[go: nahoru, domu]

US20050044385A1 - Systems and methods for secure authentication of electronic transactions - Google Patents

Systems and methods for secure authentication of electronic transactions Download PDF

Info

Publication number
US20050044385A1
US20050044385A1 US10/338,822 US33882203A US2005044385A1 US 20050044385 A1 US20050044385 A1 US 20050044385A1 US 33882203 A US33882203 A US 33882203A US 2005044385 A1 US2005044385 A1 US 2005044385A1
Authority
US
United States
Prior art keywords
terminal
authentication
token
user
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/338,822
Inventor
John Holdsworth
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
U S Encode Corp
Original Assignee
U S Encode Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by U S Encode Corp filed Critical U S Encode Corp
Priority to US10/338,822 priority Critical patent/US20050044385A1/en
Priority to US10/346,733 priority patent/US7412420B2/en
Priority to US10/346,732 priority patent/US20050033702A1/en
Priority to US10/346,708 priority patent/US7437757B2/en
Assigned to U.S. ENCODE CORPORATION reassignment U.S. ENCODE CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HOLDSWORTH, JOHN
Priority to EP13152739.2A priority patent/EP2600560A3/en
Priority to PCT/US2003/027189 priority patent/WO2004023712A1/en
Priority to EP03751930.3A priority patent/EP1547298B1/en
Priority to AU2003270036A priority patent/AU2003270036A1/en
Publication of US20050044385A1 publication Critical patent/US20050044385A1/en
Priority to ZA2005/02178A priority patent/ZA200502178B/en
Priority to AU2009202963A priority patent/AU2009202963B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/108Remote banking, e.g. home banking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3672Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes initialising or reloading thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2117User registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the field of the invention relates generally to electronic transactions and more particularly to the authentication of such transactions.
  • Electronic transactions including electronic commerce, are becoming more prevalent, fueled of course by increasing Internet use. As the number and type of electronic transactions increase, so to does the need to verify the identity of participants in these transactions. Electronic commerce provides a good example.
  • a user uses a web browser running on their computer to access a merchants web page via the Internet. Once the user has accessed the web page, they can typically browse product offerings, select products for purchase, and then purchase the selected products. The purchasing step often requires the user to supply identifying information, e.g., name and address, and a charge account number against which the transaction can be charged.
  • the merchant has no ability to verify the identifying information supplied in the electronic commerce scenario.
  • the merchant cannot verify that the user is who they say they are, or therefore that the charge account belongs to the user making the purchase.
  • the Gartner Group estimates that in 2001 1.14% of the $61.8 billion in online transactions involved fraud. The resulting $776.34 million dollars in losses is 5-20 times the losses for off-line sales transactions. With U.S. households predicted to spend $184 billion on-line by the year 2004, such losses clearly present a serious problem that is only going to get worse.
  • the new mandates allow merchants to request that the issuer authenticate the transaction, i.e., verify the identity of the user.
  • the issuer can then, for example, verify the account number and some form of personal identifier, such as a Personal Identification Number (PIN), presented by the user.
  • PIN Personal Identification Number
  • Smart cards i.e., cards with a special integrated circuit embedded in them, and smart card readers are currently available to address the card present issue in online transactions.
  • a smart card reader can be purchased and connected with a user's computer. During an online transaction, the user can then insert the smart card into the smart card reader, which can then authenticate the smart card.
  • An electronic transaction authentication system allows for multi-factor authentication to reduce fraud and increase the reliability of identity verification.
  • the presence of a card, or token, during an electronic transaction can be authenticated using standard equipment and, therefore, does not require any custom hardware.
  • the token can be configured to work with standard input/output devices for a plurality of terminals that can be used in electronic transactions.
  • FIG. 1 is a diagram illustrating an online transaction system in accordance with an example embodiment of the invention
  • FIG. 2 is a diagram illustrating the online transaction system of FIG. 1 in more detail
  • FIG. 3 is a diagram illustrating an exemplary electronic commerce system configured in accordance with an example embodiment of the invention
  • FIG. 4 is a flow chart illustrating a method for enrolling a token used in the system of FIG. 3 in accordance with an example embodiment of the invention
  • FIG. 5 is a flow chart illustrating a more detailed embodiment of the method illustrated in FIG. 4 ;
  • FIG. 6 is a diagram illustrating an example PIN construction screen that can be displayed on a terminal included in the system of FIG. 3 during the process illustrated in FIG. 5 ;
  • FIG. 7 is a diagram illustrating an exemplary mapping scheme that can be used in conjunction with the PIN construction screen of FIG. 6 ;
  • FIG. 8 is a flow chart illustrating a method for authenticating an online transaction in accordance with an example embodiment of the invention.
