WO2017108226A1 - Sécurité des données - Google Patents

Sécurité des données Download PDF

Info

Publication number
WO2017108226A1
WO2017108226A1 PCT/EP2016/074795 EP2016074795W WO2017108226A1 WO 2017108226 A1 WO2017108226 A1 WO 2017108226A1 EP 2016074795 W EP2016074795 W EP 2016074795W WO 2017108226 A1 WO2017108226 A1 WO 2017108226A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
computer system
authorisation code
new
authorisation
Prior art date
Application number
PCT/EP2016/074795
Other languages
English (en)
Inventor
Robert Elgaard
Original Assignee
Sdc A/S
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sdc A/S filed Critical Sdc A/S
Priority to EP16781813.7A priority Critical patent/EP3394809A1/fr
Publication of WO2017108226A1 publication Critical patent/WO2017108226A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction

Definitions

  • This disclosure relates to a method for generating a new authorisation code for data security. More specifically, but not exclusively, a method for dynamically updating user login information is disclosed, which is arranged to improve security of data communications.
  • the internet enables users to buy and sell goods and services online by utilising online electronic transactions to enable a buyer or payer to send money electronically to the seller or payee who then receives the money.
  • e-commerce transactions In order for such e-commerce transactions to occur online between a payer and payee it is necessary for at least some financial information to be exchanged over the internet.
  • SSL Secure Sockets Layer
  • Another proposal is to use a web fraud detection system that looks for unusual behaviour in a user's transaction activities.
  • this is a reactive approach that detects fraudulent use after a user's financial information has been stolen and used, which is less than ideal.
  • the issue of e-commerce and m-commerce fraud remains a huge problem and there are still inadequate measures in place to protect consumer's financial information online.
  • a method of authorising an action at a first computer system comprises receiving a new authorisation code at the first computer system, wherein the new authorisation code is generated from a previous authorisation code by a second computer system, authenticating the new authorisation code, and authorising an action following successful authentication of the new authorisation code.
  • the new authorisation code may be sent to the first computer system by the second computer system.
  • the second computer system may have generated the new authorisation code.
  • the second computer system may be the system requesting an action to be performed.
  • the new authorisation code may be sent to the first computer system by a third computer system.
  • the third computer system may be a system arranged to generate such authorisation codes.
  • the new authorisation code may be generated from the previous authorisation code and an additional input.
  • the new authorisation code may be generated by concatenating the previous authorisation code to the additional input to create a concatenated expression, and calculating a hash value over the concatenated expression.
  • the new authorization code may be the resultant hash value.
  • the additional input may comprise a passcode.
  • the passcode may be generated by the first computer system and sent to the second computer system for generating the new authentication code.
  • the passcode may be received by the first computer system having been generated by a computer system other than the first computer system.
  • the use of a passcode may assist to increase security. If the passcode is generated via a separate device utilising a further communication channel then the risk of a security breach is reduced.
  • the step of authenticating the new authorisation code may comprise comparing the new authorisation code with an authenticating authorisation code.
  • the authenticating authorisation code and the new authorisation code may be generated by the first and second computer systems respectively using the same method.
  • the authorised action may comprise a financial transaction.
  • the method may further comprise sending, from the first computer system, confirmation of the authorisation of an action following successful authentication of the authorisation code.
  • the first computer system may authenticate the new authorisation code.
  • the first computer system may send confirmation of the authorisation of an action following successful authentication of the authorisation code to the second computer system.
  • the method may further comprise receiving a further authorisation code at the first computer system, wherein the further authorisation code is generated from the new authorisation code by the second computer system, authenticating the further authorisation code, and authorising an action following successful authentication of the further authorisation code.
