WO2005022474A1 - Procede et systeme destines a empecher les transactions frauduleuses en ligne - Google Patents
Procede et systeme destines a empecher les transactions frauduleuses en ligne Download PDFInfo
- Publication number
- WO2005022474A1 WO2005022474A1 PCT/ZA2004/000085 ZA2004000085W WO2005022474A1 WO 2005022474 A1 WO2005022474 A1 WO 2005022474A1 ZA 2004000085 W ZA2004000085 W ZA 2004000085W WO 2005022474 A1 WO2005022474 A1 WO 2005022474A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- code
- verifying
- verifying code
- remote computer
- customer
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
- G06Q20/425—Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
Definitions
- THIS INVENTION relates to a method of, and a system for, inhibiting fraudulent online transactions.
- the present invention seeks to provide a method and a system for preventing unauthorized operation of an account.
- a method of conducting an electronic transaction which comprises: connecting a remote computer of the customer to an authentication server to open up an authorization and data transmission channel; generating, upon said connection being made, a code which is unique to the connection established; generating a first verifying code derived from raw data comprising said unique code and the ID of the remote computer and the date and time; transmitting said first verifying code to the customer along a communication channel other than said authorization and data transmission channel; generating a second verifying code and storing this on the authentication server, the second verifying code being encoded and derived from said unique code, the ID of the remote computer and the time and date; entering said first verifying code at said remote computer; transmitting said first verifying code from said remote computer to said authentication server along said authorization and data transmission channel; transmitting both said first and second codes from the authentication server to a means for decoding the second verifying code to recreate the raw data and then using the re-created raw data to create a third
- Said second verifying code can be in the form of a global unique identifier; and the first verifying code in the form of a number with, for example, five digits. According to a further aspect of the present invention there is provided a system for enabling an online transaction as defined above to be undertaken.
- the transaction commences when the customer uses his computer 10 to log on to the authentication server 12 of the financial institution at which his current account, savings account or other bank account is held.
- the customer logs on via the transmission line 14.
- Logging on occurs in the conventional manner by the insertion of one or more codes known only to the customer.
- the client authentication server 12 of the financial institution authenticates the information provided by the customer as the log on procedure takes place. This establishes an authentication and data communication channel between the customer 10 and the financial institution.
- the authentication server 12 has stored therein information pertaining to the customer which the financial institution has previously requested and the customer has provided.
- the information can take many forms but should include at least: (a) information pertaining to a second communication channel from the financial institution to the customer which the customer wishes the financial institution to use; and (b) information pertaining to when establishment of a data transmission channel is allowed, and how long the authentication and data communication channel may remain connected.
- the information provided under (a) is hereinafter referred to as the customer's "notification profile" and can comprise, for example, the number of a cellular phone to which a text message can be sent or an email address to which a message can be sent.
- the information provided under (b) will be referred to hereinafter as the customer's "expiry policy" and can, for example, specify that no connection before 8am, or after 5pm, is valid and that the transmission channel should be closed after a specified time.
- the information under (a) and (b) is in XML format.
- an identification code is generated by the server 12 which is unique to the connection which has been established.
- a new, unique identification code is allocated. This code will be referred to hereinafter as the "request ID”.
- the data available for use now comprise the customer's notification profile, the customer's expiry policy, the customer's computer ID, the request ID and the time and date that the transaction commenced.
- the request ID, the customer's computer ID and the time and date (the
- raw ticket uid are used by a secure server 16 to generate a global unique identifier which is a thirty two character number. This is generated using a protocol which is the industry standard worldwide. This number, in the present context, is referred to as a "ticket uid". "uid” is a shorthand way of writing "global unique identifier”.
- the ticket uid is transmitted along path 18 to the server 12 and stored in the memory of the server 12.
- the "raw ticket uid" is hashed in the secure server 16 to provided a number of, say, five digits in length which is referred to hereinafter as the "token ID”.
- the token ID is sent to the customer along the communication channel 22 specified in the customer's notification policy as stored on the server 12.
- the customer is prompted on the screen of the computer 10 to enter the token ID received, and the token ID is then transmitted to the financial institution's authentification server 12 along the previously established authentication and data transmission channel.
- the authentification server 12 Upon receipt of the entered token ID, the authentification server 12 transmits the token ID and the ticket uid to the secure token server 16.