  • FIGS. 9A and 9B comprise a flow chart illustrating a more detailed embodiment of the method illustrated in FIG. 8 ;
  • FIG. 10 is a diagram illustrating an example embodiment of a token configured in accordance with one embodiment of the invention.
  • FIG. 11 is a diagram illustrating an example embodiment of a token configured in accordance with another embodiment of the invention.
  • FIG. 12 is a diagram illustrating an example embodiment of a token configured in accordance with still another embodiment of the invention.
  • FIG. 1 is a diagram illustrating an example embodiment of an online transaction system 100 configured in accordance with one embodiment of the systems and methods described herein.
  • System 100 comprises a terminal 102 that is configured to engage in an online transaction.
  • Terminal 102 can also be configured to communicate through a communication network 108 with an authentication authority 110 configured to authenticate the electronic transaction.
  • Network 108 can also be used to engage in the online transaction.
  • terminal 102 can be configured to engage in the online transaction over another network.
  • Network 108 can, for example, be the Internet, but it can also be some other type of network.
  • Network 108 can, for example, be a wired, or wireless Wide Area Network (WAN), such as a telephone network, a wired, or wireless Metropolitan area Network (MAN), a wired, or wireless Local Area Network (LAN) or even a wired, or wireless Personal Area Network (PAN).
  • WAN Wide Area Network
  • MAN wired, or wireless Metropolitan area Network
  • LAN Local Area Network
  • PAN Personal Area Network
  • terminal 102 can be any type of terminal configured to communicate over any of the above networks.
  • terminal 102 can be any terminal configured to communicate over the Internet, such as a personal computer, laptop computer, Internet enabled phone, or handled computer, e.g., a Personal Digital Assistant (PDA) with communication capability.
  • PDA Personal Digital Assistant
  • Terminal 102 includes a standard input device 104 through which a token 106 can be interfaced with terminal 102 .
  • standard input device means a standard, or widely adopted device for inputting, or transferring information into a particular type of terminal 102 .
  • standard input device 104 can be a floppy drive, a Compact Disc (CD) drive, a CD Read/Write (R/W) drive, a Digital Video Disc (DVD) drive, or any other type of drive that is commonly included, or interfaced with a personal computer.
  • Token 106 is, therefore, a physical device, such as CD media or USB storage, that can be interfaced with terminal 102 through standard input device 104 . Some specific token embodiments are described in detail below. Token 106 is configured to allow authentication authority 110 to verify the presence of token 106 , through network 108 , once it is interfaced with terminal 102 through standard input device 104 .
  • An input device the only purpose of which is to allow a token, such as token 106 , to be interfaced with a terminal, such as terminal 102 , to enable an online transaction is expressly not included in the definition of the term “standard input device.”
  • standard input device the systems and methods described herein do not require the cost, integration, or maintenance of specialized hardware in order to ensure a high level of authentication for online transactions. Rather, the systems and methods described herein allow the use of standard equipment to achieve high level authentication.
  • authentication authority 110 can be configured to verify the presence of token 106 if terminal 102 is engaged in a transaction that requires authentication.
  • Authentication authority 110 can, depending on the embodiment, include or be interfaced with an authentication database 112 configured to store information related to a plurality of tokens 106 . The information stored in authentication database 112 can then be used to authenticate transactions involving the plurality of tokens 106 . For example, if token 106 comprises credit card information, then authentication database 112 can be configured to store valid credit card numbers. Authentication authority 110 can be configured to then verify both the presence of token 106 and the validity of a credit card number stored thereon.
  • authentication authority 110 can be configured to supply two-factor authentication for electronic transactions involving terminal 102 .
  • Verification of other factors can also be incorporated to provide even stronger multi-factor authentication.
  • terminal 302 includes a biometric reader, such as a fingerprint sensor, then verification of a biometric can also be incorporated to provide multi-factor authentication.
