СИСТЕМА ФИНАНСОВЫХ ТРАНЗАКЦИЙ И СПОСОБ ИСПОЛЬЗОВАНИЯ ЭЛЕКТРОННОГО ОБМЕНА СООБЩЕНИЯМИ

... 1. Способ осуществления финансовой транзакции для стороны, имеющей средство электронного обмена сообщениями, причем сторона имеет адрес электронного обмена сообщениями и номер банковского счета для банковского счета, связанного с финансовым учреждением, в связи с чем финансовая транзакция может осуществляться посредством банковского счета и финансового учреждения, имеющего банковский сервер для осуществления финансовой транзакции посредством банковского счета, способ содержит этапы, на которых обслуживают электронное сообщение от клиента стороны, причем электронное сообщение (i) отправлено по заранее определенному адресу электронного обмена сообщениями для осуществления финансовой транзакции конкретного типа, (ii) подготовлено в соответствии с первым предписанным протоколом и (iii) запрашивает осуществление финансовой транзакции конкретного типа и запрашивают банковский сервер финансового учреждения стороны на осуществление финансовой транзакции согласно первому предписанному протоколу ...

SCHNITTSTELLENEINRICHTUNG UND -VERFAHREN ZUM VERBINDEN EINES VERSCHLÜSSELUNGSMODULS MIT EINEM PERSONALCOMPUTER

Türklingelstelle mit lokaler Kommunikationsverbindung

Vorgeschlagen wird ein Verfahren mit einer Türklingelstelle, einem Mobiltelefon, Steuerungs- und Sensormodule einer Steuerung bzw. Meldeanlage im Gebäude, und einer drahtlosen lokalen Kommunikationsverbindung geringer Reichweite zwischen diesen. Dabei wird vorgesehen, dass (a) die Türsprechstelle mit dieser drahtlosen lokalen Kommunkationsverbindung, wie bspw. Bluetooth, sowohl auf der Türseite wie auch an der Gegenstelle ausgerüstet ist, und (b) diese drahtlose lokale Kommunikationsverbindung die vorhandenen und verteilten Steuerungs- und Sensormodule einer im Gebäude befindlichen Steuerung oder Meldeanlage, zur Weiterleitung der audiovisuellen Kommunikationsdaten sowie der Steuer- und Sensordaten zwischen Türklingelstelle und Gegenstelle oder einem Smartphone nutzen, und/oder (c) diese drahtlose lokale Kommunikationsverbindung ggfs. gleichzeitig zum Einwählen in ein lokal in der Nähe befindliches Mobiltelefon/Smartphone/Tablet mit Mobilfunkanschluss verwendet wird und dieses das Klingelereignisses ...

ANORDNUNG ZUR DURCHFUEHRUNG VON ZAHLUNGEN MITTELS KREDITKARTEN.

Authentication methods and systems

A method employing a datacard and a datacard reader, and a datacard for use in such a method

Sensor array system selectively configurable as a fingerprint sensor or data entry device

The invention relates to systems and methods for facilitating enrollment of biometric data (e.g. fingerprints) via a biometric sensor 102 on a smartcard 104. The data can be subsequently used for authenticating a user. The smartcard is inserted into a receptacle 904 of a non-data-transmitting power source 902, whence power is transmitted to the card from the receptacle via contact pads 108. A detector circuit is provided for detecting a signal in the smartcard during enrolment, said circuit can then activate a status indicator (e.g. an LED light) that indicates the state of the enrolment process. A sensor assembly could generate biometric images using the sensor, then derive and store a biometric template. A range of events (e.g. placing a finger on the sensor) could trigger the enrolment phase, and withdrawal from the receptacle could terminate enrolment. The biometric sensor could include finger guides (1212, e.g. beveled edges) to position a finger so that it contacts the sensor at desired ...

DATA PROCESSING SYSTEM WHICH PROTECTS THE SECRECY OF CONFIDENTIAL DATA

Sensor Array system selectively configurable as a fingerprint sensor or data entry device

Devices, systems, and methods facilitate enrollment of authenticating biometric data for authenticating an authorized user via a biometric sensor. Included devices transmit power to a sensor-enabled device that does not have an independent power source without transmitting data to or from the device. Data input devices coupled to the biometric sensor enable user input of non- biometric data, such as an activation code, via the biometric sensor. For biometric sensors comprising fingerprint sensors, finger guides position a finger to contact the sensor at a desired orientation. Systems and methods allow for enrollment of one or more authenticating biometric data templates with or without requiring input of non-biometric authentication data, such as an activation code.

Financial transactions with a varying pin

METHOD OF AND SYSTEM FOR SECURELY PROCESSING A TRANSACTION

Method of and system for securely processing a transaction.

Financial transactions with a varying pin

Identification system.

Method of and system for securely processing a transaction.

Method of and system for securely processing a transaction.

MOBILE ACCOUNT AUTHENTIFIKATIONSDIENST

PROCEDURE FOR THE IMPROVEMENT OF THE ABUSE PROTECTION WITH A SMART CARD AND A SMART CARD FOR THE EXECUTION OF THE PROCEDURE

PROCEDURE AND DEVICE FOR THE SAFE ONE KRYPTOSCHLÜSSELSPEICHERUNG AND - USE.

SYSTEM AND PROCEDURE FOR THE WIRELESS ONE ZWEIFAKTORAUTHENTIFIZIERUNG

SYSTEM AND METHOD FOR SEPARATE KARTENHALTERUND SYSTEM ACCESS ON RESOURCES WITH CONTROL BY A SMART CARD

AUTHENTIFIZIERUNGSANORDNUNG AND PROCEDURES FOR THE USE FOR FINANCIAL TRANSACTIONS

TERMINAL FOR SYSTEM WITH PROTECTED ENTRANCE.

Secret code security access to data processing means

Modular mobile point of sale device having separable units for configurable data processing

There are provided systems and methods for a modular mobile point of sale device having separable units for configurable data processing. A modular device may include a main unit that includes data processing features to allow for a mobile point of sale, including a data entry unit for payment data, a communication component to secure communicate that data to a centralized transaction processor, and a processing unit to receive the data and instruct the centralized to process the data with an online service provider. The module device may also be physically and communicatively coupled to additional modules that may increase the on-device functionality of the main unit, include a module to allow user input and additional modules to accept other types of transaction input. On detection of a connected unit, the main unit may secure connect to and authenticate each attached module.

Communication services

User experience on mobile phone

A method of operating a mobile phone as a financial transaction instrument is provided Security features, which can disable the mobilE phone so as to prevent account information from being transmitted, incorporate transaction limits and the use of a personal identification number.

A hand-portable electronic device for verifying an input test sequence of characters against a predetermined sequence of characters

Method and system for providing real-time access to mobile commerce purchase confirmation evidence

A method and system are provided for providing a real-time access to mobile commerce payment evidence. The method includes receiving and storing evidence that a mobile handset user has confirmed his intention of making a purchase to be billed to his mobile operator account. The method further includes authenticating the confirmation received, and storing evidence of that authentication. Further, the method includes providing at least some of that evidence to at least one of the subscriber, the utility provider, and a provider of the product purchased.

Electronic transaction systems and methods therefor

SECURITY SYSTEMS

Payment system

SYSTEM AND METHOD FOR SECURE VERIFICATION OF ELECTRONIC TRANSACTIONS

There is provided a system and method for secure verification of electronic transactions, and in particular secure processing of personal identification numbers when third party processors are involved. In an embodiment, a variable length PIN associated with a credit card or debit card is encrypted, then hashed using a one-way hash algorithm before it is passed along to and stored by a third party processor. The encrypted-hashed PIN always remains in an encrypted form while in the hands of the third party processor. At the third party processor, secure cryptographic hardware is used to store the one-way hash algorithm. Encrypted PIN values received for verification (e.g. from a retail point-of- sale terminal) are converted and hashed using the one-way hash algorithm, and the resulting hashed-encrypted value is compared against the hashed-encrypted PIN values previously stored at the third party processor. As the PIN has a variable length, and the third party processor has no access to the ...

SYSTEM AND METHOD FOR SELECTIVE ENCRYPTION OF INPUT DATA DURING A RETAIL TRANSACTION

MOBILE ACCOUNT AUTHENTICATION SERVICE

... ²²²A payment authentication service authenticates the identity of a payer during ²online transactions. The authentication service allows a card issuer to verify ²a cardholder's (110) identity using a variety of authentication methods, such ²as with the use of tokens. Authenticating the identity of a cardholder (110) ²during an online transaction involves querying an access control server to ²determine if a cardholder (110) is enrolled in the payment authentication ²service, requesting a password from the cardholder, verifying the password, ²and notifying a merchant whether the cardholder's (110) authenticity has been ²verified. Systems for imp lementing the authentication service in which a ²cardholder (110) uses a mobile device capable of transmitting messages via the ²Internet are described. Systems for implementing the authentication service in ²which a cardholder (110) uses a mobile device capable of transmitting messages ²through voice and messaging channels is also described.² ...

INTERNET BUSINESS SECURITY METHOD

An internet business security method is disclosed. According to this method, first, a one-time password is generated based on a smart card that includes a chip to perform the processes of storing data, processing data and encoding/decoding data. Then, the one-time password is identified by the website. When the one - time password is correct, the smart card holder is permitted to login to the website for further trading. The trade object for this website is the smart card holder identity registered in the bank.

AUTHENTICATION METHOD

A method of authenticating a user to a transaction at a terminal, wherein a user identification is transmitted from the terminal to a transaction partner via a first communication channel, and an authentication device uses a second communication channel for checking an authentication function that is implemented in a mobile device of the user, and, as a criterion for deciding whether the authentication to the transaction shall be granted or denied, the authentication device checks whether a predetermined time relation exists between the transmission of the user identification and a response from the second communication channel, characterized in that the authentication function is normally inactive and is activated by the user only preliminarily for the transaction, said response from the second communication channel includes the information that the authentication function is active, and the authentication function is automatically deactivated.

METHODS AND APPARATUS FOR INTERFACING AN ENCRYPTION MODULE WITH A PERSONAL COMPUTER

An encryption module for encrypting financial and other sensitive data may be conveniently interposed in series between a personal computer and the keyboard associated therewith. An application program designed to run on the PC is configured to prompt the user to enter his PIN or other confidential data into the encryption module; consequently the confidential data need not be transmitted in an unencrypted fashion, and need not reside on the PC hard drive in an unencrypted form.

EINRICHTUNG ZUM INDIVIDUELLEN IDENTIFIZIEREN EINER MEHRZAHL VON INDIVIDUEN.

Identifizierungsanordnung mit einer Anzahl frei beweglicher Identifikanden und einem Identifikator

SAFETY INSTALLATION IN PARTICULAR FOR CARRYING OUT BANKING TRANSACTIONS.

iNSTALLATION DE [...] LE [...] D' iNFORMATION[...] D' iNFORMATION[...].

TREATMENT PLANT INFORMATION PROTECTING THE SECRECY OF CONFIDENTIAL INFORMATION.

Financial transactions with a varying spin.

Eine Finanztransaktionserleichterungsvorrichtung (10) zum Erleichtern einer Finanztransaktion an einer ATM, Verkaufsstelle, über das Internet oder zum Einloggen in ein Finanzkonto, erzeugt eine PIN in Antwort auf eine korrekte biometrische Kennung, die bereitgestellt wird. Die Vorrichtung hat eine Datenspeichereinheit (14), eine Eingabevorrichtung (16) betätigbar durch einen Transakteur zum Eingeben einer Anfrage für eine PIN, eine biometrische Kennungs-Eingabevorrichtung zum Eingeben einer biometrischen Kennung des Transakteurs, eine Verifizierungseinheit zum Verifizieren einer bereitgestellten biometrischen Kennung, in Verwendung, durch den Transakteur, einen PIN-Erzeuger (24) zum Erzeugen einer PIN, wenn die eingegebene biometrische Kennung verifiziert ist, und eine Ausgabevorrichtung (18) um Bereitstellen der PIN an den Transakteur. Die biometrische Kennung kann ein Lautsignal, ein optisches Signal oder ein Fingerabdruck sein. Dementsprechend umfasst eine Finanztransaktionsverarbeitungsanlage ...

PROCEDURE FOR THE IDENTIFICATION OF A BENUETZERS OF A SMART CARD.

Manufacturer independent, authenticity identification device obtaining method for service provider - involves storing code, from service provider, obtained by RSA function having secret encryption key, in write-once type area of card

The method involves using an identification device (1) provided with only one read-only area (2) which is writable only at the manufacturing time, and at least one writable area (3), the one read only area and the at least one writable area being freely externally readable by an external device. A first permanent and unique code (5) is applied to the read-only area by the manufacturer of the identification device at the manufacturing time, the first permanent and unique code being freely externally readable. A service provider then applies to the at least one writable area a freely externally readable second code (7), which is obtained by computing, by an RSA encryption function having a secret encryption key (8), the joining in predetermined positions of the first permanent unique code and of a message (6). The identification device is externally validated through decryption of the second code by a decryption key (9), a portion of the decrypted second code arranged in a predetermined position ...

Password-protected access to e.g. site or computer network, employs computer disguising access code by display of two character sets

The user has a real access code, e.g. a pin number. The access code is stored by the central computer unit (11). It displays two sets of characters on the screen, each character of the first set being in one-to-one correspondence with a character of the second set. The user employs this association between the sets to encode the pin number, producing a temporary, substitution-encoded pin number. It is this temporary pin number which is entered by the user and recognized by the computer, to validate access. The computer then changes the association. An independent claim is included for a password-protected access control unit.

PLATFORM OF EXPANDED COMMUNICATION AND METHOD OF COMMUNICATION, USING PLATFORM

СИСТЕМА И СПОСОБЫ ПРЕДОСТАВЛЕНИЯ ДОСТУПА К ДАННЫМ, ХРАНЯЩИМСЯ НА СМАРТ-КАРТЕ

В изобретении представлены устройство (51) и способ обеспечения защищенного платежа и сертифицированного доступа к цифровому контенту. Устройство включает по меньшей мере одну чип-микросхему (12), содержащую операционную систему и средства обеспечения памяти, интерфейс с множеством N контактных площадок ввода (21-28), соединенных с чип-микросхемой, и по меньшей мере одну операционную систему, способную обрабатывать и извлекать информацию, хранящуюся на чип-микросхеме. Имеется по меньшей мере одна кодирующая математическая формула, хранящаяся в указанной чип-микросхеме, которая генерирует отклик на вводимую информацию путем ввода заданной последовательности входных электрических сигналов на указанные контактные площадки посредством указанного устройства (52) считывания карт. Имеется также по меньшей мере один интерфейс (54) пользователя, который предлагает конечному пользователю (50) вводить данные.

Biometric secure sales and payment terminal using face recognition and finger print definition methods

Cardholder system with improved security functions and corresponding methods

The present invention relates to a cardholder system for holding credit cards or other electronic cards for use in connection with various transactions where the cardholder is provided with means for protection against card fraud. Specifically the cardholder system according to the invention comprises means for providing access to a card in the cardholder or to required information stored on such a card for instance in a magnetic stripe or a chip on the card only upon entry of an individual cardholder code or alternative data uniquely identifying the owner of the cardholder system and the card or cards contained herein. Upon reception of this code or data, information required for performing a Card Not Present (CNP) transaction stored on a card in the cardholder will be displayed on a display on the cardholder and the card may be removed from the cardholder. The cardholder according to the invention may furthermore be used to carry out contactless payment transactions directly from the ...

