WO2007074356A1 - Dispositif de saisie de code pin portable - Google Patents

Dispositif de saisie de code pin portable Download PDF

Info

Publication number
WO2007074356A1
WO2007074356A1 PCT/IB2005/054402 IB2005054402W WO2007074356A1 WO 2007074356 A1 WO2007074356 A1 WO 2007074356A1 IB 2005054402 W IB2005054402 W IB 2005054402W WO 2007074356 A1 WO2007074356 A1 WO 2007074356A1
Authority
WO
WIPO (PCT)
Prior art keywords
pin
user
bezel
input
portable
Prior art date
Application number
PCT/IB2005/054402
Other languages
English (en)
Inventor
Kansai Mcilroy
Original Assignee
Kansai Mcilroy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kansai Mcilroy filed Critical Kansai Mcilroy
Priority to PCT/IB2005/054402 priority Critical patent/WO2007074356A1/fr
Publication of WO2007074356A1 publication Critical patent/WO2007074356A1/fr

Links

Classifications

    • GPHYSICS
    • G04HOROLOGY
    • G04GELECTRONIC TIME-PIECES
    • G04G21/00Input or output devices integrated in time-pieces
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/23Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C11/00Arrangements, systems or apparatus for checking, e.g. the occurrence of a condition, not provided for elsewhere
    • G07C2011/02Arrangements, systems or apparatus for checking, e.g. the occurrence of a condition, not provided for elsewhere related to amusement parks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/33Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses

Definitions

  • This invention pertains mainly to the field of applied smart-card technology. It also relates to criminology, psychological engineering, and ergonomics.
  • US 6,776,332 discloses, as a portable PIN inputter, a contact-type card with a built- in numeric keypad.
  • the present invention and the invention of US 6,776,332 have in common the point that the customer in a debit transaction or credit transaction inputs the trial PIN not on a numeric keypad controlled by the merchant but rather on the customer's own portable PIN inputter.
  • Japan 2003-206660 discloses, as a portable PIN inputter, a digital-display wristwatch with buttons and a built-in wireless transmitter.
  • the trial PIN is input by repeatedly pressing the buttons.
  • the invention of Japan 2003-206660 is aimed at enabling company employees, who are required to input a PIN in order to pass through a security gate set up at the entrance to a company facility, to input their trial PINs ahead of time in their wristwatches instead of inputting them in the numeric keypad provided at the gate itself, thus eliminating long lines in front of the gate at rush hour and improving the company's efficiency.
  • the present invention and the invention of Japan 2003-206660 have in common the point that a person intending to pass through a security gate inputs the trial PIN not after she or he has arrived at the gate but rather, ahead of time, on the person's own portable PIN inputter.
  • Step 1 By a method such as looking over the user's shoulder ('shoulder surfing'), hidden camera, or tampering with a merchant's numeric keypad or other equipment, a criminal learns the trial PIN that the user has input.
  • Step 2 (optional): The criminal confirms that the transaction that the user was trying to do was successful, i.e. confirms that the trial PIN is the true PIN.
  • Step 3 By a method such as robbery ('mugging'), burglary, or 'emboss and swap' (see below), the criminal steals the card.
  • Step 4 Using the card and PIN, the criminal buys goods and converts the goods into cash, all in an untraceable manner.
  • Step 1 A criminal (for example a server in a restaurant or a cash register attendant), under some pretext, obtains possession of the card.
  • Step 2 The criminal group has assembled in advance an inventory of counterfeit card blanks for all the popular brands and designs of cards. The criminal removes from inventory a blank with the design that is closest to the design of the real card, puts the blank into an embossing machine, and creates a copy of the real card by reproducing its embossed characters on the blank.
  • Step 3 The criminal returns the copy to the user.
  • Step 4 Employing a fake terminal, the criminal asks the user to insert the card (actually it's the copy) and to input the PIN.
  • the criminal group has rigged the fake terminal (a) to exhibit a reaction as though the transaction was successful, (b) to print out a fake receipt that appears at first sight to be an ordinary receipt but on closer inspection contains nothing that can be traced to the party that issued the receipt, and (c) to record the trial PIN that the user input.
  • Step 5 The criminal returns the card (actually it's the copy) and the fake receipt to the user.
  • Step 6 Using the card (the real card) and the trial PIN, a member of the criminal group buys goods and converts the goods into cash, all in an untraceable manner.
  • Each of the major payment associations has what it may call a neural network for the early detection and prevention of unauthorized card use, and the criminal group knows that the best way to reduce the risk of its being tracked down by such a neural network is to ensure that the data from the transaction when the card was copied (steps 1 through 5) never reach the issuer of the card. Accordingly, the criminal gang will probably use its own cash to process the transaction, 'treating' the card user to a free meal or whatever.
  • the PIN must have at least the same strength as a conventional 4-digit decimal number such as can be input from a conventional numeric keypad.
  • the PIN must be a number from a numbering system that is duodecimal or higher, i.e. the radix of the numbering system must be 12 or more.
  • the intrinsic strength of a 4-digit decimal-system PIN is 10 to the 4th power minus 1 (0000 is omitted from candidacy as a PIN; hereafter the same), or 9,999.
  • the intrinsic strength of a 4-digit unidecimal-system PIN is 11 to the 4th power minus 1, or 14,640, and if the 9,999 PIN candidates that might possibly have been used previously for other purposes are eliminated only 4,641 PIN candidates remain, which is weaker than a 4-digit decimal-system PIN.
  • Condition 2 Input of the trial PIN must be done not on a numeric keypad controlled by the merchant but rather by means of a portable device that the user herself or himself provides and employs.
  • Condition 3 The physical operation of inputting the trial PIN must be on the one hand an operation that is at least as easy for the user to perform as inputting a number into a numeric keypad but must be on the other hand be an operation that is hard for a shoulder surfer to see or for a hidden camera to record.
  • Condition 4 The portable device that the user employs must have a clock function.
  • the issuer or a processing company acting as agent for the issuer can confirm, by means of a time-sensitive cryptogram transmitted by the user's portable device, that it is connected in real time to the user's portable device; and, for the user to protect herself or himself against impersonation on the merchant side, the user's portable device can confirm, by means of a time-sensitive cryptogram transmitted by the issuer or a processing company acting as agent for the issuer, that it is connected in real time to the issuer or to a processing company acting as agent for the issuer. In either case, it is essential that the portable device that the user employs should have a clock function.
  • Condition 5 The portable device that the user employs must have a means of presentation (an LCD panel, a set of audible signals, etc.), to let the user follow the stages of a communication session with a transaction terminal and the stages of a communication session via a transaction terminal with the issuer or a processing company acting as agent for the issuer. It must also have a means (buttons, etc.) of enabling the user, at each stage, to input appropriate commands.
  • a means of presentation an LCD panel, a set of audible signals, etc.