  • other authentication techniques can be included such as digital signature techniques or other public key-private key techniques.
  • the personal identifier e.g., PIN
  • PIN personal identifier
  • the process of linking the personal identifier with the account information can be referred to as an enrollment process.
  • enrollment is seamless from the point of view of the user. In other words, enrollment should occur automatically, without requiring the user to affirmatively decide to enroll. And once the enrollment process starts, it should be quick, efficient and cause as little inconvenience as possible.
  • network 108 can be an unsecured network, e.g., the Internet, communications sent from terminal 102 to authentication authority 110 can be intercepted by an unintended party. Thus, from a security standpoint, it is preferable to encrypt communications between terminal 102 and authentication authority 110 .
  • token 106 can be handled, or initiated, by an issuing authority such as a bank can distribute token 106 .
  • token 106 can, as illustrated in FIG. 2 , comprise client software 222 , which can consist of software modules 206 - 218 , and unique information such as: a unique serial number; a message key, e.g., a 192-bit Triple-DES user messaging key; random data, e.g., a 64-byte blob of unique, truly random alphanumeric data, a network address associated with authentication authority 110 , e.g., a URL, and an issuer public key.
  • the unique data can be used to link a token 106 to a user during enrollment. Further, after enrollment, the unique data can be used for authentication purposes.
  • Client software 222 can be configured such that correct execution of client software 222 depends on the presence of token 106 in terminal 102 . This can be achieved for example, using authentication processes in which the unique information on every token 106 forms the basis for authentication. Thus, in the systems and methods described herein, authentication cannot take place if token 106 is not present in terminal 102 .
  • client software 222 can also comprises Dynamic Link Libraries (DLL's), such as Active-X DLL's, which can be registered with terminal 102 during installation.
  • DLL's Dynamic Link Libraries
  • Active-X DLL's Active-X DLL's
  • Terminal 106 can also include a browser application 204 , which can be configured to act as a mediator between authentication authority 110 and software modules 206 - 212 .
  • messages intended for software modules 206 - 212 can be received by browser application 204 from authentication authority 110 and transported, e.g., via JavaScript, to the appropriate software module 206 - 212 .
  • Responses from software modules 206 - 212 can then be sent to authentication authority 110 via browser application 204 .
  • browser application 204 can be configured to insert the responses into Hyper Text Markup Language (HTML) pages that are then transmitted back to authentication authority 110 via a Hyper Text Transfer Protocol (HTTP) request, such as a POST request.
  • HTTP Hyper Text Transfer Protocol
  • authentication authority 110 implements web-based logon using a browser application and all transmissions between authentication authority 110 and terminals 106 are web-based. It should be noted that in certain embodiments, enrollment is not web based. Thus, as described below, the systems and methods described herein allow for non-web based enrollment.
  • Authentication authority 110 can comprise a login server 202 that can be responsible for handling logon requests from different terminals 106 .
  • the authentication information described above can be stored as user profiles in user profile database 224 , which can be located within a Hardware Security Module (HSM) 220 .
  • HSM 220 can actually be part of login server 202 or it can be separate as illustrated in the example embodiment of FIG. 2 .
  • user profile database 224 can be configured to store user key values and, after enrollment, information necessary to authenticate a user.
  • User profile database 224 can be part of login server 202 or it can be standalone as illustrated in the example embodiment of FIG. 2 .
  • Autoplay module 206 can, for example, be configured to initiate installation of client software 222 onto terminal 102 .
  • the installation process is automated, i.e., does not require user intervention to begin the installation process.
  • a common example of an automated installation process is the process that occurs when a CD is placed into a computer's CD drive.
  • the computer's operating system automatically searches CDs inserted into the CD drive for an autoplay file, which is a “pointer” to an installation program on the CD.
  • autoplay module 206 can be configured so that it is automatically executed every time token 106 is inserted into terminal 102 . This assumes that such an auto play option is enabled within the operating system of terminal 102 .
  • the user can be required, or have the option, of manually activating autoplay module 206 .
  • autoplay module 206 can be configured to point to another program that is configured to handle the installation process.
  • the program pointed to by autoplay module 206 is installation module 208 .
  • Installation module 208 can, for example, be configured to install client software 222 and register DLL's included therewith on terminal 102 . Registration of DLL's can provide a link between the DLL name and its actual location.
