WO2001082247A1 - Procede de controle de l'identite d'une personne effectuant une transaction sur un site d'un reseau tel que le reseau internet - Google Patents
Procede de controle de l'identite d'une personne effectuant une transaction sur un site d'un reseau tel que le reseau internet Download PDFInfo
- Publication number
- WO2001082247A1 WO2001082247A1 PCT/FR2001/001226 FR0101226W WO0182247A1 WO 2001082247 A1 WO2001082247 A1 WO 2001082247A1 FR 0101226 W FR0101226 W FR 0101226W WO 0182247 A1 WO0182247 A1 WO 0182247A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- user
- identity
- server
- stored
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/33—Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/38—Individual registration on entry or exit not involving the use of a pass with central registration
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
Definitions
- the present invention relates to a method for checking the identity of a person carrying out a transaction on a site of an electronic communication network such as the Internet.
- An essential difficulty of such transactions lies in the transit of secret information such as secret codes attached to a bank account during a payment.
- This verification system if it allows high security security, has the disadvantage that the questions and answers are stored in the server. so that fraudulent access to the content of the server allows a "hacker" to be in possession of the stored control elements.
- the object of the present invention is to propose a method for checking the identity of a user of the latter type, but which does not have the drawback mentioned.
- the subject of the invention is a method of controlling the identity of a person carrying out a transaction from a terminal station, such as a client computer or a card reader, to a site of a communication network.
- a control server of the type comprising at least the entry of a personal secret code, the analysis and recognition of said personal secret code, the selection, preferably at random, of questions associated with data stored in at least one basic reference file and associated with said secret code, the comparison of data entered in response by the user and, in the event of a correspondence between the data entered and the data stored, the positive control of the identity of the user or, in the event of a mismatch between at least one stored data and one entered data, the negative control of the identity of the user so as to block even the transaction in progress, characterized in that part of the data is stored at the terminal station itself and another part is stored at the server so that, during an identity check, a part of the questions is selected from the data contained in the server and part at the level of the data contained in the terminal, all requiring encryption
- This basic reference file can be structured in two levels, a first level targeting information relating to the person himself such as: surname, first name, date and place of birth, address, telephone number, social security number, passport number, eye color, particular signs, blood group, allergies, etc., and a second level targeting similar information relating to the person's environment.
- the user can then enter his own control criteria such as data relating to his favorite dish, his political party, his favorite or hated color, etc.
- the random selection of questions relating to stored data corresponding to personal information on the person allows the identity of this person to be checked more securely, the type of questions being able to change from one transaction to another. .
- the constitution of the additional file provides improved security insofar as this free file contains criteria specific to a user.
- most of the information contained in the files kept by the control server is encrypted from the user's terminal station using PGP type keys residing in this terminal station.
- PGP type keys residing in this terminal station.
- a third party having “hacked” the user's computer or the server cannot impersonate the user.
- the hacker should be able to decrypt the data contained both in the server and that contained in the terminal.
- One of the data stored in the file or files can correspond to an alert signal which, given by the user, allows the server to understand that something is wrong and to transmit the alert to the police authorities.
- the present invention also relates to a server for controlling the identity of a user carrying out a transaction between a terminal station and an electronic site, comprising means for recognizing a personal secret code entered by the user, at least stored data. in a site control server, relating to information concerning the user associated with said secret code, means for selecting, preferably randomly, questions relating to the stored data, means for reading and comparing the data entered by the user in response to said questions as well as means for blocking the transaction in the event of a negative comparison, characterized in that said server comprises and in addition to means for selecting, preferably randomly, questions relating to data stored at the terminal station in addition data stored at the server level.
- Such an identity control method can advantageously be used by mail order companies wishing to guarantee the security of their transactions as well as to other organizations of the portal, insurance, company type offering payment card services.
