WO2012167941A1 - Method to validate a transaction between a user and a service provider - Google Patents

Method to validate a transaction between a user and a service provider Download PDF

Info

Publication number
WO2012167941A1
WO2012167941A1 PCT/EP2012/002436 EP2012002436W WO2012167941A1 WO 2012167941 A1 WO2012167941 A1 WO 2012167941A1 EP 2012002436 W EP2012002436 W EP 2012002436W WO 2012167941 A1 WO2012167941 A1 WO 2012167941A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user
method
mobile terminal
service provider
Prior art date
Application number
PCT/EP2012/002436
Other languages
French (fr)
Inventor
Jorge Marcelo Campos
Original Assignee
Gemalto Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to EP11205723.6 priority Critical
Priority to EP11205723 priority
Application filed by Gemalto Sa filed Critical Gemalto Sa
Publication of WO2012167941A1 publication Critical patent/WO2012167941A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0853Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification number [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or paths for security, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0892Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication

Abstract

This invention describes a method to validate a transaction between a mobile terminal of the user and a requesting service provider via an authentication server. For that, a SMS authentication session is established between the authentication application of the mobile terminal's smart card of the user and a trusted third party in the network side when transaction exchange occurs between the user and the service provider. The authentication method of the invention, processed through SMS technology, guarantees the security of communication between the mobile terminal and the third party without requiring extra hardware or special client software to be installed on the user mobile terminal nor increasing the existing communication protocols, signaling resources and operation costs. Moreover, with the authentication method of the invention it is not just the identity of the user to guarantee but also that the user is really willing to make the transaction and that no one tricked the user by showing other information.

Description

Method to validate a transaction between a user and a service provider

Field of the Invention

The present invention relates generally to mobile electronic transactions, and more specifically to validate said transaction by authenticating the identity of payer during mobile transactions.

Description of the Prior Art

. Cashless sales transactions, such as those occurring online, through mobile devices, through the mail, or over the telephone, involve payments ; that are not guaranteed to the merchant. Online transactions include those that are conducted, for example, over the Internet. No guarantee is provided primarily because the payers are not authenticated in such non face-to-face transactions, thereby allowing many risks to accompany the "card not present" transactions.

Such risks involve issues such as fraud for both merchants and cardholders, and an increased perception that buying goods and services online or through mobile devices is not safe and secure, which may keep some consumers from buying online. Other examples of risks include the unauthorized use of stolen account information to purchase goods and services online, fabrication of card account numbers to make fraudulent online purchases, and extraction of clear text account information from network traffic.

Given the continued expected high growth of electronic commerce, it is important to provide methods to authenticate payers. This will benefit all payment system participants including cardholders, merchants, and financial institutions. Authenticating the payer during online payment transactions will reduce the levels of fraud, disputes, retrievals and charge-backs, which subsequently will-.reduce the costs associated with each of these events.

Prior systems used to authenticate consumers during online transactions have not been widely adopted because these systems, like wPKI, were difficult to use, had complex designs, required significant up-front investment by system participants and lacked interoperability. Certain prior systems additionally required the creation, distribution and use of certificates by merchants, cardholders, issuers and acquirers. Such use of certificates is known to be quite burdensome.

Other prior systems allow a trusted party to verify the payer's identity using an authentication like one time passwords (OTP) technique. The OTP is packed i n o n e o r mo re text messages, like SMS, unstructured supplementary service data (USSD) or e-mail short messages, and are transmitted to the mobile terminal of the payer. However, data transmitted under form of such text messages may be decoded by third parties with a suitable digital receiver. Moreover, the messages are usually stored in the mobile terminal's memory. Thus any third party gaining access to the terminal may read the messages.

Additionally, the user of a mobile terminal cannot necessarily be identified in many cases. Especially by transmitting a SMS message the delivery known mechanisms, the identity of the sender of the message may be concealed to the receiving user, or the recipient of the message may not be that intended by the sender.

In view of the foregoing, a system for authenticating the identity of the user in an online or mobile transaction would be desirable. Such a validating transaction system should be relatively easy to implement and use, require a minimal investment of resources, and provide a high level of interoperability between the system's participants.

Brief summary of the invention

The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. Its purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is presented later.

In accordance with one or more embodiments and corresponding disclosure thereof, various aspects of the present invention provide an authentication method so as to make it possible to establish an encrypted SMS authentication session between an authentication application of the mobile terminal's smart card of the user and a trusted third party in the network side when transaction exchange occurs between the user and a service provider. The authentication method of the invention, processedthrough SMS technology, guarantees the security of communication between the mobile terminal and the third party without requiring extra hardware or special client software to be installed on the user mobile terminal nor increasing the existing communication protocols, signaling resources and operation costs.

With the authentication method of the invention it is not just the identity of the user to guarantee but also that the user is really willing to make the transaction and that no one can trick the user by showing other information. .

In a preferred embodiment, an object of the invention is a method to validate a transaction between a mobile terminal of the user and a requesting service provider via an authentication server, said method comprising:

- establishing a SMS channel between the mobile terminal and the authentication server, said mobile terminal comprising a smart card wherein is stored a cryptographic key shared with the authentication server,

- transmitting to the smart card an authentication request from the authentication server, this authentication request comprising a confirmation message of the transaction and a request for entering user authentication information,

- performing an authentication application supported by the smart card to challenge the user for a validation of the message confirmation and an authentication information entered by the user, said authentication information being encrypted by the key,

- transmitting the encrypted authentication information from the mobile terminal through the SMS channel to the authentication server, in response to the authentication request,

- validating the transaction if the authentication information matches identifications information stored in users identifications information database.

