WO2012070997A1 - Method for secure verification of electronic transactions - Google Patents

Method for secure verification of electronic transactions Download PDF

Info

Publication number
WO2012070997A1
WO2012070997A1 PCT/SE2011/051045 SE2011051045W WO2012070997A1 WO 2012070997 A1 WO2012070997 A1 WO 2012070997A1 SE 2011051045 W SE2011051045 W SE 2011051045W WO 2012070997 A1 WO2012070997 A1 WO 2012070997A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
computer
user
mobile telephone
transaction request
Prior art date
Application number
PCT/SE2011/051045
Other languages
French (fr)
Inventor
Stefan Hagbard
Original Assignee
Exformation Communication Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Exformation Communication Ab filed Critical Exformation Communication Ab
Publication of WO2012070997A1 publication Critical patent/WO2012070997A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a method for secure verification of electronic transactions.
  • a problem with existing solutions is the difficulty to identify and guarantee that the correct person in fact has requested the function to be performed.
  • the present invention solves this problem.
  • the present invention relates to a method for simply supplementing existing transaction handling systems with a mechan- ism which guarantees that the intended transaction has been requested by an authorized user, independently of how the transaction has been generated and independently of the back- end system which is to carry out the function.
  • the present method may be used for solving problems with bank cards being read and underlying accounts being emptied, with card identities being hijacked during Internet trade, and with non-authorized persons gaining access to a computer system.
  • Security solutions exist in the form of small appliances that interact with for example a bank in order to verify that the use is authorized to carry out transactions with bank ac- counts. Such solutions are, however, specific for each company or bank.
  • RFID and NFC systems lack an advanced security solution for protection against copying and manipulation.
  • Another example is when charging an electric motor car at a public socket.
  • the present invention specifies a solution to the above described problems.
  • the present invention relates to a method for verification of electronic transactions, comprising a transaction source, a transaction system, a verification system for electronic ID, all connected to a central computer, and a receiver/sender in the form of a mobile telephone or a computer, belonging to the user, and is characterized in that a transaction is initiated using the said transaction source, which is caused to transfer an unverified transaction request to the mobile telephone/computer of the user, in that the said transaction request is shown on the screen of the mobile telephone/computer, whereby the user is asked to approve or reject the said transaction request, in that, in case the user wishes to approve the transaction request, a security module in the mobile telephone/computer is caused to digitally sign the said transaction request with an electronic identification, E-ID, for the user after the user has entered a PIN code into the security module, in that the signed trans ⁇ action request is transferred from the mobile telephone/computer to the said central computer, in that said central computer is caused to verify the said electronic identification, E-ID, and in that the central computer transfers information to the transaction system to
  • FIG. 1 shows a block diagram illustrating the present invention .
  • FIG. 2 shows a method for access control using RFID according to the present method.
  • the present method for verification of electronic transactions comprises a transaction source, a transaction system, a verification system for electronic ID, connected to a central computer, as well as a receiver/sender in the form of a mobile telephone or computer, belonging to the user.
  • a transaction source a transaction system
  • a verification system for electronic ID connected to a central computer
  • a receiver/sender in the form of a mobile telephone or computer, belonging to the user.
  • the invention is described in connection to a mobile telephone.
  • a transaction is initiated using the said transaction source 1, which for example may be a card terminal for reading credit cards.
  • the transaction source 1 is caused to transfer an unverified transaction request, such as a payment, to be carried out using the transaction source, to the mobile telephone 2 of the user.
  • the said transaction request is caused to be shown on the display of the mobile telephone 2, whereby the user is invited to approve or reject the transaction request.
  • a security module 3 in the mobile telephone 2 is caused to digitally sign the said transaction request using an electronic identification, E-ID, for the user, after the user has entered a PIN code into the security module.
  • the PIN code triggers that the security module digitally signs the transaction request.
  • the signed transaction request is transferred from the mobile telephone to the said central computer .
  • the central computer 4 is caused to verify the said electronic identification, E-ID, against preferably the issuer 5 of the E-ID. In case the E-ID can be verified, the central computer is caused to transfer information to said transaction system 6 to perform the verified transaction.
  • the transaction source may be, as mentioned, a card terminal or a code lock, an automated cash dispensing machine or a login server.
  • the transaction system is a trans- action system which already exists on the market, used for performing transactions, for example the system BABS, used on the Swedish market for credit card transactions.
  • the communication between the mobile telephone 3 and the central computer 4 takes place over a mobile telephone network .
  • the security module is so designed so that it can be placed in a card slot in a mobile telephone or in a com- puter.