  • the method may further comprise receiving, prior to receiving the new authorisation code, a first authorisation code at the first computer system, wherein the first authorisation code is generated from an initialisation code by the second computer system, authenticating the first authorisation code, and authorising an action following successful authentication of the first authorisation code.
  • the initialisation code may comprise one or more of a social security number, a company registration number, a personal identification code and a location identifier such as the country code of a place of residence of a user associated with the second device.
  • Also disclosed is a computer-readable medium comprising instructions that are executable by a processor to perform any method disclosed herein.
  • a server comprising a memory arranged to store computer-implementable code arranged, in use, to implement any method disclosed herein, and a processor arranged to implement the code stored in the memory.
  • the passcode may be provided via over the air standard provisioning.
  • the passcode may be a random code.
  • the passcode may be a one-time passcode.
  • the passcode may be provided via mobile internet.
  • the passcode may be provided via short message service (SMS).
  • SMS short message service
  • the new authorisation code may be stored encrypted under a symmetric encryption key.
  • the hash value may be calculated using a SHA-2 hash function.
  • the second computer system may be a smartphone or tablet device.
  • the first computer system may be a server.
  • the authenticating authorisation code may be stored in memory of the first computer system.
  • the creation of the dynamic user ID involves concatenating a first code or reference with a second code or reference, wherein one of the first or second code or reference is the previous dynamic user ID.
  • the user ID may be generated independently by both first and second computer systems. Both systems may use the same parameters for the generation in order to ensure that the user ID that they have generated remain identical.
  • Figure 1 illustrates an electronic transaction system in accordance with the present disclosure
  • Figure 2 illustrates a process for managing the log-in process between entities of the system of Figure 1.
  • FIG. 1 illustrates a system 100 known herein as the proxyPay system.
  • the system 100 comprises a server 1 10, referred to as the proxyPay server, a consumer device 120, or payer device, and a merchant device 130, or payee device.
  • the server 1 10 is a first computer system that acts an interface device for transactions between the consumer device 120 and the merchant device 130 in order to increase security.
  • the consumer device 120 which is a second computer system is a smart phone in this arrangement, but may be any other type of computer system such as a desktop computer or tablet.
  • the merchant device 130 is a third computer system within the system 100 associated with a specific merchant such as an online shop.
  • Each entity within the system is a computing system at least comprising a processor, a memory, and a communications port.
  • Each has software operating thereon to enable methods disclosed herein to be performed on the devices.
  • the software on the consumer device 120 is a smartphone app, referred to herein as the proxyPay app.
  • the server 1 10, consumer device 120 and merchant device 130 are arranged to communicate with one another over a network (not shown) such as the internet.
  • the consumer device 120 is able to access a website associated with the merchant device 130 over the network in order to identify a product to be purchased.
  • the purchasing of the product is managed by the server 1 10, which has the financial information of both the consumer and merchant stored within its memory.
  • the server 1 10 is then able to securely manage the transaction such that neither the consumer nor the merchant need to share financial information. This therefore results in an increase in the level of security provided by the transaction.
  • the process starts with a registration process in which the consumer device 120 and the merchant device 130 register with the server 1 10.
  • the registration process enables the server 1 10 to securely identify both parties in the transaction thereby increasing the security of the payment transaction.
  • the consumer device 120 registers with the server 1 10.
  • the consumer device 120 sends a request for registration to the consumer's bank.
  • the bank sends data comprising financial details and identification details of the consumer to the server 1 10.
  • the identification details include data comprising one or more of a hashed one-time passcode (OTP) generated by the bank and returned by the consumer to the bank as part of the registration process, the consumer's social security number, and the country code of the consumer's place of residence.
  • OTP hashed one-time passcode
  • the financial details of the consumer include data comprising the consumer's credit card details and/or bank account details.