To the accomplishment of the foregoing and related ends, one or more embodiments comprise the features hereinafter fully described and particularly pointed out in the claims.

Brief description of the drawings

The following description and the annexed drawings set forth in detail certain illustrative aspects and are indicative of but a few of the various ways in which the principles of the embodiments may be employed. Other advantages and novel features will become apparent from the following detailed description when considered in conjunction with the drawings and the disclosed embodiments are intended'to include all such aspects and their equivalents.

FIG.1 , FIG.2 and FIG.3 schematically illustrate embodiments of a system architecture that supports the transaction validation method of the present invention.

FIG.4 illustrates the process through which a transaction between a user and a service provider is validated according to one embodiment of the present invention.

Detailed description of the invention

The present invention will now be described in detail with reference to a few preferred embodiments as illustrated in the accompanying drawings. In the following description, numerous specific details are set forth in order to provide a thorough u nderstandi ng of the present invention. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without some or all of these specific details. In other instances, well known operations have not been described in detail so not to unnecessarily obscure the present invention.

The invention will now be described with reference to the figures. I n the drawings, like or similar elements are designated with identical reference numerals throughout the several views. The depicted lines between the elements represent connections between these elements. The arrows represent connections wherein a direction of a message from one element to another element is .shown. The term connection can refer to a functional connection and not necessary to a physical connection.

It may be recalled that, in the description, when an action is attributed to a microprocessor, an application or to a device comprising a microprocessor, this action is performed by the microprocessor controlled by instruction codes recorded in a memory of this device.

FIG. 1 shows a block diagram representing a system in which a user is authenticated by an authentication server 12 during a transaction processing with a service provider 11. This transaction processing can be any transaction wherein the identity of the user has to be authenticated like payment transaction, purchase transaction, banking transaction, booking transaction and so on. In the embodiments illustrated by the drawings, the transaction processing is a payment transaction.

The service provider 11 can access to the authentication server 12 over an appropriate telecommunication network 16 (for example over Internet). The sessions between the service providers 11 and the authentication server 12 are preferably secured.

The mobile terminal 10 of the user may be a mobile telephone, a personal digital assistant, a computer (e.g. palmtop or laptop) or any other digital device able to perform data communication with the service provider 11.

The mobile terminallO is suitably coupled to the service provider 11 via data links 13. A variety of conventional communications media and protocols may be used for data links 13. Such as, for example, a connection to the service provider 11 via Internet is typically used in connection with standard modem communication, cable modem, Dish networks, ISDN, Digital Subscriber Line (DSL), or various wireless communication methods.

In one embodiment variant, the data links 13 is a SMS communication. In another embodiment variant, the data links 13 is an unstructured supplementary service data (USSD) communication. The USSD technology allows the user of the mobile terminal 10 to communicate with the service provider 11 in a way that is transparent to the user and the service provider.

The service provider 11 makes available an offer, for example product, service or information (like a weather report or a list of restaurants in a city). It may be a web e-commerce server, a financial institution, third-party accounts (e.g., PayPal transactions, or the like) and so on.

In a first step well known, the user would like to order a specific product or service of the service provider 11. In a embodiment, the user can have the corresponding offer of the service provider 1 1 displayed by his mobile user 0 by entering the URL address's service provider in a browser of his mobile. The order session between the service provider 1 1 and the mobile terminal 10 can be secured or not.

In another embodiment, the mobile terminal 10 can use USSD or SMS to enter the information inquiry corresponding to the offer of the service provider 11. After that the offer is selected by the user, the service provider initiates a payment transaction process. During this payment transaction, the service provider initiates an authentication process of the user.

The mobile terminal 10 comprises a smart card 15 (like SIM card or a USIM card) which is connected to or inserted into the said mobile terminal

10. Smart card 15 comprises an authentication application which is able to participate to the identification and the authentication of the order's user. The smart card 15 comprises a cryptographic key shared with the authentication server 12.

During this payment transaction process the service provider 11 generates a confirmation message. The service provider 11 transmits to the authentication server 12 an authorization request comprising the confirmation message and identification information of the mobile terminal 10 (like its IMSI) to validate the payment transaction.

Upon reception, the authentication server 12 establishes an authentication session 18 with the mobile terminal 10. The authentication session 18 is effected by using Short Message Service (SMS) technology without requiring extra hardware or special client software to be installed on the mobile terminal because the Short Message Service (SMS) is a service which is implemented in almost all mobile terminals. I n an embodiment, the information exchanged between the authentication application and the authentication server 12 through the SMS channels can be protected. In this case, cryptography is utilized to transform this information into an unintelligible form. For that, the authentication application and the authentication server 1 2 can use several procedures and protocols of algorithms currently used to encrypt and decrypt data.

In an embodiment variant, the service provider 11 comprises the authentication server 12.