  • the security module comprises an electronic identification, for instance based upon asymmetric pairs of keys, such as in PKI (Public Key Inf astructure) , or as another cryptographic function.
  • PKI Public Key Inf astructure
  • a transaction initiated by an insecure reading, can be verified with very high security, based upon the user firstly seeing the transaction on his or her mobile telephone and then signing the transaction electronically before the transaction is performed .
  • the information shown on the d splay of the mobile telephone after a transaction has been i itiated may be the account number of the credit card, the amount, the time, etc., so that the user can see what the transaction is related to.
  • the information may be adapted to the type of trans- action to which it relates.
  • the security is thus increase considerably as compared to the security that presently pr vails in transaction systems.
  • the present method is accomplished in a way which is described in closer detail below.
  • the three digit reference numbers relate to the arrows in figure 1.
  • a transaction is initiated using the said transaction source 1, which is caused to transfer an unverified transaction request to the said central computer 4, as shown by the arrow 100.
  • the said central computer 4 is caused to transfer, as shown by arrow 103, the said transaction request to the mobile telephone/computer 2 of the user.
  • the said transaction request is shown on the display (not shown) of the mobile telephone/computer, whereby the user is asked to approve or re- ject the said transaction request.
  • a fourth step in case the user wishes to approve the transaction request, the mobile telephone/computer 2 is caused to transfer, as shown by arrow 104, the said transaction request to the security module 3 in the mobile telephone/computer, which security module comprises an electronic identification, E-ID, for the user.
  • E-ID electronic identification
  • a fifth step the user enters a PIN code into the security module via the keyboard of the mobile telephone/computer, whereby the security module generates a digital signature for the said transaction request.
  • the signed transaction request is, as shown by arrow 105, transferred from the security module to the mobile telephone/computer.
  • the mobile telephone/computer transfers, as shown by arrow 106, the signed transaction request to the said central computer 4.
  • the central computer verifies the said electronic identification, E-ID, by transferring, as shown by arrow 107, a request to, and by receiving, as shown by arrow 108, a reply from a verification system 5 for E-ID tied to the issuer of said electronic identification.
  • the central computer transfers, as shown by arrow 109, the information to the transaction system to perform, as shown by arrow 110, the verified transaction.
  • the transaction source is a computer, which the user can connect to the Internet in order to there request and perform a transaction, in a way which corresponds to when a card is read in a card terminal .
  • the contents of a transaction request, signed using a digital signature is not possible to modify.
  • the present method has essentially been described in connection to that the transaction is a money transaction.
  • a transaction can be to open a door or to activate a device, for example an electric charging post for charging electric motor vehicles.
  • the transaction source is a terminal for reading of key cards or a card which belongs to the user.
  • FIG. 2 The three digit reference numbers refer to the arrows in figure 2.
  • a user arrives at a door or another device, for example an electric charging post for charging electric motor vehicles, with an RFID badge 9, the user brings the RFID badge towards a communicator, as shown by arrow 200, whereby the RFID badge is read.
  • the read information is transferred, as shown by arrow 201, to a control logic circuit 8.
  • the ID number of the door or the device is transferred, as shown by arrow 202, to the central computer 4.
  • the central computer 4 transfers, as shown by arrow 203, a transaction request to the mobile telephone 2 of the user.
  • the mobile telephone transfers the transaction request to the security module 3, as shown by arrow 204.
  • the user In case the user whishes to approve the transaction request, the user enters the said PIN code into the security module 3, which electronically signs the transaction request and transfers the same to the mobile telephone, as shown by arrow 205.
  • the mobile telephone thereafter transfers the signed transaction request to the central computer, as shown by arrow 206.
  • the central computer transfers the signed transaction request to the said transaction system 6, as shown by arrow 207.
  • the transaction system verifies the electronic identification in the verification system, as shown by arrow 208 and 209. Thereafter, the transaction system 6 transfers, as shown by arrow 210, a piece of information to the central computer 4 to approve the transaction.
  • the central computer 4 transfers a signal to the control logic circuit 8 to carry out the authorized transaction, as shown by arrow 211.
  • the device In case the device is a door, the same is opened. In case the device is an electric post for charging a vehicle, the transaction may consist in requesting that access to electric power is admitted and that a certain account is debited for output electricity.
  • the method may be varied and adapted to the type of intended transaction.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Method for verifying electronic transactions. A transaction is initiated by a user interacting with a transaction source. The transaction source transfers un unverified transaction request to the user's mobile phone. The user can either deny or approve the transaction. If the transaction is approved, the user enters a pin-code and a security module in the mobile phone signs the transaction request with an electronic id. The signed transaction request is sent to a computer which verifies the transaction request with a verification system.