  • installation module 208 first checks for existing installations. If no existing installations are detected, installation module 208 starts a new installation. If an existing installation is detected, installation module 208 can be configured, for example, to check if the existing installation corresponds to token 106 . For example, to accommodate for the situation in which multiple users are using the same terminal 102 to engage in online transactions each using a different token 106 , installation module 208 can be configured to perform a unique installation process for each token 106 . Thus, for example, the components installed and/or registered with each installation can be identified by token 106 , e.g., using a unique serial number stored on each token 106 .
  • Installation module 208 can be further configured to check if the drive, or interface identification associated with the existing registration matches the drive, or interface presently associated with token 106 . If the installation and drive match, then there is no need to reinstall client software 222 . Further, newer tokens 106 , for example, can comprise updated versions of the DLL's and/or client software modules 206 - 218 . Therefore, installation module 208 can also be configured to detect the version of any previously installed DLL's and/or client software modules. Installation module 208 can be configured to then forgo installation of any DLL's or client software modules that are the same version as those already installed.
  • Installation module 208 can also be configured to determine if token 106 has been enrolled with authentication authority 110 . Thus, when the user first interfaces token 106 with terminal 102 , installation module 208 can detect if token 106 is enrolled in an authentication program used by authentication authority 110 . If enrollment is required, installation module 206 can be configured to call enrollment module 210 to handle the enrollment process. Installation module 208 can also be configured to prompt the user as to whether they want to enroll their token. The user can choose to skip the enrollment process if, for example, they have already enrolled, possibly using another terminal 102 . An example enrollment process is described in detail below.
  • Enrollment module 210 can, for example, be configured to interact with logon server 202 via communications module 212 .
  • Enrollment module 210 can collect the unique information stored on token 106 , e.g., a unique serial number, unique data, and a 192-bit message key, etc. and transmit it to logon server 202 .
  • enrollment module 210 is only active once, when the user enrolls. Subsequent installations of client software 222 should not require enrollment, because the user information is already captured.
  • Communications module 212 can be configured to interface with logon server 202 so that enrollment information can be exchanged with logon server 202 .
  • communications module 212 can, for example, be Hyper Text Transfer Protocol/Secure (HTTP/S)-based and can, for example, be responsible for: establishing a connection to the correct logon server 202 , e.g., using the network address, or URL, stored on token 106 , transmitting enrollment information to logon server 202 , and interfacing enrollment module 210 with logon server 202 .
  • HTTP/S Hyper Text Transfer Protocol/Secure
  • browser application 204 can be used to communicate with logon server 202 during authentication, while, as illustrated in the example of FIG. 2 , communications module 212 can be used for enrollment.
  • browser application 204 can also be used for enrollment. But using communications module 212 for enrollment instead of browser application 204 can ensure that logon server 202 is valid before enrollment information is sent. Thus, from a security standpoint, using communications module 212 for enrollment is preferred.
  • trigger module 214 can be passed to terminal 102 from authentication authority 110 and can be configured as the calling function, or “trigger”, that evokes autoplay module 206 .
  • trigger module 214 can be present within browser application 204 , e.g., as a JavaScript that is passed down from the logon server 202 with specific initialization parameters.
  • Trigger module 214 acts as a mediator between logon server 202 , browser application 204 , and client software 222 .
  • Trigger module 214 can be configured to receive responses from client software 222 and then, for example, force a POST of the responses within browser application 204 to logon server 202 .
  • Trigger module 214 can also, for example, be configured to initiate message format module 216 whenever it posts messages to logon server 202 .
  • Message format module 216 can form the main control loop for client software 222 .
  • Message format module 216 can be configured to initiate cryptographic module 218 and check responses therefrom.
  • Message format module 216 can also be configured to execute cryptogram extraction on messages received from authentication authority 110 .
  • Message format module 216 can also be configured to format responses so that they can be interpreted by logon server 202 and to perform a first-run test to ensure that messages are valid, so that no additional action is taken if they are not.
  • Cryptographic module 218 can be configured as the security core of client software 222 . As described below, authentication of token 106 can require a cryptogram to be generated. Thus, cryptographic module 218 can be configured to perform this task.
