- code Cotp' and valid apparatus one-time passcode Cote may be selected by the user and the service provider system may not have prior knowledge of the positions of the charac- ters to be transformed. The verification process begins with the service provider system retrieving sequentially or systematically the valid apparatus one-time passcodes Corp and their respective valid transformation functions f; stored in the system database, the process further evaluates all the possible transformed security codes p_Cr+ for each of the valid ap-

paratus one-time passcodes Corp retrieved using the valid user security code Csr identi- fied, the corresponding valid transformation function f; retrieved and all possible combina- tions of the positions of the characters to be transformed, the process further determines whether any of the possible transformed security codes p_Cr evaluated being identical to the transformed security code C+' submitted by the user, and if one of the possible trans- formed security codes p_Crevaluated being identical to the transformed security code Ct’, then the verification process terminating with a positive outcome, otherwise the service provider system will retrieve the next valid apparatus one-time passcode Corp and the cor- responding valid transformation function f;, and repeat the above-the steps until the verifi- cation process has produced a positive outcome or all the valid apparatus one-time pass- codes Corp stored in the system database have been retrieved for examination in the veri- fication process. The verification process may begin with the service provider system re- trieving sequentially or systematically the valid apparatus one-time passcodes Cotp and their respective valid transformation functions f;” stored in the system database, followed by evaluating all the possible apparatus one-time passcodes (p_Cortp) for the received transformed security code C+' using the valid user security code Csr identified, the corre- sponding valid transformation function f;” retrieved and all possible combinations of the positions of the characters to be transformed, followed by determining whether any of the possible apparatus one-time passcodes p_Cotp evaluated being identical to the valid ap- paratus one-time passcode Corp retrieved, and if one of the possible apparatus one-time passcodes p_Cotp evaluated being identical to the valid apparatus one-time passcode

Corp retrieved, then the verification process terminating with a positive outcome, otherwise the service provider system will retrieve the next valid apparatus one-time passcode Corp and the corresponding valid transformation function f., and repeat the above-the steps until the verification process has produced a positive outcome or all the valid apparatus one-time passcodes Corp stored in the system database have been retrieved for examina- tion in the verification process.

The service provider system may have prior knowledge of the positions of the char- acters to be transformed in the apparatus one-time passcode Corp’ and the service pro- vider system may have the positions of the characters to be transformed stored in the sys- tem database. The positions of the characters to be transformed may be displayed, la- belled, highlighted or marked on the apparatus for the user to derive the transformed secu- rity code C+’. The verification process may begin with the service provider system retriev-

ing sequentially or systematically the valid apparatus one-time passcodes Corp, their re- spective valid transformation functions f;and positions of transformed characters stored in the system database, followed by evaluating the possible transformed security code p_Cr for each of the valid apparatus one-time passcodes Corp retrieved using the valid user se- curity code Csr identified and the corresponding valid transformation function f; retrieved, followed by determining whether the possible transformed security code p_Ct evaluated being identical to the transformed security code Ct' submitted by the user, and if the pos- sible transformed security code p_Cr evaluated being identical to the transformed security code C+’, then the verification process terminating with a positive outcome, otherwise the service provider system will retrieve the next valid apparatus one-time passcode Corp, the corresponding valid transformation function f;and positions of transformed characters, and repeat the above-the steps until the verification process has produced a positive outcome or all the valid apparatus one-time passcodes Cotp stored in the system database have been retrieved for examination in the verification process. The verification process may also begin with the service provider system retrieving sequentially or systematically the valid apparatus one-time passcodes Corp, their respective valid transformation functions f " and positions of transformed characters stored in the system database, followed by evaluating the possible apparatus one-time passcode p_Corp for the submitted trans- formed security code C+' using the valid user security code Csr identified and the corre- sponding valid transformation function f" retrieved for each of the valid apparatus one- time passcodes Corp, followed by determining whether the possible apparatus one-time passcode p_Cortp value evaluated being identical to the valid apparatus one-time pass- code Corp retrieved, and if the possible apparatus one-time passcode p_ Corp evaluated being identical to the valid apparatus one-time passcode Corp retrieved, then the verifica- tion process terminating with a positive outcome, otherwise the service provider system will retrieve the next valid apparatus one-time passcode Cotp, the corresponding valid transformation function f;” and positions of transformed characters, and repeat the above- the steps until the verification process has produced a positive outcome or all the valid ap- paratus one-time passcodes Corp stored in the system database have been retrieved for examination in the verification process.

The apparatus may be a pre-paid stored value card carrying a unique apparatus

OTP which is a card security code printed under an opaque security seal that can be scratched off by the user to reveal the apparatus OTP, and the security seal is designed for one-time use to prevent the user to re-seal after the seal has been broken, opened, lifted or removed. The positions of the characters to be transformed may be highlighted or marked on the pre-paid stored value card and printed under the opaque security seal. The transformation function f;' may be printed on the pre-paid stored value card under the opaque security seal. The mapping function f,;' may be printed on the pre-paid stored value card under the opaque security seal. The valid apparatus one-time passcodes Corp stored in the system database being the card OTPs or card numbers of all the issued pre- paid stored value cards.

The apparatus may be an OTP generator with the generated OTP values Corp’ known to the service provider system. The positions of the characters to be transformed may be displayed on the OTP generator. The transformation function i’ may be displayed on the OTP generator. The mapping function f,,' may be displayed on the OTP generator.

The OTP generator can be of any type including hardware OTP token, software OTP gen- eration applications executed on mobile devices and computing devices, and OTP sent to the user's mobile device.

The user security code Cyser' is a secret shared between the user and the service provider system and the user security code Cyser may be set or chosen by the user or as- signed by the service provider system. The user identifier may be a user identification number, a calling party identification number, or the user telephone number. The trans- formed security code Ct" may be submitted to the service provider system via a telecom- munications link including cellular link, mobile link and the Internet via emails, online web access over the Internet, wireless application protocol (WAP) and general packet radio service (GPRS), as well as short message services (SMS) and equivalent messaging ap- plications.

A system for remote user authentication and apparatus verification is provided. The system comprises an apparatus possessed by a user capable of displaying or generating an apparatus one-time passcode (Cotp'), a user security code (Cyser') being a shared se- cret between the user and a service provider system, a transformation function (f;) associ- ated with the apparatus one-time passcode (OTP) or the user, the service provider system has system database for storing records of a plurality of valid user identifiers, a plurality of valid user security codes (Cyser) One of which may match the user security code Csr, @ plurality of valid appliance one-time passcodes (Corp) one of which may match the appa- ratus one-time passcode Cotr', and a plurality of valid transformation functions (f;) each of which is associated with at least one of the valid appliance one-time passcodes Corp Or at least one of the user identifiers, and in the system, the user derives a transformed security code Ct' using the user security code Cyser, apparatus one-time passcode Corp’ and the transformation function fy’ associated with the apparatus or the user, the user further sub- mits the transformed security code C+' to the service provider system, the service provider system retrieves a valid user security code Cyser associated with the user, the service pro- vider system examines the valid user security code Cyser identified, the submitted trans- formed security code C+', the valid apparatus one-time passcodes Corp and valid trans- formation functions f; in a verification process wherein the service provider system deter- mines whether the submitted transformed security code C+' can be mapped to any one of the valid apparatus one-time passcodes Cotp, and the user being a legitimate user and the apparatus being a legitimate apparatus if the verification process yields a positive outcome in which the submitted transformed security code Ct' can be mapped to one valid appara- tus one-time passcode Corp.