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP01928025A EP1275090A1 (fr) | 2000-04-21 | 2001-04-20 | Procede de controle de l'identite d'une personne effectuant une transaction sur un site d'un reseau tel que le reseau internet |
AU2001254896A AU2001254896A1 (en) | 2000-04-21 | 2001-04-20 | Method for controlling the identity of a person carrying out a transaction on a network such as internet |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR00/05165 | 2000-04-21 | ||
FR0005165A FR2808146B1 (fr) | 2000-04-21 | 2000-04-21 | Procede de controle de l'identite d'une personne effectuant une transaction sur un site d'un reseau tel que le reseau internet |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001082247A1 true WO2001082247A1 (fr) | 2001-11-01 |
Family
ID=8849502
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2001/001226 WO2001082247A1 (fr) | 2000-04-21 | 2001-04-20 | Procede de controle de l'identite d'une personne effectuant une transaction sur un site d'un reseau tel que le reseau internet |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1275090A1 (fr) |
AU (1) | AU2001254896A1 (fr) |
FR (1) | FR2808146B1 (fr) |
WO (1) | WO2001082247A1 (fr) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5848161A (en) * | 1996-05-16 | 1998-12-08 | Luneau; Greg | Method for providing secured commerical transactions via a networked communications system |
US5898154A (en) * | 1991-11-15 | 1999-04-27 | Citibank, N.A. | System and method for updating security information in a time-based electronic monetary system |
DE19748353A1 (de) * | 1997-11-03 | 1999-05-20 | Pipeline Online Com Systems Gm | Nutzungssystem für Informationsdienste |
WO1999060483A1 (fr) | 1998-05-21 | 1999-11-25 | Equifax Inc. | Systeme et procede d'authentification d'utilisateurs de reseau |
US6016476A (en) | 1997-08-11 | 2000-01-18 | International Business Machines Corporation | Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security |
WO2000030285A1 (fr) * | 1997-12-23 | 2000-05-25 | Arcot Systems, Inc. | Procede et appareil permettant de distribuer de maniere sure des justificatifs d"authentification a des abonnes itinerants |
-
2000
- 2000-04-21 FR FR0005165A patent/FR2808146B1/fr not_active Expired - Fee Related
-
2001
- 2001-04-20 AU AU2001254896A patent/AU2001254896A1/en not_active Abandoned
- 2001-04-20 EP EP01928025A patent/EP1275090A1/fr not_active Withdrawn
- 2001-04-20 WO PCT/FR2001/001226 patent/WO2001082247A1/fr not_active Application Discontinuation
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5898154A (en) * | 1991-11-15 | 1999-04-27 | Citibank, N.A. | System and method for updating security information in a time-based electronic monetary system |
US5848161A (en) * | 1996-05-16 | 1998-12-08 | Luneau; Greg | Method for providing secured commerical transactions via a networked communications system |
US6016476A (en) | 1997-08-11 | 2000-01-18 | International Business Machines Corporation | Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security |
DE19748353A1 (de) * | 1997-11-03 | 1999-05-20 | Pipeline Online Com Systems Gm | Nutzungssystem für Informationsdienste |
WO2000030285A1 (fr) * | 1997-12-23 | 2000-05-25 | Arcot Systems, Inc. | Procede et appareil permettant de distribuer de maniere sure des justificatifs d"authentification a des abonnes itinerants |
WO1999060483A1 (fr) | 1998-05-21 | 1999-11-25 | Equifax Inc. | Systeme et procede d'authentification d'utilisateurs de reseau |
Also Published As
Publication number | Publication date |
---|---|
FR2808146A1 (fr) | 2001-10-26 |
FR2808146B1 (fr) | 2006-07-28 |
EP1275090A1 (fr) | 2003-01-15 |
AU2001254896A1 (en) | 2001-11-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10832245B2 (en) | Universal secure registry | |
CN101523444B (zh) | 用于无痕生物识别的方法和系统 | |
EP0055986B1 (fr) | Procédé et dispositif de sécurité pour communication tripartite de données confidentielles | |
US6985887B1 (en) | Apparatus and method for authenticated multi-user personal information database | |
Wilson | Vein pattern recognition: a privacy-enhancing biometric | |
US7447910B2 (en) | Method, arrangement and secure medium for authentication of a user | |
US8271397B2 (en) | Method and apparatus for secure access, payment and identification | |
US20020138769A1 (en) | System and process for conducting authenticated transactions online | |
US20060229988A1 (en) | Card settlement method using portable electronic device having fingerprint sensor | |
EA003620B1 (ru) | Система и способ для электронной передачи, хранения и извлечения аутентифицированных документов | |
US20030159051A1 (en) | Method for generating electronic signatures | |
US20020059521A1 (en) | Method and system for identifying a user | |
WO2005048243A2 (fr) | Appareil et procede permettant une authentification de point d'acces reparti et un controle d'acces avec reaction de validation | |
US11227676B2 (en) | Universal secure registry | |
Nguyên | National Identification Systems | |
WO2001082247A1 (fr) | Procede de controle de l'identite d'une personne effectuant une transaction sur un site d'un reseau tel que le reseau internet | |
JP3090265B2 (ja) | 認証icカード | |
EP2248059A2 (fr) | Base de registre securisée universelle | |
CA2408181C (fr) | Appareil et procede pour assurer l'integrite d'une base de donnees personnelles multi-utilisateurs | |
WO2022097028A1 (fr) | Dispositif et procédé d'enregistrement d'un utilisateur | |
Hekimian | Active behavior as a fourth dimension to identity authentication in computer systems | |
Eriksson et al. | Electronic Identification: Focus on bank services and security | |
Castle | Online Authentication using Combined SmartCard and Fingerprint Recognition | |
Helme et al. | What you see is what gets signed | |
Siritomon | E-Commerce Authentication Solutions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2001928025 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2001928025 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2001928025 Country of ref document: EP |