  • a specialized security library (not shown) of cryptographic functions can be included on token 106 , and installed on terminal 102 depending on the embodiment.
  • Cryptographic module 218 can be configured to rely on the security library (not shown) to perform cryptogram generation.
  • Cryptographic module 218 can be responsible for include: importing message keys from token 106 , mediating access to cryptographic objects via a secure kernel, performing encryption, performing decryption, performing key derivation from a user password, creation of cryptograms, overall security features, including memory page locking, object access control, attribute encryption, and data enveloping, to name just a few.
  • FIG. 3 illustrates an exemplary online transaction system in more detail. Example enrollment and authentication methods will be explained in connection with system 300 .
  • System 300 comprises a merchant server 304 interface with a user terminal 302 .
  • System 300 also comprises an issuer authority 306 , a directory 312 , and a acquirer authority 308 .
  • terminal 302 is a computer, e.g., a desktop or laptop computer.
  • Terminal 302 comprises a standard input device for interfacing with a token 106 as described above.
  • a user can use their terminal 302 to go online and browse items offered by a merchant through merchant server 304 .
  • merchant server 304 will be a web server configured to display web pages that present a merchant's offerings to users who access merchant server 304 using a web browser installed on their terminal 302 .
  • charge account can mean any type of account against which charges can be posted. Thus, for example, it can be a credit account or a bank account.
  • the transaction described above is completed by providing an account number that corresponds to a card, or token that is issued in relation to the charge account being used for the purchase.
  • the user can be issued a credit card in association with a credit account.
  • the user can supply the credit card number to merchant server 304 .
  • the user supplies a token identifier, i.e., some identifier or serial number associated with a token issued to the user, e.g., in connection with a charge account used by the user to make a purchase.
  • token is used to indicate that the systems and methods described herein are not limited to credit cards, or any other type of cards. Rather, the systems and methods described herein can be used with a variety of physical devices that are configured to store charge account, or other, information used in online transactions. Any of these various physical devices can be described as a token. Some specific types of token are described in detail below, but for purposes of illustration it can be assumed that token 106 can be read by a CD drive. Thus, in the example of FIG. 3 , all the user has to do to is insert their token 106 into the CD drive of their computer 302 .
  • Issuer authority 306 can be the institution that issued token 106 to the user. Accordingly, issuer authority 306 can comprise a server and can comprises, or have access to, information related to token 106 and to the user account associated with token 106 .
  • Acquirer authority 308 is associated with the merchant of merchant server 304 .
  • Acquirer authority 308 is responsible for handling some of the overhead involved with charge account transactions handled by the merchant.
  • merchant server 304 In a conventional online transaction, merchant server 304 must attempt to verify the authenticity of the token identifier supplied by the user. Under some of the new authentication mandates, merchant server 304 can query a directory 312 to verify the participation of the token issuer in one of the new authentication programs that comply with the new authentication mandates. Directory 312 can, therefore, be configured to store information related to tokens 106 issued by issuers. For example, for the situation were the tokens 106 are credit cards or the like, directory 312 can be associated with a credit card association. Each issuer authority 306 can then be configured to update directory 312 with information about issued tokens 106 .
  • directory 312 can be configured to determine whether the token identifier is in a participating identifier range, i.e., is associated with an issuer authority that is participating in the authentication program. If the token is in a participating range, then directory 312 can be configured to query the appropriate issuer authority 306 to validate the token and send a response back to merchant server 304 .
  • merchant server. 304 can be configured to send an authentication request to issuer authority 306 , i.e., issuer authority 306 can be configured to act as an authentication authority 110 .
  • the authentication request can be directed to issuer authority 306 via terminal 302 , e.g., via browser 204 running on terminal 302 .
  • Issuer authority 306 can be configured to then query terminal 302 for a password, or some other form of personal identifier. The user can then enter the password and terminal 302 can transmit it to issuer authority 306 , which can be configured to verify the password.
  • Issuer authority 306 can be configured to then transmit an authentication response to merchant server 304 , for example, through the user's browser 204 .
  • Merchant server 304 can receive and validate the authentication response. If authentication was successful, then merchant server 304 can be configured to transmit certain data to acquirer authority 308 and complete the transaction.