  • Terminals employed by merchants come in all shapes and sizes. A user cannot distinguish a real one from a fake, nor can a user know whether the terminal has been tampered with, and therefore a user cannot trust the information shown on the display panel of the terminal. Only when — after exchanging time-sensitive cryptograms so as to remove the risk of impersonation — the user's own portable device has received enciphered information, deciphered it, and presented it (by an LCD panel, a set of audible signals, etc.), can the user believe the information. Likewise, there is no guarantee that a command that is input into a terminal employed by a merchant will be transmitted to the system without illicit alteration of its contents. Only when the user inputs the command into her or his own portable device and uses her or his own portable device to encipher the command and transmit it in enciphered form can the user be free from anxiety.
  • Condition 6 The portable device that the user employs must have the characteristic that the user, when going out, will carry the device by physically fastening it to her or his body or clothing. Moreover it must have the characteristic that if the user is requested to unfasten the device from her or his body or clothing the user will be psychologically indisposed to accede to the request.
  • the input of the trial PIN is done not on a merchant's numeric keypad but rather on the user's own portable device, it is particularly important to ensure that the device is not separated from the user's person during the period of effectiveness of the trial PIN input (which might be, for example, 3 minutes from the beginning of the input).
  • the present invention employs an analog-display battery-powered timepiece as a portable PIN inputter.
  • an analog-display timepiece there are 12 hour indicators on the timepiece's face, and these can be used for inputting a 4-or-more-digit duodecimal-system PIN. Thus condition 1 is satisfied.
  • Trial PIN input is done on the timepiece itself. Thus condition 2 is satisfied.
  • the physical operation of inputting the trial PIN is as follows. The timepiece is equipped with a rotatable bezel, and the bezel has a mark at one place.
  • the mark is such that it is sufficiently recognizable from the user's distance (in the case of a Braille timepiece, sufficiently recognizable by touch) but difficult to discern from a greater distance.
  • the timepiece is also equipped with one or more buttons. The user rotates the bezel until the mark is aligned with one of the 12 hour indicators on the timepiece's face and then performs a button manipulation. Repeating this 4 or more times, the user inputs a 4-or-more-digit duodecimal number.
  • condition 3 is satisfied.
  • condition 4 Since it is a timepiece, condition 4 is satisfied.
  • the timepiece in addition to having the usual functions of a contactless integrated circuit card (calculation function, memory function, and wireless communication function), is furnished with a means of presentation that lets the user follow the stages of a trial PIN input, the stages of a communication session with a transaction terminal, and the stages of a communication session via a transaction terminal with the issuer or a processing company acting as agent for the issuer and also with a means of enabling the user, at each stage, to input appropriate commands.
  • condition 5 is satisfied.
  • a wristwatch which is the preferred embodiment of the portable PIN inputter of the present invention and which will be fastened to the user's wrist, but also a timepiece in the form of a piece of jewelry (pendant, pin, etc.) or a pocket watch on a chain satisfies the physical and psychological aspects of condition 6.
  • the rotatable bezel can be made much slimmer than conventional rotatable bezels, so that, other than the requirement of roundness, equipping the timepiece with a rotatable bezel will not restrict timepiece designers very much.
  • Fig. 1 The wristwatch that is the preferred embodiment of the portable PIN inputter of this invention, viewed from the front.
  • Fig. 2 The wristwatch of Fig. 1 as viewed from the 3 o'clock direction.
  • Fig. 3 The wristwatch of Fig. 1 as viewed from the 9 o'clock direction.
  • Fig. 4 Diagram showing the arrangement of the brushes affixed to the back side of the bezel (the brushes themselves, being behind the bezel, are not visible).
  • Fig. 6 A simplified embodiment of the portable PIN inputter of this invention, viewed from the front.
  • button 24 If the user wants to cancel the trial PIN input in mid-course, she or he presses button 24. It should be noted that the average user is right-handed, and it is assumed that she or he will fasten the wristwatch to her or his left wrist and press button 23 and button 24 with her or his right forefinger. In the case of this average user, the placement of button 23 at the 10 o'clock position and button 24 at the 8 o'clock position will encourage the user to do the trial PIN input and confirmation operations by bringing the wristwatch up close to her or his chest, just like a professional poker player.
  • upper LCD panel 25 and lower LCD panel 26 normally (i.e. when the wristwatch is being used simply as a timepiece) display calendar information. As soon as the user begins the trial PIN input operation, however, they change to a display that lets the user see the flow of the trial PIN input. More specifically, when the user rotates bezel 21 until mark 22 is aligned with the hour indicator on the watch face that corresponds to the first digit of the trial PIN and then presses button 23, the display of upper LCD panel 25 changes to a single asterisk, and as the user repeats these manipulations for the subsequent digits it changes to double asterisks, triple asterisks, etc.
  • each pad is coupled (by means not shown in the drawing) to a port pin of the means of calculation.
  • button 23 When button 23 is pressed, each pad is given a small charge.
  • the voltage of a pad that is in contact with a brush, because the brush is grounded, will be zero or an extremely small value (in binary notation, 0).
  • the voltage of a pad that is not in contact with a brush will be a relatively large value (in binary notation, 1). More specifically, as shown in the following table, it is possible to obtain 12 different binary signals from the 12 rotational positions, one every 30 degrees, at which contact occurs. These binary signals enter the wristwatch's built-in means of calculation by way of the port pins.
  • the reason for setting the number of pads at 4 is as follows. As can be seen from the fact that there are 8 possible 3-digit binary numbers (000 through 111) and 16 possible 4-digit binary numbers (0000 through 1111), to handle 12 different binary signals a contrivance that can handle binary numbers at least 4 digits in length is necessary. It follows that the number of pads and port pins must be at least 4 of each. Further, in view of manufacturing costs, it is more important to minimize the number of pads and port pins than to minimize the number of brushes. Accordingly, the number of pads is set at 4.
  • the number of brushes is set at 6 for the following reason.
  • the wristwatch's rotatable bezel can be made much slimmer than conventional rotatable bezels, and here are the reasons for this.
  • the first reason lies in the slimness of the front side of bezel 21, i.e. the narrowness of mark 22.