BRIEF DESCRIPTION

Embodiments according to the present invention will now be described with refer- ence to the following figures, in which like reference numerals denote like elements.

FIG. 1 illustrates a mobile payment system configured to implement the user au- thentication and apparatus verification processes of the present invention.

FIG. 2 illustrates the general data formats of the apparatus OTP / card security code, user security code and transformed security code of FIG. 1.

FIG. 3 illustrates an embodiment of the transformation function of FIG. 1 & FIG. 2.

FIG. 4 illustrates the pre-paid card capable of concealing additional confidential in- formation including the mapping function of FIG. 3.

FIG. 5 illustrates an embodiment of the inverse transformation function stored in the service provider system of FIG. 1.

FIG. 6 illustrates a first embodiment of the verification process flow implemented by the mobile payment system of FIG. 1 using the inverse transformation func- tion of FIG. 5.

FIG. 7 illustrates a second embodiment of the verification process flow implemented by the mobile payment system of FIG. 1.

FIG. 8 illustrates a mobile or online application configured to implement the general multi-factor user authentication and OTP verification processes of the pre- sent invention.

DETAILED DESCRIPTION

Pre-paid stored value cards 110 each of which carries a unique apparatus one-time passcode Corp’ 120 in the form of a card security code 120 printed under an opaque secu- rity seal 115 are provided. A user acquires one of the pre-paid cards 110 and scratches off the opaque security seal 115 to reveal the card security code Cotp' 120. The user further evaluates a transformed security code C+1' 140 by transforming the revealed card security code Corp’ 120 with a user security code Cuser 130 and a transformation function 7; 150.

Primed symbols denote variables, parameters and constants associated with codes and functions known to the user, whereas symbols without any prime denote variables, parameters and constants associated with codes and functions stored in the database of the service provider system 165.

The user security code Cyser' 130 is a secret shared between the user and the ser- vice provider system 165. The transformation function f;' 150 is a simple operation which the user can easily perform. The user further submits a payment request comprising the transformed security code Ct' 140 to the service provider system 165 via his or her mobile device (158) over a communication link 160 established between the user mobile device and the service provider system 165. The transformation function i’ 150 is known to both the user and the service provider. fi’ 150 may be associated with one or a plurality of pre- paid cards 110. fy" 150 may also be associated with one or a plurality of users.

Upon receiving the transformed security code Ct' 140, the service provider system 165 identifies the user, through verification against the valid user ID records 171 stored in a user records database 170, and retrieves the corresponding valid user security code

Cuser 172 from the database 170. The service provider system 165 further scans through each of the valid card security codes Corp 176, which are the card numbers of all the is- sued pre-paid cards 110 registered in a card records database 175, and retrieves the cor- responding valid transformation functions £177 from the card database 175. The retrieved valid user security codes Cyser 172, valid card security codes Corp 176 and the corre-

sponding valid transformation functions 7; 177 are used by the service provider system 165 to derive a plurality of possible transformed security codes p_Ct for comparison against the received transformed security code Ct' 140 in the verification process 180. User au- thentication and card verification are successful if one of the possible transformed security codes p_Cr is identical to the received transformed security code Ct' 140 submitted by the user.

If the inverse of the valid transformation functions f;’ 178 are available, the service provider system 165 may alternatively use the received transformed security code Ct" 140, the valid user security codes Cyser 172 retrieved from the user database 170 and said in- verse transformation functions f;’ 178 retrieved from the card database 175 to compute a plurality of possible card security codes p_Cotp for comparison against each of the valid card security codes Cotp 176 retrieved from the card database 175. User authentication and card verification are successful if one of the possible card security codes p_Cotp de- rived is identical to one of the valid card security codes Corp 176.

Successful user authentication and card verification prove that the user knows his secret user security code Cyser' 130, the one-time card security code Cotp' 120 and the corresponding transformation function fi’ 150. The service provider system 165 advances to execute the applicable payment processes in step 190 in accordance with the received payment request 158 if the user authentication and card verification are positive. Other- wise, the service provider system 165 rejects the payment request 158, and may update the applicable system records in the database 170 & 175 and inform the user accordingly.

The service provider system 165 may identify the user from the identity he claims in the payment request that comprises the submitted transformed security code C+' 140 (158). The user identification may also be accomplished by matching the calling party identification number or caller ID, which is typically the telephone number of the user mo- bile device, against all the user identification numbers 171 registered in the user database 170 of the service provider system 165.

The apparatus OTP or Cotp' 120 is printed on the pre-paid card 110 which may be made from materials that provide sufficient mechanical support. The security seal 115 and the part of the pre-paid card where the card security code Cotp' 120 and any accompany- ing confidential information, such as the transformation function 7’ 150, must not allow suf- ficient penetration of light, infra-red, x-ray or other electromagnetic sources such that the printed Cotp' 120 and any accompanying confidential information can be read before the security seal 115 has been removed.

The security seal 115 allows the user to scratch off without considerable effort. The security seal 115 is designed for one-time use and it does not allow the user to re-seal the protected data after the seal 115 has been broken, opened, lifted or removed. Thereby, the card security code Cotp' 120 is a predetermined one-time passcode valid for one transaction. The pre-paid card 110 may carry printed graphics, pre-paid currency and value, expiry date, usage terms and conditions, instructions and any other information re- lated to the use of the card, card issuer and service provider.

Without loss of generality, the pre-paid card 110 may be integrated with a magnetic tape for storing parameters necessary for on-site card verification when a magnetic reader is available. The pre-paid card 110 may also be integrated with a smart processor chip for storing parameters and executing applications necessary for on-site card verification when a smart chip reader is available.

The user may submit the transformed security code Ct' 140 to the service provider via an electronic, online or telecommunication link 160 between the user and the service provider system 165. The link 160 may include but are not limited to any of the fixed-line, wireless, mobile and cellular links supporting analogue or digital data transmission, which may further comprise any of the circuit-switched, packet-switched communication and point-to-point protocols. Thus, Ct" 140 may be submitted via emails, online web access over the Internet, wireless application protocol (WAP) and general packet radio service (GPRS), as well as short message services (SMS) and equivalent messaging applications.

The apparatus OTP or card security code Corp’ 120 is a data string printed on a pre-paid card 110 and concealed by the security seal 115. The user may scratch the secu- rity seal off to review the printed data string. As shown in Equation 1 and depicted in FIG. 2, the Cotp' 120 is a data string comprising a total of | symbols or characters s.'.

Corp = Sc1' Sc2' Ses’... Sef... Sol ,where 1<i<| (Eq 1)

Each Cotp' 120 is typically randomly generated. The Corp’ 120 may be randomly selected from a vast data set having all the possible combinations of characters s./. The probability of having two identical Cote’ 120 is sufficiently low, and this probability is de-

pendent upon the number of characters used in Corp’ 120 and the total number of possible values of s¢/.

The user security code Cyser' 130 is known only to the user and the service provider.