  • the new mandates provide stronger authentication for online transactions through the verification of an additional factor, namely a password; however, it is generally understood that a password, used in the way described, provides very weak authentication because passwords are easily accessed or “cracked”. Further, the online security of passwords is weak, because a server on which they are stored can be “hacked” into or they can be intercepted as they pass from device to device. Thus, while the new mandates supply better authentication than before, they still do not approach that of off-line transaction, where strong two-factor authentication can be achieved.
  • the systems and methods described herein provide the means to achieve strong multi-factor authentication with a high level of security.
  • an example enrollment process is described, because a token 106 should first be enrolled before it can authenticated.
  • the personal identifier in order to obtain the strong multi-factor authentication using a personal identifier, the personal identifier must be linked with token 106 .
  • token 106 is a charge card capable of being interfaced with a computer 302 and the personal identifier is a PIN
  • the PIN should be linked with the charge card account information stored on, or interfaced with, issuer authority 306 .
  • issuer authority 306 can, for example, verify the PIN in conjunction with verifying the presence of token 106 . This allows issuer authority 306 to authorize online transactions using strong two-factor authentication.
  • FIG. 4 illustrates an exemplary method for implementing online enrollment in accordance with the systems and methods described herein. It is assumed that issuer authority 306 will act as the enrollment authority; however, a separate, or third party enrollment authority can also be used.
  • issuer authority 306 will act as the enrollment authority; however, a separate, or third party enrollment authority can also be used.
  • a user inserts a token 106 into a standard input device interfaced with terminal 302 . This could be, for example, the first time a user attempts to use token 106 in an online transaction.
  • token 106 can be configured to automatically load client software 222 onto terminal 302 , as described above.
  • the user can be prompted to enter identifying information.
  • the user can be prompted to enter their banking or account information so that issuer authority 302 can verify the identity of the user.
  • the identifying information can include name, address, account number (or token identifier), expiration date, mother's maiden name, identity number, etc.
  • step 408 the user can establish a personal identifier that will be shared with issuer authority 306 and linked with the account information. This is described in more detail below.
  • Client software 322 can be configured to automatically establish a connection with issuer authority 306 , in step 410 , using, for example, a URL stored on token 106 , and then automatically transmit the personal identifier, identifying information, and depending on the embodiment, a unique information stored on token 106 to issuer authority 306 , in step 412 .
  • issuer authority 306 matches the identifying information against information stored in a profile associated with the user's account stored on, or interfaced with, issuer authority 306 , e.g., in a user profile database 224 . If the identifying information matches the stored information, issuer authority 306 can be configured to link the personal identifier, and possibly some or all of the identifying information and unique information, with the profile in step 416 . The personal identifier can then be used to authenticate an online transaction engaged in using token 106 . And because the personal identifier has been linked with the account profile, strong multi-factor authentication can be achieved.
  • the systems and methods described herein are easy to use, easy to adopt, and easy to deploy.
  • a token issuer can, for example, simply mail out tokens 106 without fear they will be lost or stolen, since the tokens 106 are useless, i.e., not associated with an account, until the enrollment process is complete.
  • client software 222 stored on token 106 can be configured to automatically establish a connection with the enrollment authority, the problem of spoofing is also eliminated.
  • Spoofing is when someone creates a web page intended to look like another web page, such as an issuer's enrollment web page. The spoofer tricks a user, for example, into visiting their fake web page thinking it is the real web page. In this scenario, someone could spoof an issuer's enrollment page and then send an email to a user containing a link to the spoofed page. The email may ask the user to click on the link and then, once connected to the spoofed page, provide their personal identifier, account information, identifying information, etc., for enrollment purpose.
  • FIG. 5 is a flow chart illustrates a specific implementation of an enrollment process using software modules 206 - 218 .
  • the flow chart of FIG. 5 illustrates the interaction between the various software modules 206 - 218 as they execute the example steps involved in the enrollment process. It is also assumed that issuer authority 306 is acting as the enrollment authority.
  • a user interfaces their token 106 with their terminal 302 , which can for example invoke autoplay module 206 , i.e. autoplay module 206 can be activated by the operating system of terminal 302 .
  • token 106 can comprise a software program configured to display instructions to the user asking them to run a setup program stored on token 106 .
  • setup programs are often named setup.exe and are often stored on the root directory of token 106 .
