WO2004079639A1 - Procede d'authentification pour paiement electronique utilisant une carte a circuit integre exclusivement a mot de passe - Google Patents

Procede d'authentification pour paiement electronique utilisant une carte a circuit integre exclusivement a mot de passe Download PDF

Info

Publication number
WO2004079639A1
WO2004079639A1 PCT/JP2003/003051 JP0303051W WO2004079639A1 WO 2004079639 A1 WO2004079639 A1 WO 2004079639A1 JP 0303051 W JP0303051 W JP 0303051W WO 2004079639 A1 WO2004079639 A1 WO 2004079639A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
password
payment
passwords
authentication
Prior art date
Application number
PCT/JP2003/003051
Other languages
English (en)
Japanese (ja)
Inventor
Akira Ichikawa
Original Assignee
Akira Ichikawa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Akira Ichikawa filed Critical Akira Ichikawa
Publication of WO2004079639A1 publication Critical patent/WO2004079639A1/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code

Definitions

  • IC cards can be used in various ways, but if they are used as the riding power of transportation, passwords are not used at the moment, but they are used as electronic payments.
  • a passcode as an authentication method is an effective means
  • Fingerprints, irises, and voiceprints have been developed as personal authentication methods other than passwords.However, at present, these methods are all password-based in terms of economy and convenience. It is impossible to replace it.
  • the password method is currently the best authentication method.
  • passwords such as names and dates of birth
  • others such as names and dates of birth
  • Setting is not possible.
  • the present invention can use a password for all payments on an IC card, prevent the IC card from being misused by being lost or stolen, and memorize the password without memorizing it.
  • the purpose is to eliminate the need for manual input.
  • the password-specific IC card of the present invention is:
  • the C card is used only for payment ⁇ When using the C card for payment ⁇ ⁇ When using the IC card and password key 3 ⁇ 4 C card By allowing both sides to authenticate the password set, the security of electronic payment by the Ic card is increased.
  • Claim 2 for exclusive use of password ⁇ The authentication method for electronic payment using C. card is as follows: Password is registered for exclusive use for password ⁇ Registered on C card and the same password is also used for payment IC card After registering and performing initial processing and mutual authentication between the reader / writer and both IC cards at the time of actual use, the reader / writer receives the encrypted random number data from the payment IC card and only uses the password.
  • the password-specific IC card decrypts the received encrypted random number data, connects it to the password and encrypts it, and the reader / writer receives it and sends it to the payment IC card.
  • the payment IC card checks whether the decrypted random number data and password match the data in the payment IC card, and if any or neither match, authentication to interrupt processing method It has adopted.
  • the ⁇ method for electronic payment using a password-specific IC card in claim 6 is the IG method used to determine a in claims 1 to 5 in ⁇ . If the processing executed on the card is performed by the certificate supplier of ATMs and other services, the country
  • the password-specific IC card described in claim 7 can be worn on items such as bracelets, watches, pendants, cowspots, brooches, key chains, belts, bags, bags, etc. It has a non-contact, portable structure that can be worn on a payment IC card when used. '' Embodiments of the Invention
  • PIGG2 indicates an IC card for settlement
  • PICC1 indicates an IC card exclusively for password
  • RW indicates a reader / writer.
  • Fig. 1 is a diagram showing the overall configuration of an authentication method for electronic payment using a password-specific IC card.
  • 1 is a card-shaped password-specific IC card
  • 3 is 2 for payment 1 C
  • a reader / writer for reading and writing cards and data.
  • the IC card for password and the IC card for payment also have the role of mediating data transmission / reception in order to authenticate the user with the password. .
  • Kuni 2 is your password! c card block country y, password only ⁇ c power
  • It has a CPU 5, a memory 6 for storing IE, passwords, encryption keys, programs and other data, a cryptographic circuit 7, a 3 ⁇ 4II tone adjustment circuit 8, and an antenna coil 9.
  • the CPU 5 uses the program data stored in the memory 6 and the working data to transmit a command from the reader / writer 3 received through the antenna coil 9. In addition to performing the processing based on the data, the data transmission processing to Reader / Writer 3 is performed.
  • Commands that are sent from the password reader / writer 13 to the password-specific IC card 1 include polling, authentication, data reading and harm, and prohibition.
  • the CPU 5 receives the transmission command from the card reader / writer 3 with the antenna coil 9, cuts it out with the e-adjustment circuit 8, fetches and analyzes it, and follows the analyzed command. The processing is executed.
  • Country 3 is for password only ⁇ C card is card-shaped and Circle 4 is breathlet-shaped for payment for authentication! Normally consciously separated from the C card for wearing and settlement! Avoid getting lost or stolen with your C-Card.
  • FIG. 5 illustrates the password authentication process sequence control between the password-specific IC card 1, the payment IC card 2, and the reader / writer 3.
  • [E10. D10] and [E11, D11] are the paired ciphers.
  • ⁇ Decryption algorithm Rcc is the random number of PIGC2
  • K10pc and K11pc are access keys
  • M10cc and M11pw are ciphertexts
  • P10cc and P11cc is a decrypted text
  • P10pw, P11pw, and Pwcc are passwords.
  • P1) initial communication for establishing communication is performed, and then P2) mutual authentication is performed according to the procedure specified in the IC card specification of JICSP (or ISO).
  • Dedicated for password ⁇ (S5) M10GG is decrypted with 10pc on C card 1 (D10) to obtain PI OCG.
  • M11 pw is sent to Reader / Writer 13 in Password Auth.3-3 response.
  • the Ml 1pw received by the reader / writer 13 (S8) is sent to the payment IC card 3 with the Password Auth.3-4 response as it is.
  • the (S9) M11pw is decrypted (D11) by K11pc with the IC card 2 for settlement, and the random number P11cc, password 7, and word P11pv; are obtained.
  • the password-specific Ic card of the present invention described in claim 1 is a password that is previously set between the payment IC card and the password-specific IC card when the payment ⁇ c card is used. By performing automatic authentication of electronic payment, the security of electronic payment using the payment IC card is enhanced.
  • the password authentication function at the time of payment can be always used by the password automatic authentication function, and the password input by the user can be input.
  • Electronic payment with no burden and enhanced security is possible.
  • registration of the password and the encryption key to the password-specific IC card and the payment IC card is performed by a special application software. It is installed on a personal computer that has a dedicated reader / writer that can be used for both the password-dedicated IC card and the settlement IC card. Registration, updating, and deletion are restricted by the payment system on the service side. Since it is not affected by the password, the IC card for settlement and the IC card for password can be freely combined, and the maintenance of the password and the encryption key can be easily performed.
  • the claim does not use the 1G power for settlement described in paragraphs 1 to 5, and ATM, cash power, AT, and credit vault.
  • Authenticated authentication can be performed between ⁇ 2 authentication and service card, and as a new method of using password, security of all electronic devices can be improved. Can be done.
  • Ic card for item 7 ⁇ Password for exclusive use of the card, in addition to the card shape, a presslet, a watch, a pendant, a cowspot, a broach, and a key holder belt It can be attached to wearable items such as buns, buns, packs, etc., and can be worn when using the IC card for payment. It can be easily used together with an IC card.
  • FIG. 1 Schematic configuration diagram of the system according to the embodiment of the invention