Cuser 130 is used to transform the Corp’ 120 to form the transformed security code Ct’ 140.

As shown in Equations 2 & 3 and depicted in FIG. 2, Csr 130 is a data string comprising a total of K characters su whereas C+' 140 is a data string comprising a total of N charac- ters si,

Cuser = Sut’ Su2' Suz’ Sud’ -.- Suk’ --- Suk’ where 1<k<K (Eq 2)

Ct = Si’ St2' St3' St4' ... Stn’... SiN’ where 1<n<N (Eq 3)

The user security code Cyser' 130 is a shared secret between the user and the ser- vice provider. The user security code Cyser' 130 is assigned by the service provider prior to any authentication and verification request. The user security code Cyuser 130 may also be chosen by the user and approved by the service provider. As a good security practice,

Cuser 130 may be changed on a regular basis.

The user submits the transformed secured code Ct' 140 to the service provider for user authentication and card verification, and the service provider proceeds to process payment if said user authentication and card verification results are positive. In general,

C+' 140 is derived through the application of a predetermined transformation function f’ 150 to all or typically parts of the one-time apparatus or card security code Cotp'120.

Given a card security code Cotp' 120 and a user security code Cyser' 130, the transforma- tion function fi’ 150 yields a unique transformed security code C+' 140, as expressed mathematically in Equation 4.

Cr = fF (Corp, Cuser) (Eq 4)

The transformation function f;' 150 is known to both the user and the service pro- vider. fy 150 may be associated with one or a plurality of pre-paid cards 110. fi 150 may also be associated with one or a plurality of users. Deriving the transformed security code

C+' 140 requires the knowledge of both of the card and user security codes Cotp' 120 &

Cuser 130.

Since the user security code Cyser' 130 and the transformation function fy" 150 are known only to the user who submits the payment request 158, whereas the card security code Corp’ 120 is a short-lived one-time passcode (OTP), thus the present invention is ef- fectively an OTP-based two-factor authentication and verification scheme. Furthermore, the present invention is effectively an OTP based three-factor authentication and verifica-

tion when the user submits said transformed security code Ct' 140 to the service provider via his or her mobile telephony device whose identification comprising the telephone num- ber has been registered with the service provider prior to any authentication attempt.

The characters s¢/, suc and si,’ that make up Cotp' 120, Cuser' 130 and Ct" 140 re- spectively are elements belonging to a character set S comprising alphabets, numbers, symbols, ideograms and logograms of any language, as shown in Equation 5.

Sci, Suk , Sta’ € S (Eq 5)

The members of the character set S are assigned with position values. Thereby all the members of S may be arranged in ascending or descending orders of their position values. The position values may be derived from a predetermined transformation, se- quence or lookup table that uniquely maps each member of S to a value indicating, directly or indirectly, the positions of the members in S. The sequence may be based upon the or- dering of English alphabets, numerals, and any of the character encoding schemes such as ASCII (American Standard Code for Information Exchange), GB18030 and other Uni- code schemes.

The transformation function f/ 150 uses the user security code Cyser' 130 to map K charac- ters 305, out of the total | characters, of the card security code Cotp' 120 to a new set of transformed characters denoted by si,’ 320. The transformation function ff 150 is mathe- matically expressed in Equation 6. fi: ( Swn=isio = fm (Scili=io, Suk’) (Eq 6) for a total of K characters at predetermined or user se- lected positions i = i,, whereas fp is a mapping function &K<I

Stn'|n=i = Sci elsewhere (i.e. i # iy)

The positions of the K transformed characters si,’ 320 are either predetermined for each card or randomly selected by the user. Any predetermined positions of the trans- formed characters si,’ 320 are registered (179) in the server card database 175 for each issued pre-paid card 110. The predetermined positions may be marked or highlighted clearly on the pre-paid card 110 and are concealed by the security seal 115.

As an example, the card security code Corp’ 120 has twelve randomly generated characters (I = 12), and the user security code Cyser' 130 is made up of two user-selected characters (K = 2) that are approved by the service provider. Furthermore, the predeter- mined positions of the characters 305 to which the transformation function fi’ 150 is applied aren =i, =2 & 5, then Equations 1, 2 & 3 become

CotP' = Sct’ Sc2' Sc’ Sca' Scs' Sc’ Sc7' Sc’ Sco’ Sc10' Sc11' Sc12'

Cuser = Sut’ Su2'

Cr" =su St St3'Su' St5' Sts’ St7' Sts' Ste’ St10' St11' S12’ = Sc1' Sc2' Sc3' Sea’ Scs' Scs' Sc7' Ses’ Sc’ Sc10' S11’ Sc12'

In a second example, the card security code Cotp' 120 has 15 randomly generated alphanumeric characters, and the user security code Cyser' 130 is made up of 3 numerals assigned by the service provider. Furthermore, the user has randomly chosen to transform the characters at the 3", 6" & 10" positions, then | = 16, K=3 and n=i,= 3,6 & 10 and

Equations 1, 2 & 3 become

Core’ =A15F3A0B3XDZ0GG

Cuser =285

Cr =Sct1' Sco’ Sea’ Sca' Ses Ses’ Sc7' Scs' Sco’ Sc10' Sci’ Sci12' Seis’ Sc14' Sci =A17F310B3CDZ0GG

Where fm (5,2)=7,fy (A, 8) =land fy, (X,5)=C

The mapping function 7,’ 310 is known to both the user and the service provider.

The mapping function f;' 310 uses the user security code Cyser' 130 to transform each of the chosen characters 305 in the printed card security code Corp’ 120 to a transformed character si,’ 320 as in Equation 7. There is no restriction to the mapping function used.

Stn’ = fm’ (Sef, Suk) (Eq 7)

In a first embodiment of the mapping function 310, f,' 310 performs simple trans- formation which can easily be handled by the user manually, without resorting to any com- putational tool. A simple yet effective implementation is expressed in Equations 8a & 8b. fm' © ( POS(Stn') = POS(Sci')+ POS(Sux) (Eq 8a) where pos (S') = the position value of s' in the character set S pPOS(sin')= poS(sw') — MaxPos (Eq 8b) if pos(s,) is larger than the maximum position value of S de- noted by MaxPos.

As an example, ifS={1,2,3,4,5,6,7,8,9,0,A,B, ... , X,Y, Z}, then pos(5) =5 & pos(2) = 2, and pos(5) + pos(2) = 7 which corresponds to the numeral “7” in S. There- fore, fn’ (5, 2) = 7. In practice, the user can mentally work out “7” as the transformed char- acter 320 by performing a count-up of the card Corp’ character “5” using an increment of 2.

In addition, pos(X) = 34 and pos(5) = 5. Thus pos(X) + pos(5) = 39 which is larger than the maximum position value of MaxPos = 36. Therefore, pos(X) + pos(d) = 39 — 36 = 3 which corresponds to the numeral “3” in S. In practice, the user can mentally work out “3” as the transformed character 320 by performing a count-up of the card character “X” using an in- crement of 5, with the next character being looped back to “1” after counting up to “Z”.

Other functions based upon counting-down and skip-counting may be used as the mapping function f,' 310.