Access control HAS a MEANS OF Data processing

DISPOSITIF D'IDENTIFICATION ELECTRONIQUE

LE DISPOSITIF COMPREND UNE CLE COMPORTANT UNE ZONE DE MEMOIRE PASSIVE 108, 109 ET UN REGISTRE A DECALAGE 102, LE CODE CONTENU DANS LA ZONE PASSIVE ETANT DESTINE A ETRE TRANSFERE DANS LE REGISTRE A DECALAGE 102 LORS DE L'INTRODUCTION DE LA CLE DANS UNE SERRURE, CECI AFIN QUE LEDIT CODE PUISSE ETRE TRANSFERE DU REGISTRE A DECALAGE DANS LA SERRURE POUR Y ETRE COMPARE AVEC UN CODE DE REFERENCE CONTENU DANS LA SERRURE. LA CLE COMPREND UN CIRCUIT 123 POURVU D'UN COMPTEUR 124, 125 QUI EST INCREMENTE A CHAQUE MISE SOUS TENSION DE LA CLE ET D'UN SYSTEME 126, 127, 128 DE REMISE A ZERO DU COMPTEUR 124, 125 LORS D'UN TRANSFERT FRUCTUEUX DU CODE HORS DE LA CLE, DE MANIERE QU'APRES UN NOMBRE D'ESSAIS DETERMINE PAR LE COMPTEUR, D'ESSAIS INFRUCTUEUX DE TRANSFERTS, LA ZONE DE MEMOIRE PASSIVE 108, 109 SOIT DETRUITE PAR LE SIGNAL DE SORTIE EMIS PAR LE COMPTEUR 124, 125.

SYSTEME DE TRAITEMENT D'INFORMATIONS PROTEGEANT LE SECRET D'INFORMATION SYSTEME DE TRAITEMENT D'INFORMATIONS PROTEGEANT LE SECRET D'INFORMATIONS CONFIDENTIELLES

L'invention est destinée à la protection du secret d'une information confidentielle dans un système 10 comprenant une machine de traitement de l'information 12, un dispositif 14 pour la transmission d'informations comprenant une information confidentielle, et un premier élément auxiliaire 16 de la machine destiné à recevoir et traiter au moins ladite information confidentielle. Dans la technique antérieure, l'information confidentielle était envoyée à partir du dispositif 14, qui est un dispositif public, via un trajet 18 à l'élément 16. Afin d'éviter tout espionnage possible sur le trajet 18, l'invention est caractérisée en ce qu au moins l'information confidentielle est envoyée au premier élément auxiliaire 16 à partir d'un second élément auxiliaire 22 personnel par l'intermédiaire d'un trajet 20 conçu pour que l'information qui le traverse ne puisse être détectée. L'invention s'applique notamment aux cartes de crédi ...

ACCESS SECURITY PER SECRET CODE HAS a MEANS OF Data processing

PROCESS AND DEVICE TO CARRY OUT A PERSONAL IDENTIFICATION BY USING A CHART HAVE INTEGRATED CIRCUIT AND PORTABLE SUPPORT OF MEMORY TO BE USED

Bank card's code i.e. personal identification number, storing device for payments, has boxes formed on elements e.g. bottom and rubber key pad, and sheet of adhesive letters, where bottom is in direct contact with keys of reader

L'invention concerne un dispositif permettant de remplacer un code de carte bancaire composé de quatre chiffres par un mot choisi par l'utilisateur. Il est constitué d'un fond (1) sur lequel vient se poser une plaquette de touches en caoutchouc (2) sur laquelle sont collées les lettres de la planche (6) fournie avec l'ensemble. Le dernier élément est la façade décorative (3) qui vient recouvrir le tout. Ces différents éléments qui composent l'ensemble seraient ensuite reliés entre eux par des clips que l'on insère dans les trous (4) situés aux quatre coins de chaque élément. Ce dispositif selon l'invention est un outil de mémoire destiné aux personnes qui n'arrivent pas à mémoriser un code de carte bancaire.

Patent FR2180349A5

Payment terminal e.g. computer, for e.g. automatic fuel vending machine, has memory storing program for modifying keyboard configuration data before inputting information and controlling displaying of configuration after modifying data

L'invention a pour objet un terminal de paiement comprenant: - un afficheur ; - un clavier (20) distinct de l'afficheur (10) ; - une mémoire ; - un programme stocké dans la mémoire ; dans lequel le programme est apte à : - modifier des données de configuration du clavier avant une saisie au clavier (20) par un utilisateur; et - à commander l'affichage sur l'afficheur (10) d'une configuration de clavier d'après les données de configuration modifiées.

Remote payment method for assets and/or services, involves authenticating customer by comparing customer and mobile telephone number passwords, sending authentication confirmation and customer bank card identifier to drawee

The method involves authenticating a customer (1) by comparing a password sent by the customer with a password associated to a mobile telephone number. An authentication confirmation for assets and/or services, and an identifier of a bank card of the customer are sent to a drawee (2). The drawee creates a payment transaction through card, via a virtual payment terminal (TPV) service to remotely pay for the assets and/or services.

PROCESS OF PAYMENT MADE SAFE VIA A MOBILE PHONE

Procédé de paiement sécurisé par l'intermédiaire d'un téléphone mobile. Pour résoudre un problème de paiement au cours d'une session de télé-achat on prévoit de faire composer par un utilisateur, avec sa télécommande (7), un numéro (GSM) de téléphone de son téléphone mobile (10). Son numéro de téléphone mobile est transmis à un centre de paiement 9 qui en retour appelle le téléphone mobile désigné. Dans ce téléphone mobile on peut mettre en oeuvre une opération complexe (34) de paiement comportant l'identification du débiteur, par prélèvement de son identité dans une carte à puce (6) de ce débiteur introduite dans son téléphone mobile, une validation de cette carte à puce et cet utilisateur par une composition d'un code secret de cette carte à puce et un accord sur la transaction. On montre que toute la transaction est alors menée au cours d'une conversation téléphonique privée (11-13). Elle est alors à l'abri de toutes les manipulations auxquelles elle aurait pu être soumise si elle avait ...

Protected card access system to communication terminals - uses enciphered code and its key stored on the card and compared with a keyboard entered code

Chart with integrated circuit with means of treatment of control and process of control of numérod' personal identification of this chart

Une carte à CI comprend des moyens de traitement de données (1); une mémoire EEPROM (15) dans laquelle est enregistré un numéro d'identification personnelle; un circuit de détection de tension (26) qui détecte la tension d'alimentation; et un circuit de traitement de contrôle (1) pour la vérification d'un numéro d'identification personnelle introduit à partir de l'extérieur, par comparaison avec le numéro enregistré. Lorsque la tension d'alimentation est inférieure à une valeur prédéterminée, le circuit de traitement de contrôle retourne toujours une information d'erreur d'identification à une unité externe pour éviter une divulgation du numéro d'identification. An IC card comprises data processing means (1); an EEPROM memory (15) in which a personal identification number is stored; a voltage detection circuit (26) which detects the supply voltage; and a control processing circuit (1) for verifying a personal identification number entered from the outside, by comparison with the registered number. When the supply voltage is lower than a predetermined value, the control processing circuit always returns identification error information to an external unit to avoid disclosure of the identification number.

PROCEDE ET DISPOSITIF ELECTRONIQUE DE MEMORISATION ET DE TRAITEMENT CONFIDENTIEL DE DONNEES

L'invention a pour objet un procédé et un dispositif électronique portatif assurant le traitement confidentiel de données telles que des transactions bancaires. Le procédé comporte principalement, pour la réalisation de chaque transaction, les étapes suivantes : le test 2 de la validité du code fourni au dispositif par l'utilisateur, par comparaison de ce code extérieur avec une information mémorisée de façon ineffaçable dans le dispositif, cette comparaison s'effectuant entièrement de façon interne au dispositif et fournissant une information interne sur la validité du code extérieur ; la recherche 3 d'un emplacement de mémoire dans le dispositif qui soit disponible pour enregistrer des informations relatives à la transaction en cours et l'inscription à cette adresse notamment de l'information de validité ; lorsque l'information de validité l'autorise, l'accès 4 à la mémoire du dispositif afin de réaliser la transaction considérée. (CF DESSIN DANS BOPI) ...

DISPOSITIF PROTEGE D'AUTHENTIFICATION DES UTILISATEURS D'UN TERMINAL DE TRANSMISSION DE MESSAGES ET SYSTEME DE TRANSACTIONS COMPORTANT DE TELS DISPOSITIFS

L'INVENTION SE RAPPORTE AUX SYSTEMES DE TRANSACTION PAR TRANSMISSION DE MESSAGES ENTRE UN DISPOSITIF D'UTILISATION ET UN CENTRE DE GESTION. ELLE A POUR OBJET UN DISPOSITIF PROTEGE D'AUTHENTIFICATION DES UTILISATEURS ASSOCIANT UNE CARTE D'UTILISATEUR 1 COMPORTANT UN REGISTRE MEMOIRE 10 DU CODE CONFIDENTIEL C, ET UN DISPOSITIF DE CALCUL 13 D'UNE TRANSFORMEE IRREVERSIBLE DE CE CODE VARIABLE A CHAQUE TRANSACTION, A UN DISPOSITIF D'UTILISATION COMPORTANT UN REGISTRE MEMOIRE 22 DU CODE C FRAPPE SUR LE CLAVIER D'ACCES 23, ET UN DISPOSITIF DE CALCUL 21 CALCULANT A PARTIR DU NUMERO DE TRANSACTION FOURNI PAR LA CARTE D'ACCES 1 LA MEME TRANSFORMEE IRREVERSIBLE APPLIQUEE AU CODE C. UN CIRCUIT DE COMPARAISON 24 DES DEUX TRANSFORMEES DECIDE DE LEUR COINCIDENCE, ET DONC DE L'AUTHENTICITE DE L'UTILISATEUR ET PAR SUITE DE LA VALIDATION DE LA TRANSACTION. APPLICATION, NOTAMMENT, AUX TRANSFERTS ELECTRONIQUES DE FOND.

MOBILE ACCOUNT AUTHENTICATION SERVICE

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder's (110) identity using a variety of authentication methods, such as with the use of tokens. Authenticating the identity of a cardholder (110) during an online transaction involves querying an access control server to determine if a cardholder (110) is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder's (110) authenticity has been verified. Systems for imp lementing the authentication service in which a cardholder (110) uses a mobile device capable of transmitting messages via the Internet are described. Systems for implementing the authentication service in which a cardholder (110) uses a mobile device capable of transmitting messages through voice and messaging channels is also described. COPYRIGHT KIPO & WIPO ...

System för finansiella transaktioner och metoder utnyttjande elektroniska meddelanden

VARIABLE PIN FOR HARDWARE TOKEN

Password management system for changing and checking of a password and allocation of this password to a hardware token, in particular magnetic strip card and/or chip card, wherein the password is used for authentication of the hardware token with respect to a technical system, wherein the password is a personal identification number PIN and wherein the PIN can be determined by means of an algorithm from data which are read out from the hardware token, wherein to change the original PIN into a new PIN, a change value is saved in the password management system and/or is saved in a readable manner on the hardware token and is used to determine the new PIN by means of the same or another algorithm.

AUTHENTICATION METHOD

A method of authenticating a user to a transaction at a terminal (10), wherein a user identification is transmitted from the terminal (10) to a transaction partner (12) via a first communication channel (14), and an authentication device (18) uses a second communication channel (20) for checking an authentication function that is implemented in a mobile device (16) of the user, and, as a criterion for deciding whether the authentication to the transaction shall be granted or denied, the authentication device (18) checks whether a predetermined time relation exists between the transmission of the user identification and a response from the second communication channel, characterized in that the authentication function is normally inactive and is activated by the user only preliminarily for the transaction, said response from the second communication channel (20) includes the information that the authentication function is active, and the authentication function is automatically deactivated ...

METHOD AND SYSTEM FOR MAKING CARD-BASED PAYMENTS USING MOBILE DEVICES

The present invention provides a system, a method and a computer program product for provisioning Virtual PIN pads on mobile devices, and for enabling customers to make payments using the provisioned Virtual PIN pads for the purchased goods and services. The system comprises a Virtual PIN pad and a transaction backend module. The Virtual PIN pad is a software emulation of a PIN Entry Device (PED) and is provisioned on the mobile device securely with all requisite keys and certificates, while conforming to all security standards of the payment domain. The transaction backend connects the Virtual PIN pad to a payment institution. The customer can make a payment by entering an account identifier card's PIN into the Virtual PIN pad. The Virtual PIN pad encrypts the entered PIN using certified security mechanisms, and transmits it over a secure channel to the payment institution for verification and payment authorization, via the transaction backend. The backend ensures the integrity of transaction ...

METHOD AND DEVICE FOR DETERMINING AN ACCESS CODE

The invention relates to a method for determining an access code comprising a predetermined number of input symbols. The access code is determined from input symbols and the position thereof when inputted. The number of possible input positions for the input symbols is greater than the predetermined number of input symbols. An input device (10) detects the input symbols and the positions thereof in an input field (20). An access code (30) is determined therefrom and compared in a comparator (50) with a reference access code (60). If compatibility is established, access to the system is authorised.

Multifactor authentication system

Systems and methods are provided to allow for multifactor authentication of automatic teller machines (ATM) transactions and transactions at a merchant's point of sale. In an illustrative implementation, a secondary PIN request is delivered to participating users, and/or a one-time use, randomly generated secondary PIN to a customer's mobile phone via a text message when the customer initiates a transaction at an ATM. The customer then replies with a text message to the secondary PIN request with the customer's PIN or inputs the secondary PIN into the ATM before the transaction may proceed. In an illustrative implementation, the customer's mobile phone is allowed to be used as a mobile PIN terminal for various payments devices used at a merchant's point of sale system. Also, an additional level of customer authentication using the ubiquitous mobile phone can be allowed, thereby increasing the security of ATM transactions and non-cash payments.

Dynamic downloading of keyboard keycode data to a networked client

The present invention is directed toward dynamic downloading of keyboard keycode data to a networked client. According to one or more embodiments of the present invention, a user logs into a networked client by presenting a smart card to a card reader attached to the client (or by some other authentication mechanism) and enters a PIN into the keyboard. The keycodes entered by the user logging into the client are obtained, translated into ASCII characters, and presented to the smart card. If the PIN is correct, the user is able to log in, otherwise the log in fails. In one embodiment, when the user enters the PIN, a translation table is downloaded from the server into the client. The client uses the translation table to convert the keycodes to ASCII text and presents the ASCII text to the smart card for authentication.

IC card including a memory, a password collating means and an access permitting means for permitting access to the memory

A non-contact type IC card includes a programmable memory divided into a user area for storing application data, and a system area for storing a system password and a system password effective code indicating requirement of collation of the system password. If the system area of the memory includes the system password effective code, access to the system area by an external apparatus is permitted only when passwords are identical as a result of password collation. If the system area does not include the system password effective code, the access by the external apparatus can be permitted without the password collation.