  • symbols or marks indicating the alternatives available for selection by the user have been arranged in a ring formation on the front side of the bezel. The user rotates the bezel until the symbol or mark on the bezel corresponding to the alternative that she or he wants to select is aligned with a mark on the timepiece's face.
  • the wristwatch of the present invention reverses this.
  • the symbols or marks indicating the alternatives available for selection by the user are on the watch face, and the user rotates bezel 21 until mark 22 is aligned with the symbol or mark on the watch face corresponding to the alternative that she or he wants to select.
  • mark 22 is aligned with the symbol or mark on the watch face corresponding to the alternative that she or he wants to select.
  • the only thing that needs to appear on bezel 21 is mark 22, and bezel 21 needs to be merely wide enough to provide room for mark 22.
  • the second reason lies in the slimness of the back side of bezel 21, i.e. the narrowness of brushes 27 A through 27F.
  • the pad-and-brush contrivance is the most simple and the most capable of realization in a narrow form.
  • the brushes in particular can be made quite narrow, and bezel 21 needs to be merely wide enough to provide room for these narrow brushes.
  • Cartesian coordinates can be input (US 5,982,710), which is cited above as prior art, also points out that the brushes in a pad-and-brush contrivance can be made quite narrow.
  • pads 28 A through 28D are disposed at the 0 o'clock (12 o'clock) position, the 3 o'clock position, the 6 o'clock position, and the 9 o'clock position, but this has no particular significance.
  • a timepiece designer can freely change the disposition of the pads as long as their positions relative to each other (at 90-degree intervals) stay the same.
  • the location of mark 22 coincides with the disposition of brush 27 A, but this too has no particular significance, and a timepiece designer can freely change the location of mark 22 as long as the positions of the brushes relative to each other stay the same. (In either case, the binary signals obtained will differ from those shown in the table presented earlier.) It should be noted that the brush arrangement in Fig.
  • 4 is just one example, and there are a total of 16 brush arrangements (if mirror images are included, 32 brush arrangements) that provide the functionality of generating, with 4 pads at 90-degree intervals and 6 brushes, 12 different binary signals from the 12 rotational positions, one every 30 degrees, at which contact occurs.
  • PIN verification is comparison of the true PIN stored in the wristwatch's built-in means of memory and the trial PIN confirmed by the operation described above, and it is performed by the wristwatch's built-in means of calculation. If they do not match, not only is upper LCD panel 25 caused to display the message 'INVALID!' as mentioned above, but also the false-PIN counter stored in the means of memory is increased by 1. When the false-PIN counter reaches a standard number that has been prescribed by the issuer, for example 3, i.e.
  • the 4-or-more-digit duodecimal number that (but for this rule) could be input as a trial PIN by pressing button 23 four or more times in succession when mark 22 is aligned with the 10-o'clock hour indicator is ineligible
  • the 4-or-more-digit duodecimal number that (but for this rule) could be input as a trial PIN by pressing button 23 four or more times in succession when mark 22 is aligned with the 11 -o'clock hour indicator is likewise ineligible.
  • the wristwatch's program knows the number of digits in the
  • the program is able to recognize when an attempt is being made to input the last digit of a trial PIN.
  • the program is also able to recognize a situation in which there is a possibility that the input of the last digit could result in an ineligible number, i.e. when all the digits input so far have been 0 through 9, when they all have been the duodecimal digit 10, or when they all have been the duodecimal digit 11.
  • the program analyzes the resulting number, and if it is ascertained to be ineligible the program (a) suspends the trial-PIN-confirmation function of button 23, so that, even if button 23 is pressed one more time, confirmation will not take place, PIN verification will not take place, and there will be no effect on the false-PIN counter, and (b) causes upper LCD panel 25 and lower LCD panel 26 to display the error message 'INELIGIBLE' (on upper LCD panel 25) 'NUMBER' (on lower LCD panel 26).
  • each wristwatch is assigned 2 pairs of keys, an offline-use pair and an online-use pair.
  • the offline-use pair is for communication between the wristwatch and a transaction terminal
  • the online-use pair is for communication via a transaction terminal between the wristwatch and the issuer or a processing company acting as agent for the issuer.
  • the private keys both the one for offline use and the one for online use
  • the public keys both the one for offline use and the one for online use
  • 'Payment association' means a payment association to which issuers that have introduced systems that work the present invention belong (hereafter the same). Note: With respect to the offline-use key pair and the online-use key pair, the nomenclature adopted here is to call the key that is stored on the business side the 'public key' and the key that is stored on the user side the 'private key', which is the opposite of the usual nomenclature.
  • Step 1 When the user, having been informed of the transaction amount by the merchant, wants to process the transaction as a debit transaction or as a credit transaction, the user does the trial PIN input and confirmation operations with the wristwatch. 'VALID PIN' is displayed on upper LCD panel 25, and the number of seconds remaining in the period of effectiveness of the trial PIN input is displayed on lower LCD panel 26. If it is assumed, for example, that the issuer has prescribed, as the period of effectiveness, 3 minutes from the beginning of the trial PIN input (i.e. from the first time that button 23 is pressed), a countdown of, for example, '155 SECONDS', '154 SECONDS', '153 SECONDS', etc. will appear on lower LCD panel 26.
  • Step 2 The wristwatch transmits the following 3 data to the transaction terminal:
  • Step 3 The transaction terminal gets the user's account information by (a) getting the issuer's public key from the transmitted data and confirming — by (i) independently calculating the issuer's public key's hash, (ii) getting the enciphered hash from the transmitted data and using the payment association's public key, which is stored in the transaction terminal's memory, to open the enciphered hash, and (iii) comparing the two results — that it is the issuer's true public key, (b) using the issuer's public key to get the offline-use public key, and (c) using the offline-use public key to get the user's account information.