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

Un mot de passe peut être utilisé pour tous les paiements utilisant une carte à circuit intégré, la carte à circuit intégré ne peut pas être utilisée de manière frauduleuse lorsqu'elle est égarée ou volée, et l'utilisateur n'a pas besoin de mémoriser le mot de passe pour sa saisie manuelle. Une carte à circuit intégré est une carte exclusivement à mot de passe comprenant une fonction uniquement pour le mot de passe. Lors de l'utilisation d'une carte de paiement à circuit intégré, la carte de paiement à circuit intégré et la carte exclusivement à mot de passe effectuent l'authentification automatique des mots de passe prédéterminés dans les deux, améliorant ainsi la sécurité de paiement électronique au moyen d'une carte de paiement à circuit intégré.
PCT/JP2003/003051 2003-03-03 2003-03-13 Procede d'authentification pour paiement electronique utilisant une carte a circuit integre exclusivement a mot de passe WO2004079639A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2003-055067 2003-03-03
JP2003055067A JP2004265156A (ja) 2003-03-03 2003-03-03 パスワード専用icカードによる電子決済における認証方式

Publications (1)

Publication Number Publication Date
WO2004079639A1 true WO2004079639A1 (fr) 2004-09-16

Family

ID=32958650

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2003/003051 WO2004079639A1 (fr) 2003-03-03 2003-03-13 Procede d'authentification pour paiement electronique utilisant une carte a circuit integre exclusivement a mot de passe