  • the bank communicates directly with the server 1 10 over a secure network such that the consumer's financial information is never transferred directly from the consumer over what is likely to be a relatively insecure network connection.
  • the data may be transmitted over an IPSec protected connection or a 2-way SSL protected connection.
  • the consumer's information is stored securely in the memory of the server.
  • an equivalent registration process is provided for the merchant 130 to register personal/company information which may include financial information with the server 1 10.
  • the enrollment procedure ensures that the following parameters are available for both the server 1 10 and consumer 120, e.g. via the proxyPay App on the consumer's smartphone:
  • step S1 of the dynamic user ID procedure the following takes place on the consumer device 120.
  • the app will generate a first dynamic user ID for the consumer. This may take place as the consumer enters this information into the app during the registration process, or could be input at a later date if the registration process was carried out on a different device.
  • the dynamic user ID is then generated by:
  • the OTP is displayed in clear text in the online bank of the user as the result of the registration, while the bank communicates the hash of this OTP to the proxyPay central server 1 10.
  • the OTP may be four or six digits while the hash is 64 characters.
  • the user reads the OTP and then types the 4 or 6 digits into his smartphone.
  • the app will then first calculate the hash of the OTP and the concatenate the hash to the social security number and calculate the hash over the string.
  • the result will be prefixed with the country code and this will constitute the first User ID.
  • the proxyPay central server receives the hashed OTP along with the social security number and financial payment information (credit card numbers, expire dates, CVC codes). It concatenates the hashed OTP to the social security number and calculates the hash over this concatenated string. The result of this hash calculation is prefixed with the country code configured into the proxyPay central server 1 10, 'UK' for instance. This value will be identical to the value calculated by the user's smartphone and will constitutes the first User ID.
  • H2 then constitutes the first dynamic user ID.
  • the Dynamic user IDs will have a format like this: UKFBB3472B4B6FD20E130F42B238F01A37E6E0EE45CA7AD9E41774EDFE6E1 EA8B3
  • the first Dynamic User ID is separately generated on the server 1 10 by:
  • H2 also constitutes the first dynamic User ID. H2 is guaranteed to be identical to the H2 calculated by the app in the consumer's smartphone.
  • the consumer When the consumer subsequently sends information identifying himself to the server, for example in order to request a payment to be made or log into a system, the consumer identifies himself by sending H2 as the user ID.
  • the server 1 10 implements a time-based mechanism where a new random 4 or 6 digits code, like a OTP, is generated for the consumer 120 and is sent by Over The Air (OTA) standard provisioning or SMS to the App in the consumer's smartphone at step S3.
  • OTA Over The Air
  • the time-based mechanism is configurable and may be policy based.
  • the new OTP is sent responsive to a purchase by the consumer. The consumer then sends an acknowledge message back to central server confirming the 6 digits code is received.
  • a new dynamic user ID is calculated at the consumer device 120 using the same function as the first dynamic user ID at step S4. However, in cases other than the first time the dynamic user ID is generated the previous dynamic user ID is used in place of the consumer's social security number and the new 4 or 6 digit code is used in place of the previous OTP. In the app on the consumer device 120 the dynamic user ID is stored encrypted under a symmetric encryption key that is derived from the consumer's pin code.
  • the server When the server has generated the 4 or 6 digit code, it also updates the dynamic user ID that it has stored in its memory using the same technique at step S5. Consequently, the dynamic user ID for that consumer remains the same at both the consumer and server side.
  • the current dynamic user ID is
  • the server 1 10 then checks the dynamic user ID that it receives from the consumer device 120 with the dynamic user ID that it has stored in its memory for that consumer. In this arrangement, the server simply checks the received and stored dynamic user IDs are identical. If the dynamic user IDs match then permission is granted and the transaction proceeds. If the dynamic IDs do not match then permission is refused and the transaction does not proceed. It will be appreciated that these steps could also take place immediately after the first dynamic user ID is created, i.e. the first dynamic user ID could be the current dynamic user ID. In other arrangements, security can be improved by providing a later step in the transaction process in which a digital signature is calculated over the transaction where the public key used for the verification is associated with the dynamic user ID.
  • server 1 10 could be incorporated into, or partially implemented by, the merchant system 130, for example. Acts such as the verification of the new log in details could be performed at various different parts within the system.
  • the server 1 10 could manage all processes as it does in the description above. In other arrangements, the server 1 10 could just generate the passcode, in other arrangements it could just authorise the action by verifying the authentication code.
  • the authorisation of the authentication code is not carried out by comparing the authentication code received from the second computer system with the one stored in the first computer system.
  • information other than the Social security number may be used as an input to the generation of a new authentication code.
  • a Company registration number a personal identification number, a Country code associated with the consumer, mobile phone numbers, social network identifiers, email addresses or any other string of letters and/or numbers could be used as the initial input.
  • the code could be omitted.
  • the country code is there for solving future routing issues.
  • the online bank could fully generate the first User ID because the bank possesses the required parameters (social security number and OTP).
  • the Online Bank could then generate a QR-code containing the first User ID that the user could scan into the application. This is may reduce processing and provide an improved user experience.
  • proxyPay central server 1 10 Another way to achieve the concept of dynamic user ID's is by having the proxyPay central server 1 10 generate a list of, for example 100, user ID's and to encrypt this list (using the public key of the user) and send it to the smartphone 120. The central server could then from time to time transmit a number between 1 and 100 that will indicate which user ID in the list there is the active one.
  • Mobile phone numbers, social network identifiers and email addresses could be used instead of social security numbers.
  • a passcode comprising more or less digits than 6 could be used.
  • the passcode could include any combination of characters.
  • the passcode could be randomly generated.
  • the passcode could be selected from a predefined list of passcodes. It could be any reference or code.
  • values are not hashed. While this reduces the amount of processing required, there is also a level of reduction in security. Hence, the use of hashing may depend upon the application and importance of security in that application.
  • the bank could calculate the first user ID (H2) directly during the registration process and send this to the proxyPay central server.
  • the various methods described above may be implemented by a computer program product.
  • the computer program product may include computer code arranged to instruct a computer to perform the functions of one or more of the various methods described above.
  • the computer program and/or the code for performing such methods may be provided to an apparatus, such as a computer, on a computer readable medium or computer program product.
  • the computer readable medium may be transitory or non-transitory.
  • the computer readable medium could be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, or a propagation medium for data transmission, for example for downloading the code over the Internet.
  • the computer readable medium could take the form of a physical computer readable medium such as semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disc, and an optical disk, such as a CD-ROM, CD-R/W or DVD.
  • a physical computer readable medium such as semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disc, and an optical disk, such as a CD-ROM, CD-R/W or DVD.
  • An apparatus such as a computer may be configured in accordance with such code to perform one or more processes in accordance with the various methods discussed herein.
  • Such an apparatus may take the form of a data processing system.
  • a data processing system may be a distributed system.
  • such a data processing system may be distributed across a network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé d'autorisation d'une action sur un premier système informatique. Le procédé comprend la réception d'un nouveau code d'autorisation par le premier système informatique, le nouveau code d'autorisation étant généré à partir d'un code d'autorisation précédent par un second système informatique, l'authentification du nouveau code d'autorisation, et l'autorisation d'une action suite à l'authentification réussie du nouveau code d'autorisation. L'invention se rapporte également à un support lisible par ordinateur permettant de mettre en œuvre ce procédé.
PCT/EP2016/074795 2015-12-23 2016-10-14 Sécurité des données WO2017108226A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP16781813.7A EP3394809A1 (fr) 2015-12-23 2016-10-14 Sécurité des données