  • the merchant or the merchant's 'acquirer' (the financial institution that acquires the merchant's receivables) will perform a screening procedure (a comparison with a list of stolen wristwatches, and a risk assessment considering factors such as the issuer's nationality, the transaction amount, and the kind of goods).
  • a screening procedure a comparison with a list of stolen wristwatches, and a risk assessment considering factors such as the issuer's nationality, the transaction amount, and the kind of goods.
  • various results can be imagined — such as immediate contact with the police, denial of processing as a debit transaction or credit transaction, or denial of offline processing (i.e. the merchant demands online processing) — but here it will be assumed that the result of the screening is 'Offline Processing Is Approved'.
  • the transaction terminal transmits to the wristwatch (in plain text) the transaction currency and amount and a signal that has the meaning of asking for the user's permission to proceed with offline processing.
  • Step 4 The wristwatch displays on upper LCD panel 25 the transaction currency and amount, for example, 'JPY472,500'. If the transaction currency and amount cannot fit into upper LCD panel 25, it automatically scrolls. Meanwhile, lower LCD panel 26 alternates, at one-second intervals, between displaying the countdown and displaying a message, 'OFFLINE OK?', asking for the user's permission to proceed with offline processing. The user confirms the transaction currency and amount and decides whether to permit offline processing. To permit offline processing the user presses button 23, and to reject offline processing the user presses button 24. It should be noted that the language of the messages displayed in upper LCD panel 25 and lower LCD panel 26 is the language of that wristwatch. In other words, no matter what country the user uses her or his wristwatch in, its display language does not change.
  • Step 5 (course A): Here it will be assumed that the user rejects offline processing, i.e. presses button 24.
  • the wristwatch transmits to the transaction terminal (in plain text) a signal that has the meaning of rejecting offline processing and demanding online processing.
  • Step 6 (course A): It can be imagined that, if the merchant does not want to do online processing, at this point the merchant will refuse to process the transaction as a debit transaction or credit transaction, but here it will be assumed that the merchant is willing to proceed with online processing. From this point the procedures are the same as where, in step 3, the merchant denied offline processing (i.e. the merchant demanded online processing), to wit, the transaction terminal transmits to the wristwatch (in plain text) the transaction currency and amount and a signal that has the meaning of asking for the user's permission — or reconfirming the user's demand — to proceed with online processing.
  • the merchant denied offline processing i.e. the merchant demanded online processing
  • the transaction terminal transmits to the wristwatch (in plain text) the transaction currency and amount and a signal that has the meaning of asking for the user's permission — or reconfirming the user's demand — to proceed with online processing.
  • Step 7 (course A): The wristwatch displays — or continues from step 4 to display — on upper LCD panel 25 the transaction currency and amount, for example, 'JPY472,500'. If the transaction currency and amount cannot fit into upper LCD panel 25, it automatically scrolls. Meanwhile, lower LCD panel 26 alternates, at one-second intervals, between displaying the countdown and displaying a message, 'ONLINE OK?', asking for the user's permission to proceed with online processing. The user confirms the transaction currency and amount and decides whether to permit online processing. To permit online processing the user presses button 23, and to reject online processing the user presses button 24. Here it will be assumed that the user permits online processing, i.e. presses (before the countdown reaches zero) button 23.
  • the wristwatch transmits to the transaction terminal a cryptogram, enciphered with the online-use private key, containing the following 4 data: (a) the PIN, (b) the date and time, (c) a signal that has the meaning of demanding online processing, and (d) the currency and amount.
  • Step 8 (course A): The transaction terminal transmits to the issuer or processing company acting as agent for the issuer a message comprising the user's account information that it got in step 3, the cryptogram that it received in step 7 (course A), and the merchant's information concerning the transaction in question (the date and time, the currency and amount, the kind of goods, etc.).
  • the issuer or processing company acting as agent for the issuer uses the online-use public key, which is under its charge, to open the cryptogram.
  • Step 9 (course A): The issuer or processing company acting as agent for the issuer transmits to the transaction terminal a cryptogram, enciphered with the online-use public key, containing the following 3 data, and the transaction terminal forwards the cryptogram to the wristwatch: (a) the date and time according to the issuer side's clock, (b) the currency and amount, and (c) the transaction identifier.
  • Step 10 (course A): The wristwatch uses the online-use private key to open the cryptogram.
  • the wristwatch transmits the transaction identifier to the transaction terminal (in plain text).
  • Step 11 (course A): The transaction terminal transmits to the wristwatch (in plain text) a signal that means that operations on the user's side have successfully concluded.
  • Step 12 (course A): The wristwatch displays on upper LCD panel 25 and lower
  • Step 13 (course A): There remain some operations on the merchant's side — for example, the merchant may need to send the transaction identifier to its 'acquirer' or a processing company acting as agent for its acquirer, and the 'acquirer' or processing company acting as agent for the acquirer may want to communicate with the issuer or a processing company acting as agent for the issuer to confirm the transaction identifier — but it is assumed that the remaining operations are basically the same as the usual debit card and credit card settlement operations, and they are omitted here.
  • Step 5 (course B): Here it will be assumed that the user permits offline processing, i.e. presses (before the countdown reaches zero) button 23. When the user does so, the wristwatch transmits to the transaction terminal a cryptogram, enciphered with the online-use private key, containing the following 3 data: (a) the PIN, (b) the date and time, and (c) the currency and amount.
  • Step 6 (course B): The transaction terminal transmits to the wristwatch (in plain text) a signal that means that operations on the user's side have successfully concluded.