- the server decodes the ticket uid to recreate the raw ticket data and then produces a further identification number (referred to as a "match ID"). This is compared with the token ID. Only if there is a match between the token ID and the match ID can the transaction proceed. In the event of a mismatch the transaction is not permitted to proceed.
- the ticket uid By using the ticket uid to produce the match ID, there is assurance that it is the correct authorization server 12 that is communicating with the secure server 16. More specifically, the token ID is produced directly from the "raw ticket uid". The match ID is produced from the ticket uid which is also based on the raw ticket data but which has been stored on the server.
- Reference numeral 24 designates the financial institution's computer on which all the client's financial information is stored.
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ZA03/6668 | 2003-08-27 | ||
ZA200306668 | 2003-08-27 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005022474A1 true WO2005022474A1 (fr) | 2005-03-10 |
Family
ID=34275065
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/ZA2004/000085 WO2005022474A1 (fr) | 2003-08-27 | 2004-07-26 | Procede et systeme destines a empecher les transactions frauduleuses en ligne |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2005022474A1 (fr) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1840814A1 (fr) * | 2006-03-17 | 2007-10-03 | Hitachi Software Engineering Co., Ltd. | Système de vérification |
EP2086658A4 (fr) * | 2006-11-15 | 2011-01-05 | Cfph Llc | Systèmes et procédés pour déterminer qu'un dispositif de jeu communique avec un serveur de jeu |
US9590965B2 (en) | 2006-11-15 | 2017-03-07 | Cfph, Llc | Determining that a gaming device is communicating with a gaming server |
US9685036B2 (en) | 2006-11-15 | 2017-06-20 | Cfph, Llc | Verifying a gaming device is in communications with a gaming server by passing an indicator between the gaming device and a verification device |
US9767640B2 (en) | 2006-11-15 | 2017-09-19 | Cfph, Llc | Verifying a first device is in communications with a server by storing a value from the first device and accessing the value from a second device |
US9875341B2 (en) | 2006-11-15 | 2018-01-23 | Cfph, Llc | Accessing information associated with a mobile gaming device to verify the mobile gaming device is in communications with an intended server |
US10068421B2 (en) | 2006-11-16 | 2018-09-04 | Cfph, Llc | Using a first device to verify whether a second device is communicating with a server |
US10525357B2 (en) | 2006-11-15 | 2020-01-07 | Cfph, Llc | Storing information from a verification device and accessing the information from a gaming device to verify that the gaming device is communicating with a server |
US10810823B2 (en) | 2006-11-15 | 2020-10-20 | Cfph, Llc | Accessing known information via a devicve to determine if the device is communicating with a server |
US11213773B2 (en) | 2017-03-06 | 2022-01-04 | Cummins Filtration Ip, Inc. | Genuine filter recognition with filter monitoring system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2769446A1 (fr) * | 1997-10-02 | 1999-04-09 | Achille Joseph Marie Delahaye | Systeme d'identification et d'authentification |
FR2771875A1 (fr) * | 1997-11-04 | 1999-06-04 | Gilles Jean Antoine Kremer | Procede de transmission d'information et serveur informatique le mettant en oeuvre |
-
2004
- 2004-07-26 WO PCT/ZA2004/000085 patent/WO2005022474A1/fr active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2769446A1 (fr) * | 1997-10-02 | 1999-04-09 | Achille Joseph Marie Delahaye | Systeme d'identification et d'authentification |
FR2771875A1 (fr) * | 1997-11-04 | 1999-06-04 | Gilles Jean Antoine Kremer | Procede de transmission d'information et serveur informatique le mettant en oeuvre |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1840814A1 (fr) * | 2006-03-17 | 2007-10-03 | Hitachi Software Engineering Co., Ltd. | Système de vérification |
US10525357B2 (en) | 2006-11-15 | 2020-01-07 | Cfph, Llc | Storing information from a verification device and accessing the information from a gaming device to verify that the gaming device is communicating with a server |
US10212146B2 (en) | 2006-11-15 | 2019-02-19 | Cfph, Llc | Determining that a gaming device is communicating with a gaming server |