FIG. 2 illustrates another embodiment in which a user is authenticated by the authentication server 12 during a transaction with a service provider

11. The embodiment illustrated in FIG.2 comprises a gateway router 17 sets between the mobile terminal 10 and the service provider 11 .and the authentication server 12.

The gateway router 17 is a software interface, a computer or a network that allows and controls access between the three entities (service providers 11 , authentication server 12 and mobile terminal 10).The communication sessions between the service providers 11 or the authentication server 12 and the gateway router 17 are preferably secured.

According to the embodiment illustrated in FIG.2, during the payment transaction processing initiated by the service provider 1 1 , the gateway router 17 transmits to the authentication server authorization request comprising the confirmation message generated by the service provider 11 to validate the payment transaction.

The mobile terminal 10 communicates with the authentication server 12 via the gateway router 17 to authenticate the user by SMS channels.

FIG. 3 illustrates another embodiment in which the payment transaction process is initiated by an intermediate application 14 after that the offer is selected by the user. This intermediate process 14 is stored, preferably, into the smart card. In an embodiment, the intermediate application is stored into a program memory of the mobile terminal 10.

The intermediate application 14, during this payment transaction, generates the confirmation message and sends it to the service provider 11 which transmits to the authentication server 12 the authorization request comprising this confirmation message to validate the payment transaction.

With reference now to FIG. 4, illustrated is an exemplary user authentication processing flow 20. In the example of FIG 4, the gateway router 17 is not illustrated. It should be understood that the presence or not of the gateway does not change the working of the invention.

On a first step, a communication is initiated from mobile terminal 10 to select an offer of the service provider 11 , such as by entering a short code like *123# *#123# in a USSD communication. However, it should be understood that the communication can be initiated utilizing different communication technologies above described.

When an offer is selected by the user, the service provider 11 respectively the intermediate application 14 initiates a payment transaction. During this payment transaction, the service provider 11 respectively the intermediate application 14 generates, at step 21 , the confirmation message. This confirmation message comprises a content which can be written like:

"You are on the point of validating the service provider's offer amounting xxxx, - could you confirm the transaction by entering or pressing the button yes or no."

Next, the service provider 11 transmits to the authentication server 12 the authorization request to validate the payment transaction comprising notably a text and the identity of the mobile terminal 10 of the user. The text is a text file structured as a sequence of lines consisting solely of printable characters from a recognized character set. In a preferred embodiment, the text corresponds to the content of the confirmation message. In a variant embodiment, further of the content of the confirmation message, the text comprises additional content generated randomly by the service provider 1 1 .

Next, a SMS dialog between the mobile terminal 10 and the authentication server 12 is opened when the authentication server 12 received the authorization request.

At step 22, the authentication server 12 computes a hash value from the text according to a well known hash function like SHA, MD5 and so on.

The authentication server 12 comprises a hardware security module 12a (HSM) which handles storage of keys and cryptographic functionality able to compute the hash value. The authentication server 12 can be also protected both by a firewall and by physical security (not represented) to prevent, reduce or deter unauthorized access.

In a preferred embodiment, a MAC algorithm is used by the HSM 12a as Hash Function to computes a MacText. The MAC function, sometimes called a keyed (cryptographic) hash function, received as input the cryptographic key shared with the smart card 15 and the text to be authenticated. The MAC function provides as output, at step 23, the MacText which protects both the text's data integrity as well as its authenticity, by allowing smart card 15 to detect any changes to the text content.

In an embodiment, the text can be encrypted according to well known encryption algorithm by the HSM 12a before to set it as input of the MAC function.

At step 24, the authentication server 12 elaborates an authentication request comprising notably the text, the MacText and a request for entering authentication information. The authentication information corresponds to the identity authenticating token of the user which can be a PIN code, a response to a question, and so on. Next, the authentication request is sent to the smart card 15 of the mobile terminal 10 by SMS channels thanks to a telephony service provider 12b of the authentication server 12.

When the smart card 15 receives the authentication request, it performs a checking application for the integrity and the authentication of the text. The checking application runs the received text through the same MAC algorithm using the cryptographic key stored into its database to produce a second MacText The checking application then compares the first MacText received in the transmission to the second generated MacText. If they are identical, the checking application can safely assume that the integrity of the text was not compromised, and the text was not altered or tampered with during transmission. In this case, the smart card 15 performs the authentication application. Otherwise, the authentication process is interrupted and a rejection message is sent to the authentication server 12 in response to the authentication request. This rejection message can contain the reasons of this interruption.

In an embodiment, the authentication application comprises the checking application.

The authentication application transmits, at step 25, the text to the mobile terminal 10 and the request for entering authentication information to submit them to the user. In an embodiment, this text and this request are displayed on the screen of the mobile terminal in a humah-readable content. In a variant, this text and this request can be presented to the user as an audible request or through another technique.

At step 26, the user validates the message confirmation and enters authentication information, for example a PIN code. The validation of the message confirmation and the entering of the authentication information can be entered using a keypad of the mobile terminal 10, through voice recognition, or through another means that are in a format understandable by the authentication application of the smart card 15. If the message confirmation is not validated by the user, the authentication process is interrupted and the rejection message is sent to the authentication server in response to the authentication request.

At step 27, the authentication application encrypts the authentication information entered by the user with the key stored into the smart card 15. In one embodiment, the authentication application sends the encrypted authentication information to the authentication server 12 in response to the authentication request through the SMS channels.