Electronic acces control device

An electronic lock utilizes two microprocessors remote from each other for enhanced security. The first microprocessor is disposed close to an input device such as a keypad, and the second microprocessor is disposed close to the lock mechanism and well protected from external access. The first microprocessor transmits a communication code to the second microprocessor when it receives via the input device an access code that matches a preset access code. The second microprocessor opens the lock if the transmitted communication code matches a preset communication code. The dual-microprocessor arrangement is advantageously used in a voice controlled access control system and in a motorcycle ignition control system. The present invention further provides an electronic access control system which has a master electronic key having a preset number of access, and an electronic alarm system for a bicycle that has a remote control mounted in the helmet of the rider.

Real-time entry and verification of PIN at point-of-sale terminal

For financial transactions requiring PIN verification, the customer can now select his or her own number at the time of applying for the financial transaction instrument or account. The customer enters the PIN which is then encrypted using a transaction unique encryption scheme. The customer then re-enters the PIN which is once again encrypted using a transaction unique encryption scheme. As a result, two blocks of data are created for the same PIN, yet the encrypted values of the blocks are different. These blocks are provided to a central security system which can reverse the encryption process to a point at which it can generate an offset based on the received blocks. If the PINs were identically entered, the offsets will be equal, otherwise the offsets will not be equal. Thus, this technique allows a customer to select and enter his or her own PIN code, and have the PIN code entry verified by the system without the system actually knowing the value of the PIN code.

Method of secure data communication

In an exchange of data between a client terminal (1) and a secure database server (2) the data is encoded using positional information generated by a combination generator (7) in a separate security server (3). The positional information is used to produce an image specific to a communication event which is accessed by the client terminal (1) and is the basis for the entry of sensitive data at the client terminal (1). The three-way communication link between the client terminal, database server and security server greatly increases the difficulty of successfully intercepting and decoding the data entered at the client terminal. This method of secure data communication is particularly suited to the communication of password data for example in the banking industry.

CHIP CARD HAVING A FIRST USER FUNCTION, METHOD FOR SELECTING AN IDENTIFIER, AND COMPUTER SYSTEM

Transaction security method and apparatus

A method and apparatus for increasing the security of transactions between two parties is disclosed. The method and apparatus employ multiple PINs from which elements are selected for user identification. The transactions may be financial transactions or any other transaction where user identification is required.

METHOD OF SECURING TRANSACTIONS PERFORMED REMOTELY OVER AN OPEN COMMUNICATION NETWORK

Systems and methods for secure authentication of electronic transactions

An online transaction system configured to implement authentication methods that allow for strong multi-factor authentication in online environments. The authentication methods can be combined with strong security methods (218) to further ensure that the authentication process is secure. Further, the strong multi-factor authentication can be implemented with zero adoption dependencies through the implementation of automated enrollment methods (210).

Portable electronic device and its secret information collation method

Apparatus and method for managing IC-card transactions

The method for managing transactions in a system comprising card readers and the associated microcircuit cards, consists in organising the memory of the cards intended for recording transactions into two areas, one area accessible by presentation of the carrier code on each transaction, for transactions with a total greater than a predetermined value, the other accessible for transactions with a total less than the predetermined value, without systematic presentation of the carrier code: one presentation of the carrier code controls writing of bits for opening recording spaces in this second area until the number of open spaces is equal to predetermined N. The invention applies especially to credit cards, to telephone cards and to multi-use cards. ...

DATA MEMORY AND TRANSMISSION SYSTEM

Patent RU2019122294A3

ВУ“? 2019122294” АЗ Дата публикации: 21.05.2021 Форма № 18 ИЗПМ-2011 Федеральная служба по интеллектуальной собственности Федеральное государственное бюджетное учреждение ж 5 «Федеральный институт промышленной собственности» (ФИПС) ОТЧЕТ О ПОИСКЕ 1. . ИДЕНТИФИКАЦИЯ ЗАЯВКИ Регистрационный номер Дата подачи 2019122294/12(043560) 19.12.2017 РСТ/ЕР2017/083619 19.12.2017 Приоритет установлен по дате: [ ] подачи заявки [ ] поступления дополнительных материалов от к ранее поданной заявке № [ ] приоритета по первоначальной заявке № из которой данная заявка выделена [ ] подачи первоначальной заявки № из которой данная заявка выделена [ ] подачи ранее поданной заявки № [Х] подачи первой(ых) заявки(ок) в государстве-участнике Парижской конвенции (31) Номер первой(ых) заявки(ок) (32) Дата подачи первой(ых) заявки(ок) (33) Код страны 1. 16206678.1 23.12.2016 ЕР* Название изобретения (полезной модели): [Х] - как заявлено; [ ] - уточненное (см. Примечания) СПОСОБ РАБОТЫ МАШИНЫ ПО ПРИГОТОВЛЕНИЮ НАПИТКОВ, МАШИНА ПО ПРИГОТОВЛЕНИЮ НАПИТКОВ И КОМПЬЮТЕРНАЯ ПРОГРАММА Заявитель: ЧИБО ГМБХ, РЕ 2. ЕДИНСТВО ИЗОБРЕТЕНИЯ [Х] соблюдено [ ] не соблюдено. Пояснения: см. Примечания 3. ФОРМУЛА ИЗОБРЕТЕНИЯ: [Х] приняты во внимание все пункты (см. Примечания) [ ] приняты во внимание следующие пункты: [ ] принята во внимание измененная формула изобретения (см. Примечания) 4. КЛАССИФИКАЦИЯ ОБЪЕКТА ИЗОБРЕТЕНИЯ (ПОЛЕЗНОЙ МОДЕЛИ) (Указываются индексы МПК и индикатор текущей версии) 007Е 13/06 (2006.01) 5. ОБЛАСТЬ ПОИСКА 5.1 Проверенный минимум документации РСТ (указывается индексами МПК) О07Е 13/00-13/06, 606Е17/00, А471 31/36, 31/42, 31/44, В65В 3/04 5.2 Другая проверенная документация в той мере, в какой она включена в поисковые подборки: 5.3 Электронные базы данных, использованные при поиске (название базы, и если, возможно, поисковые термины): Езрасепес, РаБеагсв, КОРТО 6. ДОКУМЕНТЫ, ОТНОСЯЩИЕСЯ К ПРЕДМЕТУ ПОИСКА Кате- Наименование документа с указанием (где необходимо) частей, Относится к гория* ...

СПОСОБ АУТЕНТИФИКАЦИИ

... 1. Способ аутентификации пользователя для транзакции в терминале (10), в котором идентификатор пользователя передается от терминала (10) партнеру (12) по транзакции через первый канал (14) связи, и устройство (18) аутентификации использует второй канал (20) связи для проверки функции аутентификации, которая реализована в мобильном устройстве (16) пользователя, и в качестве критерия для решения, следует ли выдать или отклонить аутентификацию для транзакции, устройство (18) аутентификации проверяет, существует ли заданное временное отношение между передачей идентификатора пользователя и ответом от второго канала связи, причем способ отличается тем, что функция аутентификации обычно является не активной и активируется пользователем только предварительно по отношению к транзакции, причем упомянутый ответ от второго канала (20) связи включает в себя информацию о том, что функция аутентификации является активной, и функция аутентификации автоматически деактивируется.2. Способ по п. 1, в котором ...

Method for increasing security in case of digital signatures using chip card, involves providing chip card with integrated display, terminal and chip card reading and writing device for transmitting data to be signed

The method involves providing a chip card (5) with an integrated display (51), a terminal (2) and a chip card reading and writing device (4) for transmitting data to be signed from the chip card to the terminal and from the terminal to the chip card. The data transmission between the chip card and the terminal is established, where display is visible to a user while data is transmitted between terminal and the chip card. A signature process is initiated for transmitting the data to be signed to the chip card, where the important data are marked. Independent claims are also included for the following: (1) a chip card with an integrated display for increasing security in the case of digital signatures (2) a system for increasing security in the case of digital signatures .

Verfahren und Vorrichtung zur Überprüfung der Zugangsberechtigung eines Benutzers für eine besonders geschützte Einrichtung

Verfahren zur Überprüfung der Zugangsberechtigung eines Benutzers für eine besonders geschützte Einrichtung oder ein besonders geschütztes System durch Eingeben eines eine numerische, alphanumerische oder alphabetische Zeichenkombination umfassenden persönlichen Kenncodes in eine Kontroll- oder Sicherungseinrichtung mittels einer Eingabevorrichtung (28) mit einer Eingabetastatur (30) und einer Anzeigeeinrichtung (34), wobei durch die Anzeigeeinrichtung (34) eine zufällige Zeichenkombination angezeigt wird, die von dem Benutzer mittels der Eingabetastatur (30) zu dem persönlichen Kenncode verändert wird, wobei der Kenncode selbst nicht angezeigt oder nach erfolgter Eingabe unkenntlich gemacht wird, dadurch gekennzeichnet, daß die darzustellende zufällige Zeichenkombination verschlüsselt zur Anzeigeeinrichtung (34) übertragen und dort zum Anzeigen wieder entschlüsselt wird.

Method of identifying a user of a smart card

A user (7) of a smart card (3) is considered to be identified if an identification code (PIN) of the user (7) agrees with an identification code (PIN) of the smart card (3). The smart card (3) is connected to a terminal (1). The smart card (3) generates at least one random number (Z), and informs the user (7) of it, using a display (4) on the card itself. The user keys in, via the terminal (1), a random code (K), which is the result of a combination of the user's identification code (PIN) and the at least one random number (Z). The combination is preferably addition or subtraction. ...

Conducting a payment process by mobile telephone involves checking identification characteristic in transaction center, completing payment process if identification check satisfactory

The method involves making a telephone connection between a mobile telephone and a transaction center (20), which uses the telephone number to identify the user (10) and bank account, transmitting at least a payment amount, recipient (30) and identification characteristic from the telephone after entering a secret number, checking the identification and completing the payment process in the transaction center if the check is satisfactory.

A method for verifying a person's identity or entitlement using one-time transaction codes

A method of secure data communication

Secure pin management of a user trusted device

Financial transaction system and method using electronic messaging

AUTHENTIFIZIERUNGSANORDNUNG AND PROCEDURES FOR THE USE WITH FINANCIAL TRANSACTIONS

Platform for preparing and interrogating data in a network, particularly for offering goods and services for sale

A platform for preparing and interrogating data in a network, particularly for offering goods and services for sale, with a data store (3) for data which can be given to a platform user, with a test unit (7) connected to the data store (3), and with a database (4), is described, the data of which can be read in and out via network connections (5)depending on the data evaluation by the testing unit (7). To provide advantageous construction conditions it is proposed that an additional memory (9) for entitlement key for interrogating database data is connected to the data store (3) there via the network terminals (5) depending on the data evaluation of the test unit (9).

PROCEDURE FOR THE DERIVATIVE OF IDENTIFICATION NUMBERS

INTERFACE MECHANISM AND - PROCEDURES FOR CONNECTING A CODING MODULE WITH A PERSONAL COMPUTER

SYSTEM AND PROCEDURE FOR THE COMPLETION OF THE BARGELDVERKEHRS WITH CUSTOMERS WITHIN BANKS

Establishing a secure channel with a human user

A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user's input reflects the fact that the user knows the PIN, then the user is authenticated.

System for secured transactions over a wireless network

A system for implementing a method that books and pays a retailer having a POS connected to a transaction server storing confidential user information including a retailer identification, a user code, and a user wireless device phone number. The method includes: receiving at the transaction server, from the user wireless device which can be a cell phone, an SMS containing a retailer identification; reading at the transaction server the phone number of the wireless device communicated by the carrier transporting the SMS; authentifying the phone number and retailer identification with the stored confidential user information; sending the user confidential information to the retailer POS. The user enters on the POS the user code. The POS reads and authentifies the user code with the user confidential information received from the transaction server. The retailer enters the payment information on the POS and sends it with user information to the transaction server.

System and method for encrypted smart card pin entry

A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.

SYSTEMS AND METHODS FOR TRANSFERRING RESOURCE ACCESS

Systems and methods for transferring resource access from a sender to a recipient are disclosed that can allow a sender to specify an amount of a resource to provide access to (e.g., an amount of money or an amount of access rights), while still providing security for the sender's sensitive credential information (e.g., PAN and/or PIN). These systems and methods can allow a sender to transfer resource access from any location and at any time of the day. In the case of money transfers, the recipient can quickly and directly obtain the money from any ATM location associated with any bank and at any time of the day, even without a bank account. 1. A method comprising:receiving, at a terminal from a recipient, a request to transfer access to a resource from a sender to the recipient, the request including a token and a recipient code, wherein the token corresponds to an account identifier associated with the sender, wherein the account identifier is associated with a sender code, and wherein the sender code is associated with the recipient code;generating, by the terminal, a message using the request;transmitting, by the terminal, the message to a server computer, wherein the server computer translates the token into the account identifier and the recipient code into the sender code, and wherein the server computer processes the message using the account identifier and the sender code;receiving, by the terminal, a response to the message; andtransferring access to the resource to the recipient or denying access to the resource to the recipient based on the response.2. The method of claim 1 , wherein at least one the token or the recipient code is invalidated after transferring access to the resource to the recipient.3. The method of claim 1 , wherein access to the resource to the recipient is denied upon determining that the token is invalid at the terminal.4. The method of claim 3 , wherein the token is determined to be invalid at the terminal based on a location of ...

SYSTEM AND METHOD FOR PROVIDING LIMITED ACCESS TO DATA

A system and method for providing access to data of a first party including receiving information for identifying the first party, authenticating the first party using the received information for identifying the first party and generating a first read-only personal identification number (PIN). The first read-only PIN is associated with a first set of access rights for the data of the first party and provided to a second party. The first read-only PIN is stored with the first set of access rights in a computer database. A third party receives the first read-only PIN from the second party, authenticates the received first read-only PIN using the stored first read-only PIN and provides the second party with access to at least a portion of the data of the first party using the first set of access rights associated with the first read-only PIN if the received first read-only PIN is authenticated. 1. A system for providing access to data of a first party comprising:one or more processors; and receive a first party identifier from a first party device;', 'authenticate, using the first party identifier, the first party device;', 'receive a request for a token from the first party device;', 'generate, using a random, or pseudo-random, number generator, the token;', 'receive a second party identifier from the first party device;', 'associate the token with a second party identifier and a first set of limited access rights to access first party data;', 'store, in the database, the token;', 'send the token to a second party device associated with the second party identifier;', 'receive an attempted token from the second party device;', 'compare the attempted token to the token stored in the database to authenticate the attempted token;', 'determine that the attempted token has exceeded a predetermined number of failed authentication attempts;', 'cancel the attempted token to prevent access to the first party data;', 'receive a request for a new token from the first party ...