  • Step 7 (course B): The wristwatch displays on upper LCD panel 25 and lower LCD panel 26, for several seconds, the message 'OFFLINE PROCESSING' (on upper LCD panel 25) 'WAS SUCCESSFUL' (on lower LCD panel 26), after which it reverts to the normal display of calendar information. This is the end of the operations on the user's side.
  • Step 8 (course B): It is assumed that, to reduce communication expense, the merchant at the end of the day assembles the transaction data for the day and transmits them in a batch to its 'acquirer' or a processing company acting as agent for its acquirer. These data include the user's account information that the merchant got in step 3, the cryptogram that the merchant received in step 5 (course B), and the merchant's information concerning the transaction in question (the date and time, the currency and amount, the kind of goods, etc.). The data make their way, via the payment association's clearinghouse, to the issuer or processing company acting as agent for the issuer. The issuer or processing company acting as agent for the issuer uses the online-use public key, which is under its charge, to open the cryptogram.
  • the portable PIN inputter of the present invention can be simplified in any or all of the following ways.
  • the means of fastening to the user's body or clothing can be eliminated.
  • the means of calculation can be simplified to eliminate the deciphering function.
  • the means of communication with a terminal can be simplified to perform transmission but not reception.
  • the portable PIN inputter of the present invention can be usefully employed in systems for controlling access to facilities or equipment, including systems that have attendance recording functionality.
  • a portable PIN inputter in such a simplified mode is shown in Fig. 6.
  • the watchband of Fig. 1 is replaced in Fig. 6 by upper bracket pair 32 and lower bracket pair 33.
  • the two LCD panels of Fig. 1 are replaced in Fig. 6 by a single LCD panel 34.
  • Upper bracket pair 32 and lower bracket pair 33 afford a number of options regarding ways to carry the portable PIN inputter.
  • each pair of brackets has a pair of holes on its inside surfaces, into which an ordinary spring-loaded pin can fit.
  • the user can use a pair of spring-loaded pins to attach a ordinary band, belt, or bracelet, so that she or he can carry the portable PIN inputter on her or his wrist.
  • Another option for the user is to use a single spring-loaded pin or similar device to attach a lanyard, so that she or he can carry the portable PIN inputter, either upright or upside-down, by placing the lanyard around her or his neck.
  • Another option, of course, is for the user to carry the portable PIN inputter loose, with nothing attached to it.
  • LCD panel 34 normally (i.e. when the portable PIN inputter is being used simply as a timepiece) displays calendar information. As soon as the user begins the trial PIN input operation, however, it changes to a display that lets the user see the flow of the trial PIN input. More specifically, when the user rotates bezel 21 until mark 22 is aligned with the hour indicator on the timepiece's face that corresponds to the first digit of the trial PIN and then presses button 23, the display of LCD panel 34 changes to a single asterisk, and as the user repeats these manipulations for the subsequent digits it changes to double asterisks, triple asterisks, and quadruple asterisks.
  • PIN verification is comparison of the true PIN stored in the portable PIN inputter's built-in means of memory and the trial PIN confirmed by the operation described above, and it is performed by the portable PIN inputter's built-in means of calculation. If they do not match, not only is LCD panel 34 caused to display the message 'INVALID!' as mentioned above, but also the false-PIN counter stored in the means of memory is increased by 1. When the false-PIN counter reaches a prescribed number, for example 3, i.e.
  • the 4-digit duodecimal number that (but for this rule) could be input as a trial PIN by pressing button 23 four times in succession when mark 22 is aligned with the 10-o'clock hour indicator is ineligible
  • the 4-digit duodecimal number that (but for this rule) could be input as a trial PIN by pressing button 23 four times in succession when mark 22 is aligned with the 11 -o'clock hour indicator is likewise ineligible.
  • the corresponding numbers from the other ten hour indicators are already ineligible because of the rule that numbers that can be expressed solely with the digits 0 through 9 are ineligible.
  • the purpose of this rule is to reduce the risk of unintentional input of a trial PIN.
  • the portable PIN inputter's program is able to recognize a situation in which there is a possibility that the input of the fourth digit could result in an ineligible number, i.e. when all of the first three digits have been 0 through 9, when they all have been the duodecimal digit 10, or when they all have been the duodecimal digit 11.
  • the program analyzes the resulting number, and if it is ascertained to be ineligible the program (a) suspends the trial-PIN-confirmation function of button 23, so that, even if button 23 is pressed one more time, confirmation will not take place, PIN verification will not take place, and there will be no effect on the false-PIN counter, and (b) causes LCD panel 34 to display the error message 'INELIGIBLE'.
  • FIG. 6 Here is a brief illustration of the operations whereby, employing the embodiment shown in Fig. 6, a locked door within a building-access control system is unlocked.
  • the simplified mode of the embodiment shown in Fig. 6 is not the only simplified mode of the portable PIN inputter of the present invention, the applicability of the present invention in simplified mode is not limited to building-access control systems, and unlocking a locked door is not the only operation that the present invention in simplified mode can perform.
  • the following illustrates only one of the possible simplified modes, only one of the possible areas of applicability, and only one of the possible operations.
  • each portable PIN inputter is assigned one pair of keys.
  • the private key is stored in the portable PIN inputter's means of memory, and the public key is under the charge of the system provider.
  • the nomenclature adopted here is to call the key that is stored on the system provider side the 'public key' and the key that is stored on the user side the 'private key', which is the opposite of the usual nomenclature. But, given that in this system the key that is stored on the system provider side may be divulged to a large number of terminals and computers within the system, whereas the user will not divulge to anyone the key that is stored in her or his portable PIN inputter, the nomenclature adopted here is appropriate.