Description

Method for secure verification of electronic transactions
The present invention relates to a method for secure verification of electronic transactions.
Many everyday functions rely on that a system generates a function, which is then handled by a backend system, carrying out the requested transaction. Examples of such transactions are payments with bank- or credit card, unlocking of locks using a card or transponder, and logins to computer systems.
A problem with existing solutions is the difficulty to identify and guarantee that the correct person in fact has requested the function to be performed.
The present invention solves this problem.
The present invention relates to a method for simply supplementing existing transaction handling systems with a mechan- ism which guarantees that the intended transaction has been requested by an authorized user, independently of how the transaction has been generated and independently of the back- end system which is to carry out the function. For instance, the present method may be used for solving problems with bank cards being read and underlying accounts being emptied, with card identities being hijacked during Internet trade, and with non-authorized persons gaining access to a computer system.
Security solutions exist in the form of small appliances that interact with for example a bank in order to verify that the use is authorized to carry out transactions with bank ac- counts. Such solutions are, however, specific for each company or bank.
When it comes to electronic lock systems, it is sufficient to have gained access to a keycard, or to have monitored signals, in order to be able to enter. RFID and NFC systems lack an advanced security solution for protection against copying and manipulation. Another example is when charging an electric motor car at a public socket. Presently, there is no possibility for the user to identify him- or herself, or to approve the debiting of the electric charging. The present invention specifies a solution to the above described problems.
Thus, the present invention relates to a method for verification of electronic transactions, comprising a transaction source, a transaction system, a verification system for electronic ID, all connected to a central computer, and a receiver/sender in the form of a mobile telephone or a computer, belonging to the user, and is characterized in that a transaction is initiated using the said transaction source, which is caused to transfer an unverified transaction request to the mobile telephone/computer of the user, in that the said transaction request is shown on the screen of the mobile telephone/computer, whereby the user is asked to approve or reject the said transaction request, in that, in case the user wishes to approve the transaction request, a security module in the mobile telephone/computer is caused to digitally sign the said transaction request with an electronic identification, E-ID, for the user after the user has entered a PIN code into the security module, in that the signed trans¬ action request is transferred from the mobile telephone/computer to the said central computer, in that said central computer is caused to verify the said electronic identification, E-ID, and in that the central computer transfers information to the transaction system to carry out the verified transaction.
Below, the invention is described in detail, partly in connection to an embodiment of the invention shown on the enclosed drawing, where
- figure 1 shows a block diagram illustrating the present invention .
- figure 2 shows a method for access control using RFID according to the present method.
The present method for verification of electronic transactions comprises a transaction source, a transaction system, a verification system for electronic ID, connected to a central computer, as well as a receiver/sender in the form of a mobile telephone or computer, belonging to the user. Below, the invention is described in connection to a mobile telephone.
According to the invention, a transaction is initiated using the said transaction source 1, which for example may be a card terminal for reading credit cards. The transaction source 1 is caused to transfer an unverified transaction request, such as a payment, to be carried out using the transaction source, to the mobile telephone 2 of the user. The said transaction request is caused to be shown on the display of the mobile telephone 2, whereby the user is invited to approve or reject the transaction request. In case the user wishes to approve the transaction request, a security module 3 in the mobile telephone 2 is caused to digitally sign the said transaction request using an electronic identification, E-ID, for the user, after the user has entered a PIN code into the security module. The PIN code triggers that the security module digitally signs the transaction request.
The signed transaction request is transferred from the mobile telephone to the said central computer . The central computer 4 is caused to verify the said electronic identification, E-ID, against preferably the issuer 5 of the E-ID. In case the E-ID can be verified, the central computer is caused to transfer information to said transaction system 6 to perform the verified transaction.
The transaction source may be, as mentioned, a card terminal or a code lock, an automated cash dispensing machine or a login server. Preferably, the transaction system is a trans- action system which already exists on the market, used for performing transactions, for example the system BABS, used on the Swedish market for credit card transactions.
The communication between the mobile telephone 3 and the central computer 4 takes place over a mobile telephone network .
Preferably, the security module is so designed so that it can be placed in a card slot in a mobile telephone or in a com- puter. The security module comprises an electronic identification, for instance based upon asymmetric pairs of keys, such as in PKI (Public Key Inf astructure) , or as another cryptographic function. When a method according to the invention is used, a transaction, initiated by an insecure reading, can be verified with very high security, based upon the user firstly seeing the transaction on his or her mobile telephone and then signing the transaction electronically before the transaction is performed .
