WO2013044192A3 - Securing transactions against cyberattacks - Google Patents

Securing transactions against cyberattacks Download PDF

Info

Publication number
WO2013044192A3
WO2013044192A3 PCT/US2012/056786 US2012056786W WO2013044192A3 WO 2013044192 A3 WO2013044192 A3 WO 2013044192A3 US 2012056786 W US2012056786 W US 2012056786W WO 2013044192 A3 WO2013044192 A3 WO 2013044192A3
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
information
passcode
stored
registration code
Prior art date
Application number
PCT/US2012/056786
Other languages
French (fr)
Other versions
WO2013044192A2 (en
Inventor
Michael Stephen Fiske
Original Assignee
Biogy, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/541,733 external-priority patent/US9858401B2/en
Application filed by Biogy, Inc. filed Critical Biogy, Inc.
Priority to EP12832873.9A priority Critical patent/EP2758922A4/en
Publication of WO2013044192A2 publication Critical patent/WO2013044192A2/en
Publication of WO2013044192A3 publication Critical patent/WO2013044192A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Software Systems (AREA)
  • General Business, Economics & Management (AREA)
  • Computing Systems (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Technology Law (AREA)
  • Development Economics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Methods and systems are provided for performing a secure transaction. Users register biometric and/or other identifying information. A registration code and an encryption key are generated from the biometric information and/or information obtained from a unpredictable physical process and are stored in a secure area of a device and also transmitted to a service provider. A transaction passcode generator may be computed based on the stored registration code. In at least one embodiment, a unique transaction passcode depends upon the transaction information, so that on the next step of that transaction, only that unique transaction passcode will be valid. In an embodiment, the passcode includes the transaction information. In at least one embodiment, if the transaction information has been altered relative to the transaction information stored in the device's secure area, then the transaction passcode sent during this step will be invalid and transaction may be aborted.
PCT/US2012/056786 2011-09-25 2012-09-23 Securing transactions against cyberattacks WO2013044192A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP12832873.9A EP2758922A4 (en) 2011-09-25 2012-09-23 Securing transactions against cyberattacks

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US201161626485P 2011-09-25 2011-09-25
US61/626,485 2011-09-25
US201261659376P 2012-06-13 2012-06-13
US61/659,376 2012-06-13
US13/541,733 2012-07-04
US13/541,733 US9858401B2 (en) 2011-08-09 2012-07-04 Securing transactions against cyberattacks

Publications (2)

Publication Number Publication Date
WO2013044192A2 WO2013044192A2 (en) 2013-03-28
WO2013044192A3 true WO2013044192A3 (en) 2013-05-30

Family

ID=47915111

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2012/056786 WO2013044192A2 (en) 2011-09-25 2012-09-23 Securing transactions against cyberattacks

Country Status (2)

Country Link
EP (1) EP2758922A4 (en)
WO (1) WO2013044192A2 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10268843B2 (en) 2011-12-06 2019-04-23 AEMEA Inc. Non-deterministic secure active element machine
US9858401B2 (en) 2011-08-09 2018-01-02 Biogy, Inc. Securing transactions against cyberattacks
US9235697B2 (en) 2012-03-05 2016-01-12 Biogy, Inc. One-time passcodes with asymmetric keys
US9049226B1 (en) 2013-03-12 2015-06-02 Emc Corporation Defending against a cyber attack via asset overlay mapping
DE102013006549A1 (en) * 2013-04-08 2014-10-09 Fiducia It Ag Method and system for cashless payment or cash withdrawal with a mobile customer terminal
US11823190B2 (en) * 2013-12-09 2023-11-21 Mastercard International Incorporated Systems, apparatus and methods for improved authentication
CN107306183B (en) * 2016-04-22 2021-12-21 索尼公司 Client, server, method and identity verification system
EP4231591A3 (en) * 2016-06-29 2023-10-25 Prosper Creative Co., Ltd. Communications system, communications device used in same, management device, and information terminal
US20190327092A1 (en) * 2018-04-23 2019-10-24 Avago Technologies General Ip (Singapore) Pte. Ltd. Methods and systems for secure biometric authentication
GB2585010B (en) * 2019-06-24 2022-07-13 Blockstar Developments Ltd Cryptocurrency key management
CN113221128B (en) * 2020-01-21 2022-11-08 中国移动通信集团山东有限公司 Account and password storage method and registration management system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090316903A1 (en) * 2006-05-01 2009-12-24 Gyun Tae Jeung Time sync-type otp generation device and method for mobile phones
US20100223460A1 (en) * 2005-11-30 2010-09-02 Sdu Identification B.V. System and method for requesting and issuing an authorization document
KR20100136269A (en) * 2009-06-18 2010-12-28 주식회사 비즈모델라인 System and method for managing otp with biometrics and recording medium
KR20110039947A (en) * 2009-10-13 2011-04-20 주식회사 아레오네트웍스 System and method for on-line wireless settlement and program recording medium
US20110231315A1 (en) * 2010-03-16 2011-09-22 Infosys Technologies Limited Method and system for making secure payments