SYSTEM AND METHOD FOR PROVIDING LIMITED ACCESS TO DATA

A system and computer-implemented method for providing access to data of a first party including receiving information for identifying the first party, authenticating the first party using the received information for identifying the first party and generating a first read-only personal identification number (PIN). The first read-only PIN is associated with a first set of access rights for the data of the first party and provided to a second party. The first read-only PIN is stored with the first set of access rights in a computer database. A third party receives the first read-only PIN from the second party, authenticates the received first read-only PIN using the stored first read-only PIN and provides the second party with access to at least a portion of the data of the first party using the first set of access rights associated with the first read-only PIN if the received first read-only PIN is authenticated. 1. A computer-implemented method for providing access to data of a first party , the data stored in a computer database , comprising:(a) receiving information for identifying the first party;(b) authenticating the first party using the received information for identifying the first party;(c) generating a first read-only personal identification number (PIN);(d) associating the first read-only PIN with a first set of access rights for the data of the first party;(e) providing the first read-only PIN to a second party;(f) storing the first read-only PIN with the first set of access rights in the computer database;(g) receiving the first read-only PIN from the second party;(h) authenticating the received first read-only PIN using the stored first read-only PIN; and(i) providing the second party with access to at least a portion of the data of the first party using the first set of access rights associated with the first read-only PIN if the received first read-only PIN is authenticated.2. The method of claim 1 , further comprising:(a) providing the first read- ...

Same screen quick pay button

A payment button on a device, such as a mobile phone, allows the user to remain on the window or page from which an item was selected for purchase. When the user is ready to purchases, the button is selected, and the user simply enters an identifier, such as a password or PIN, and the transaction is processed. The button remains on the same screen and changes during different stages of the payment process.

SYSTEM AND METHOD FOR SELECTIVE ENCRYPTION OF INPUT DATA DURING A RETAIL TRANSACTION

A retail environment having retail terminals with data entry point devices selectively encrypts input received by the data entry point devices and passes the encrypted data to a security module. The selective encryption is based on whether or not sensitive or confidential information, such as a personal identification number (PIN) associated with a debit card, is being input. To prevent hacking of the software of the retail terminal, content destined for display on the retail terminal is authenticated prior to display. In this manner, the retail terminal may be assured that confidential information is input only when desired, and thus may be encrypted only as needed. 1. A fuel dispenser , comprising:a user interface comprising a display and one or more data entry point devices configured to receive information from a user; and determine whether content to be presented on the display of the fuel dispenser requests confidential information;', 'authenticate the content to be presented on the display during execution of the application but before being displayed by comparing indicia associated with the content to a secure copy of the indicia;', 'present the content on the display if the content is authenticated; and', 'if the content requests confidential information, encrypt data received from one or more data entry point devices for transmission to a location separate from the fuel dispenser., 'a control system configured to2. The fuel dispenser of claim 1 , further comprising at least one fuel delivery component and wherein the control system is further configured to control a delivery of fuel to the user through the at least one fuel delivery component.3. The fuel dispenser of claim 1 , wherein the control system is configured to transmit the data received from the one or more data entry point devices as unencrypted if the information requested is not confidential information.4. The fuel dispenser of claim 1 , wherein the control system is configured to determine ...

SERVICE PROVIDING SYSTEM, SERVICE PROVIDING METHOD, AND INFORMATION PROCESSING APPARATUS

A service providing system includes an application configured to provide a service to a terminal device that has made a service request including use identification information; a creator configured to create group identification information for identifying a group of the use identification information, based on a creation request from the application; an issuer configured to issue the use identification information associated with the group identification information, based on an issue request from the application, the issue request including the group identification information; and a verifier configured to verify the use identification information, based on a verification request from the application, the verification request including the group identification information and the use identification information. The application includes a verification requester configured to send the verification request to the verifier; and a process executor configured to execute a process in response to the service request, when the verification result is successful. 1. A service providing system including at least one information processing apparatus for implementing various functions of the service providing system , the service providing system comprising:an application configured to provide a service to at least one terminal device that has made a service request including a specification of use identification information;a group identification information creator configured to create group identification information for identifying a group of the use identification information, based on a creation request from the application;a use identification information issuer configured to issue the use identification information associated with the group identification information, based on an issue request to issue the use identification information from the application, the issue request including a specification of the group identification information; anda use identification ...

SYSTEM AND METHOD FOR PROVIDING LIMITED ACCESS TO DATA

A system and method for providing access to data of a first party including receiving information for identifying the first party, authenticating the first party using the received information for identifying the first party and generating a first read-only personal identification number (PIN). The first read-only PIN is associated with a first set of access rights for the data of the first party and provided to a second party. The first read-only PIN is stored with the first set of access rights in a computer database. A third party receives the first read-only PIN from the second party, authenticates the received first read-only PIN using the stored first read-only PIN and provides the second party with access to at least a portion of the data of the first party using the first set of access rights associated with the first read-only PIN if the received first read-only PIN is authenticated. 1. A system for providing limited access to data comprising:one or more processors; and receive a first identifier from a first party device, the first identifier associated with a first party;', 'authenticate the first party using the first identifier;', 'receive a first request from the first party device to generate a unique personal identification number (PIN) associated with a unique party identifier and a unique set of data access rights;', 'generate the unique PIN based on the first request;', 'provide the unique PIN to a second party device associated with the unique party identifier;', 'store, in a database, the unique PIN;', 'receive a second request from the second party device to access a first portion of data, the second request comprising an attempted PIN;', 'compare the attempted PIN with the unique PIN stored in the database to authenticate the attempted PIN;', 'determine whether the attempted PIN matches the unique PIN stored in the database;', 'responsive to determining the attempted PIN matches the unique PIN, determine whether the unique set of data access ...

ENHANCED COMMUNICATION PLATFORM AND RELATED COMMUNICATION METHOD USING THE PLATFORM

Pre-authorized communication services and/or transactions are provided via a plurality of networks in response to a request received from a user to provide at least one of a communication service, a transaction and user account information via a plurality of networks of different types. Prior to processing the request, there is verification of the user's authorization to receive the at least one of the communication service, the transaction, and the user account information, and that an account associated with the user has a sufficient amount currently available for payment of the at least one of the communication service and the transaction. After verification, an authorized account associated with the user is charged in real time as the at least one of the communication service and the transaction is provided. 1. At least one non-transitory computer readable medium encoded with processing instructions performed by at least one computer platform performing a method of providing authorized communication services or transactions using a communication network , including at least networks of different types which are external to the platform , user devices communicating with the platform via the communication network , the method comprising:accepting and processing, by the platform, a request to provide at least one of a communication service, a transaction or user account information via one of the external networks;verifying at the platform that the requestor is authorized to receive the at least one of the communication service, the transaction, or the user account information, and that an account associated with the user has a sufficient amount currently available for payment of the at least one of the communication service or the transaction; andcharging at the platform by logging transactions on a real-time basis to an authorized account associated with the user, while the platform controls an element of a corresponding one of the external networks to provide at ...

METHOD FOR USING AND MAINTAINING USER DATA STORED ON A SMART CARD

In a method for using and maintaining user data stored on a smart card, a smart card receives a user data request for the user data stored on the smart card. The smart card determines whether the user data request is a data maintenance request or a data use request. A data maintenance request is for modifying user data stored on the smart card. A data use request is for read only access to user data stored on the smart card. The smart card uses a first process to determine whether to allow the user data request when the user data request is determined to be a data maintenance request. The smart card uses a second process, different from the first method, to determine whether to allow the user data request when the user data request is determined to be a data use request. 1. A method for maintaining and using user data stored on a smart card , including: 'wherein said data includes information relating to an individual end-user of said smart card;', 'receiving, by a smart card from a terminal, a data request for data stored on said smart card,'}determining, by said smart card, whether said data request was from a home terminal and an authorized end user; andauthorizing, by said smart card, said data request if said data request is from said home terminal and from said authorized user.2. The method of further comprising:receiving, by said smart card from said terminal, instructions to make said terminal a home terminal; andproviding, by said smart card, said terminal with data indicating that said terminal is said home terminal.3. The method of wherein said determining further comprising:determining whether said data request is a maintenance request or a data use request; anddetermining, upon finding said data request is a maintenance request, whether said terminal comprises a home terminal for said smart card.4. The method of wherein said determining whether said terminal comprises a home terminal includes a cryptographic terminal recognition interaction.5. The ...

Systems and methods for network configurations of pin pads

A method of network configuration of personal identification number (PIN) pads includes obtaining a PIN pad configuration hash value for a current configuration of the PIN pad, comparing the obtained PIN pad configuration hash to a locally stored PIN pad configuration hash, upon determining that the obtained PIN pad configuration hash and the locally stored PIN pad configuration hash do not match, performing additional operations, which include requesting a new PIN pad configuration, receiving the new PIN pad configuration, receiving a new PIN pad configuration hash, and storing the PIN pad configuration hash.

Method for operating a drinks preparation machine, drinks preparation machine and method for operating an operating appliance

A method for the operation of a drinks preparation machine, for producing a total product while using a portion package includes the following steps, which are carried out by the drinks preparation machine: a receiving step for receiving, by a communication unit, an activation command for activating a certain action in the drinks preparation machine, and authentication information; an examination step for examining, on the basis of the authentication information, whether the activation command originates from an operating appliance that is authorized for activating the certain action in the drinks preparation machine; and only in the case that the operating appliance is authorized for this. carrying out the action, particularly a production step for producing the total product.

Systems and methods for network configurations of pin pads

A method of network configuration of personal identification number (PIN) pads includes obtaining a PIN pad configuration hash value for a current configuration of the PIN pad, comparing the obtained PIN pad configuration hash to a locally stored PIN pad configuration hash, upon determining that the obtained PIN pad configuration hash and the locally stored PIN pad configuration hash do not match, performing additional operations, which include requesting a new PIN pad configuration, receiving the new PIN pad configuration, receiving a new PIN pad configuration hash, and storing the PIN pad configuration hash.

COMMUNICATIONS SYSTEM FACILITATING CASH TRANSFER

A user employs a secure sign-in process via a portable device such as a smartphone to enter an app loaded into the smartphone. The user enters a personal identification number (PIN) in order to access a financial network via the app in order to request cash to be dispensed from a remote cash dispensing location such as a merchant. The network coordinates the functions of recognizing the user's requirements, keeping real-time information of participation and of amounts available from merchants, and settling commercial transactions via a clearinghouse. The user is informed of locations of merchants within a preselected distance, and selects a merchant. The system provides the merchant authentication criteria and the user provides identification information for comparison to the criteria. Authentication to the network is done without furnishing a credit card. When authorization is granted, a user is only granted a one-time token for access. This structure facilitates PCI compliance. 1. A machine-readable non-transitory medium comprising one or more instructions that when executed on a processor causes the processor to perform the steps of:receiving a user authentication credential entered in a portable interactive device by a user;transmitting the user authentication credential to a server having a stored instance of the user identification credential for comparison with the user authentication credential entered by the user and providing an authentication signal to the non-transitory medium in response to a match of the authentication credential entered by the user and the stored instance;in response to an authentication signal from the server enabling the user to enter a cash withdrawal routine;transmitting data to the server indicative of physical identification of the user;prompting a user to enter a request for an amount of cash desired to be withdrawn;transmitting user data to a server to enable the server to provide information to a financial institution;in ...

Interception of Touch Pad Events for Handling in a Secure Environment

Some examples include sending, to a secure environment, coordinates for certain touch events made to a touchscreen of an electronic device. As one example, an import address table that is accessed by an event loop of the electronic device may be modified. For instance, only those touch events that are performed within the bounds of a user interface area may be diverted to the secure environment, and all touch events outside that area may continue to be identified, such as by using operating system libraries of the electronic device. In some cases, a checksum may be generated for the import address table using a cryptographic hash function. The checksum may allow a payment application and/or a payment processing system to determine whether an unauthorized modification of the import address table is present.

SYSTEMS AND METHODS FOR TRANSFERRING RESOURCE ACCESS

Systems and methods for transferring resource access from a sender to a recipient are disclosed that can allow a sender to specify an amount of a resource to provide access to (e.g., an amount of money or an amount of access rights), while still providing security for the sender's sensitive credential information (e.g., PAN and/or PIN). These systems and methods can allow a sender to transfer resource access from any location and at any time of the day. In the case of money transfers, the recipient can quickly and directly obtain the money from any ATM location associated with any bank and at any time of the day, even without a bank account. 1. A method comprising:obtaining, by a server computer, a token corresponding to an account identifier and a recipient code associated with a sender code, the account identifier and the sender code associated with a sender, and the token and the recipient code capable of being used at only at a specific terminal;sending, by the server computer, the token and the recipient code to a recipient using a recipient identifier;receiving, by the server computer, a request to access a resource, the request including the token and the recipient code, from the specific terminal;translating, by the server computer, the token into the account identifier and the recipient code into the sender code; andprocessing, by the server computer, the request using the account identifier and the sender code.2. The method of claim 1 , further comprising:after processing the request, invalidating the token and the recipient code.3. The method of claim 2 , further comprising:after invalidating the token and the recipient code, receiving another request to access the resource, the another request including the token and the recipient code; anddeclining the another request.4. The method of claim 1 , wherein the recipient code is generated after being selected by the sender.5. The method of claim 1 , wherein the recipient identifier is associated with a ...

MODULAR MOBILE POINT OF SALE DEVICE HAVING SEPARABLE UNITS FOR CONFIGURABLE DATA PROCESSING

There are provided systems and methods for a modular mobile point of sale device having separable units for configurable data processing. A modular device may include a main unit that includes data processing features to allow for a mobile point of sale, including a data entry unit for payment data, a communication component to secure communicate that data to a centralized transaction processor, and a processing unit to receive the data and instruct the centralized to process the data with an online service provider. The module device may also be physically and communicatively coupled to additional modules that may increase the on-device functionality of the main unit, include a module to allow user input and additional modules to accept other types of transaction input. On detection of a connected unit, the main unit may secure connect to and authenticate each attached module. 1. A modular point of sale system comprising: a power source;', 'a first communication component configured to connect with a first computing device;', 'a payment card chip reader;', 'a non-transitory memory storing instructions; and', connecting with the first computing device using the first communication component;', 'determining a first available data input component for the first hardware module, wherein the first available data input component comprises the payment card chip reader;', 'determining a data input and processing operation for the modular point of sale system based on the first computing device and the first available data input component; and', 'configuring the modular point of sale system for electronic transaction processing with an online service provider based on the data input and processing operation., 'one or more hardware processors couple to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the first hardware module to perform operations comprising], 'a first hardware module comprising2. The modular point of ...

Bridge application for user pin selection

Systems and methods related to a bridge application that facilitates interoperability between a remotely-served application and locally connected peripheral devices. The bridge application may execute on a local machine and be addressable at the loop-back address of the local machine. Requests issued to the bridge application may be verified as originating from a trusted source. In turn, requests from a locally performed and remotely-served application may be issued to local hardware resources such as peripheral devices or the like.

ESTABLISHING A SECURE CHANNEL WITH A HUMAN USER

A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user's input reflects the fact that the user knows the PIN, then the user is authenticated. 18-. (canceled)9. A method of authenticating a user with a computing device , the method comprising:rendering a randomly generated identifier to the user on a display of the computing device;receiving input from the user based on the randomly generated identifier, the input being different, at least in part, from a secret identifier;determining whether the received input has a predefined relationship with respect to the randomly generated identifier and the secret identifier;conditionally authenticating the user based, at least in part, on the determination that the received input has the predefined relationship with the secret identifier.10. The method of claim 9 , wherein the computing device comprises at least one of a personal computer claim 9 , an automated teller machine claim 9 , a set-top box claim 9 , a laptop computer claim 9 , a cellular phone claim 9 , a personal digital assistant claim 9 , and a work station.11. The method of claim 9 , wherein determining whether the received input has the predefined relationship with respect to the randomly generated identifier and the secret identifier comprises:determining that the received input comprises a difference between the secret identifier and the randomly generated identifier.12. The method of ...