In another embodiment, the authentication application sends the encrypted authentication information with the text and the MacText to the authentication server 12 in response to the authentication request to protect the authenticity of the said response.

In another embodiment, as illustrated at FIG.4, to reinforce the protection of the authenticity of the response, the authentication application runs a digital signature scheme (well know in the art) on the encrypted authentication information, the text and the MacText using the key stored in the smart card to producing a signature.

The authentication application forwards to the authentication server 12 the signature through the SMS channels as response to the authentication request. The aim of this signature is to give the authentication server 2 reason to believe that the received message is created and sent by the claimed user.

The telephony service provider 12b of the authentication server 12 transmits the received response (signature) to the HSM 12a. The HSM 12a translates, at step 28, the signature according^to standard decryption techniques to obtain the text, MacText and the encrypted authentication information.

At step 29, the HSM 12a performs a checking application for the integrity and the authentication of the text as described above. If the first MacText received is identical to the second generated MacText then the checking application can safely assume that the integrity of the text was not compromised. In this case, the authentication server 12 continues the authentication process. Otherwise, the authentication process is interrupted.

Next, the HSM 12a translates, at step 30, the encrypted authentication information according to standard decryption techniques. The TSP 12b transmits, at step 31 , the translated authentication information (and the text or.not) to the service provider 11 in response to its authorization request.

The service provider 11 comprises a database containing identifications information about the users already enrolled. These identifications information contains information concerning accou nt information, services authorized to the user, the authentication information such as PIN code etc...

The service provider 11 verifies.the authentication information returned by the authentication server 12 during the payment transaction by comparing these data to the identifications information stored into the database. If the information authentication does not fall within the identifications information stored into the database, then the service provider 11 can refuse further service to the user. On the other hand, if the PIN code or the information authentication is determined to be within the database, then the transaction process is ended.

In one embodiment variant, the authentication server 12 may comprise the database containing identifications information about the users. In this case, after step 30, the authentication server 12 checks itself that the information authentication falls within the identifications information stored into its database. The authentication server 12 authorizes the payment transaction and provides to the service provider 11 a confirmation code of the payment transaction. If the payment is not authorized, the authentication server 12 can notify the service provider 11 who can determine whether the payment transaction should be resent of if the transaction should not be allowed to proceed (e.g., the user is not the owner of the account).

With the invention, what the user sees is what he validates because the user is able to check the transaction before to validate it.

Claims

1. A method to validate a transaction between a mobile terminal of the user and a requesting service provider via an authentication server, said method comprising:
- establishing a SMS channel between the mobile terminal and the authentication server, said mobile terminal comprising a smart card wherein is stored a cryptographic key shared with the authentication server,
- transmitting to the smart card an authentication request from the authentication server, this authentication request comprising a confirmation message of the transaction and a request for entering user authentication information,
- performing an authentication application supported by the smart card to challenge the user for a validation of the message confirmation and an authentication information entered by the user, said authentication information being encrypted by the key,
- transmitting the encrypted authentication information from the mobile terminal through the SMS channel to the authentication server, in response to the authentication request,
- validating the transaction if the authentication information matches identifications information stored in users identifications information database.
2. Method as recited in claim 1 , wherein before the transmission of the authentication request to the smart card:
- transmitting an authorization request from the requesting service provider to the authentication server, said authentication request comprising the identity of the mobile terminal and a text file comprising the confirmation message of the transaction,
- computing a MacText of the text according to a hash function, - elaborating the authentication request comprising the text, the
MacText and the request for entering user authentication information.
3. Method as recited in claim 2, wherein the hash function is a MAC algorithm which receives as inputs the key and the text to provide as output the MacText.
4. Method as recited in claims 2 to 3, wherein before user challenging step:
- performing a checking application for the integrity and the authentication of the text, when the authentication request is received, thank to the MacText.
5. Method as recited in claim 4, wherein during user challenging step:
- displaying on the screen of the mobile terminal or in an audible form the text and the request for entering authentication information.
6. Method as recited in claims 1 to 5, wherein the authentication information is a PIN code or a response to a question.
7. Method as recited in claims 2 to 6, wherein the authentication request comprises also the text and the MacText.
8. Method as recited in claims 2 to 6, wherein the authentication request comprises a digital signature of the text, the MacText and the encrypted authentication information according to a digital signature scheme using the key.
9. Method as recited in claim 8, wherein during the validating step:
- performing a checking application for the integrity and the authentication of the text, when the signature is received, thank to the MacText.
10. Method as recited in claim 1 to 9, wherein during the validating step:
- the service provider or the authentication server verifies authentication information by comparing it to the identifications information stored into the database of the service provider or the authentication server,
- If the authentication information does not fall within the identifications information stored into the database, then further service is refused to the user or the transaction is resent.
11. Method as recited in claims 1 to 10 wherein the service provider or an intermediate application of the smart card or the mobile terminal generates the confirmation message when a service provider offer is selected by the user.
12. Method as recited in claim 1 to 11 wherein the mobile terminal is a mobile telephone a personal digital assistant or a computer.
PCT/EP2012/002436 2011-06-09 2012-06-08 Method to validate a transaction between a user and a service provider WO2012167941A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP11205723.6 2011-06-09
EP11205723 2011-06-09