As an example, it can be mentioned that if an unauthorized person has gained access to a credit card, and tries to with draw money from an ATM, the user will be able to see the transaction on his or her mobile telephone. The user will then not approve the transaction, why no money will be dispensed by the ATM. Moreover, the user will be alerted to block the used credit card.
The information shown on the d splay of the mobile telephone after a transaction has been i itiated may be the account number of the credit card, the amount, the time, etc., so that the user can see what the transaction is related to. Of course, the information may be adapted to the type of trans- action to which it relates.
Using the present invention, the security is thus increase considerably as compared to the security that presently pr vails in transaction systems.
According to a preferred embodiment, the present method is accomplished in a way which is described in closer detail below. The three digit reference numbers relate to the arrows in figure 1. In a first step, a transaction is initiated using the said transaction source 1, which is caused to transfer an unverified transaction request to the said central computer 4, as shown by the arrow 100. In a second step, the said central computer 4 is caused to transfer, as shown by arrow 103, the said transaction request to the mobile telephone/computer 2 of the user. In a third step, the said transaction request is shown on the display (not shown) of the mobile telephone/computer, whereby the user is asked to approve or re- ject the said transaction request. In a fourth step, in case the user wishes to approve the transaction request, the mobile telephone/computer 2 is caused to transfer, as shown by arrow 104, the said transaction request to the security module 3 in the mobile telephone/computer, which security module comprises an electronic identification, E-ID, for the user.
In a fifth step, the user enters a PIN code into the security module via the keyboard of the mobile telephone/computer, whereby the security module generates a digital signature for the said transaction request. In a sixth step, the signed transaction request is, as shown by arrow 105, transferred from the security module to the mobile telephone/computer. In a seventh step, the mobile telephone/computer transfers, as shown by arrow 106, the signed transaction request to the said central computer 4.
In an eighth step, the central computer verifies the said electronic identification, E-ID, by transferring, as shown by arrow 107, a request to, and by receiving, as shown by arrow 108, a reply from a verification system 5 for E-ID tied to the issuer of said electronic identification. In a ninth step, the central computer transfers, as shown by arrow 109, the information to the transaction system to perform, as shown by arrow 110, the verified transaction.
In order to further increase security, according to a pre- ferred embodiment parts of, or the whole of, the said information, which is caused to be transferred between the transaction system and the mobile telephone/computer, is encrypted . According to another preferred embodiment, the transaction source is a computer, which the user can connect to the Internet in order to there request and perform a transaction, in a way which corresponds to when a card is read in a card terminal .
According to a very preferred embodiment of the invention, the contents of a transaction request, signed using a digital signature, is not possible to modify. Above, the present method has essentially been described in connection to that the transaction is a money transaction. However, a transaction can be to open a door or to activate a device, for example an electric charging post for charging electric motor vehicles.
In connection hereto, the transaction source is a terminal for reading of key cards or a card which belongs to the user.
Below, such a method is described with reference to figure 2. The three digit reference numbers refer to the arrows in figure 2. When a user arrives at a door or another device, for example an electric charging post for charging electric motor vehicles, with an RFID badge 9, the user brings the RFID badge towards a communicator, as shown by arrow 200, whereby the RFID badge is read. The read information is transferred, as shown by arrow 201, to a control logic circuit 8. The ID number of the door or the device is transferred, as shown by arrow 202, to the central computer 4. The central computer 4 transfers, as shown by arrow 203, a transaction request to the mobile telephone 2 of the user. The mobile telephone transfers the transaction request to the security module 3, as shown by arrow 204. In case the user whishes to approve the transaction request, the user enters the said PIN code into the security module 3, which electronically signs the transaction request and transfers the same to the mobile telephone, as shown by arrow 205. The mobile telephone thereafter transfers the signed transaction request to the central computer, as shown by arrow 206. Thereafter, the central computer transfers the signed transaction request to the said transaction system 6, as shown by arrow 207. The transaction system verifies the electronic identification in the verification system, as shown by arrow 208 and 209. Thereafter, the transaction system 6 transfers, as shown by arrow 210, a piece of information to the central computer 4 to approve the transaction. Thereby, the central computer 4 transfers a signal to the control logic circuit 8 to carry out the authorized transaction, as shown by arrow 211.
In case the device is a door, the same is opened. In case the device is an electric post for charging a vehicle, the transaction may consist in requesting that access to electric power is admitted and that a certain account is debited for output electricity. Above, a number of embodiments have been described. However, it is apparent that the method may be varied and adapted to the type of intended transaction.
Therefore, the present invention shall not be considered limited to the above described exemplary embodiments, but may be varied within the scope of the enclosed claims.