INFORMATION PROCESSING APPARATUS AND SECURITY CONTROL METHOD

In one embodiment, an information processing apparatus is mountable on and demountable from a docking station, and has an input device, an acquisition unit to acquire information indicating an operator for user authentication, and a processor. When the apparatus is mounted on the docking station, the processor permits acceptance of the operation input by the input device, without starting up the acquisition unit. When the apparatus is demounted from the docking station, the processor starts up the acquisition unit, and performs user authentication based on the information indicating the operator which has been acquired by the started up acquisition unit. When the operator is approved as a specific operator of the information processing apparatus, as a result of the user authentication, the processor permits acceptance of the operation input by the input device. 1. An information processing apparatus which is removably mountable on a docking station , the information processing apparatus comprising:an input device to receive an operation input;an acquisition unit to acquire information indicating an operator; and when the apparatus is removed from the docking station, start the acquisition unit and perform user authentication based on the information indicating the operator acquired when the apparatus is removed from the docking station, and', 'when the operator indicated in the information acquired when the apparatus is removed from the docking station is approved as an authorized operator of the apparatus, based on a result of the user authentication, permit the operation input to be received in the input device., 'a processor configured to2. The information processing apparatus according to claim 1 , further comprising:a connector to electrically connect the apparatus to the docking station when the apparatus is mounted on the docking station;wherein the processor is configured to determine whether or not the apparatus is mounted on the docking station, based on ...

MODULAR MOBILE POINT OF SALE DEVICE HAVING SEPARABLE UNITS FOR CONFIGURABLE DATA PROCESSING

There are provided systems and methods for a modular mobile point of sale device having separable units for configurable data processing. A modular device may include a main unit that includes data processing features to allow for a mobile point of sale, including a data entry unit for payment data, a communication component to secure communicate that data to a centralized transaction processor, and a processing unit to receive the data and instruct the centralized to process the data with an online service provider. The module device may also be physically and communicatively coupled to additional modules that may increase the on-device functionality of the main unit, include a module to allow user input and additional modules to accept other types of transaction input. On detection of a connected unit, the main unit may secure connect to and authenticate each attached module. 1. (canceled)2. A method comprising:accessing, by a first device, a first data input component available to the first device, wherein the first data input component is external to the first device;enabling a transaction processing operation of the first device to receive transaction data based on accessing the first data input component;receiving, by the first device, the transaction data from the first data input component using the transaction processing operation; andprocessing, by the first device, the transaction data with an online service provider based on the transaction processing operation.3. The method of claim 2 , wherein said accessing the first data input component comprises the first device determining that the first data input is communicatively coupled to the first data input component.4. The method of claim 3 , wherein said accessing the first data input component comprises authenticating the first data input component using a security handshake between the first device and the first data input component on a connection of the first data input component to the first device.5 ...

REMOTE ORDER AUTHENTICATION ON A KIOSK

A kiosk maintains a list of pre-paid orders. A first authentication process enables a consumer to select their order on the kiosk so as to receive the product or service that was remotely paid for via a mobile application. Authentication of the consumer selecting the order is performed based upon sending an order authentication notification to the mobile application that completed the order. If the user of the mobile application provides a positive authentication reply, the kiosk is unlocked to fulfill the order. The consumer may alternatively be authenticated by providing a personal identification number (PIN) that is associated with the order or associated with a user of the mobile application. Authentication using the PIN enables a consumer to interact with the kiosk to receive the previously ordered product or service without having to access their mobile phone or mobile application that was used to place the order. 1. A beverage vendor , comprising:a nozzle configured to dispense one or more beverage ingredients of a beverage associated with an order;a user interface configured to display a list of pending orders;a plurality of pumping or metering devices, each configured to supply a beverage ingredient from an ingredient source to the nozzle; anda controller configured to receive a selection of an order from the list of pending orders and authenticate the order for being dispensed from the nozzle, wherein upon authenticating the order, the controller is configured to initiate a pour operation of the order from the nozzle.2. The beverage vendor of claim 1 , wherein authenticating the order comprises receiving a personal identification number (PIN) code on the user interface.3. The beverage vendor of claim 2 , wherein the controller is further configured to authenticate the PIN code based on comparison with an authentic PIN maintained with the order in the list of pending orders.4. The beverage vendor of claim 2 , wherein the controller is further configured to ...

SECURITY SYSTEMS FOR PROTECTING AN ASSET

Security systems for protecting assets are described, including password-based security systems that can provide different levels of access responsive to entry of a primary or secondary password. In some versions, user-configurable security rules can provide customized responses to entry of primary or secondary passwords, including feigned or limited access, security alerts, etc. Passwords comprising overt and covert components can be used to provide enhanced security and improved user control over system response. Improved security systems involving transactions between multiple parties are also considered, with options for user-customized security rules including primary and secondary passwords, and reverse challenge and response methods. Systems for Limited Use Credentials are also disclosed to reduce the risk of identity theft. 1. A method for protecting a secure asset controlled via a user's electronic account , comprising:receiving, from a computing device, a request for access to the user's account, the request comprising information associated with a password;retrieving information pertaining to user credentials from customized security rules for the user's account, wherein the customized security rules specify that full access to the user's account requires a primary password comprising an overt password and a covert cue,determining if the overt password is correct, and if correct, thendetermining if the provided information associated with the password confirms that the required covert cue was provided, and if so, then giving full access to the user's account, otherwise giving one of feigned access, limited access, or no access to the account, according to the customized security rules.2. The method of claim 1 , wherein the covert cue comprises an action performed on a user operated device selected from the computing device or a device in a communication with the computing device claim 1 , selected from one of a predetermined timing of an action made on ...

Scenario-based security method and system

A scenario-based security method and system are provided. The scenario-based security method includes a) establishing a correspondence table, the correspondence table records an account related to a first feature code and a second feature code; b) programming a standard process and a scenario-based process, the first feature code is assigned to the standard process, and the second feature code is assigned to the scenario-based process; c) a security processing module connected to the correspondence table; and d) the standard process is performed after the security processing module receiving the first feature code, or the scenario-based process is performed after the security processing module receiving the second feature code. The present invention is to provide at least one of two scenario-based feature codes related with a single account to perform a part of normal process, thereby preventing a person held the account is maliciously attacked by a ruffian.

Digital signature authentication

A systems and methods for authenticating a consumer with a transaction card using digital signatures according to one embodiment of the invention is disclosed. These systems and methods allow consumers to digitally sign transaction information with a private key. The private key may be used to digitally sign the transaction, for example, through a hosted or local system that protects the integrity of the private key. A financial institution may authenticate the consumer by decrypting the digital signature with a public key.

ENHANCED COMMUNICATION PLATFORM AND RELATED COMMUNICATION METHOD USING THE PLATFORM

Pre-authorized communication services and/or transactions are provided via a plurality of networks in response to a request received from a user to provide at least one of a communication service, a transaction and user account information via a plurality of networks of different types. Prior to processing the request, there is verification of the user's authorization to receive the at least one of the communication service, the transaction, and the user account information, and that an account associated with the user has a sufficient amount currently available for payment of the at least one of the communication service and the transaction. After verification, an authorized account associated with the user is charged in real time as the at least one of the communication service and the transaction is provided. 1. At least one non-transitory computer readable medium encoded with processing instructions performed by at least one computer platform performing a method of providing authorized communication services or transactions using a communication network , including external networks of different types which are external to the at least one computer platform , user devices communicating with the at least one computer platform via the communication network , the method comprising:accepting and processing, by the at least one computer platform, a request from a user to provide at least one of a communication service, a transaction, or user account information via one of the external networks;verifying at the at least one computer platform that the user is authorized to receive the at least one of the communication service, the transaction, or the user account information, and that an account associated with the user has a sufficient value currently available for payment of the at least one of the communication service or the transaction; andcharging at the at least one computer platform by logging transactions on a real-time basis to an authorized account ...

ENHANCED COMMUNICATION PLATFORM AND RELATED COMMUNICATION METHOD USING THE PLATFORM

Pre-authorized communication services and/or transactions are provided via a plurality of networks in response to a request received from a user to provide at least one of a communication service, a transaction and user account information via a plurality of networks of different types. Prior to processing the request, there is verification of the users authorization to receive the at least one of the communication service, the transaction, and the user account information, and that an account associated with the user has a sufficient amount currently available for payment of the at least one of the communication service and the transaction. After verification, an authorized account associated with the user is charged in real time as the at least one of the communication service and the transaction is provided. 1. At least one non-transitory computer readable medium encoded with processing instructions performed by at least one computer platform performing a method of providing pre-authorized communication services or transactions using a communication network , including at least networks of different types which are external to the platform , user devices communicating with the platform via the communication network , the method comprising:accepting and processing, by the platform, a request to provide at least one of a communication service, a transaction or user account information via one of the external networks;verifying at the platform that the requestor is authorized to receive the at least one of the communication service, the transaction, or the user account information, and that an account associated with the user has a sufficient amount currently available for payment of the at least one of the communication service or the transaction; andcharging transactions at the platform by registering on a real-time basis, an authorized account associated with the user, while the platform controls an element of a corresponding one of the external networks to ...

System and method for providing limited access to data

A system and computer-implemented method for providing access to data of a first party including receiving information for identifying the first party, authenticating the first party using the received information for identifying the first party and generating a first read-only personal identification number (PIN). The first read-only PIN is associated with a first set of access rights for the data of the first party and provided to a second party. The first read-only PIN is stored with the first set of access rights in a computer database. A third party receives the first read-only PIN from the second party, authenticates the received first read-only PIN using the stored first read-only PIN and provides the second party with access to at least a portion of the data of the first party using the first set of access rights associated with the first read-only PIN if the received first read-only PIN is authenticated.

Mobile Account Authentication Service

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as with the use of tokens. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder's authenticity has been verified. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages via the Internet are described. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages through voice and messaging channels is also described.

Method and apparatus for secure cryptographic key storage, certification and use

A digital wallet stores a cryptographically camouflaged access-controlled datum (330), e.g., a private key encrypted under the user's PIN (300). Entry of the correct PIN will correctly decrypt the stored key (330). Entry of certain 'pseudo-valid' PINs will also decrypt the stored key, but incorrectly, resulting in a candidate key indistinguishable from the correct key (350). Such pseudo-valid PINs are spread thinly over the space of PINs, so that the valid user is unlikely to realize a pseudo-valid PIN via a typographical error in entering the correct PIN. In existing wallet technologies only the correct PIN produces a candidate key; thus, hackers can discover the correct PIN by exhaustive search.

Method and system for secure authentication

A System and method configured to provide secure Personal Identification Number (PIN) based authentication is disclosed. A passcode or PIN associated with a customer value card can be securely authenticated by an issuer prior to authorizing payment. An Access Control Server (ACS) can receive the PIN or passcode from a customer via a secure connection over a public network. The ACS can generate an encrypted PIN and can communicate the encrypted PIN to a remote issuer for authentication. The ACS can use one or more hardware security modules to generate the encrypted PIN. The hardware security modules can be emulated in software or implemented in hardware. The system can be configured such that the PIN is not exposed in an unencrypted form in a communication link or in hardware other than the originating customer terminal.

Mobile terminal, transaction terminal, and method for carrying out a transaction at a transaction terminal by means of a mobile terminal

본 발명은 이동 단말기(20)로 거래 단말기(40)에서 거래를 행하는 방법, 그러한 거래 단말기(40) 및 그러한 이동 단말기(20)에 관한 것이다. 이 방법은 거래 단말기(40)로 유저를 식별하는 단계와, 거래 단말기(40)에 대해서 유저를 인증하는 단계를 포함한다. 이 방법은 이동 단말기(20)의 입력 디바이스(22, 24)를 통해서 유저가 입력한 패스워드, 특히 PIN이 거래 단말기(40)에서 또는 상기 거래 단말기에 접속된 배경 시스템(80)에서 유저에 대해서 기억된 패스워드와 일치하는지 여부를 체크함으로써 유저를 인증하는 것을 특징으로 한다. 노멀 런타임 환경(NZ) 및 보안 런타임 환경(TZ)이 구현되는 프로세서 유닛(30)은, 이동 단말기(20) 내에 설치되고, 입력 디바이스 드라이버(34)는 보안 런타임 환경(TZ)에서 구현되며, 상기 드라이버는, 추가 처리를 행하기 위해 보안 방식으로 이동 단말기(20)의 입력 디바이스(22, 24)를 통해서, 이동 단말기(20)의 프로세서 유닛(30)의 보안 런타임 환경(TZ)에 안전하게 입력을 전송하도록 설계되어 있다. The present invention relates to a method of making a transaction at a transaction terminal 40 with a mobile terminal 20, such a transaction terminal 40 and such a mobile terminal 20. The method includes identifying a user with the transaction terminal 40 and authenticating the user with respect to the transaction terminal 40. This method is a method in which a password entered by the user through the input devices 22 and 24 of the mobile terminal 20, in particular a PIN, is stored in the transaction terminal 40 or in the background system 80 connected to the transaction terminal, And authenticates the user by checking whether or not the password matches the password. The processor unit 30 in which the normal runtime environment NZ and the secure runtime environment TZ are implemented is installed in the mobile terminal 20 and the input device driver 34 is implemented in the secure runtime environment TZ, The driver can safely input the security runtime environment TZ of the processor unit 30 of the mobile terminal 20 through the input devices 22 and 24 of the mobile terminal 20 in a secure manner to perform further processing .

Method and system for safe transaction processing

FIELD: radio engineering, communication. SUBSTANCE: invention relates to safe transaction processing means. The method includes receiving, at a server, a request to process a transaction, which comprises a mobile communication device identifier; extracting, from memory, an identifier of means of conducting a financial transaction which corresponds to the mobile communication device identified in the request; receiving, from the mobile communication device, the transaction data and a PIN code for the authorisation of the transaction through a communication channel other than the communication channel for receiving the transaction data from the said mobile device; using the received transaction data and the extracted identifier to conduct the financial transaction. The system implements the said method. EFFECT: safer and more reliable transactions using a mobile communication device. 6 cl, 5 dwg РОССИЙСКАЯ ФЕДЕРАЦИЯ (19) RU (11) (51) МПК G06Q 20/00 (13) 2 536 666 C2 (2012.01) ФЕДЕРАЛЬНАЯ СЛУЖБА ПО ИНТЕЛЛЕКТУАЛЬНОЙ СОБСТВЕННОСТИ (12) ОПИСАНИЕ (21)(22) Заявка: ИЗОБРЕТЕНИЯ К ПАТЕНТУ 2011130191/08, 18.12.2009 (24) Дата начала отсчета срока действия патента: 18.12.2009 (72) Автор(ы): Дирк Маринус БРЁЙНСЕ (ZA), Салк Йоханн БЕЗЁЙДЕНХАУДТ (ZA) (73) Патентообладатель(и): МТН Мобайл Мани СА (ПТИ) ЛТД (ZA) Приоритет(ы): (30) Конвенционный приоритет: (43) Дата публикации заявки: 27.01.2013 Бюл. № 3 R U 23.12.2008 ZA 2008/10835 (45) Опубликовано: 27.12.2014 Бюл. № 36 2007/0198432 A1, 23.08.2007. RU 2337401 C2, 27.10.2008 (85) Дата начала рассмотрения заявки PCT на национальной фазе: 25.07.2011 (86) Заявка PCT: 2 5 3 6 6 6 6 (56) Список документов, цитированных в отчете о поиске: US 2008/0249948 A1, 09.10.2008. US 2 5 3 6 6 6 6 R U (87) Публикация заявки PCT: WO 2010/073199 (01.07.2010) Адрес для переписки: 105082, Москва, Спартаковский пер., д. 2, стр. 1, секция 1, этаж 3, "Евромаркпат" (54) СПОСОБ И СИСТЕМА БЕЗОПАСНОЙ ОБРАБОТКИ ТРАНЗАКЦИИ (57) Реферат: Изобретение относится к ...