  • autoplay module 206 can be configured to automatically run such a setup.exe file stored on token 106 .
  • the operating system can report that installation failed, e.g., that the setup.exe file could not be executed. Instructions stored on token 106 can then be displayed to inform the user of the appropriate procedure that should be followed in such a situation.
  • autoplay module 206 can be configured to report installation failure if it was the calling mechanism for the setup.exe file.
  • step 504 autoplay module 206 , or the setup.exe program, can call installation module 208 .
  • installation module 208 after it has been called in step 504 , begins, in step 506 , by checking the registry of terminal 302 to determine if there are any current installations of client software 222 . As explained above, this can comprise checking to see if any current installations share the same serial number as that associated with token 106 . This step can also comprise checking component versions, to ensure that the component versions associated with token 106 match the versions of any current installations.
  • installation module 208 can determine that client software 222 is installed and that the serial number, versions, etc. are the same, or that client software 222 is not installed, or is installed but the serial numbers, versions, etc. do not match. If the later is true, then installation module 208 can be configured to register the DLL's and install client software modules 206 - 218 included with token 106 . Registering the DLL's can comprise forming a registry link between the name and CLS-ID of a DLL and the physical path to the DLL. In a Microsoft windows based operating system, for example, installation module 208 can be configured to call regsrv 32 , which can then perform the DLL registration.
  • Installation module 208 can be configured to then make a registry entry on terminal 302 , using a serial number associated with token 106 .
  • the serial number can be encrypted.
  • installation function 208 can be configured to prompt the user to retry or cancel the operation. If the user wants to retry, then the installation procedure can be repeated. If the user decides to cancel, then the process can, for example, jump to step 536 , which is described in detail below. If on the other hand, the installation was successful, then installation module 208 can be configured to determine if token 106 has been enrolled with issuer authority 306 in step 508 .
  • a value can be set in the registry of terminal 302 indicating that such is the case.
  • the value can be generated based on a scrambled version of the serial number associated with token 106 .
  • the user can indicate that he does not wish to be asked to enroll. If the user has so indicated, then the value stored in the registry can, for example, indicate that such is the case.
  • installation module 208 can determine, e.g., based on a registry value, that token 106 is enrolled, that it is not enrolled, or that the user does not wish to enroll their token 106 .
  • installation module 208 determines that token 106 is enrolled, then the process can jump to step 534 , which is explained in detail below. If the user does not wish to enroll, then the process can jump to step 536 . If, on the other hand, installation module 208 determines that token 106 is not enrolled, then installation module 208 can be configured to prompt the user to enroll their token 106 .
  • installation module 208 can be configured to call enrollment module 210 , in step 510 , at which point, enrollment module 210 takes over.
  • enrollment module 210 prompts the user to enter their identifying information, e.g., banking details, in step 512 , so that an account can be linked to token 106 and the user.
  • the user can enter their identifying information and enrollment module 210 can be configured to ensure that the identifying information provided is in the correct format.
  • the format can, for example, be issuer specific. If enrollment module 210 determines that the details are not in the correct format, then the user can be prompted to re-enter them.
  • the user can cancel the process either when initially prompted to enter their identifying information or if they are prompted to re-enter it. In which case, the process can jump to step 536 .
  • a session key such as a 192-bit Triple-DES session key, can be generated at this point.
  • the session key can then be used for encryption in the following steps.
  • the user can be asked to create a personal identifier that will be associated with their account and token 106 , and that will be used later on to authenticate online transactions using token 106 .
  • the personal identifier is a PIN; however, it will be understood that the personal identifier can take a variety of forms.
  • enrollment module 210 creates a PIN entry screen that is displayed to the user.
  • the PIN entry screen can be used by the user to construct their PIN in step 520 .
  • An example PIN entry screen 600 configured to allow the user to generate a graphical PIN is illustrated in FIG. 6 .
  • PIN entry screen 600 comprises a field of dots 602 that the user can “click” on to construct a graphical PIN. For example, once PIN entry screen 600 is displayed, the user can be prompted to click on the dots to generate a pattern. In the example of FIG. 6 , the user has created a pattern consisting of squares 604 and 606 .
  • Each dot in field 602 can be mapped to a co-ordinate value as illustrated by table 700 in FIG. 7 .