Claims

Claims
1. Method for verification of electronic transactions, comprising a transaction source (1), a transaction system (6), a verification system for electronic ID (5) , all connected to a central computer (4), and a receiver/sender in the form of a mobile telephone (2) or a computer, belonging to the user, c h a r a c t e r i s e d i n that a transaction is initiated using the said transaction source (1), which is caused to transfer an unverified transaction request to the mobile telephone/computer (2) of the user, in that the said transaction request is shown on the screen of the mobile telephone/computer (2), whereby the user is asked to approve or reject the said transaction request, in that, in case the user wishes to approve the transaction request, a security module (3) in the mobile telephone/computer is caused to digitally sign the said transaction request with an electronic identification, E-ID, for the user after the user has entered a PIN code into the security module (3) , in that the signed transaction request is transferred from the mobile telephone/computer (2) to the said central computer (4), in that said central computer is caused to verify the said electronic identification, E-ID, and in that the central computer (4) transfers information to the transaction system (6) to carry out the verified transaction.
2. Method according to claim 1, c h a r a c t e r i s e d i n that, in a first step, a transaction is initiated using said transaction source (1) , which is caused to transfer an unve- rified transaction request to the said central computer (4), in that, in a second step, the said central computer (4) is caused to transfer the said transaction request to the mobile telephone/computer (2) of the user, in that, in a third step, the said transaction request is shown on the display of the mobile telephone/computer (2), whereby the user is asked to approve or reject the said transaction request, in that, in a fourth step, in case the user wishes to approve the transac- tion request, the mobile telephone/computer (2) is caused to transfer the said transaction request to a security module (3) in the mobile telephone/computer (2), which security module (3) comprises an electronic identification, E-ID, for the user, in that, in a fifth step, the user enters a PIN code into the security module (3), whereby the security module generates a digital signature for the said transaction request, in that, in a sixth step, the signed transaction request is transferred from the security module (3) to the mobile telephone/computer (2), in that, in a seventh step, the mobile telephone/computer (2) transfers the signed transaction request to the said central computer (4), in that, in an eighth step, the said central computer (4) verifies the said electronic identification, E-ID, by transferring a request to, and by receiving an answer from, a verification system (5) for E-ID tied to the issuer of the said electronic identification, and in that, in a ninth step, the central computer (4) transfers information to the transaction system (6) to perform the verified transaction.
3. Method according to claim 1 or 2, c h a r a c t e r i s e d i n that parts of, or the whole of, the said information which is transferred between the transaction system (6) and the mobile telephone/computer (2) is encrypted.
4. Method according to claim 1, 2 or 3, c h a r a c t e i s e d i n that the transaction source (1) is a terminal for reading of bank- and/or credit cards.
5. Method according to claim 1, 2 or 3, c h a r a c t e r i s e d i n that the transaction source (1) is a terminal for reading key cards or customer cards.
6. Method according to claim 1, 2 or 3, c h a r a c t e r i s e d i n that the transaction source (1) is a computer, which the user can connect to the Internet in order to there request and perform a transaction.
7. Method according to claim 1, 2 or 3, c h a r a c t e r i s e d i n that the transaction source (1) is a login server .
8. Method according to any one of the preceding claims, c h a r a c t e r i s e d i n that the contents of a transaction request, which is signed using a digital signature, is caused to be prevented from being altered.
PCT/SE2011/051045 2010-11-24 2011-08-31 Method for secure verification of electronic transactions WO2012070997A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE1051231-7 2010-11-24
SE1051231A SE535575C2 (en) 2010-11-24 2010-11-24 Method for secure verification of electronic transactions