Publications (1)

Publication Number Publication Date
WO2012167941A1 true WO2012167941A1 (en) 2012-12-13

Family

ID=47295503

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/002436 WO2012167941A1 (en) 2011-06-09 2012-06-08 Method to validate a transaction between a user and a service provider

Country Status (1)

Country Link
WO (1) WO2012167941A1 (en)

Cited By (69)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103840944A (en) * 2014-03-18 2014-06-04 昆明理工大学 Short message authentication method, server and system
WO2014089682A1 (en) * 2012-12-14 2014-06-19 Caledon Computer Systems Inc. Apparatus configured to facilitate secure financial transactions
US8827154B2 (en) 2009-05-15 2014-09-09 Visa International Service Association Verification of portable consumer devices
FR3011964A1 (en) * 2013-10-14 2015-04-17 Keydentify Method automates strong multifactor authentication
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US9256871B2 (en) 2012-07-26 2016-02-09 Visa U.S.A. Inc. Configurable payment tokens
US9280765B2 (en) 2011-04-11 2016-03-08 Visa International Service Association Multiple tokenization for authentication
US9317848B2 (en) 2009-05-15 2016-04-19 Visa International Service Association Integration of verification tokens with mobile communication devices
EP3009972A1 (en) * 2014-10-14 2016-04-20 Gemalto SA A method for ensuring the genuine user has approved a payment transaction
WO2016075390A1 (en) * 2014-11-14 2016-05-19 Orange Method for connecting a mobile terminal with a server of a service provider via an operator platform
US9372971B2 (en) 2009-05-15 2016-06-21 Visa International Service Association Integration of verification tokens with portable computing devices
EP3040924A1 (en) * 2014-12-30 2016-07-06 Telefonica Digital España, S.L.U. Method and system for providing device based authentication, integrity and confidentiality for transactions performed by mobile device users
US9424413B2 (en) 2010-02-24 2016-08-23 Visa International Service Association Integration of payment capability into secure elements of computers
US9516487B2 (en) 2013-11-19 2016-12-06 Visa International Service Association Automated account provisioning
US9524501B2 (en) 2012-06-06 2016-12-20 Visa International Service Association Method and system for correlating diverse transaction data
US9530131B2 (en) 2008-07-29 2016-12-27 Visa U.S.A. Inc. Transaction processing using a global unique identifier
US9547769B2 (en) 2012-07-03 2017-01-17 Visa International Service Association Data protection hub
US9582801B2 (en) 2009-05-15 2017-02-28 Visa International Service Association Secure communication of payment information to merchants using a verification token
EP3136758A1 (en) * 2015-08-28 2017-03-01 Orange Method and system for anonymous and secure social mapping during an event
US9646303B2 (en) 2013-08-15 2017-05-09 Visa International Service Association Secure remote payment transaction processing using a secure element
US9665722B2 (en) 2012-08-10 2017-05-30 Visa International Service Association Privacy firewall
US9680942B2 (en) 2014-05-01 2017-06-13 Visa International Service Association Data verification using access device
US9704155B2 (en) 2011-07-29 2017-07-11 Visa International Service Association Passing payment tokens through an hop/sop
US9715681B2 (en) 2009-04-28 2017-07-25 Visa International Service Association Verification of portable consumer devices
US9741051B2 (en) 2013-01-02 2017-08-22 Visa International Service Association Tokenization and third-party interaction
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US9780953B2 (en) 2014-07-23 2017-10-03 Visa International Service Association Systems and methods for secure detokenization
US9792611B2 (en) 2009-05-15 2017-10-17 Visa International Service Association Secure authentication system and method
US9830595B2 (en) 2012-01-26 2017-11-28 Visa International Service Association System and method of providing tokenization as a service
US9846861B2 (en) 2012-07-25 2017-12-19 Visa International Service Association Upstream and downstream data conversion
US9848052B2 (en) 2014-05-05 2017-12-19 Visa International Service Association System and method for token domain control
US9846878B2 (en) 2014-01-14 2017-12-19 Visa International Service Association Payment account identifier system
US9898740B2 (en) 2008-11-06 2018-02-20 Visa International Service Association Online challenge-response
US9911118B2 (en) 2012-11-21 2018-03-06 Visa International Service Association Device pairing via trusted intermediary
US9922322B2 (en) 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
US9942043B2 (en) 2014-04-23 2018-04-10 Visa International Service Association Token security on a communication device
US9959531B2 (en) 2011-08-18 2018-05-01 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US9972005B2 (en) 2013-12-19 2018-05-15 Visa International Service Association Cloud-based transactions methods and systems
US9978094B2 (en) 2013-10-11 2018-05-22 Visa International Service Association Tokenization revocation list
US9978062B2 (en) 2013-05-15 2018-05-22 Visa International Service Association Mobile tokenization hub
US9996835B2 (en) 2013-07-24 2018-06-12 Visa International Service Association Systems and methods for communicating token attributes associated with a token vault
US10015147B2 (en) 2014-10-22 2018-07-03 Visa International Service Association Token enrollment system and method
US10026087B2 (en) 2014-04-08 2018-07-17 Visa International Service Association Data passed in an interaction
US10043178B2 (en) 2007-06-25 2018-08-07 Visa International Service Association Secure mobile payment system
US10078832B2 (en) 2011-08-24 2018-09-18 Visa International Service Association Method for using barcodes and mobile devices to conduct payment transactions
US10096009B2 (en) 2015-01-20 2018-10-09 Visa International Service Association Secure payment processing using authorization request
US10121129B2 (en) 2011-07-05 2018-11-06 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US10140615B2 (en) 2014-09-22 2018-11-27 Visa International Service Association Secure mobile device credential provisioning using risk decision non-overrides
US10147089B2 (en) 2012-01-05 2018-12-04 Visa International Service Association Data protection with translation
US10154084B2 (en) 2011-07-05 2018-12-11 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US10164996B2 (en) 2015-03-12 2018-12-25 Visa International Service Association Methods and systems for providing a low value token buffer
US10176478B2 (en) 2012-10-23 2019-01-08 Visa International Service Association Transaction initiation determination system utilizing transaction data elements
US10187363B2 (en) 2014-12-31 2019-01-22 Visa International Service Association Hybrid integration of software development kit with secure execution environment
US10192216B2 (en) 2012-09-11 2019-01-29 Visa International Service Association Cloud-based virtual wallet NFC apparatuses, methods and systems
US10223710B2 (en) 2013-01-04 2019-03-05 Visa International Service Association Wearable intelligent vision device apparatuses, methods and systems
US10223730B2 (en) 2011-09-23 2019-03-05 Visa International Service Association E-wallet store injection search apparatuses, methods and systems
US10223691B2 (en) 2011-02-22 2019-03-05 Visa International Service Association Universal electronic payment apparatuses, methods and systems
US10243958B2 (en) 2016-01-07 2019-03-26 Visa International Service Association Systems and methods for device push provisoning
US10242358B2 (en) 2011-08-18 2019-03-26 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US10255456B2 (en) 2014-09-26 2019-04-09 Visa International Service Association Remote server encrypted data provisioning system and methods
US10257185B2 (en) 2014-12-12 2019-04-09 Visa International Service Association Automated access data provisioning
US10255591B2 (en) 2009-12-18 2019-04-09 Visa International Service Association Payment channel returning limited use proxy dynamic value
US10255601B2 (en) 2010-02-25 2019-04-09 Visa International Service Association Multifactor authentication using a directory server
US10262001B2 (en) 2012-02-02 2019-04-16 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia merchant analytics database platform apparatuses, methods and systems
US10262308B2 (en) 2007-06-25 2019-04-16 Visa U.S.A. Inc. Cardless challenge systems and methods
US10282724B2 (en) 2012-03-06 2019-05-07 Visa International Service Association Security system incorporating mobile device
US10289999B2 (en) 2005-09-06 2019-05-14 Visa U.S.A. Inc. System and method for secured account numbers in proximity devices
US10304047B2 (en) 2012-12-07 2019-05-28 Visa International Service Association Token generating component
US10313321B2 (en) 2016-04-07 2019-06-04 Visa International Service Association Tokenization of co-network accounts