US9685036B2 (en) | 2006-11-15 | 2017-06-20 | Cfph, Llc | Verifying a gaming device is in communications with a gaming server by passing an indicator between the gaming device and a verification device |
US9767640B2 (en) | 2006-11-15 | 2017-09-19 | Cfph, Llc | Verifying a first device is in communications with a server by storing a value from the first device and accessing the value from a second device |
US9875341B2 (en) | 2006-11-15 | 2018-01-23 | Cfph, Llc | Accessing information associated with a mobile gaming device to verify the mobile gaming device is in communications with an intended server |
US11710365B2 (en) | 2006-11-15 | 2023-07-25 | Cfph, Llc | Verifying whether a device is communicating with a server |
US10181237B2 (en) | 2006-11-15 | 2019-01-15 | Cfph, Llc | Verifying a gaming device is in communications with a gaming server by passing an indicator between the gaming device and a verification device |
US9590965B2 (en) | 2006-11-15 | 2017-03-07 | Cfph, Llc | Determining that a gaming device is communicating with a gaming server |
EP2086658A4 (fr) * | 2006-11-15 | 2011-01-05 | Cfph Llc | Systèmes et procédés pour déterminer qu'un dispositif de jeu communique avec un serveur de jeu |
US10810823B2 (en) | 2006-11-15 | 2020-10-20 | Cfph, Llc | Accessing known information via a devicve to determine if the device is communicating with a server |
US10991196B2 (en) | 2006-11-15 | 2021-04-27 | Cfph, Llc | Verifying a first device is in communications with a server by storing a value from the first device and accessing the value from a second device |
US11083970B2 (en) | 2006-11-15 | 2021-08-10 | Cfph, Llc | Storing information from a verification device and accessing the information from a gaming device to verify that the gaming device is communicating with a server |
US10068421B2 (en) | 2006-11-16 | 2018-09-04 | Cfph, Llc | Using a first device to verify whether a second device is communicating with a server |
US11213773B2 (en) | 2017-03-06 | 2022-01-04 | Cummins Filtration Ip, Inc. | Genuine filter recognition with filter monitoring system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1922632B1 (fr) | Procede et appareil pour mot de passe a usage unique | |
US9699183B2 (en) | Mutual authentication of a user and service provider | |
US9231944B2 (en) | Method and apparatus for the secure authentication of a web site | |
US8079082B2 (en) | Verification of software application authenticity | |
US6829711B1 (en) | Personal website for electronic commerce on a smart java card with multiple security check points | |
US7730321B2 (en) | System and method for authentication of users and communications received from computer systems | |
US8572377B2 (en) | Method for authentication | |
US20110047605A1 (en) | System And Method For Authenticating A User To A Computer System | |
US20130262303A1 (en) | Secure transactions with a mobile device | |
US20070006286A1 (en) | System and method for security in global computer transactions that enable reverse-authentication of a server by a client | |
US20090307141A1 (en) | Secure Card Services | |
EP1615097A2 (fr) | Procédé d'authentification à chemin double | |
WO2012167941A1 (fr) | Procédé pour valider une transaction entre un utilisateur et un fournisseur de services | |
US20010034721A1 (en) | System and method for providing services to a remote user through a network | |
EP2533486A1 (fr) | Procédé pour valider une transaction entre un utilisateur et un fournisseur de services | |
WO2005022474A1 (fr) | Procede et systeme destines a empecher les transactions frauduleuses en ligne | |
US20060059111A1 (en) | Authentication method for securely disclosing confidential information over the internet | |
US20160105798A1 (en) | Process for authenticating an identity of a user | |
KR100517441B1 (ko) | 화상 이미지를 통한 상호 인증 방법 및 이를 실행하기위한 프로그램을 기록한 컴퓨터로 읽을 수 있는 기록매체 | |
KR20070076576A (ko) | 결제승인처리방법 | |
KR20070076575A (ko) | 고객 인증처리 방법 | |
KR100782012B1 (ko) | 인터넷 뱅킹에서 전화를 이용한 오토콜시스템 및 그시스템을 이용한 금융거래방법 | |
KR20090006815A (ko) | 고객 인증처리 방법 | |
Al-Sharafi | A Review of User Authentication Model for Online Banking System based on Mobile IMEI Number | |
Jawahitha et al. | E-Banking: A Malaysian Legal Paradigm. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
122 | Ep: pct application non-entry in european phase |