Evaluation of the transformed characters si,’ 320 by the user can further be simpli- fied if the character set S contains only numerals S = {1, 2, 3, 4, 5,6, 7, 8, 9, 0}. In this case, the card security number Cotp' 120 and user security number Cs,’ 130 are made up of numerals which greatly simplify the counting task required by the mapping function 7’ 310.

The mapping function 7,’ 310 may be a direct substitution with the chosen card characters in Corp’ 120 replaced by the user characters in Cyser 130 as shown in Equation 9. This mapping function is very simple to use but it is more susceptible to replay attacks. fm' © Sti =Suk (Eq 9)

The mapping function 7,’ 310 or reminder information related to the mapping func- tion may be printed on the pre-paid card 110 and concealed by the security seal 115.

In a second embodiment of the mapping function 310, f,;' 310 performs more com- plex transformation which may take the user considerable effort to work out the trans- formed characters s;,' 320 mentally. In this embodiment, the information necessary for the user to evaluate the transformed characters 320 may be printed on the pre-paid card 110, and concealed by the same opaque security seal 115 used to protect the card security number Cote’ 120. The information may be a mapping function 310 in the form of a lookup table which allows the user to find the transformed characters si, 320 readily.

If the positions of the transformed characters si,’ 320 are predetermined, then the predetermined positions 410 may be marked or highlighted clearly on the pre-paid card 110 and are concealed by the security seal 115.

One of the advantages of providing the table on the pre-paid card allows the use of different mapping functions 7; 310 for different groups of pre-paid cards 110. It also allows the use of a unique mapping function f,' 310 for each individual pre-paid card 110. This results in higher level of security as it is harder for an imposter to execute an illegitimate attack without prior knowledge of the mapping function f,;' 310 applicable to a particular pre-paid card 110.

In order to assign a unique mapping function f;;' 310 applicable to one and only one pre-paid card 110, each transformed character si,’ 320 may be randomly mapped to each combination of the character pairs s.x' and s./, which is expressed in Equation 10. fa: sw =Random(se Sux) (Eq 10)

Alternatively speaking, each mapping function 7; 310 is a random function known to the service provider and the user in the form of a lookup table printed on the pre-paid card 110 and concealed with the security seal 115.

The mapping function 7,’ 310 in Equation 10 may be simplified to Equation 11 such that the characters to be transformed s;/ in the one-time passcode Corp’ 120 are dummy and they are not used by the random mapping function. As such, the number of elements in each said lookup table is minimized. Thus, the card area required to print the table is minimized. fm' © sw =Random (sy) (Eg 11)

The user and card data including the transformation functions (Cotp 176, Cuser 172 & 177) that are stored in the service provider system 165 have the same structures and formats as those (Cotp' 120, Cuser 130 & ff 150) possessed by the user. Thus, valid card security codes Cotp 176 and the valid user security codes Cyser 172 stored in the system user database 170 and card database 175 can be represented by Equations 1 and 2 with the prime notations removed; the possible transformed security codes p_Cr derived by the service provider system 165 are represented by Equations 3 and 4 with the prime nota- tions removed, as represented mathematically in Equations 12 — 16 below:

CotP = Sct Sc2 Sc3--- Sci --- Sal ,where 1<i<l| (Eq 12)

Cuser = Su1Su2Su3 Sud .-- Suk... Suk , where 1 <k<K (Eq 13)

P_Ct =St1S©2St3St4 ... Stn... SN , where 1<n<N (Eq 14)

P_Cr =£(Corp, Cuser) (Eq 15) with

Sci» Suk » Stn € S (Eq 16)

The valid transformation functions f; 177 may be associated with one or a plurality of the valid appliance one-time passcodes Corp 176. f; 177 may also be associated with one or a plurality of the valid user identifiers 171. If a pre-paid card security code Corp’ 120 is identical to a valid card security code Corp 176, then their respective transformation func- tions fy’ 150 and f; 177 are always identical to each other, or fy = f,. 177 uses a valid user security code Cyser 172 to map K characters, out of the total | characters, of a valid card security code Cop 176 to a new set of transformed characters denoted by si,. The trans- formation function f; 177 is mathematically expressed in Equation 17 below. fi: Staln=izio = Tm (Scili=io, Suk) (Eq 17) for a total of K characters at predetermined or user selected positions i = i,, whereas fp is a valid mapping function and K<

Stn|n=i = Sg elsewhere (i.e. i # io)

The positions of the K transformed characters si, are either predetermined for each card or randomly selected by the user. Any predetermined positions of the transformed characters si, are registered in the server card database 175 for each issued pre-paid card 110.

There is no restriction to the valid mapping function f,, used, f, may be identical to those expressed in Equations 8 — 10 for 7, 310.

The inverse transformation function f;’ 178 is the inverse of the transformation func- tion £;177. £178 is used to evaluate the possible card security codes p_Cotp 550, given the valid user security code Cyser 172 retrieved from system user database 170 and the received transformed security code C+' 140. The possible card security codes p_Cotp 550 are used in the verification process 180 for determining whether any one of p_Cotp 550 is identical to any one of the valid card security codes Corp 176 stored in the system card database 175. f," 178 therefore can be expressed as

Sci = fi (Stn, Suk) (Eq 18)

where f= (f)" (Eq 19)

Each 7 178 performs inverse transformation on the transformed characters si,'|n=i=io 320 to derive sii, 505 in the possible card security code p_Cotp 550. f,' 178 is expressed in Equation 20. fi: (Sclizio = fn” (Stln=isio, Suk) (Eq 20) for a total of K characters at positions i = i,, and K<

Sci = Sulp= elsewhere (i.e. i= ip) where f, 7 510 is the inverse of the mapping function 7; 310 as shown in Equation 21. fal = (fn) (Eq 21)

FIG. 6 illustrates a first embodiment of the verification process flow implemented by the mobile payment system of FIG. 1 using the inverse transformation function of FIG. 5.

Each transformed security code Ct' 140 submitted by the user is embedded with sufficient information for the service provider to perform card verification as well as user authentica- tion. The first verification process flow 600 is a first embodiment of the verification process 180 (Fig. 1).

The first verification process flow 600 begins with step 610 when the service pro- vider system 165 has received the user payment request sent (158) from the user mobile device. In step 610, the process 600 retrieves the user identifier from the request mes- sage. Alternatively, the service provider system 165 may retrieve the user identifier from the caller line identification number or the caller telephone number which is used directly as the user identifier. The caller telephone number may serve as a pointer to records that comprise the user identifier. The service provider system 165 compares the retrieved user identifier against the valid user ID 171 stored in system user database 170. If the retrieved user identifier is invalid, then the process 600 terminates (not shown), otherwise the re- trieved user identifier enables the service provider system 165 to look up the valid user se- curity code Cyser 172, which is associated with the user, stored in the system user data- base 175 in step 620. The process 600 proceeds to steps 630 and 640 in which the valid card security code Corp 176 and the inverse transformation function f;” 178 of the first is- sued card entry stored in the card records database 175 are respectively retrieved. The first verification process 600 determines in step 650 whether the positions of the trans- formed characters si, (Equation 17) are predetermined, which may be indicated by any data entry in the corresponding card records database 175 registering said transformed characters positions 179 associated with each issued pre-paid card.

If the exact positions (n = iy) of the transformed characters si, are not known, the process 600 evaluates in step 680 all the possible card security codes p_Cotp 550. Each of the possible card security codes p_Cotp 550 can be evaluated by assuming the position values n = j, of the transformed characters s,. All the possible card security codes p_Cotp 550 can be evaluated by using all possible combinations of position values n = J, in the in- verse transformation function f;’ 178 retrieved in step 640. As an example, the valid user security code Cyuser 172 is made up of two characters (K = 2) and each valid card security code Corp 176 has a length of twelve characters (I = 12), then the inverse transformation function £7 178 yields 12C2 = 66 possible card security codes p_Cotp 550 each of which corresponds to one combination of the position values i.

Next, the first verification process 600 advances to step 690 to compare each of the possible card security codes p_Cortp 550 derived against the valid card security code Corp 176 retrieved in step 630. If there is a positive match found in step 690, the first verification process 600 ends in step 695 with the matched possible card security code p_Cotp 550 being the card security code Cotp' 120 of the pre-paid card 110 possessed by the user. If no positive match is found in step 690, the first verification process 600 loops back to step 630 to retrieve the next valid card security code Cotp 176 stored in system card database 175, followed by retrieving in step 640 the corresponding inverse transformation function f.! 178 stored in the database 175.

If it is found in step 650 that the exact positions (n = iy) of the transformed charac- ters si, are predetermined, the first verification process 600 retrieves in step 660 the stored positions of the transformed characters 179 from the system card database 175, which are used in the inverse transformation function f;’ 178 to compute a possible card security code p_Cotp 550. The first verification process 600 then advances to step 670 to compare the computed card security code p_Cortp 550 against the valid card security code Corp 176 retrieved in step 630. If there is a positive match found in step 670, the first verification process 600 ends in step 695 with the matched possible or valid card security code Corp 176 being the card security code Cotp' 120 of the pre-paid card 110 possessed by the user. If no positive match is found in step 690, the first verification process 600 loops back to step 630 to retrieve the next valid card security code Cote 176, followed by retrieving in step 640 the corresponding inverse transformation function f,' 178 stored in the card re- cords database 175.

The steps 630 through 690 are repeated until either a positive match is found or when all the valid card security codes Corp 176 stored have been examined.

The service provider system 165 advances to execute the applicable payment processes in step 190 (FIG. 1) in accordance with the received payment request 158 if the user authentication and card verification are positive. Otherwise, the service provider sys- tem 165 rejects the payment request 158, and may update the applicable system records and inform the user accordingly.

The first verification process 600 can be simplified when a common inverse trans- formation function f;’ 178 is applicable to all or a subset of the issued pre-paid cards 110, as it is not necessary to retrieve each valid card security code Corp 176 one by one as is done is step 630. For the case of unknown positions of the transformed characters si,’ 320 in the received transformed security code Ct' 140, all possible card security codes p_Cotp 550 are first evaluated using the single inverse transformation function fi” 178, and in the same manner as the execution in step 680. By now, the service provider system 165 has known a group of possible card security codes p_Cotp 550 and a batch of valid card secu- rity codes Corp 176. To evaluate the card security code Corp’ 120 of the pre-paid card 110 possessed by the user, the provider system 170 would only need to find a positive match between the group of possible card security codes p_Cotp 550 and the batch of valid card security codes Cotp 176. The first verification process 600 ends regardless of whether a positive match has been identified. For the case of the transformed characters si, having predetermined positions, the service provider system 165 retrieves the stored positions of the transformed characters 179, which are used in the inverse transformation function f” 178 to compute one possible card security code p_Cotp 550. The verification process 600 then advances to compare the computed card security code p_Cotp 550 against all the valid card security codes Corp 176. To evaluate the card security code Corp’ 120 of the pre-paid card 110 possessed by the user, the service provider system 165 would only need to find a positive match between the computed card security code p_Cotp 550 and the batch of valid card security codes Corp 176. The verification process 600 ends regard- less of whether a positive match has been identified.

After successful user authentication and card verification, the records of the used pre-paid card 110 are removed from the database 175 or a status record is updated to re- flect that the prepaid card 110 has been activated and it has no more stored value.

When matching against all the possible card security codes p_Cotp 550 in step 690, the valid card security codes Corp 176 may be searched with the aid of a quick-search in- dex derived and registered in the system card records database 175 when the card secu- rity number records of any newly issued pre-paid cards 110 are initially created in the da- tabase 175. There is no limitation to the algorithm used for the quick-search index pro- vided that the use of the index helps narrowing down the number of possible pre-paid cards that the user may have purchased and activated. Shorter search time can be ac- complished with the service provider system 165 scanning all card records and identifying cards having quick-search indices that are sufficiently close to the index derived for the re- ceived transformed security code Ct' 140. Each index does not necessarily to be uniquely mapped to one and only one valid card security code Corp 176. In an embodiment, the quick-search index for a particular pre-paid card is the sum of the position values of all the characters in the corresponding one-time passcode. This algorithm involves simple arith- metic and is of high computational efficiency.

In this embodiment, the valid transformation functions f; 177 together with the valid user security codes Cyser 172 and the corresponding valid card security codes Corp 176 retrieved from the system database 170 & 175 are used by the service provider system 165 to derive a plurality of possible transformed security codes p_Cr (Equations 14 & 15) for comparison against the received transformed security code Ct' 140.

The second verification process 700 begins with step 710 when the service provider system 165 has received the user payment request sent (158) from the user mobile de- vice. In step 710, the second verification process 700 retrieves the user identifier from the request message. Alternatively, the service provider system 165 may retrieve the user identifier from the caller line identification number or the caller telephone number which is used directly as the user identifier. The caller telephone number may serve as a pointer to records that comprise the user identifier. The service provider system 165 compares the retrieved user identifier against the valid user ID 171 stored in system user database 170.

If the retrieved user identifier is invalid, then the process 700 terminates (not shown), oth-

erwise the retrieved user identifier enables the service provider system 165 to look up the valid user security code Cyser 172, which is associated with the user, stored in the system database 175 in step 720. The process 700 proceeds to steps 730 and 740 in which the valid card security code Cotp 176 and the transformation function f; 177 of the first issued card entry stored in the card records database 175 are respectively retrieved. The second verification process 700 determines in step 750 whether the positions of the transformed characters si, (Equation 17) are predetermined, which may be indicated by some appro- priate data entry in the corresponding card records database 175 registering said trans- formed characters positions associated with each card.

If the exact positions (n = i) of the transformed characters sy, are not known, the process 700 evaluates in step 780 all the possible transformed security codes p_C+. Each of the possible transformed security codes p_Ct can be evaluated by assuming the posi- tion values i, of the transformed characters si». All the possible transformed security codes p_C+ can be evaluated by using all possible combinations of position values i, in the valid transformation function f; 177 retrieved in step 740. Next, the second verification process 700 advances to step 790 to compare each of the possible transformed security codes p_Crt derived against the received transformed security code Ct’ 140. If there is a positive match found in step 790, the second verification process 700 ends in step 795 with the matched possible transformed security code p_Crt being the transformed security code C+’ 140 the user sent in. The card security code Cotp' 120 of the pre-paid card 110 possessed by the user can be regenerated using the matched p_Cr, the valid transformation function ft 177 retrieved in step 740 and the valid user security code Cyser 172 retrieved in step 720.

If no positive match is found in step 790, the second verification process 700 loops back to step 730 to retrieve the next valid card security code Cotp 176, followed by retrieving in step 740 the corresponding valid transformation function f; 177 stored in the card records database 175.

If it is found in step 750 that the exact positions (n = iy) of the transformed charac- ters si, are predetermined, the process 700 retrieves in step 760 the stored positions of the transformed characters 179, which are used in the valid transformation function f; 177 to compute a possible transformed security code p_Crt. The second verification process 700 then advances to step 770 to compare the computed transformed security code p_Cr against the received transformation security code C+' 140. If there is a positive match found in step 770, the process 700 ends in step 795 with the matched computed trans-

formed security code p_C+ being the transformed security code C+' 140 the user sent in.

The card security code Cotp' 120 of the pre-paid card 110 possessed by the user can be regenerated using the matched transformed security code p_Cr, the valid transformation function 7; 177 retrieved in step 740 and the valid user security code Cyser 172 retrieved in step 720. If no positive match is found in step 790, the second verification process 700 loops back to step 730 to retrieve the next valid card security code Corp 176, followed by retrieving in step 740 the corresponding transformation function f; 177 stored in the card records database 175.

The steps 730 through 790 are repeated until either a positive match is found or when all the valid card security codes Corp 176 stored have been examined.

FIG. 8 illustrates a mobile or online application configured to implement the general multi-factor user authentication and OTP verification processes of the present invention.

It has generally been recognized that in general multi-factor authentication using one-time passcodes (OTP), the submitted OTP helps prevent replay attacks but it is not effective in preventing phishing and Man-in-the-Middle attacks in which the OTP together with the user credentials are intercepted, such as using a forged website, by an imposter for illegitimate use. It should be apparent to those skilled in the art that the present inven- tion can readily be applied to any form of one-time passcodes generated by hardware or software applications in tokens, mobile telephony devices, computers and other devices, with the card security codes used for pre-paid card replaced by said generated OTP.

The user obtains an appliance one-time passcode Corp’ 820 from an OTP genera- tor, which may be a hardware token, software application or sent via text messaging from a service provider such as a bank, online or mobile payment operator. The user further evaluates a transformed security code Ct' 140 (Equation 3) by transforming the Cotp' 820 (Equation 1) with a user security code Cyser' 130 (Equation 2) and a transformation function fi 150 (Equation 6). The user security code Csr 130 is a secret shared between the user and a service provider system 865. The transformation function fi’ 150 is a simple opera- tion which the user can easily perform. The user further submits a service request com- prising the transformed security code Ct' 140 to the service provider system 865 via his or her mobile or online application (858) over a communication link 860 established between the user mobile or online application and the remote service provider system 865.

Upon receiving the transformed security code Ct' 140, the service provider system 865 identifies the user , through verification against the valid user ID records 171 stored in a user records database 170, and retrieves the corresponding valid user security code Cuser 172 from a user records database 170. The service provider system 865 further de- rives the valid Cotp (830) using a predetermined OTP algorithm and predetermined pa- rameters shared between the user and the service provider. The service provider system 865 retrieves the corresponding transformation function 7; 177 (Equation 17) or inverse transformation function f; 178 (Equation 20) and the positions of the transformed charac- ters sy, if available, from the transformation records database 875. The transformation function fy" 150 is known to the user before the service request, or it may be generated and displayed by the user OTP generator. The valid transformation functions f; 177 orf” 178 is also known to the service provider system 865 before the service request, or the same function may be generated by the service provider system 865 in synchronization with the transformation function fy’ 150 generated by the above-said user OTP generator. This may be accomplished through the use of a predetermined transformation function algorithm and associated parameters shared between the user and the service provider.

The retrieved valid user security code Cyser 172, derived Cotp 830, and the valid transformation function f; 177 are used by the service provider system 865 to derive the corresponding possible transformed security codes p_Ct for comparison against the re- ceived transformed security code Ct' 140 in the verification process in step 180 (FIG. 7).

User authentication and card verification (180) are successful if one of the derived trans- formed security codes and the received transformed security code are identical.

If the inverse of the valid transformation function f;” 178 is available, the service provider system 865 may alternatively use the received transformed security code Ct" 140, the valid user security code Cyser 172 retrieved from the user database 170 and said in- verse transformation function f’ 178 retrieved from the database 875 to compute the cor- responding possible appliance security codes p_Cotp 550 for comparison against each of the valid Corp derived in process 830. User authentication and card verification (180 &

FIG. 6) are successful if one of the possible OTPs and the OTP derived in process 830 are identical. Successful user authentication and card verification (180) prove that the user knows his secret user security code Cyser' 130, the appliance OTP Corp’ 820 and the cor- responding transformation function f' 150.

The service provider system 865 advances to execute the applicable payment processes in step 890 in accordance with the received service request 858 if the user au- thentication and card verification are positive. Otherwise, the service provider system 865 rejects the service request 858, and may update the applicable system records and inform the user accordingly.

The service provider system 865 may identify the user from the identity he claims in the service request that comprises the submitted transformed security code C+' 140 in the process 858. The user identification may also be accomplished by matching the calling party identification number or caller ID, which is typically the telephone number of the user mobile device, against all the user identification numbers registered in the database 170 of the service provider system 865.

The user may submit the transformed security code Ct' 140 to the service provider via an electronic, online or telecommunication link 860 between the user and the service provider. The link 860 may include but are not limited to any of the fixed-line, wireless, mobile and cellular links supporting analogue or digital data transmission, which may fur- ther comprise any of the circuit-switched, packet-switched communication and point-to- point protocols. Thus, Ct" 140 may be submitted via emails, online web access over the

Internet, wireless application protocol (WAP) and general packet radio service (GPRS), as well as short message services (SMS) and equivalent messaging applications.

Although the above description contains much specificity, these should not be con- strued as limiting the scope of the embodiments but merely providing illustration of the foreseeable embodiments. Especially the above stated advantages of the embodiments should not be construed as limiting the scope of the embodiments but merely to explain possible achievements if the described embodiments are put into practise. Thus, the scope of the embodiments should be determined by the claims and their equivalents, rather than by the examples given.

Claims

1. A method of remote user authentication and apparatus verification, wherein a user has knowledge of a user security code (Cser'), an apparatus one-time pass- code (CoTp') associated with an apparatus and a transformation function (f;) associated with said apparatus one-time passcode or said user, a service provider system has system database for storing records of a plurality of valid user identifiers, a plurality of valid user security codes (Cyser) One of which may match said user security code Cyser', a plurality of valid appliance one-time passcodes (Corp) One of which may match said apparatus one-time passcode Corp’, and a plurality of valid trans- formation functions (f;) each of which is associated with at least one of said valid appliance one-time passcodes Cotp Or at least one of said user identifiers, and the method comprising the steps of said user deriving a transformed security code Ct’ using said user security code Cuser, apparatus one-time passcode Corp’ and said transformation function f/, said user submitting said transformed security code Ct’ to said service provider sys- tem, said service provider system retrieving and identifying a valid user security code Cuser associated with said user, said service provider system examining said valid user security code Csr retrieved, said submitted transformed security code C+’, said valid apparatus one-time passcodes Corp and valid transformation functions f; in a verification process wherein said service provider system determines whether said submitted transformed security code C+" can be mapped to any one of said valid apparatus one-time passcodes Cop, and said user being a legitimate user and said apparatus being a legitimate apparatus if said verification process yields a positive outcome in which said submitted transformed security code Ct' can be mapped to one valid apparatus one-time passcode Corp.

2. The method of claim 1, wherein each of said apparatus one-time passcodes Corp’, user security code Cyser, trans- formed security code C+', valid apparatus one-time passcodes Corp and valid user security codes Cyser being a data string comprising a plurality of characters which belong to a char- acter set S comprising one or a plurality of character types including alphabets, numbers,

ideograms and logograms of any language, and the members of the character set S being assigned with position values derived from a predetermined transformation, sequence or lookup table that uniquely maps each member of S to a value indicating, directly or indi- rectly, the positions of the members in S.

3. The method of claim 1, wherein said transformation function fi’ being capable of uniquely mapping an apparatus one-time passcode Corp’ and a user security code Cyser' t0 a transformed security code C+’, and each of said valid transformation functions f;being capable of uniquely mapping a valid apparatus one-time passcode Corp and a valid user security code Cyser tO a possible transformed security code (p_Cr) used for comparison against said transformed security code Ct' submitted by said user in said verification process.

4. The method of claims 1 or 3, wherein said transformation function f{ comprising a mapping function f;' that uses said user security code Cyser to convert K out of the total of | characters of said apparatus one-time passcode Cotp' to K transformed characters which are combined with the remaining (K — I) un-transformed characters of said apparatus one-time passcode Corp’ to form said trans- formed security code C+’, and each of said valid transformation functions f; comprising a mapping function f, which uses said valid user security code Cyser to convert K out of the total of | characters of said corresponding valid apparatus one-time passcode Corp to K transformed characters which are combined with the remaining (K — I) un-transformed characters of said valid ap- paratus one-time passcode Corp to form said possible transformed security code p_Cr, where | being the number of characters in each of said apparatus one-time pass- code Corp’, valid apparatus one-time passcode Corp, transformed security code Ct’ and possible transformed security codes p_Cr, and K being the number of transformed charac- ters and the number of characters in said user security code Cyser and valid user security code Cyser, and | being greater than or equal to K.

5. The method of claim 4, wherein the positions of said un-transformed characters in the transformed security code C+' and possible transformed security code p_Crt are identical to their respective positions in said apparatus one-time passcode Co7p' and valid apparatus one-time passcode Corp re- spectively.

6. The method of claims 4 or 5, wherein the positions of said transformed characters in said transformed security code C+' and possible transformed security code p_Crt are identical to their respective positions in said apparatus one-time passcode Corp’ and valid apparatus one-time passcode Corp re- spectively.

7. The method of any of claims 1, 3 to 6, wherein each of said valid transformation functions being an inverse of said f; and denoted asf’, and f;’ comprising an inverse mapping function f»"" which is an inverse of said fy, and f,," uses said valid user security code Cuser to recover the K original characters of said apparatus one-time passcode Corp’ from the K transformed characters out of the total of characters of said received transformed security code Ct' and said K original characters are combined with the remaining (K — I) un-transformed characters of said received trans- formed security code C+' to recover said apparatus one-time passcode Corp’.

8. The method of any of claims 4 to 6, wherein said mapping function f,;' deriving each of said transformed characters in said trans- formed security code C+' by replacing the characters to be transformed in said apparatus one-time passcode Corp’ by the corresponding characters of said user security code Cy ser, and said mapping function f,;, deriving each of said transformed characters in said pos- sible transformed security code p_Cr by replacing the characters to be transformed in said valid apparatus one-time passcode Corp by the corresponding characters of said valid user security code Cyser.

9. The method of any of claims 2, 4 to 6, wherein said mapping function f,;' deriving each of said transformed characters in said trans- formed security code C+' using a mapping process in which the position of each of said transformed characters in said character set S is the position value of the character to be transformed offset by a value associated with the position value of the corresponding character of said user security code Cyser' in Said same character set S, and said mapping function f,;, deriving each of said transformed characters in said pos- sible transformed security code p_Ct using a mapping process in which the position of each of said transformed characters in said character set S is the position value of the character to be transformed offset by a value associated with the position value of the cor- responding character of said valid user security code Cyser in said same character set S.

10. The method of claim 9, wherein said mapping process being a count up process in which the position of each of said transformed characters in said character set S is the position value of the character to be transformed incremented by the position value of the corresponding character of said user security code Cyser' Or valid user security code Cyser in Said character set S.

11. The method of claim 9, wherein said mapping process being a count down process in which the position of each of said transformed characters in said character set S is the position value of the character to be transformed subtracted by the position value of the corresponding character of said user security code Cyser' Or valid security code Cyser in Said character set S.

12. The method of any of claims 9 to 11, wherein the position value of each of said transformed characters being subtracted by the total number of characters in said character set S if said position value is greater than the total number of characters in said character set S, and the position value of each of said transformed characters being incremented by the total number of characters in said character set S if said position value is less than the to- tal number of characters in said character set S.

13. The method of any of claims 4 to 6, wherein said mapping function f;' being a random function mapping each of said apparatus one-time passcode Corp’ characters to be transformed and the corresponding character of said user security code Cyser' to the corresponding transformed character, and said mapping function f,;, being a random function mapping each of said valid appa- ratus one-time passcode Cop characters to be transformed and the corresponding char- acter of said valid user security code Cer to the corresponding transformed character.

14. The method of claim 13, wherein the possible inputs and outputs of said random mapping function f,,' being printed or displayed on said apparatus in the form of a lookup table tabulating transformed charac- ters as a function of each of the possible characters in said user security code Cyser' and, if applicable, of each of the possible characters to be transformed.

15. The method of any of claims 1, 3 to 6, wherein said positions of the characters to be transformed in said apparatus one-time pass- code Corp’ and valid apparatus one-time passcode Corp being selected by said user, and said service provider system having no prior knowledge of said positions of the characters to be transformed.

16. The method of any of claims 1, 3 to 6 and 15 wherein said verification process comprising the steps of said service provider system retrieving sequentially or systematically said valid ap- paratus one-time passcodes Corp and their respective valid transformation functions f; stored in said system database, evaluating all the possible transformed security codes p_Ct for each of said valid apparatus one-time passcodes Corp retrieved using said valid user security code Cyser identified, the corresponding valid transformation function f; retrieved and all possible com- binations of the positions of said characters to be transformed, determining whether any of said possible transformed security codes p_Crevalu- ated being identical to said transformed security code C+' submitted by said user, and if one of said possible transformed security codes p_Cr evaluated being identical to said transformed security code Ct’, then said verification process terminating with a posi- tive outcome, otherwise said service provider system will retrieve the next valid apparatus one-time passcode Corp and the corresponding valid transformation function f;, and repeat the above-said steps until said verification process has produced a positive outcome or all said valid apparatus one-time passcodes Corp stored in said system database have been retrieved for examination in said verification process.