  • Step 1 Well before her or his expected arrival time at the locked door, the user prepares to use her or his portable PIN inputter. If the portable PIN inputter has a band, belt, or bracelet attached, the user puts the portable PIN inputter on her or his wrist. If the portable PIN inputter has a lanyard attached, the user places the lanyard around her or his neck. If the portable PIN inputter has no means of fastening to the user's body or clothing attached to it, the user takes it in her or his hand.
  • Step 2 Just before her or his expected arrival time at the locked door, in a safe place and in a manner that is hard for another person to observe or for a camera to record, the user does the trial PIN input and confirmation operations with the portable PIN inputter.
  • LCD panel 34 displays the message 'VALID PIN' for several seconds, after which it displays the number of seconds remaining in the period of effectiveness of the trial PIN input. If it is assumed, for example, that the system provider has prescribed, as the period of effectiveness, 5 minutes from the beginning of the trial PIN input (i.e. from the first time that button 23 is pressed), a countdown of, for example, '272 SECONDS', '271 SECONDS', '270 SECONDS', etc. will appear.
  • Step 3 The user observes the locked door and its surroundings. If there are no signs of danger, the user quickly proceeds to the door and presses (before the countdown reaches zero) button 23. When the user does so, the portable PIN inputter transmits to a terminal located next to the door a message comprising (a) the identifying number of that portable PIN inputter (in plain text) and (b) a cryptogram, enciphered with the private key, containing the date and time. The portable PIN inputter transmits this message only once; if the unlocking operation is unsuccessful and the user wants to try again, she or he must return to step 2.
  • Step 4 The terminal gets the portable PIN inputter's identifying number from the transmitted message and uses it to retrieve the public key from its means of memory. Using the public key, the terminal opens the cryptogram. The terminal then compares the date and time from the cryptogram and the date and time according to its own clock. Here it will be assumed that the dates and times match. In this case, the terminal transmits to the lock a signal that has the meaning of commanding it to unlock. It should be noted that these operations can be performed either by the terminal or by a remote computer within the system, but here it is assumed that they are performed by the terminal.
  • Step 5 The user promptly passes through the unlocked door. As soon as the user has passed through, the door promptly closes and relocks.
  • the invention of claim 1 can also be used to force online processing when a user wants to pay by a debit method or a credit method for a purchase in a transaction at an unattended transaction terminal such as a vending machine or a public telephone or to force online processing when a user wants to use an unattended transaction terminal such as a cash dispenser or an automatic teller machine, thus defeating crimes that employ unattended transaction terminals that are fake or rigged.
  • the method of making a debit entry against a prepaid account is one kind of debit method.
  • the invention of claim 1 can be used to force online processing of transactions at transaction terminals (whether attended or unattended) in prepaid systems, such as prepaid systems for pachinko parlors and amusement parks.
  • a blind or eyesight-impaired person if she or he wants to pay by debit or credit for a purchase in an attended transaction with a merchant, must rely on the merchant's transaction terminal; if she or he wants to pay by debit or credit for a purchase in a transaction at an unattended transaction terminal, must rely on the unattended transaction terminal; and, if she or he wants to use a CD or an ATM, must rely on the CD or the ATM — all of which generally lack adequate audible output or Braille output functions.
  • a user can perform, shortly before arriving at the place where a lock has been installed, the PIN input needed for unlocking the lock.
  • the resident of an apartment building with a locked but unguarded entrance on her or his way home late at night, will be able to input the PIN ahead of time in a safe place such as inside a public transportation vehicle or facility, while walking along a public sidewalk with many passersby, or while sitting in her or his car in the apartment building's parking lot. Then she or he can proceed to the entrance and quickly unlock the lock and open the door and enter with no delay and no distractions.
  • a device that provides the functionality of generating from the state of rotation of the bezel and entering into the integrated circuit twelve different binary signals, each of which is generated when a button manipulation is performed when the bezel is at one of the twelve rotational positions at thirty-degree intervals that the bezel arrives at when it is rotated until the mark is aligned with one of the twelve hour indicators on the face, can be realized in a form that has few design restrictions, low power consumption, long useful life, and low manufacturing cost.
  • other timepieces or devices in the form of timepieces will be developed that incorporate various functions requiring the manual input of numerical data.
  • merchants, the proprietors of unattended transaction terminals, and financial institutions will be able to offer their customers a means of paying by debit or credit for their purchases, or of using CDs or ATMs, without anxiety and in a manner that prevents crime and protects the safety of their own persons to the maximum extent. They will also be able to offer improved accessibility to blind and eyesight-impaired persons and improved convenience to persons who prefer to use a foreign language.
  • customers of online merchants and online financial institutions will be able to input their login numbers and PINs in a manner that is secure both against spy ware that logs keystrokes and against spy ware that takes screenshots.
  • customers will be able to do business with online merchants and financial institutions via personal computers in internet cafes, copy centers, executive service salons at hotels and airports, etc., without having to worry overmuch about whether such personal computers might be infected with spy ware.
  • the invention of claim 7 will be most useful in a portable mode, i.e. in an embodiment as a portable reader that the user can use as a plug-in peripheral device with internet-connected personal computers anywhere in the world. But for operators of internet cafes, copy centers, executive service salons at hotels and airports, etc., the mode of a built-in personal-computer component has the advantage of obviating the risk of component theft.
  • systems for controlling access to facilities or equipment can be made safer without resorting to biometrics.
  • the operators of apartment buildings will be able to deploy building-access control systems that offer greater safety to their residents' own persons.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Electric Clocks (AREA)