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040019564A1 (en) * 2002-07-26 2004-01-29 Scott Goldthwaite System and method for payment transaction authentication
WO2006079145A1 (en) * 2004-10-20 2006-08-03 Salt Group Pty Ltd Authentication method
US20060206709A1 (en) * 2002-08-08 2006-09-14 Fujitsu Limited Authentication services using mobile device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040019564A1 (en) * 2002-07-26 2004-01-29 Scott Goldthwaite System and method for payment transaction authentication
US20060206709A1 (en) * 2002-08-08 2006-09-14 Fujitsu Limited Authentication services using mobile device
WO2006079145A1 (en) * 2004-10-20 2006-08-03 Salt Group Pty Ltd Authentication method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None

Cited By (87)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10289999B2 (en) 2005-09-06 2019-05-14 Visa U.S.A. Inc. System and method for secured account numbers in proximity devices
US10043178B2 (en) 2007-06-25 2018-08-07 Visa International Service Association Secure mobile payment system
US10262308B2 (en) 2007-06-25 2019-04-16 Visa U.S.A. Inc. Cardless challenge systems and methods
US9530131B2 (en) 2008-07-29 2016-12-27 Visa U.S.A. Inc. Transaction processing using a global unique identifier
US9898740B2 (en) 2008-11-06 2018-02-20 Visa International Service Association Online challenge-response
US9715681B2 (en) 2009-04-28 2017-07-25 Visa International Service Association Verification of portable consumer devices
US9792611B2 (en) 2009-05-15 2017-10-17 Visa International Service Association Secure authentication system and method
US9317848B2 (en) 2009-05-15 2016-04-19 Visa International Service Association Integration of verification tokens with mobile communication devices
US10049360B2 (en) 2009-05-15 2018-08-14 Visa International Service Association Secure communication of payment information to merchants using a verification token
US9904919B2 (en) 2009-05-15 2018-02-27 Visa International Service Association Verification of portable consumer devices
US10043186B2 (en) 2009-05-15 2018-08-07 Visa International Service Association Secure authentication system and method
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US9372971B2 (en) 2009-05-15 2016-06-21 Visa International Service Association Integration of verification tokens with portable computing devices
US10009177B2 (en) 2009-05-15 2018-06-26 Visa International Service Association Integration of verification tokens with mobile communication devices
US8827154B2 (en) 2009-05-15 2014-09-09 Visa International Service Association Verification of portable consumer devices
US9582801B2 (en) 2009-05-15 2017-02-28 Visa International Service Association Secure communication of payment information to merchants using a verification token
US10255591B2 (en) 2009-12-18 2019-04-09 Visa International Service Association Payment channel returning limited use proxy dynamic value
US9589268B2 (en) 2010-02-24 2017-03-07 Visa International Service Association Integration of payment capability into secure elements of computers
US9424413B2 (en) 2010-02-24 2016-08-23 Visa International Service Association Integration of payment capability into secure elements of computers
US10255601B2 (en) 2010-02-25 2019-04-09 Visa International Service Association Multifactor authentication using a directory server
US10223691B2 (en) 2011-02-22 2019-03-05 Visa International Service Association Universal electronic payment apparatuses, methods and systems
US9280765B2 (en) 2011-04-11 2016-03-08 Visa International Service Association Multiple tokenization for authentication
US10154084B2 (en) 2011-07-05 2018-12-11 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US10121129B2 (en) 2011-07-05 2018-11-06 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US9704155B2 (en) 2011-07-29 2017-07-11 Visa International Service Association Passing payment tokens through an hop/sop
US9959531B2 (en) 2011-08-18 2018-05-01 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10242358B2 (en) 2011-08-18 2019-03-26 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US10078832B2 (en) 2011-08-24 2018-09-18 Visa International Service Association Method for using barcodes and mobile devices to conduct payment transactions
US10223730B2 (en) 2011-09-23 2019-03-05 Visa International Service Association E-wallet store injection search apparatuses, methods and systems
US10147089B2 (en) 2012-01-05 2018-12-04 Visa International Service Association Data protection with translation
US9830595B2 (en) 2012-01-26 2017-11-28 Visa International Service Association System and method of providing tokenization as a service
US10262001B2 (en) 2012-02-02 2019-04-16 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia merchant analytics database platform apparatuses, methods and systems
US10282724B2 (en) 2012-03-06 2019-05-07 Visa International Service Association Security system incorporating mobile device
US9524501B2 (en) 2012-06-06 2016-12-20 Visa International Service Association Method and system for correlating diverse transaction data
US10296904B2 (en) 2012-06-06 2019-05-21 Visa International Service Association Method and system for correlating diverse transaction data
US9547769B2 (en) 2012-07-03 2017-01-17 Visa International Service Association Data protection hub
US9846861B2 (en) 2012-07-25 2017-12-19 Visa International Service Association Upstream and downstream data conversion
US9727858B2 (en) 2012-07-26 2017-08-08 Visa U.S.A. Inc. Configurable payment tokens
US9256871B2 (en) 2012-07-26 2016-02-09 Visa U.S.A. Inc. Configurable payment tokens
US9665722B2 (en) 2012-08-10 2017-05-30 Visa International Service Association Privacy firewall
US10204227B2 (en) 2012-08-10 2019-02-12 Visa International Service Association Privacy firewall