Publications (1)

Publication Number Publication Date
WO2012070997A1 true WO2012070997A1 (en) 2012-05-31

Family

ID=46146120

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2011/051045 WO2012070997A1 (en) 2010-11-24 2011-08-31 Method for secure verification of electronic transactions

Country Status (2)

Country Link
SE (1) SE535575C2 (en)
WO (1) WO2012070997A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2511279A (en) * 2012-11-05 2014-09-03 Arnold Albert Wilson Automated multi-factor identity and transaction authentication by telephone
US9648013B2 (en) 2013-02-26 2017-05-09 Visa International Service Association Systems, methods and devices for performing passcode authentication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020143634A1 (en) * 2001-03-30 2002-10-03 Kumar K. Anand Wireless payment system
WO2006049585A1 (en) * 2004-11-05 2006-05-11 Mobile Money International Sdn Bhd Payment system
US20070203850A1 (en) * 2006-02-15 2007-08-30 Sapphire Mobile Systems, Inc. Multifactor authentication system
WO2007145540A2 (en) * 2006-06-14 2007-12-21 Fronde Anywhere Limited Authentication methods and systems
US20100100945A1 (en) * 2008-10-20 2010-04-22 Microsoft Corporation User authentication management

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020143634A1 (en) * 2001-03-30 2002-10-03 Kumar K. Anand Wireless payment system
WO2006049585A1 (en) * 2004-11-05 2006-05-11 Mobile Money International Sdn Bhd Payment system
US20070203850A1 (en) * 2006-02-15 2007-08-30 Sapphire Mobile Systems, Inc. Multifactor authentication system
WO2007145540A2 (en) * 2006-06-14 2007-12-21 Fronde Anywhere Limited Authentication methods and systems
US20100100945A1 (en) * 2008-10-20 2010-04-22 Microsoft Corporation User authentication management

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2511279A (en) * 2012-11-05 2014-09-03 Arnold Albert Wilson Automated multi-factor identity and transaction authentication by telephone
US9648013B2 (en) 2013-02-26 2017-05-09 Visa International Service Association Systems, methods and devices for performing passcode authentication

Also Published As

Publication number Publication date
SE1051231A1 (en) 2012-05-25
SE535575C2 (en) 2012-10-02

Similar Documents

Publication Publication Date Title
EP3410376B1 (en) Credit payment method and device based on card emulation of mobile terminal
KR101111381B1 (en) User identification system, apparatus, smart card and method for ubiquitous identity management
US7357309B2 (en) EMV transactions in mobile terminals
US7458510B1 (en) Authentication of automated vending machines by wireless communications devices
US7231372B1 (en) Method and system for paying for goods or services
KR101088029B1 (en) System for Authentication of Electronic Cash Using Smart Card and Communication Terminal
JP3722751B2 (en) Parameter distribution method in offline chip card terminal, chip card terminal and user chip card suitable for it
US20060032905A1 (en) Smart card network interface device
US20050103839A1 (en) Authorization means security module terminal system
US20150371214A1 (en) Method for authenticating a user to a machine
CN101911584A (en) A transmitter for transmitting a secure access signal
CN105608577A (en) Method for performing non-repudiation, and payment managing server and user device therefor
AU2011235531B2 (en) Message storage and transfer system
US20210142298A1 (en) Proximity-based exchange between physical currency and digital accounts related to cryptocurrency
CN103942684A (en) Data security interactive system
US9792592B2 (en) Portable electronic device for exchanging values and method of using such a device
CN103942685A (en) Data security interactive system
CN105354518A (en) Virtual chip card system based on soft excitation electromagnetic near-field mutual inductance of mobile intelligent terminal
CN109214819A (en) A kind of method of payment and electronic equipment
CN111052671A (en) System for secure authentication of user identity in an electronic system for banking transactions
CN100456332C (en) Electronic clearing system and its operating method of mobile communication terminal
US7366913B1 (en) Knowledge-type authorization device and methods
WO2012070997A1 (en) Method for secure verification of electronic transactions
CN103944910A (en) Data security interactive method
CN109690596A (en) Dynamic security code for card transaction

Legal Events

Date Code Title Description
DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11842844

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11842844

Country of ref document: EP

Kind code of ref document: A1