Smart card reader with secure logging feature

FIELD: data processing; security system. SUBSTANCE: invention relates to a secure smart card reader. Smart card reader enables to make reader signatures on data representative of events and actions which may be security related and which may comprise data representative of reader commands, which smart card reader receives from a host or remote application, smart card commands which smart card reader exchanges with an inserted smart card, data which smart card reader presents to user for approval, and/or configuration parameters which smart card reader applies when dealing with any of foregoing. Smart card reader may furthermore be adapted to maintain logs of certain events and actions which may comprise exchanging smart card reader commands with a host, exchanging smart card commands with an inserted smart card, and/or interactions with a user. Logs may comprise data representative of smart card reader commands which reader receives from a host or remote application, smart card commands which smart card reader exchanges with an inserted smart card, data which smart card reader presents to user for approval, and/or configuration parameters which smart card reader applies when dealing with any of foregoing. Secure smart card reader may be adapted to generate a reader signature over one or more of these logs. EFFECT: providing protection of electronic data using a smart card. 35 cl, 4 dwg РОССИЙСКАЯ ФЕДЕРАЦИЯ (19) RU (11) (13) 2 607 620 C2 (51) МПК G06F 21/55 (2013.01) G06F 21/64 (2013.01) G06F 21/77 (2013.01) G07F 7/08 (2006.01) ФЕДЕРАЛЬНАЯ СЛУЖБА ПО ИНТЕЛЛЕКТУАЛЬНОЙ СОБСТВЕННОСТИ (12) ФОРМУЛА (21)(22) Заявка: ИЗОБРЕТЕНИЯ К ПАТЕНТУ РОССИЙСКОЙ ФЕДЕРАЦИИ 2014124198, 14.11.2012 (24) Дата начала отсчета срока действия патента: 14.11.2012 (72) Автор(ы): БРАМС Харм (NL) (73) Патентообладатель(и): ВАСКО ДЭЙТА СЕКЬЮРИТИ ИНТЕРНЭШНЛ ГМБХ (CH) Дата регистрации: (56) Список документов, цитированных в отчете о поиске: US 7296149 B2, 13.11.2007. US Приоритет(ы): (30) Конвенционный ...

Method for operation of beverage-making machine, beverage-making machine and computer program

FIELD: beverage making. SUBSTANCE: invention relates to beverage-making machines for making beverages or similar products from a portion package with a small-portion package (for example, a capsule) and extractable substance (for example, coffee) contained in the small-portion package. In particular, it relates to a method for the operation of the beverage-making machine, to the beverage-making machine and to a computer program for the operation of a control device. The method for operation of beverage-making machine (1) for preparing the final product using portion package (3) contains following stages performed by beverage-making machine (1): receiving stage (81) for receiving, using connection block (15), a start command to start a certain action in beverage-making machine (1), and authentication information; verification stage (82) for verifying, based on authentication information, whether the start command occurs from control device (4a, 4b, 4c) authorized to start the specified specific action in beverage-making machine (1), such as a remote start of preparation; and, only if the control device is authorized for this: performing an action, such as preparation stage (85), to prepare the final product. EFFECT: making it easier for the user to control the beverage-making machine. 11 cl, 3 dwg РОССИЙСКАЯ ФЕДЕРАЦИЯ (19) RU (11) (13) 2 763 241 C2 (51) МПК G07F 13/06 (2006.01) ФЕДЕРАЛЬНАЯ СЛУЖБА ПО ИНТЕЛЛЕКТУАЛЬНОЙ СОБСТВЕННОСТИ (12) ОПИСАНИЕ ИЗОБРЕТЕНИЯ К ПАТЕНТУ (52) СПК G07F 13/06 (2021.08) (21)(22) Заявка: 2019122294, 19.12.2017 (24) Дата начала отсчета срока действия патента: Дата регистрации: (73) Патентообладатель(и): ЧИБО ГМБХ (DE) 28.12.2021 23.12.2016 EP 16206678.1 (43) Дата публикации заявки: 25.01.2021 Бюл. № 3 (56) Список документов, цитированных в отчете о поиске: US 2015144652 A1, 28.05.2015. EP 2768199 A1, 20.08.2014. US 2013282169 A1, 24.10.2013. RU 2553081 C2, 10.06.2015. WO 2016087190 A1, 09.06.2016. (45) Опубликовано: 28.12.2021 Бюл. № 1 (85) ...

Access card for multiple accounts

A system for ascertaining identity of a customer based on a single card carried by the customer. The card bears a machine-readable code, which is transmitted to a database at a remote location. The database locates a record associated with the code, which contains one or more account numbers. Associated with each account number is a Personal Identification Number, PIN. (It is possible that all PINs are identical.) The customer selects an account number, and is asked for a PIN. If the PIN given by the customer matches that of the account number, the customer is concluded to be the valid owner of the account, and a transaction is allowed to proceed.

Authentication method

FIELD: information technology. SUBSTANCE: method of authenticating a user to a transaction at a terminal, wherein a user identifier is transmitted from the terminal to a transaction partner via a first communication channel, and a second communication channel is used for checking an authentication function which is implemented in a mobile device of the user, and the authentication function is normally inactive and is activated by the user only preliminarily for the transaction, and, as a criterion for deciding whether the authentication to the transaction is to be granted or denied, the authentication device checks whether a predetermined time relation exists between the transmission of the user identifier and the active state of the authentication function. The authentication device is linked with the second communication channel to check the active state of the authentication function and receives a response from the second communication channel. Said response includes the information that the authentication function is active, and the authentication function is automatically deactivated. EFFECT: efficient user authentication during transactions. 26 cl, 10 dwg РОССИЙСКАЯ ФЕДЕРАЦИЯ (19) RU (11) (13) 2 576 586 C2 (51) МПК G06Q 20/32 (2012.01) G06F 21/00 (2013.01) ФЕДЕРАЛЬНАЯ СЛУЖБА ПО ИНТЕЛЛЕКТУАЛЬНОЙ СОБСТВЕННОСТИ (12) ОПИСАНИЕ (21)(22) Заявка: ИЗОБРЕТЕНИЯ К ПАТЕНТУ 2014121883/08, 30.10.2012 (24) Дата начала отсчета срока действия патента: 30.10.2012 (72) Автор(ы): АДЕНУГА Доминик (DE) (73) Патентообладатель(и): МАНИ ЭНД ДЭЙТА ПРОТЕКШН ЛИЦЕНЦ ГМБХ УНД КО.КГ (DE) Приоритет(ы): (30) Конвенционный приоритет: R U 31.10.2011 EP 11187273.5 (43) Дата публикации заявки: 10.12.2015 Бюл. № 34 (45) Опубликовано: 10.03.2016 Бюл. № 7 2 5 7 6 5 8 6 (56) Список документов, цитированных в отчете о поиске: WO 2008/052592 A1, 08.05.2008. WO 2010/043722 A1, 22.04.2010. WO 98/25371 A1, 11.06.1998. US 2008/0035725 A1, 14.02.2008. US 2006/0237531 A1, 26.10.2006. (85) Дата начала ...

System and method of secure payment transactions

提供了一种安全支付交易的系统和方法。该系统可包括：包括一个或多个处理器自适应支付服务器，被配置为：在第一通信信道上从第一通信装置接收包括第一识别信息的第一通信。自适应支付服务器可基于第一识别信息识别第二通信装置，并在可与第一通信信道分离的第二通信信道上启动与第二通信装置的第二通信。自适应支付服务器可在第二通信信道上从第二通信装置接收第二识别信息，并使用第一识别信息和第二识别信息对支付交易进行认证。

Method for acoustic two-factor authentication

FIELD: authentication. SUBSTANCE: method comprises using a manual counter for generating acoustic or another wireless signal that represents a digital signature, receiving the signal by a receiver in a bank that requests the PIN code to access to the bill, introducing the PIN code by a user into the receiver in which the signal from the counter is coded with the PIN code, and sending the coded signal to the bank computer through an unsafe line because it is no way to verify that the PIN code is true without the key stored in the computer. EFFECT: enhanced safety. 30 cl 2313916 С2 КО РОССИЙСКАЯ ФЕДЕРАЦИЯ 22 7 #7 #7 2777 7 (19) (11) < ма а 5% (13) <\ “а За ВО < < У С Е МА С2 Знублиховано на СО-ВОМ: МЕМОЗА КВТ 2007/3800 КВ127360 ФЕДЕРАЛЬНАЯ СЛУЖБА ПО ИНТЕЛЛЕКТУАЛЬНОЙ СОБСТВЕННОСТИ (12) ИЗВЕЩЕНИЯ К ПАТЕНТУ НА ИЗОБРЕТЕНИЕ ММАА Досрочное прекращение действия патента из-за неуплаты в установленный срок пошлины за поддержание патента в силе Дата прекращения действия патента: 13.02.2011 Дата публикации: 20.12.2011 Стр.: 1 эгбесзтЕ&с ПЧ с»

Smart card pin system, card, and reader

A smart card, smart card reader, and system for secure entry of a secret personal identification number (PIN) directly into the smart card while the card is presented to the reader. Because the user's PIN is entered directly into the smart card, authenticated directly by the smart card itself, and not propagated outside the smart card, the PIN cannot be covertly obtained through the use of a compromised reader or other device in the system. A PIN keypad on the smart card allows user entry of the PIN, and an authentication unit within the smart card verifies that the PIN is correct. The reader merely supplies electrical power for the smart card to take the PIN entry and perform the authentication, but does not handle the PIN itself in any way. The reader, however, is designed to allow access to the keypad on the smart card while the smart card is being presented. The smart card keypad may have identifying indicia, or alternatively may be not visible, so that photographs, logos, etc., placed on the smart card will not be obscured. In this case, the reader has an overlaying surface with the identifying indicia for the keypad. The reader may also have a separate keypad of its own for use with conventional smart cards that lack a keypad.

BEVERAGE MAKING MACHINE OPERATING METHOD, BEVERAGE MAKING MACHINE AND COMPUTER PROGRAM

РОССИЙСКАЯ ФЕДЕРАЦИЯ (19) RU (11) (13) 2019 122 294 A (51) МПК G07F 13/06 (2006.01) ФЕДЕРАЛЬНАЯ СЛУЖБА ПО ИНТЕЛЛЕКТУАЛЬНОЙ СОБСТВЕННОСТИ (12) ЗАЯВКА НА ИЗОБРЕТЕНИЕ (21)(22) Заявка: 2019122294, 19.12.2017 (71) Заявитель(и): ЧИБО ГМБХ (DE) Приоритет(ы): (30) Конвенционный приоритет: 23.12.2016 EP 16206678.1 (85) Дата начала рассмотрения заявки PCT на национальной фазе: 23.07.2019 R U (43) Дата публикации заявки: 25.01.2021 Бюл. № 3 (72) Автор(ы): ХАРТМАН Дорен (DE), ЛИ Хосун (DE), ФРАНКЕ Доминик (CH) (86) Заявка PCT: (87) Публикация заявки PCT: WO 2018/114996 (28.06.2018) R U (54) СПОСОБ РАБОТЫ МАШИНЫ ПО ПРИГОТОВЛЕНИЮ НАПИТКОВ, МАШИНА ПО ПРИГОТОВЛЕНИЮ НАПИТКОВ И КОМПЬЮТЕРНАЯ ПРОГРАММА (57) Формула изобретения 1. Способ работы машины (1) по приготовлению напитков для приготовления конечного продукта с использованием порционной упаковки (3), причем машина (1) по приготовлению напитков содержит блок (15) соединения, выполненный с возможностью беспроводного соединения, при этом способ содержит по меньшей мере следующие этапы, выполняемые машиной (1) по приготовлению напитков: - этап (81) получения для получения, с помощью блока (15) соединения, команды на запуск для запуска определенного действия в машине (1) по приготовлению напитков и аутентификационной информации; - этап (82) проверки для проверки, на основе аутентификационной информации, происходит ли команда на запуск от устройства (4a, 4b, 4c) управления, авторизованного для запуска указанного определенного действия в машине (1) по приготовлению напитков, такого как удаленный запуск приготовления; и, лишь в случае, если устройство управления авторизовано для этого: - выполнение указанного действия, такого как этап (85) приготовления, для приготовления конечного продукта. 2. Способ по п. 1, в котором машина (1) по приготовлению напитков выполнена с возможностью беспроводного соединения с несколькими устройствами (4a, 4b, 4c) управления, причем указанным устройствам управления назначены различные полномочия, при этом ...

Payment apparatus and method

인증된 POS(point of sale) 거래들에 대한 안전 지불 시스템은 사용자가 휴대폰(mobile phone)(115)과 같은 휴대 기기(handheld device)를 이용하여 전자적으로 지불할 수 있도록 한다. 신뢰 정보 필요(confidential information need)가 휴대 기기상에 유지되지 않으며, 모든 금융 데이터는 지불 장치내에 유지된다. 단거리(short-range) 무선 연결이 휴대 기기(115)에 제공되며 사용자는 거래를 시작하기 위해 PIN을 입력하기만 하면 된다. 시스템은 클라이언트 기기9100)과 서버 기기(110)를 포함한다. 서버 기기(110)는, 예를 들면 거래 영수증과 지불 방법에 관한 맞춤(customization)을 가능하게 하는 사용자 프로필을 유지한다. 거래 영수증은 미리 선택된 장소, 예를 들면, 이메일이나 SMS로 전송되어질 수 있으며, 사용자에 대한 부가적인 보안 체크를 제공한다. The secure payment system for authenticated point of sale transactions allows the user to make electronic payments using a handheld device such as a mobile phone 115. No credential information need is maintained on the portable device and all financial data is kept in the payment device. A short-range wireless connection is provided to the mobile device 115 and the user only needs to enter a PIN to initiate a transaction. The system includes a client device 9100 and a server device 110. The server device 110 maintains, for example, a user profile that enables customization of transaction receipts and payment methods. The transaction receipt can be sent to a preselected location, for example by email or SMS, providing an additional security check for the user.

Systems and methods for transferring resource access

Systems and methods for transferring resource access from a sender to a recipient are disclosed that can allow a sender to specify an amount of a resource to provide access to (e.g., an amount of money or an amount of access rights), while still providing security for the sender's sensitive credential information (e.g., PAN and/or PIN). These systems and methods can allow a sender to transfer resource access from any location and at any time of the day. In the case of money transfers, the recipient can quickly and directly obtain the money from any ATM location associated with any bank and at any time of the day, even without a bank account.

Mobile account authentication service

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as with the use of tokens. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder's authenticity has been verified. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages via the Internet are described. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages through voice and messaging channels is also described.

Systems and methods for secure authentication of electronic transactions

An online transaction system configured to implement authentication methods that allow for strong multi-factor authentication in online environments. The authentication methods can be combined with strong security methods to further ensure that the authentication process is secure. Further, the strong multi-factor authentication can be implemented with zero adoption dependencies through the implementation of automated enrollment methods.

Secure pin entry using personal computer

It is a process that allows a user to make secure PIN-based transactions using his personal computer. The steps are: a) Preparing transaction data b) Storing it in non-volatile memory, c) Restarting or hibernating the computer, d) Booting into a secure, un-networked, environment from a bootable media or device; this bootable media or device must be sufficiently difficult to counterfeit and sufficiently difficult to tamper with the data stored in it and optionally difficult to copy, e) Securely launching the secure PIN entry software, f) Loading transaction data from the non-volatile memory, g) Presenting the transaction data to the user and optionally allowing the user to modify and/or complete it, h) Secure PIN entry resulting in an encrypted PIN block and/ or enabling the use and/or the generation of the appropriate keys for creating message au­thentication code(s) and/or cryptogram(s) and/or digital signature(s) according to the transaction security standards; The user can also enter a password to enable secure access to password encrypted secret keys, private keys and confidential data; The user can also enter secure in­formation to update his records in the server side system, like a user choosable CVV2/CVC2 or new 3D Secure password , i) Storing the secured transaction request in non-volatile memory, j) Restarting the computer back to normal operation, k) Loading the secured transaction request from non-volatile memory, 1) Sending the transaction for authorization, m) Receiving the response, n) Presenting the response to the user and optionally storing it. The process radically protects the user from any malicious software that might affect the security of PIN entry; it dra­matically reduces the user responsibilities to physical security considerations only, like those in ATM transactions. The user should use a personal computer that he is knows that it does not contain malicious hardware; this could easily be his own notebook or PC at home. He should still ...

Time-varying security code for enabling authorizations and other uses of financial accounts

A portable device is provided that carries account data. The account data may include a security code having a value that is time-varying. The value of the security code may be programmatically varied based on at least one of an algorithm or event. Authorization and use of the account may be sought from an authorization agent using the account data provided on the portable device.

Electronic card

(57)【要約】本公報は電子出願前の出願データであるた め要約のデータは記録されません。

Method and system for increasing security when creating electronic signatures using a chip card

The present invention relates to a method and a system for increasing security in the case of digital signatures using a chip card. The inventive method and system provide, in particular, for visual verification of the data to be signed or select important data therefrom in order to ensure trustworthy signing. The method for increasing security when digitally signing data with a chip card has the following steps of: providing a chip card (5) having an integrated display (51), providing a terminal (2) and a chip card reading and writing device (4) for transmitting data to be signed from the chip card (5) to the terminal (2) and from the terminal to the chip card, establishing data transmission between the chip card (5) and the terminal (2), wherein the display (51) is essentially visible to a user while data are being transmitted between the terminal (2) and the chip card (5), initiating a signature process, transmitting the data to be signed to the chip card (5), wherein the important data have been marked or are marked, and selecting the marked data, displaying the selected data on the display (51) of the chip card and signing the data to be signed, wherein the signature is transmitted from the chip card (5) to the terminal (2).

Method and system for increasing security when creating electronic signatures using a chip card

Mobile terminal, transaction terminal, and method for carrying out a transaction at a transaction terminal by means of a mobile terminal

The invention relates to a method for carrying out a transaction at a transaction terminal (40) by means of a mobile terminal (20), to such a transaction terminal (40), and to such a mobile terminal (20). The method has the step of identifying a user by means of the transaction terminal (40) and the step of authenticating the user with respect to the transaction terminal (40). The method is characterized in that the user is authenticated by checking whether a password, in particular a PIN, which is entered by the user via an input device (22, 24) of the mobile terminal (20) matches a password which is stored for the user in the transaction terminal (40) or in a background system (80) that is connected to said transaction terminal. A processor unit (33) in which a normal runtime environment (NZ) and a secured runtime environment (TZ) are implemented is provided in the mobile terminal (20), wherein an input device driver (34) is implemented in the secured runtime environment (TZ), said driver being designed to transmit inputs via the input device (22, 24) of the mobile terminal (20) to the secured runtime environment (TZ) of the processor unit (33) of the mobile terminal (20) in a secured manner for further processing.

System and method to facilitate separate cardholder and system access to resources controlled by a smart card

This invention provides a mechanism, which allows a user's personal identification number (PIN) to operate independently from a biometric authentication system. This improvement reduces the administrative burden of having to keep a user's PIN synchronized with the PIN used to access the user's smart card following successful biometric authentication. The first embodiment of the invention incorporates a cryptographic interface, which bypasses the PIN entry and allows the biometric authentication system to directly access card resources. The second embodiment of the invention provides a second system PIN having greater bit strength than the cardholder PIN. Both embodiments of the invention retrieve secrets (either a cryptographic key or system PIN) from a biometric database by comparing a processed biometric sample with known biometric templates. The biometric authentication system incorporates a client-server architecture, which facilitates multiple biometric authentications.

Portable electronic charge and authorization devices and methods therefor

一种便携式交易装置，它允许用户面对电子交易系统的一个付费卡终端进行付费卡交易。所述付费卡终端被这样配置：为了进行所述付费卡交易的目的而跟一张付费卡进行通信。付费卡是磁条卡和电子智能卡二者当中的一种，便携式交易装置包括一张仿真卡，它具有仿真卡接口。该仿真卡接口对所述付费卡的接口进行仿真。付费卡的接口便于在付费卡以及付费卡终端之间进行通信。还包括一个便携式仿真卡配置装置，它被安排跟所述仿真卡配合使用，上述装置又包括一个存储器，它被配置去存储属于该用户的第1付费卡的第1付费卡数据，以及一种验证机制。便携式仿真卡配置装置被配置成这样：若该用户通过所述验证机制已被验证，则将第1付费卡数据从存储器写入到仿真卡中去，由此允许所述仿真卡通过所述仿真卡接口而出现，经过写入之后，并且为了进行所述交易的目的，像所述第1付费卡与所述付费卡终端(的关系)那样，并且使付费卡终端从仿真卡读入第1付费卡数据，以便进行付费卡交易。

Portable information processing device with password verification function

Security token

公开了安全令牌、安全系统和认证客户端的方法。安全令牌包括：一次性口令机制，用于提供一次性口令功能；公钥机制，用于提供针对一次性口令功能的公钥功能；以及与主机的有线通信装置，用于将安全令牌连接到主机并用于向安全令牌提供至少公钥机制运行所需要的电力，从而能够通过安全令牌提供一次性口令功能和/或公钥功能。

Mobile account authentication service

지불자 인증 서비스는 온라인 거래동안 지불자의 신원을 인증한다. 상기 인증 서비스는 카드 발행자가 토큰의 이용과 같은 다양한 인증 방법을 이용하여 카드 보유자의 신원을 확인하는 것을 허용한다. 온라인 거래 동안 카드보유자의 신원을 인증하는 것은 카드 보유자가 지불 인증 서비스에 등록되었는지를 결정하는 접근 제어 서버를 조회하는 것, 카드 보유자로부터 비밀번호를 요청하는 것, 비밀번호를 확인하는 것, 그리고 상기 카드보유자의 인증이 확인되었는지를 머천트에게 공지하는 것을 포함한다. 카드 보유자가 인터넷을 통해 메시지를 전송할 수 있는 이동 장치를 이용하는 곳에서 인증 서비스를 구현하기 위한 시스템들이 설명된다. 카드 보유자가 음성 및 메시징 채널을 통해 메시지를 전송할 수 있는 이동 장치를 이용하는 곳에서 인증 서비스를 구현하기 위한 시스템이 또한 설명되었다. The payer authentication service authenticates the payer's identity during the online transaction. The authentication service allows the card issuer to verify the identity of the cardholder using various authentication methods, such as the use of tokens. Authenticating a cardholder's identity during an online transaction may include querying an access control server that determines if the cardholder is registered with the payment verification service, requesting a password from the cardholder, verifying the password, and the cardholder Informing the merchant whether the authentication of the has been confirmed. Systems are described for implementing an authentication service where a cardholder uses a mobile device capable of sending messages over the Internet. A system for implementing an authentication service has also been described where cardholders use mobile devices capable of sending messages over voice and messaging channels.

Methods and apparatus for securely encrypting data in conjunction with a personal computer

An encryption module for encrypting financial and other sensitive data may be conveniently interposed in series between a personal computer and the keyboard associated therewith. An application program designed to run on the PC is configured to prompt the user to enter his PIN or other confidential data into the encryption module; consequently the confidential data need not be transmitted in an unencrypted fashion, and need not reside on the PC hard drive in an unencrypted form.

Electronic access control device

An electronic lock utilizes two microprocessors remote from each other for enhanced security. The first microprocessor is disposed close to an input device such as a keypad, and the second microprocessor is disposed close to the lock mechanism and well protected from external access. The first microprocessor transmits a communication code to the second microprocessor when it receives via the input device an access code that matches a preset access code. The second microprocessor opens the lock if the transmitted communication code matches a preset communication code. The dual-microprocessor arrangement is advantageously used in a voice controlled access control system and in a motorcycle ignition control system. The present invention further provides an electronic access control system which has a master electronic key having a preset number of access, and an electronic alarm system for a bicycle that has a remote control mounted in the helmet of the rider.

Methods of exchanging secure messages

The invention enables a registered PEAD user to exchange a secure message with another registered PEAD user by using the user ID and the user public key information in the server. The sender can retrieve the public key information from the server 1201 using the receiver's user ID as an index; then the sender can derive the shared secret using the receiver's public key. The sender then can encrypt the message with the shared secret and send it over to a server with the other PEAD user's (receiver's) ID appended with the sender's user ID over the wireless network and/or Internet. The server then stores the message and forwards the message to the receiver once the receiver's PEAD is polling for messages. (It is understood in the art that the server can push the messages to the receiver's PEAD). The receiving PEAD user can use the sender's PEAD user ID and sender's public key information to derive the shared secret to decrypt a received secure message. Once a shared secret is computed or established by protocol between two users, that shared secret can be saved in the PEAD for future communication encryption/decryption usage.

Financial transaction processing system

The automated method of the present invention provides an efficient arrangement for setting certain financial transactions using a debit point of sale transaction network, as opposed to routing over a credit network. The method and arrangement uses an onsite database of bank identification numbers to conduct a preliminary assessment of whether a particular card is debit capable, and appropriately processes the transaction information based on the preliminary assessment. The system preferably is also updated when a financial transaction is successfully completed as a debit transaction which the database did not initially identify as being debit capable. In this way, the database is continuously updated and over time, a more accurate database is achieved. The system can also be networked, such that information between databases is shard and improved, based on the network experience.

DEVICE FOR PROCESSING DATA FROM CONTACTLESS MEMORY CARD, METHOD AND CORRESPONDING COMPUTER PROGRAM

L'invention se rapporte à un dispositif de traitement de données (1) en provenance de carte à mémoire sans contact, ledit dispositif comprenant au moins un lecteur de carte à mémoire sans contact. Un tel dispositif comprend : - des moyens d'acquisition de données d'entrée (2) en provenance d'un périphérique de saisie ; - des moyens de traitement d'au moins une séquence d'une transaction initialisée à partir de données issues d'une carte sans contact ; - des moyens de sélection (3) d'un mode de fonctionnement, comprenant au moins deux états : ▪ un état, dit état d'inactivation, dans lequel lesdits moyens de traitement et ledit au moins un lecteur de carte à mémoire sont inactifs ; ▪ un état, dit état d'activation, dans lequel lesdits moyens de traitement sont actifs et dans lequel des données d'entrées saisies par l'intermédiaire dudit périphérique de saisie sont contrôlés par lesdits moyens de traitement. The invention relates to a data processing device (1) originating from a contactless memory card, said device comprising at least one contactless memory card reader. Such a device comprises: - means for acquiring input data (2) coming from an input peripheral; - Means for processing at least one sequence of a transaction initiated from data from a contactless card; - selection means (3) of an operating mode, comprising at least two states: ▪ a state, called inactivation state, in which said processing means and said at least one memory card reader are inactive; ▪ a state, called activation state, in which said processing means are active and in which input data entered via said input device are checked by said processing means.

TRANSACTION AUTHORIZATION METHOD AND DEVICE

L'invention concerne un procédé d'autorisation d'une transaction réalisée via un réseau informatique et à partir d'un premier terminal (A), ledit procédé comprenant :. la lecture d'une information personnelle (PAN) présente sur une carte (C) à partir d'un lecteur (L) de cartes du premier terminal (A). et l'entrée d'un code d'identification personnel (PIN1) sur une interface (CL) dudit premier terminal (A),le code d'identification personnel (PIN1) étant authentifié par comparaison à un code de référence (PIN) qui est lié à ladite information personnelle (PAN), pour autoriser la réalisation de la transaction,caractérisé en ce que :. le procédé comprend préalablement à l'entrée du code d'identification personnel (PIN1) une étape de génération dudit code d'identification, à partir :> d'un mot de passe généré à validité limitée (OTP) et> dudit code de référence (PIN),. ledit code d'identification personnel (PIN1) étant un code à validité limitée, différent du code de référence (PIN).L'invention concerne également un terminal pour al mise en oeuvre d'un tel procédé. The invention relates to a method for authorizing a transaction performed via a computer network and from a first terminal (A), said method comprising: reading a personal information (PAN) present on a card (C) from a reader (L) of cards of the first terminal (A). and entering a personal identification code (PIN1) on an interface (CL) of said first terminal (A), the personal identification code (PIN1) being authenticated by comparison with a reference code (PIN) which is linked to said personal information (PAN), to authorize the realization of the transaction, characterized in that:. the method comprises, prior to the entry of the personal identification code (PIN1), a step of generating said identification code, from:> a password generated with limited validity (OTP) and> said reference code (PINE),. said personal identification ...

Electric key recognition system - is for controlling personnel entrance or credit card and uses key containing active or passive programmable memory

The coded key recognition system has a reading unit which is designed to read and authenticate the code carried on the key. The key (1) has an electronic circuit on it and a circuit connection part (5). The key code is inscribed on the circuit. The reading unit also has a circuit connection element (6) into which they keys connection element (5) is fitted. A logic circuit (8) checks the code carried by the key by comparing this code with a comparison circuit (UC). The output signal of the comparison circuit (UC) verifies the key (1) connected to the reading circuit. The electronic circuit in the key (1) consists of a programmable memory with a matrix of passive elements such as resistances or diodes.

ELECTRONIC IDENTIFICATION DEVICE

Patent FR2389284B1

Keys and locks using microprocessors

The key is in the form of a cylindrical rod into which a microprocessor is introduced. This microprocessor communicates with the interface of the lock, it records the time breakdown of the opening and closing of locks controlled by this key. The locks accessible to the key, as well as the time breakdown allowed and the other restrictions are stored in the microprocessor. The user enters his code number into the key, by a push button, just before he uses it. This code number is received by a temporary memory which is erased after a few minutes of operation.

METHOD FOR PROCESSING TRANSACTIONAL DATA, COMMUNICATION TERMINAL, CARD READER AND CORRESPONDING PROGRAM.

L'invention se rapporte à une méthode de traitement de données transactionnelles, méthode mise en œuvre par l'intermédiaire d'un terminal de communication (TC) disposant d'un écran tactile (Tac), méthode du type comprenant une saisie, au cours d'une transaction, sur ledit écran tactile (Tac) dudit terminal de communication (TC), une donnée d'identification personnelle (DIP) d'un utilisateur, la méthode comprenant, au niveau du terminal de communication (TC) : - une étape de détection (10) d'une nécessité de saisie d'une donnée d'identification personnelle (DIP) ; - une étape de transmission (20), à un lecteur de cartes (LecC) connecté au terminal de communication (TC), d'une requête (RqP) de prise en charge d'affichage d'un clavier virtuel (VK) ; - une étape de saisie (30), sur ledit clavier virtuel (VK), par ledit utilisateur, de la donnée d'identification personnelle (DIP) ; - une étape de réception (40), de la part du lecteur de cartes (LecC), de ladite donnée d'identification personnelle (DIP). The invention relates to a method of processing transactional data, method implemented via a communication terminal (TC) having a touch screen (Tac), method of the type comprising an input, during a transaction, on said touch screen (Tac) of said communication terminal (TC), personal identification data (DIP) of a user, the method comprising, at the level of the communication terminal (TC): - a step of detecting (10) a need to enter personal identification data (DIP); - a step of transmission (20), to a card reader (LecC) connected to the communication terminal (TC), of a request (RqP) to support display of a virtual keyboard (VK); - a step of entering (30), on said virtual keyboard (VK), by said user, the personal identification data (DIP); - A reception step (40), from the card reader (LecC), of said personal identification data (DIP).

Patent FR2311365B1

Control of access to data processing installation, uses transformation of entered code and stored access code so comparison is carried out on transformed rather than actual codes

Access to a functionality of a smart card is through entry of a secret access code (CS), which is preprocessed (E2) to generate a transformed secret code (CST). The internally stored version of the access code is also transformed (E6), and the comparison process that may be observed by energy consumption attack is performed on the transformed codes, so only the transformed code can be detected.

METHOD OF VERIFYING A CODE IDENTIFYING A BEARER, CHIP CARD AND TERMINAL RESPECTIVELY PROVIDED FOR IMPLEMENTING SAID METHOD.

La présente invention concerne un procédé de vérification d'un code identifiant un porteur, dans le cadre d'une procédure d'authentification du porteur, le porteur disposant d'un terminal utilisateur contenant une carte bancaire, la carte bancaire communiquant avec un terminal de paiement disposant d'un afficheur.Selon l'invention, ledit procédé est caractérisé en ce qu'il comprend les étapes suivantes :- une étape de génération d'une matrice de transposition de l'alphabet dont est issu le code ;- une étape d'affichage par le terminal de paiement de la matrice de transposition générée ;- une étape de saisie sur le terminal utilisateur du code transposé correspondant au code identifiant le porteur transposé conformément à la matrice affichée ;une étape de confrontation du code transposé et du code original stocké dans le système.La présente invention concerne également une carte à puce et un terminal respectivement prévus pour la mise en oeuvre dudit procédé. The present invention relates to a method of verifying a code identifying a bearer, as part of a carrier authentication procedure, the bearer having a user terminal containing a bank card, the bank card communicating with a terminal of According to the invention, said method is characterized in that it comprises the following steps: a step of generating a transposition matrix of the alphabet from which the code is derived; displaying by the payment terminal the generated transposition matrix; - an inputting step on the user terminal of the transposed code corresponding to the code identifying the carrier transposed in accordance with the displayed matrix; a step of comparing the transposed code and the code; The present invention also relates to a chip card and a terminal respectively provided for implementing said method. dice.

Semiconductor memory device e.g. card with SRAM and EEPROM - uses memory to store data attributes and data, buffer circuit and control memory banks

The memory device includes a common memory(1) for storing processed data. An attribute memory(2) for storing data attributes. A buffer circuit(3,4) connected between a bus of the common memory and a bus of the attribute memory. A control unit(27) is connected to the bus of the common memory and to the bus of the attribute memory to permit access to the common and attribute memories and to control the connection/isolation of the buffer circuits. ADVANTAGE - Protects integrity of stored data against misuse.

Patent FR2353103B1

Patent FR2444975B1

DEVICE FOR PROCESSING DATA FROM CONTACTLESS MEMORY CARD, CORRESPONDING COMPUTER PROGRAM AND METHOD

L'invention se rapporte à un dispositif de traitement de données (1) en provenance de carte à mémoire sans contact, ledit dispositif comprenant au moins un lecteur de carte à mémoire sans contact. Un tel dispositif comprend : - des moyens d'acquisition de données d'entrée (2) en provenance d'un périphérique de saisie ; - des moyens de traitement d'au moins une séquence d'une transaction initialisée à partir de données issues d'une carte sans contact ; - des moyens de sélection (3) d'un mode de fonctionnement, comprenant au moins deux états : ▪ un état, dit état d'inactivation, dans lequel lesdits moyens de traitement et ledit au moins un lecteur de carte à mémoire sont inactifs ; ▪ un état, dit état d'activation, dans lequel lesdits moyens de traitement sont actifs et dans lequel des données d'entrées saisies par l'intermédiaire dudit périphérique de saisie sont contrôlés par lesdits moyens de traitement. The invention relates to a data processing device (1) from a contactless memory card, said device comprising at least one contactless memory card reader. Such a device comprises: input data acquisition means (2) originating from an input device; means for processing at least one sequence of an initialized transaction from data from a contactless card; - Selection means (3) of an operating mode, comprising at least two states: ▪ a state, said inactivation state, wherein said processing means and said at least one memory card reader are inactive; ▪ a state, said activation state, wherein said processing means are active and wherein input data input through said input device are controlled by said processing means.

INFORMATION PROCESSING SYSTEM PROTECTING THE SECRET OF CONFIDENTIAL INFORMATION

Système de traitement d'informations protégeant le secret d'informations confidentielles. Ce système comprend un dispositif auxiliaire relié à une machine de traitement d'informations du système par un dispositif de transmission. Le dispositif auxiliaire comprend des moyens de mémorisation d'une clé, des moyens de comparaison et une pluralité d'éléments de contact reliés respectivement aux moyens de comparaison par une connexion intégrée transmettant un code confidentiel introduit dans le dispositif auxiliaire par contact extérieur avec la pluralité d'éléments. Un signal de validation d'accès à la machine est engendré à la sortie des moyens de comparaison et transmis à la machine par le dispositif de transmission lorsque le code confidentiel est identique à la clé. Application : Le dispositif auxiliaire est une carte de crédit et/ou de débit dans le cas d'application au traitement bancaire. Information processing system protecting the secrecy of confidential information. This system comprises an auxiliary device connected to an information processing machine of the system by a transmission device. The auxiliary device comprises means for memorizing a key, comparison means and a plurality of contact elements respectively connected to the comparison means by an integrated connection transmitting a confidential code introduced into the auxiliary device by external contact with the plurality of elements. A machine access validation signal is generated at the output of the comparison means and transmitted to the machine by the transmission device when the confidential code is identical to the key. Application: The auxiliary device is a credit and / or debit card in the case of application to bank processing.

Access authentication device for information system e.g. enterprises internal network, has stand-alone mobile component with photosensitive sensor to detect sequence of images displayed by user terminal for inferring variable access

The device has a security server (10) generating an access variable, such as bar code, when it receives a connection request from a user terminal (30). The server transmits the access variable to the user terminal in a form of an image or a sequence of images, or a bar code. A stand-alone mobile component has a photosensitive sensor to detect the image or sequence of images displayed by the user terminal for inferring the access variable. An independent claim is also included for a process of authentication using a unique password.

PROCESS FOR SECURING FINANCIAL TRANSACTIONS, CARD AND PAYMENT TERMINAL IMPLEMENTING THIS PROCESS

METHOD AND DEVICE FOR MANAGING TRANSACTIONS USING MICROCIRCUIT CARDS.

Electronic identification device

The device comprises a key including a passive memory area 108, 109 and a shift register 102, the code contained in the passive area being intended to be transferred into the shift register 102 when the key is inserted into a lock, so that the said code may be transferred from the shift register into the lock in order to be compared there with a reference code contained in the lock. The key comprises a circuit 123 provided with a counter 124, 125 which is incremented each time voltage is applied to the key and with a system 126, 127, 128 for setting the counter 124, 125 back to zero when the code is successfully transferred out of the key, in such a way that after a number, determined by the counter, of unsuccessful transfer attempts, the passive memory area 108, 109 is destroyed by the output signal sent out by the counter 124, 125.

METHOD OF VERIFYING A CODE IDENTIFYING A BEARER, CHIP CARD AND TERMINAL RESPECTIVELY PROVIDED FOR IMPLEMENTING SAID METHOD.

Security module for secure comparison of an authentication code with one stored in memory has additional auxiliary registers in which randomly chosen data words are placed for use in authenticating the code in the main registers

Procedure and device for comparison of a security code, such as a PIN, that is entered into some form of verifier with a code that is stored in secure memory. The device includes two extra auxiliary registers that are used with the main registers that the security code from secure memory and the code entered to be validated in a manner to prevent fraudulent discovery of the security code. Procedure for comparison of two registers involves use of two extra auxiliary registers in which a number of words (or bytes) are stored where the words are defined randomly by logic elements. A first sum is then calculated using these random values. The respective words in the main memory registers are compared two by two and then one of the words of the auxiliary registers is selected at random and modified by a first predetermined value if the main register words are the same and by a second predetermined value if the words are different. A second sum is then calculated using the auxiliary registers. This sum is then modified by a value equal to the first sum multiplied by the number of words in the main memory registers. When the two sums are equal the contents of the two main registers are the same, when different the main register contents are different.

Personal identification number code verifying method for authorizing transaction between e.g. chip card and payment terminal, involves verifying whether control value is identical to random number corresponding to selected order number

The method involves recuperating a code referred by a user, when a remainder real number is different from zero. A control value is calculated, from a result corresponding to a selected order number, through inverse function of a bijective function e.g. data encryption standard (DES) function by using the code as an inverse function specifying parameter. The calculated value is stored, and the real number is decremented. The decremented number is stored as remainder theoretical number. Verification is made whether the value is identical to random number corresponding to the selected number.

Method and apparatus for managing a transaction using a microcircuit card

TERMINAL OF PAYMENT, METHOD AND PROGRAM

Method and system of contactless interfacing for smart card banking

A method and system of smart card banking utilizes a contactless communication interface, such as infrared or a wireless or radio frequency interface, including, for example, a proximity interface. A contactless communication is initiated for a smart card user between a smart card application and the on-line system of a financial institution, such as a bank, the system verifies authorization for the communication, the information is communicated for the user to the on-line system. The contactless communication is initiated, and the information is communicated, for example, between a contactless interface transceiver of a personal data assistant, into which the smart card is inserted, and the contactless interface transceiver of an on-line terminal. Alternatively, the contactless communication is initiated, and the information is communicated between a contactless interface transceiver of the smart card and the contactless interface transceiver of the terminal.

System and method for authenticated payment terminal display prompt control

This disclosure provides various embodiments of systems and methods for secure communications. In one aspect, the system for secure communications in a retail environment (105) comprises a first display for presenting content to a customer, a first secure payment module (305) comprising a first data entry device (355) and a first secure processor (360), and a first controller (325). In some instances, the first controller (325) is communicably coupled to the first display (310) and the first secure payment module (305). Additionally, the first controller (325) may be adapted to authenticate the first secure payment module (305), establish a secure communications link between the first controller (325) and the first secure payment module (305), receive a first source of content, provide a portion of the content to the first display (310), and selectively enable or disable the first data entry device (355).

Methods and apparatus for securely encrypting datain conjunction with a personal computer

Electronic Access Control Device and Management System

A mobile electronic control device, such as an electronic key, is used to access or otherwise control the operations of a field device, such as an appliance, power tool, shipping container, etc. In a control event in which the mobile control device interacts with the field device via wired or wireless communications, the control device obtains the current location and the field device ID. The communications between the mobile control device and the field device may be secured with encryption. The location information is used by the mobile control device to determine whether the field device should be accessed or enabled. Alternatively, the location information may be stored separately in a location sensing device, and the control event data recorded by the key and the location information recorded by the location sensing device are later combined when they are downloaded into a management system for auditing. Moreover, an electronic access control device is disclosed comprising two microprocessors.

Software security system and method for PIN entry, storage and transmission to software-based POS (SoftPOS).

POS yazılımları vasıtasıyla ödeme alan mobil cihazların (1) limit üzeri işlemlerde kart sahibini doğrulamak için güvenli bir şekilde PIN girişi sağlayan sistem olup, özelliği; Mobil cihaz (1) içerisinde bulunan, ödemenin alınmasını sağlayan ve sunucu uygulaması (2) tarafından yönetilen POS uygulaması (4), POS uygulamasının (4) kullanıcı arayüzü, deneyimi ve iş akışlarını yöneten L3 iş katmanı (8), POS uygulaması (4) için güvenlik, anahtar yaratımı ve kriptografik algoritmaların çalışmasını yazılımsal olarak sağlayan POS belleği (6), POS bellek (6) vasıtasıyla ödeme işleminin güvenli şekilde yapılmasını sağlayan POS güvenlik katmanı (10), Güvenli PIN girişi için kullanıcı arayüzü sunan ve güvenli bir şekilde PIN girişini POS uygulamasına (4) ileten PIN uygulaması (3), PIN için güvenlik, anahtar yaratımı ve kriptografik algoritmaların çalışmasını yazılımsal olarak sağlayan PIN belleği (5), PIN bellek (5) vasıtasıyla PIN?in güvenli şekilde alımı ve iletimini sağlayan PIN güvenlik katmanı (7), içermesidir. (Şekil 1) It is a system that provides secure PIN entry to verify the cardholder in transactions above the limit of mobile devices (1) receiving payments through POS software, POS application in the mobile device (1) that enables payment to be received and managed by the server application (2) (4), the L3 business layer (8) that manages the user interface, experience and workflows of the POS application (4), the POS application (4) Security, key generation and cryptographic algorithms to work with software, POS memory (6), POS memory (6) that enables secure payment transactions, POS security layer (10) that provides a user interface for secure PIN entry and allows secure PIN entry. PIN application (3) that transmits to POS application (4), PIN memory (5) that provides software security for PIN, key generation and operation of cryptographic algorithms, PIN security layer providing secure reception and transmission of PIN via PIN memory (5) ( 7). (Figure 1)

Method and apparatus for secure online transactions

A method and apparatus for performing secure online transactions provides a user interface that is intuitive and easily to understand. The invention integrates an online wallet service with credit card issuers that provide online credit card authentication services. The method provides a keypad interface for PIN entry, or an interface that resembles an offline transaction receipt. The apparatus that stores personal information and credit card information uses a level-two authentication password to protect the user's credit card information. The invention integrates with the credit card issuer when a personal identification number is required for the user to perform online transactions by the credit card issuer. The embodiments include integrations when the level-two authentication password is equivalent to the personal identification number and that when they or not equivalent.

Password input device, password input method, and program for causing computer to execute the method