US10192216B2 (en) 2012-09-11 2019-01-29 Visa International Service Association Cloud-based virtual wallet NFC apparatuses, methods and systems
US10176478B2 (en) 2012-10-23 2019-01-08 Visa International Service Association Transaction initiation determination system utilizing transaction data elements
US9911118B2 (en) 2012-11-21 2018-03-06 Visa International Service Association Device pairing via trusted intermediary
US10304047B2 (en) 2012-12-07 2019-05-28 Visa International Service Association Token generating component
WO2014089682A1 (en) * 2012-12-14 2014-06-19 Caledon Computer Systems Inc. Apparatus configured to facilitate secure financial transactions
US9741051B2 (en) 2013-01-02 2017-08-22 Visa International Service Association Tokenization and third-party interaction
US10223710B2 (en) 2013-01-04 2019-03-05 Visa International Service Association Wearable intelligent vision device apparatuses, methods and systems
US9978062B2 (en) 2013-05-15 2018-05-22 Visa International Service Association Mobile tokenization hub
US9996835B2 (en) 2013-07-24 2018-06-12 Visa International Service Association Systems and methods for communicating token attributes associated with a token vault
US9646303B2 (en) 2013-08-15 2017-05-09 Visa International Service Association Secure remote payment transaction processing using a secure element
US9978094B2 (en) 2013-10-11 2018-05-22 Visa International Service Association Tokenization revocation list
FR3011964A1 (en) * 2013-10-14 2015-04-17 Keydentify Method automates strong multifactor authentication
US10248952B2 (en) 2013-11-19 2019-04-02 Visa International Service Association Automated account provisioning
US9516487B2 (en) 2013-11-19 2016-12-06 Visa International Service Association Automated account provisioning
US9922322B2 (en) 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
US9972005B2 (en) 2013-12-19 2018-05-15 Visa International Service Association Cloud-based transactions methods and systems
US10062079B2 (en) 2014-01-14 2018-08-28 Visa International Service Association Payment account identifier system
US9846878B2 (en) 2014-01-14 2017-12-19 Visa International Service Association Payment account identifier system
US10269018B2 (en) 2014-01-14 2019-04-23 Visa International Service Association Payment account identifier system
CN103840944B (en) * 2014-03-18 2017-12-22 昆明理工大学 A short authentication method, server and system
CN103840944A (en) * 2014-03-18 2014-06-04 昆明理工大学 Short message authentication method, server and system
US10026087B2 (en) 2014-04-08 2018-07-17 Visa International Service Association Data passed in an interaction
US9942043B2 (en) 2014-04-23 2018-04-10 Visa International Service Association Token security on a communication device
US9680942B2 (en) 2014-05-01 2017-06-13 Visa International Service Association Data verification using access device
US9848052B2 (en) 2014-05-05 2017-12-19 Visa International Service Association System and method for token domain control
US9780953B2 (en) 2014-07-23 2017-10-03 Visa International Service Association Systems and methods for secure detokenization
US10038563B2 (en) 2014-07-23 2018-07-31 Visa International Service Association Systems and methods for secure detokenization
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US10049353B2 (en) 2014-08-22 2018-08-14 Visa International Service Association Embedding cloud-based functionalities in a communication device
US10140615B2 (en) 2014-09-22 2018-11-27 Visa International Service Association Secure mobile device credential provisioning using risk decision non-overrides
US10255456B2 (en) 2014-09-26 2019-04-09 Visa International Service Association Remote server encrypted data provisioning system and methods
EP3009972A1 (en) * 2014-10-14 2016-04-20 Gemalto SA A method for ensuring the genuine user has approved a payment transaction
WO2016058839A1 (en) * 2014-10-14 2016-04-21 Gemalto Sa A method for ensuring the genuine user has approved a payment transaction
US10015147B2 (en) 2014-10-22 2018-07-03 Visa International Service Association Token enrollment system and method
WO2016075390A1 (en) * 2014-11-14 2016-05-19 Orange Method for connecting a mobile terminal with a server of a service provider via an operator platform
FR3028638A1 (en) * 2014-11-14 2016-05-20 Orange A method of relationship between a mobile terminal and a server of a service provider
US10257185B2 (en) 2014-12-12 2019-04-09 Visa International Service Association Automated access data provisioning
EP3040924A1 (en) * 2014-12-30 2016-07-06 Telefonica Digital España, S.L.U. Method and system for providing device based authentication, integrity and confidentiality for transactions performed by mobile device users
EP3040922A1 (en) * 2014-12-30 2016-07-06 Telefonica Digital España, S.L.U. Method and system for providing authentication, integrity and confidentiality for transactions performed by mobile device users
US10187363B2 (en) 2014-12-31 2019-01-22 Visa International Service Association Hybrid integration of software development kit with secure execution environment
US10096009B2 (en) 2015-01-20 2018-10-09 Visa International Service Association Secure payment processing using authorization request
US10164996B2 (en) 2015-03-12 2018-12-25 Visa International Service Association Methods and systems for providing a low value token buffer
FR3040579A1 (en) * 2015-08-28 2017-03-03 Orange Method and system for setting anonymous securisee social relationship during an event
EP3136758A1 (en) * 2015-08-28 2017-03-01 Orange Method and system for anonymous and secure social mapping during an event
US10243958B2 (en) 2016-01-07 2019-03-26 Visa International Service Association Systems and methods for device push provisoning
US10313321B2 (en) 2016-04-07 2019-06-04 Visa International Service Association Tokenization of co-network accounts