Abstract

Dans un système qui demande à un utilisateur de saisir un code PIN, l'invention permet à l'utilisateur d'entrer le code PIN et d'utiliser le système sans anxiété, en empêchant toute tentative criminelle et en garantissant au maximum la sécurité de l'utilisateur. Chaque utilisateur a son propre dispositif de saisie de code PIN portable. Le dispositif de saisie de code PIN portable est doté d'une fonction d'horloge et de fonctions de cryptographie de clés publiques suffisantes pour faire échouer toute usurpation d'identité et toute écoute indiscrète. Chaque terminal du côté du système est doté de fonctions de communication permettant de s'interfacer avec les dispositifs portables de saisie de code PIN. L'utilisateur saisit un code PIN d’essai en système duodécimal dans son propre dispositif de saisie de code PIN portable, le dispositif de saisie de code PIN portable authentifie le code PIN d'essai comme le véritable code PIN, et l'utilisateur continue ensuite, par l'intermédiaire du terminal, son interaction avec le système.
PCT/IB2005/054402 2005-12-27 2005-12-27 Dispositif de saisie de code pin portable WO2007074356A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2005/054402 WO2007074356A1 (fr) 2005-12-27 2005-12-27 Dispositif de saisie de code pin portable

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2005/054402 WO2007074356A1 (fr) 2005-12-27 2005-12-27 Dispositif de saisie de code pin portable

Publications (1)

Publication Number Publication Date
WO2007074356A1 true WO2007074356A1 (fr) 2007-07-05

Family

ID=38217729

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/054402 WO2007074356A1 (fr) 2005-12-27 2005-12-27 Dispositif de saisie de code pin portable

Country Status (1)

Country Link
WO (1) WO2007074356A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CH716762A1 (fr) * 2019-11-04 2021-05-14 Favre Laurent Dispositif mécatronique agencé pour s'intégrer dans un appareil portatif comportant une pièce mécanique rotative servant à afficher et saisir un code pour exécuter une commande.

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0451695U (fr) * 1991-01-17 1992-04-30
JP2001296380A (ja) * 2000-04-13 2001-10-26 Masako Yamauchi 電源タイマ装置
JP2003186835A (ja) * 2001-12-14 2003-07-04 Hitachi Software Eng Co Ltd パスワード設定方法及びシステム
US20040113819A1 (en) * 2002-11-26 2004-06-17 Asulab S.A. Method of input of a security code by means of a touch screen for access to a function, an apparatus or a given location, and device for implementing the same

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0451695U (fr) * 1991-01-17 1992-04-30
JP2001296380A (ja) * 2000-04-13 2001-10-26 Masako Yamauchi 電源タイマ装置
JP2003186835A (ja) * 2001-12-14 2003-07-04 Hitachi Software Eng Co Ltd パスワード設定方法及びシステム
US20040113819A1 (en) * 2002-11-26 2004-06-17 Asulab S.A. Method of input of a security code by means of a touch screen for access to a function, an apparatus or a given location, and device for implementing the same

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CH716762A1 (fr) * 2019-11-04 2021-05-14 Favre Laurent Dispositif mécatronique agencé pour s'intégrer dans un appareil portatif comportant une pièce mécanique rotative servant à afficher et saisir un code pour exécuter une commande.
WO2021090200A1 (fr) * 2019-11-04 2021-05-14 Laurent Favre Dispositif mécatronique agencé pour s'intégrer dans un appareil portatif comportant une pièce mécanique rotative servant à afficher et saisir un code pour exécuter une commande

Similar Documents

Publication Publication Date Title
JP4711039B2 (ja) 複数の機能を有する多目的携帯端末の安全性確保の方法
US5591949A (en) Automatic portable account controller for remotely arranging for payment of debt to a vendor
CN1344396B (zh) 便携式电子的付费与授权装置及其方法
EP2392096B1 (fr) Améliorations concernant des systèmes d'authentification multifonctions
CN1307594C (zh) 付款方法
US20030046228A1 (en) User-wearable functional jewelry with biometrics and smartcard to remotely sign and/or authenticate to e-services
US20070185820A1 (en) Multi-account security verification system with a virtual account and linked multiple real accounts
US20020095389A1 (en) Method, apparatus and system for identity authentication
US20070073619A1 (en) Biometric anti-fraud plastic card
US10453041B1 (en) Automated banking machine system that operates to make cash available to a mobile device user
WO2001071516A1 (fr) Procede et dispositif d'identification personnelle
JPWO2006041031A1 (ja) 認証システム
WO2002086826A1 (fr) Procede d'introduction d'informations financieres au moyen d'un algorithme de securite a code symetrique, et systeme de transactions commerciales pour communications mobiles
KR20020089349A (ko) 전자신용카드-이씨씨
CN101523427A (zh) 在电子交易中验证用户的身份的系统和方法
EP2062228A1 (fr) Vérification de transaction par code visuel
NZ522686A (en) Secure biometric identification
JP3982522B2 (ja) 商取引方法
KR20000012607A (ko) 무선단말기를 이용한 인증시스템
US20090278660A1 (en) Credit card protection system
CN101371269A (zh) 信息输入装置和交易处理系统
WO2007074356A1 (fr) Dispositif de saisie de code pin portable
AU2021106789A4 (en) A money transfer methodology using coloured input plate and body heat fluctuation.
JP3874491B2 (ja) プリペイドicカードシステムおよびプリペイドicカード
US9520034B1 (en) Banking system including at least one 3D printer

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05850913

Country of ref document: EP

Kind code of ref document: A1