17. The method of claims 1, 7 or 15 wherein said verification process comprising the steps of said service provider system retrieving sequentially or systematically said valid ap- paratus one-time passcodes Corp and their respective valid transformation functions 7” stored in said system database, evaluating all the possible apparatus one-time passcodes (p_Cortp) for said re- ceived transformed security code C+' using said valid user security code Cer identified, the corresponding valid transformation function f;” retrieved and all possible combina- tions of the positions of said characters to be transformed, determining whether any of said possible apparatus one-time passcodes p_Cotp evaluated being identical to said valid apparatus one-time passcode Corp retrieved, and if one of said possible apparatus one-time passcodes p_Cotp evaluated being iden- tical to said valid apparatus one-time passcode Corp retrieved, then said verification proc- ess terminating with a positive outcome, otherwise said service provider system will re- trieve the next valid apparatus one-time passcode Corp and the corresponding valid trans- formation function £7, and repeat the above-said steps until said verification process has produced a positive outcome or all said valid apparatus one-time passcodes Corp stored in said system database have been retrieved for examination in said verification process.

18. The method of any of claims 1, 3 to 6, wherein said service provider system having prior knowledge of said positions of the charac- ters to be transformed in said apparatus one-time passcode Corp’ and said service pro- vider system having said positions of the characters to be transformed stored in said sys- tem database.

19. The method of claim 18, wherein said positions of the characters to be transformed being displayed, labelled, high- lighted or marked on said apparatus for said user to derive said transformed security code

Cr.

20. The method of any of claims 1, 3 to 6 and 18 to 19 wherein said verification process comprising the steps of said service provider system retrieving sequentially or systematically said valid ap- paratus one-time passcodes COTP, their respective valid transformation functions ft and positions of transformed characters stored in said system database, evaluating the possible transformed security code p_Cr for each of said valid appa- ratus one-time passcodes Corp retrieved using said valid user security code Cser identified and the corresponding valid transformation function f;retrieved, determining whether said possible transformed security code p_Ct evaluated being identical to said transformed security code Ct' submitted by said user, and if said possible transformed security code p_Cr evaluated being identical to said transformed security code C+’, then said verification process terminating with a positive outcome, otherwise said service provider system will retrieve the next valid apparatus one- time passcode Corp, the corresponding valid transformation function f,and positions of transformed characters, and repeat the above-said steps until said verification process has produced a positive outcome or all said valid apparatus one-time passcodes Corp stored in said system database have been retrieved for examination in said verification process.

21. The method of claims 1, 7, 18 or 19, wherein said verification process comprising the steps of said service provider system retrieving sequentially or systematically said valid ap- paratus one-time passcodes Cote, their respective valid transformation functions f;’ and positions of transformed characters stored in said system database, evaluating a possible apparatus one-time passcode p_Cortp for said submitted transformed security code Ct’ using said valid user security code Cy ser identified and the corresponding valid transformation function f," retrieved for each of said valid apparatus one-time passcodes Corp, determining whether said possible apparatus one-time passcode p_Cotp value evaluated being identical to said valid apparatus one-time passcode Corp retrieved, and if said possible apparatus one-time passcode p_Cotp evaluated being identical to said valid apparatus one-time passcode Corp retrieved, then said verification process ter- minating with a positive outcome, otherwise said service provider system will retrieve the next valid apparatus one-time passcode Cotp, the corresponding valid transformation func-

tion f;" and positions of transformed characters, and repeat the above-said steps until said verification process has produced a positive outcome or all said valid apparatus one-time passcodes Cotp stored in said system database have been retrieved for examination in said verification process.

22. The method of any of claims 1 to 21, wherein said apparatus being a pre-paid stored value card carrying a unique apparatus one- time passcode which is a card security code printed under an opaque security seal that can be scratched off by said user to reveal said apparatus one-time passcode, and said security seal being designed for one-time use to prevent said user to re-seal after the seal has been broken, opened, lifted or removed.

23. The method of claims 19 or 22, wherein said positions of the characters to be transformed being highlighted or marked on said pre-paid stored value card and printed under said opaque security seal.

24. The method of any of claims 3 to 6, 8 to 14 and 22, wherein said transformation function f;’ being printed on said pre-paid stored value card un- der said opaque security seal.

25. The method of any of claims 3 to 6, 8 to 14 and 22, wherein said mapping function f;' being printed on said pre-paid stored value card under said opaque security seal.

26. The method of any of claims 1 to 6, 8, 13, 15 to 17 and 20 to 21, wherein said valid apparatus one-time passcodes Corp stored in said system database be- ing the card one-time passcodes or card numbers of all the issued pre-paid stored value cards.

27. The method of any of claims 1 to 21, wherein said apparatus being a one-time passcode (OTP) generator with the generated OTP values Cotp' known to said service provider system.

28. The method of any of claims 8 to 11, 13 to 17, 19, 23 and 27, wherein said positions of the characters to be transformed being displayed on said OTP generator.

29. The method of any of claims 3 to 6, 8 to 14 and 27, wherein said transformation function fy’ being displayed on said OTP generator.

30. The method of any of claims 3 to 6, 8 to 14 and 27, wherein said mapping function f;;' being displayed on said OTP generator.

31. The method of any of claims 27 to 30, wherein said OTP generator can be of any type including hardware OTP token, software OTP generation applications executed on mobile devices and computing devices, and OTP sent to said user's mobile device.

32. The method of any of claims 1 to 31, wherein said user security code Cyser' being a secret shared between said user and said service provider system and said user security code Cser' being set or chosen by said user or assigned by said service provider system.

33. The method of claim 1, wherein said user identifier being a user identification number, a calling party identification number, or the user telephone number.

34. The method of claim 1, wherein said transformed security code C+' being submitted to said service provider system via a telecommunications link including cellular link, mobile link and the Internet via emails, online web access over the Internet, wireless application protocol (WAP) and general packet radio service (GPRS), as well as short message services (SMS) and equivalent messaging applications.

35. A system for remote user authentication and apparatus verification comprising an apparatus possessed by a user capable of displaying or generating an appara- tus one-time passcode (Cotp'), a user security code (Cyser') being a shared secret between said user and a service provider system, a transformation function (f;') associated with said apparatus one-time passcode or said user,

said service provider system having system database for storing records of a plural- ity of valid user identifiers, a plurality of valid user security codes (Cuser) One of which may match said user security code Cyser, a plurality of valid appliance one-time passcodes (Cop) One of which may match said apparatus one-time passcode Corp’, and a plurality of valid transformation functions (f;) each of which is associated with at least one of said valid appliance one-time passcodes Corp Or at least one of said user identifiers, wherein said user deriving a transformed security code Ct’ using said user security code

Cuser, apparatus one-time passcode Corp’ and said transformation function f;’ associated with said apparatus or said user, said user further submitting said transformed security code C+' to said service provider system, said service provider system retrieving a valid user security code Cyser associated with said user, said service provider system examining said valid user security code Cser identified, said submitted transformed security code C+’, said valid apparatus one-time passcodes Corp and valid transformation functions f; in a verification process wherein said service provider system determines whether said submit- ted transformed security code Ct' can be mapped to any one of said valid apparatus one-

time passcodes Corp, and said user being a legitimate user and said apparatus being a legitimate apparatus if said verification process yields a positive outcome in which said submitted transformed security code C1’ can be mapped to one valid apparatus one-time passcode Corp.