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002123779A (en) * 2000-10-12 2002-04-26 Hitachi Ltd Method and system for processing settlement and recording medium with stored program
US20090063850A1 (en) 2007-08-29 2009-03-05 Sharwan Kumar Joram Multiple factor user authentication system
US20100125635A1 (en) * 2008-11-17 2010-05-20 Vadim Axelrod User authentication using alternative communication channels

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100223460A1 (en) * 2005-11-30 2010-09-02 Sdu Identification B.V. System and method for requesting and issuing an authorization document
US20090316903A1 (en) * 2006-05-01 2009-12-24 Gyun Tae Jeung Time sync-type otp generation device and method for mobile phones
KR20100136269A (en) * 2009-06-18 2010-12-28 주식회사 비즈모델라인 System and method for managing otp with biometrics and recording medium
KR20110039947A (en) * 2009-10-13 2011-04-20 주식회사 아레오네트웍스 System and method for on-line wireless settlement and program recording medium
US20110231315A1 (en) * 2010-03-16 2011-09-22 Infosys Technologies Limited Method and system for making secure payments

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2758922A4 *

Also Published As

Publication number Publication date
EP2758922A4 (en) 2015-06-24
EP2758922A2 (en) 2014-07-30
WO2013044192A2 (en) 2013-03-28

Similar Documents

Publication Publication Date Title
WO2013044192A3 (en) Securing transactions against cyberattacks
WO2008146667A1 (en) Anonymous authenticating system and anonymous authenticating method
WO2012174427A3 (en) Method and system for determining authentication levels in transactions
WO2007118239A3 (en) Authentication service for facilitating access to services
EP3783557A4 (en) Virtual code-based financial transaction provision system, virtual code generation device, virtual code verification device, virtual code-based financial transaction provision method, and virtual code-based financial transaction provision program
TW200635326A (en) Method and system for secure binding register name identifier profile
WO2010121137A3 (en) Enrollment server
WO2008060820A3 (en) System and method for authenticating remote server access
WO2010101869A3 (en) System and method for account level blocking
BR112014013627A2 (en) authentication method using biometric data for mobile ecommerce transactions
WO2010017493A3 (en) Transaction secured in an untrusted environment
WO2008005876A3 (en) Managing transaction accounts
WO2013165279A3 (en) Multi factor user authentication
WO2011159483A3 (en) Techniques to verify location for location based services
WO2012027585A3 (en) Authorization of cash delivery
WO2009134941A3 (en) System and method for facilitating secure payment in digital transactions
GB201010546D0 (en) Method of indentity verification
WO2009037335A3 (en) System, method and device for enabling interaction with dynamic security
MY149495A (en) Authenticating an application
WO2008042871A3 (en) Methods and apparatus for securely signing on to a website via a security website
IN2014MU00771A (en)
MX2017001114A (en) Transaction management method by recognition of the registration number of a vehicle.
WO2008089142A3 (en) Identification and verification method and system for use in a secure workstation
WO2013112640A3 (en) Ticket transfer
SG11201907795XA (en) Method and apparatus for user authentication based on feature information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12832873

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 2012832873

Country of ref document: EP