Country Status (2)

Country Link
JP (1) JP2004265156A (fr)
WO (1) WO2004079639A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009301205A (ja) * 2008-06-11 2009-12-24 Hitachi Systems & Services Ltd 非接触型電子マネー決済システムにおける本人認証方法

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7647499B2 (en) * 2005-03-24 2010-01-12 Avaya Inc Apparatus and method for ownership verification
JP5315137B2 (ja) * 2009-06-11 2013-10-16 株式会社エヌ・ティ・ティ・データ 認証システム、認証方法、読取装置およびプログラム
JP6774193B2 (ja) * 2016-03-28 2020-10-21 株式会社タイトー ゲームシステム

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0877110A (ja) * 1994-06-28 1996-03-22 Omron Corp 情報システム
JPH09326086A (ja) * 1996-06-06 1997-12-16 Matsushita Electric Ind Co Ltd クレジット処理システム
JP2002117378A (ja) * 2000-10-05 2002-04-19 Dainippon Printing Co Ltd 非接触icカードシステム
JP2003050960A (ja) * 2001-08-07 2003-02-21 Minoru Takayama 電子マネーのセキュリティーシステム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0877110A (ja) * 1994-06-28 1996-03-22 Omron Corp 情報システム
JPH09326086A (ja) * 1996-06-06 1997-12-16 Matsushita Electric Ind Co Ltd クレジット処理システム
JP2002117378A (ja) * 2000-10-05 2002-04-19 Dainippon Printing Co Ltd 非接触icカードシステム
JP2003050960A (ja) * 2001-08-07 2003-02-21 Minoru Takayama 電子マネーのセキュリティーシステム

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009301205A (ja) * 2008-06-11 2009-12-24 Hitachi Systems & Services Ltd 非接触型電子マネー決済システムにおける本人認証方法

Also Published As

Publication number Publication date
JP2004265156A (ja) 2004-09-24

Similar Documents

Publication Publication Date Title
US7284125B2 (en) Method and apparatus for personal identification
US10637854B2 (en) User-wearable secured devices provided assuring authentication and validation of data storage and transmission
US10560444B2 (en) Methods, apparatuses and systems for providing user authentication
US10296735B2 (en) Biometric identification device with removable card capabilities
TW565786B (en) Electronic transaction systems and methods therefor
US7505941B2 (en) Methods and apparatus for conducting electronic transactions using biometrics
US8799670B2 (en) Biometric authentication method, computer program, authentication server, corresponding terminal and portable object
US10154031B1 (en) User-wearable secured devices provided assuring authentication and validation of data storage and transmission
CA2417901A1 (fr) Authentification d'entites pendant des communications electroniques au moyen de controles de l'etat de validation d'un dispositif
JP2005032164A (ja) 認証システムならびに認証装置、サーバ装置、登録装置および端末装置
US20170316408A1 (en) Bionumerical Authentication Systems
JP2006190175A (ja) Rfid利用型認証制御システム、認証制御方法及び認証制御プログラム
US20220311610A1 (en) Authentication system using paired, role reversing personal devices
KR20100006004A (ko) 카드를 이용한 인증 처리 방법 및 시스템, 카드를 이용한인증 처리를 위한 카드 단말기
WO2018231713A1 (fr) Dispositifs sécurisés pouvant être portés par l'utilisateur assurant l'authentification et la validation de stockage et de transmission de données
US20170344984A1 (en) Card payment system and method for using body information
Nath et al. Issues and challenges in two factor authentication algorithms
JP2005148982A (ja) ユーザ認証方法、ユーザ情報取得装置、認証サーバ装置、ユーザ情報取得装置用プログラムおよび認証サーバ装置用プログラム
WO2004079639A1 (fr) Procede d'authentification pour paiement electronique utilisant une carte a circuit integre exclusivement a mot de passe
KR20200013494A (ko) 사용자가 소지한 금융 카드 기반 본인 인증 시스템 및 방법
KR101606540B1 (ko) 오티피 스마트 카드 장치
JP3903629B2 (ja) 情報処理装置及びこの情報処理装置に用いられるプログラムが記憶された記憶媒体
CN116830532A (zh) 移动装置秘密保护系统和方法
JP2001067477A (ja) 個人識別システム
JPH10255005A (ja) 利用者認証方式

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CN KR US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase