WO2013044192A3 - Securing transactions against cyberattacks - Google Patents
Securing transactions against cyberattacks Download PDFInfo
- Publication number
- WO2013044192A3 WO2013044192A3 PCT/US2012/056786 US2012056786W WO2013044192A3 WO 2013044192 A3 WO2013044192 A3 WO 2013044192A3 US 2012056786 W US2012056786 W US 2012056786W WO 2013044192 A3 WO2013044192 A3 WO 2013044192A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- transaction
- information
- passcode
- stored
- registration code
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Software Systems (AREA)
- General Business, Economics & Management (AREA)
- Computing Systems (AREA)
- Marketing (AREA)
- Economics (AREA)
- Technology Law (AREA)
- Development Economics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Methods and systems are provided for performing a secure transaction. Users register biometric and/or other identifying information. A registration code and an encryption key are generated from the biometric information and/or information obtained from a unpredictable physical process and are stored in a secure area of a device and also transmitted to a service provider. A transaction passcode generator may be computed based on the stored registration code. In at least one embodiment, a unique transaction passcode depends upon the transaction information, so that on the next step of that transaction, only that unique transaction passcode will be valid. In an embodiment, the passcode includes the transaction information. In at least one embodiment, if the transaction information has been altered relative to the transaction information stored in the device's secure area, then the transaction passcode sent during this step will be invalid and transaction may be aborted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP12832873.9A EP2758922A4 (en) | 2011-09-25 | 2012-09-23 | Securing transactions against cyberattacks |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201161626485P | 2011-09-25 | 2011-09-25 | |
US61/626,485 | 2011-09-25 | ||
US201261659376P | 2012-06-13 | 2012-06-13 | |
US61/659,376 | 2012-06-13 | ||
US13/541,733 | 2012-07-04 | ||
US13/541,733 US9858401B2 (en) | 2011-08-09 | 2012-07-04 | Securing transactions against cyberattacks |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2013044192A2 WO2013044192A2 (en) | 2013-03-28 |
WO2013044192A3 true WO2013044192A3 (en) | 2013-05-30 |
Family
ID=47915111
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2012/056786 WO2013044192A2 (en) | 2011-09-25 | 2012-09-23 | Securing transactions against cyberattacks |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP2758922A4 (en) |
WO (1) | WO2013044192A2 (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10268843B2 (en) | 2011-12-06 | 2019-04-23 | AEMEA Inc. | Non-deterministic secure active element machine |
US9858401B2 (en) | 2011-08-09 | 2018-01-02 | Biogy, Inc. | Securing transactions against cyberattacks |
US9235697B2 (en) | 2012-03-05 | 2016-01-12 | Biogy, Inc. | One-time passcodes with asymmetric keys |
US9049226B1 (en) | 2013-03-12 | 2015-06-02 | Emc Corporation | Defending against a cyber attack via asset overlay mapping |
DE102013006549A1 (en) * | 2013-04-08 | 2014-10-09 | Fiducia It Ag | Method and system for cashless payment or cash withdrawal with a mobile customer terminal |
US11823190B2 (en) * | 2013-12-09 | 2023-11-21 | Mastercard International Incorporated | Systems, apparatus and methods for improved authentication |
CN107306183B (en) * | 2016-04-22 | 2021-12-21 | 索尼公司 | Client, server, method and identity verification system |
EP4231591A3 (en) * | 2016-06-29 | 2023-10-25 | Prosper Creative Co., Ltd. | Communications system, communications device used in same, management device, and information terminal |
US20190327092A1 (en) * | 2018-04-23 | 2019-10-24 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Methods and systems for secure biometric authentication |
GB2585010B (en) * | 2019-06-24 | 2022-07-13 | Blockstar Developments Ltd | Cryptocurrency key management |
CN113221128B (en) * | 2020-01-21 | 2022-11-08 | 中国移动通信集团山东有限公司 | Account and password storage method and registration management system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090316903A1 (en) * | 2006-05-01 | 2009-12-24 | Gyun Tae Jeung | Time sync-type otp generation device and method for mobile phones |
US20100223460A1 (en) * | 2005-11-30 | 2010-09-02 | Sdu Identification B.V. | System and method for requesting and issuing an authorization document |
KR20100136269A (en) * | 2009-06-18 | 2010-12-28 | 주식회사 비즈모델라인 | System and method for managing otp with biometrics and recording medium |
KR20110039947A (en) * | 2009-10-13 | 2011-04-20 | 주식회사 아레오네트웍스 | System and method for on-line wireless settlement and program recording medium |
US20110231315A1 (en) * | 2010-03-16 | 2011-09-22 | Infosys Technologies Limited | Method and system for making secure payments |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002123779A (en) * | 2000-10-12 | 2002-04-26 | Hitachi Ltd | Method and system for processing settlement and recording medium with stored program |
US20090063850A1 (en) | 2007-08-29 | 2009-03-05 | Sharwan Kumar Joram | Multiple factor user authentication system |
US20100125635A1 (en) * | 2008-11-17 | 2010-05-20 | Vadim Axelrod | User authentication using alternative communication channels |
-
2012
- 2012-09-23 EP EP12832873.9A patent/EP2758922A4/en not_active Withdrawn
- 2012-09-23 WO PCT/US2012/056786 patent/WO2013044192A2/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100223460A1 (en) * | 2005-11-30 | 2010-09-02 | Sdu Identification B.V. | System and method for requesting and issuing an authorization document |
US20090316903A1 (en) * | 2006-05-01 | 2009-12-24 | Gyun Tae Jeung | Time sync-type otp generation device and method for mobile phones |
KR20100136269A (en) * | 2009-06-18 | 2010-12-28 | 주식회사 비즈모델라인 | System and method for managing otp with biometrics and recording medium |
KR20110039947A (en) * | 2009-10-13 | 2011-04-20 | 주식회사 아레오네트웍스 | System and method for on-line wireless settlement and program recording medium |
US20110231315A1 (en) * | 2010-03-16 | 2011-09-22 | Infosys Technologies Limited | Method and system for making secure payments |
Non-Patent Citations (1)
Title |
---|
See also references of EP2758922A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP2758922A4 (en) | 2015-06-24 |
EP2758922A2 (en) | 2014-07-30 |
WO2013044192A2 (en) | 2013-03-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2013044192A3 (en) | Securing transactions against cyberattacks | |
WO2008146667A1 (en) | Anonymous authenticating system and anonymous authenticating method | |
WO2012174427A3 (en) | Method and system for determining authentication levels in transactions | |
WO2007118239A3 (en) | Authentication service for facilitating access to services | |
EP3783557A4 (en) | Virtual code-based financial transaction provision system, virtual code generation device, virtual code verification device, virtual code-based financial transaction provision method, and virtual code-based financial transaction provision program | |
TW200635326A (en) | Method and system for secure binding register name identifier profile | |
WO2010121137A3 (en) | Enrollment server | |
WO2008060820A3 (en) | System and method for authenticating remote server access | |
WO2010101869A3 (en) | System and method for account level blocking | |
BR112014013627A2 (en) | authentication method using biometric data for mobile ecommerce transactions | |
WO2010017493A3 (en) | Transaction secured in an untrusted environment | |
WO2008005876A3 (en) | Managing transaction accounts | |
WO2013165279A3 (en) | Multi factor user authentication | |
WO2011159483A3 (en) | Techniques to verify location for location based services | |
WO2012027585A3 (en) | Authorization of cash delivery | |
WO2009134941A3 (en) | System and method for facilitating secure payment in digital transactions | |
GB201010546D0 (en) | Method of indentity verification | |
WO2009037335A3 (en) | System, method and device for enabling interaction with dynamic security | |
MY149495A (en) | Authenticating an application | |
WO2008042871A3 (en) | Methods and apparatus for securely signing on to a website via a security website | |
IN2014MU00771A (en) | ||
MX2017001114A (en) | Transaction management method by recognition of the registration number of a vehicle. | |
WO2008089142A3 (en) | Identification and verification method and system for use in a secure workstation | |
WO2013112640A3 (en) | Ticket transfer | |
SG11201907795XA (en) | Method and apparatus for user authentication based on feature information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12832873 Country of ref document: EP Kind code of ref document: A2 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012832873 Country of ref document: EP |