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1522762.2 2015-12-23
GBGB1522762.2A GB201522762D0 (en) 2015-12-23 2015-12-23 Data security

Publications (1)

Publication Number Publication Date
WO2017108226A1 true WO2017108226A1 (fr) 2017-06-29

Family

ID=55311531

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2016/074795 WO2017108226A1 (fr) 2015-12-23 2016-10-14 Sécurité des données

Country Status (3)

Country Link
EP (1) EP3394809A1 (fr)
GB (1) GB201522762D0 (fr)
WO (1) WO2017108226A1 (fr)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5666415A (en) * 1995-07-28 1997-09-09 Digital Equipment Corporation Method and apparatus for cryptographic authentication
WO2003083793A2 (fr) * 2002-04-03 2003-10-09 Swivel Secure Limited Systeme et procede permettant de realiser des transactions securisees de cartes de credit et de debit
GB2387999A (en) * 2002-04-24 2003-10-29 Richard Mervyn Gardner Generation of variable authentication codes, each code being generated using the immediately preceding authentication code and fixed data
US20060173794A1 (en) * 2002-02-27 2006-08-03 Imagineer Software, Inc. Secure electronic commerce using mutating identifiers
WO2007071191A1 (fr) * 2005-12-22 2007-06-28 Hong Kong Applied Science and Technology Research Institute Co. Ltd Authentifications doubles utilisant des chaines d'occurences securisees
GB2440358A (en) * 2006-06-30 2008-01-30 G3 Vision Ltd Authentication system and method using One Time Passwords (OTPs)
US20080034216A1 (en) * 2006-08-03 2008-02-07 Eric Chun Wah Law Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords
US20090258631A1 (en) * 2008-04-14 2009-10-15 Nokia Corporation Mobility related control signalling authentication in mobile communications system
US20100106771A1 (en) * 2008-10-24 2010-04-29 Samsung Electronics Co., Ltd. Method and apparatus for communication based on certification using static and dynamic identifier
WO2014155154A1 (fr) * 2013-03-27 2014-10-02 Sabatier Mikaël Système de transaction de paiement sécurisé

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5666415A (en) * 1995-07-28 1997-09-09 Digital Equipment Corporation Method and apparatus for cryptographic authentication
US20060173794A1 (en) * 2002-02-27 2006-08-03 Imagineer Software, Inc. Secure electronic commerce using mutating identifiers
WO2003083793A2 (fr) * 2002-04-03 2003-10-09 Swivel Secure Limited Systeme et procede permettant de realiser des transactions securisees de cartes de credit et de debit
GB2387999A (en) * 2002-04-24 2003-10-29 Richard Mervyn Gardner Generation of variable authentication codes, each code being generated using the immediately preceding authentication code and fixed data
WO2007071191A1 (fr) * 2005-12-22 2007-06-28 Hong Kong Applied Science and Technology Research Institute Co. Ltd Authentifications doubles utilisant des chaines d'occurences securisees
GB2440358A (en) * 2006-06-30 2008-01-30 G3 Vision Ltd Authentication system and method using One Time Passwords (OTPs)
US20080034216A1 (en) * 2006-08-03 2008-02-07 Eric Chun Wah Law Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords
US20090258631A1 (en) * 2008-04-14 2009-10-15 Nokia Corporation Mobility related control signalling authentication in mobile communications system
US20100106771A1 (en) * 2008-10-24 2010-04-29 Samsung Electronics Co., Ltd. Method and apparatus for communication based on certification using static and dynamic identifier
WO2014155154A1 (fr) * 2013-03-27 2014-10-02 Sabatier Mikaël Système de transaction de paiement sécurisé

Also Published As

Publication number Publication date
EP3394809A1 (fr) 2018-10-31
GB201522762D0 (en) 2016-02-03

Similar Documents

Publication Publication Date Title
US11127016B2 (en) Unique code for token verification
US9785941B2 (en) Tokenization in mobile environments
JP6713081B2 (ja) 認証デバイス、認証システム及び認証方法
CN105745678B (zh) 包括消费者认证的安全远程支付交易处理
US20170308896A1 (en) Methods and apparatus for brokering a transaction
US8601268B2 (en) Methods for securing transactions by applying crytographic methods to assure mutual identity
US20150302409A1 (en) System and method for location-based financial transaction authentication
WO2016092318A1 (fr) Systèmes et procédé permettant de générer une transaction sécurisée
EP3832968B1 (fr) Procédé pour sécuriser une transaction en masquant des données sensibles transmises sur un réseau
WO2016131664A1 (fr) Procédé pour extraire, par un serveur de paiement, un numéro de compte permanent de financement à partir d'un numéro de compte de paiement de jeton
WO2017108226A1 (fr) Sécurité des données
Jawale et al. Towards trusted mobile payment services: a security analysis on Apple Pay
KR101596434B1 (ko) 결제정보 분리를 이용한 온라인 전자금융거래 인증방법
AU2014100650A4 (en) NFC digital authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16781813

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2016781813

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2016781813

Country of ref document: EP

Effective date: 20180723