Similar Documents

Publication Publication Date Title
US9521548B2 (en) Secure registration of a mobile device for use with a session
US9646303B2 (en) Secure remote payment transaction processing using a secure element
AU2013216868B2 (en) Tokenization in mobile and payment environments
US7308431B2 (en) System and method of secure authentication and billing for goods and services using a cellular telecommunication and an authorization infrastructure
CA2760938C (en) Verification of portable consumer devices
EP2304636B1 (en) Mobile device assisted secure computer network communications
CA2748481C (en) System and method for initiating transactions on a mobile device
US7444676B1 (en) Direct authentication and authorization system and method for trusted network of financial institutions
JP6371390B2 (en) Secure remote settlement transaction processing
US9596237B2 (en) System and method for initiating transactions on a mobile device
US6836765B1 (en) System and method for secure and address verifiable electronic commerce transactions
US8752125B2 (en) Authentication method
US9582801B2 (en) Secure communication of payment information to merchants using a verification token
US20110082767A1 (en) Multi-Step Authentication-Based Electronic Payment Method Using Mobile Terminal
JP4846154B2 (en) A method and system for secure authentication settlement in a computer network
US20130275308A1 (en) System for verifying electronic transactions
US20020077993A1 (en) Method and system for conducting wireless payments
US20190043022A1 (en) Secure registration and authentication of a user using a mobile device
US7606560B2 (en) Authentication services using mobile device
US20150088756A1 (en) Secure Remote Payment Transaction Processing Including Consumer Authentication
US7908227B2 (en) Method and apparatus for secure online transactions
US10043186B2 (en) Secure authentication system and method
US20090172402A1 (en) Multi-factor authentication and certification system for electronic transactions
AU2010315111B2 (en) Verification of portable consumer devices for 3-D secure services
US8407112B2 (en) Transaction authorisation system and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12728980

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct app. not ent. europ. phase

Ref document number: 12728980

Country of ref document: EP

Kind code of ref document: A1