  • the pattern of FIG. 6 maps to the following co-ordinates: ( 1 , 1 )( 2 , 1 )( 2 , 2 )( 1 , 2 )( 4 , 4 )( 5 , 4 )( 5 , 5 )( 4 , 5 ).
  • the co-ordinates can be mapped and encrypted with the session key mentioned above.
  • Enrollment module 210 can be configured to then validated the PIN based on certain criteria, such as length.
  • the criteria can, for example, be based on criteria promulgated by the issuer of token 106 . If validation fails, the user can retry the operation.
  • the user can, for example, click on cancel button 610 to end the process. If cancel button 610 is clicked, then the process can jump to step 536 . In which case, terminal 302 memory can be cleared of all account information previously entered.
  • enrollment module 210 can be configured to prepare a “enrollment form”.
  • the enrollment form can, for example, comprise the PIN co-ordinates, a token serial number, random data stored on token 106 , and a message key.
  • Communications module 612 can then be invoked, in step 524 , in order to transmit the enrollment form to the enrollment authority, which can be issuer authority 306 .
  • the enrollment form information can be encrypted for security. Encryption can comprise the following steps: first, all the enrollment form information is encrypted with the session key. In one implementation, a user account number and an account identifier are used to derive a 192-bit Triple-DES session key.
  • the token serial number, random data, message key, and PIN co-ordinates can then be concatenated and encrypted with the three equal keys to form a cipher.
  • a network address in this case a URL
  • two parameters are included in the query string of this example URL. The first is the user account number and the second is the cipher that was described above.
  • Communications module 212 can be configured to use the URL constructed above to establish a connection with issuer authority 306 and then transmit the enrollment information to issuer authority 306 , in step 528 .
  • step 536 If this step fails, then the user can be prompted to retry. Alternatively, the process can simply jump to step 536 and exit, or the user may decide to end the enrollment process in response to the retry prompt, which can again can cause the process to jump to step 536 .
  • issuer authority 306 can be configured to take over at this point.
  • a connection with issuer authority 306 is established as described, so an active (secure) session is assumed to exist.
  • the following steps are an overview of the processing that can take place on issuer authority 306 , i.e., by the enrollment authority. Specific implementation details, however, will depend on the enrollment authority and/or on the particular issuer authority 306 .
  • Issuer authority 306 can verify the account number and cipher. Assuming the account number and cipher are verified, then issuer authority 306 can determine whether the user has already enrolled. In one implementation, issuer authority 306 can not allow enrollment of a previously enrolled user, unless the user's token 106 has been lost or disabled. If issuer authority 306 determines that the user is already enrolled, and the user's token has not been lost or disabled, then issuer authority 306 can simply return a successful enrollment message in step 532 .
  • issuer authority 306 determines that the user is not previously enrolled, then issuer authority 306 can be configured to verify the existence of an account corresponding to the account number provided in step 528 . If the account number can be verified, then issuer authority 306 can extract the PIN information provided in step 528 . If the information provide in step 528 is encrypted, then issuer authority 306 can derive the same session key as used to encrypt the information, e.g. concatenating the last 4 numbers of the account identifier and the account number. Then using the result to produce a 192-bit Triple-DES key comprising three equal 64-bit keys.
  • issuer authority 306 can attempt to decrypt the cipher. If the cipher can be decrypted, the enrollment information can, for example, be assumed valid. If the cipher cannot be decrypted, the enrollment information can be assumed invalid. Further, once the information is decrypted, issuer authority 306 can be in possession of the enrollment information, e.g., token serial number, random data, message key, and the PIN.
  • the enrollment information e.g., token serial number, random data, message key, and the PIN.
  • Issuer authority 306 can be configured to then determine if the enrollment information comprises the correct format. If the format is correct, then issuer authority 306 can be configured to store the enrollment information in a user profile. Finally, the PIN is linked with the user profile. When it is subsequently received from a terminal, issuer authority 306 can verify the identity of the user base don the PIN. In one implementation, the PIN is encrypted with the session key before it is stored in the user profile.
  • the results of the enrollment process can be communicated to terminal 302 .
  • communications module 212 can receive a response from issuer authority 306 .
  • the enrollment can either be successful or unsuccessful. If enrollment was successful, then the user can be notified in step 534 . If it was unsuccessful, then the user can be prompted to re-enter information or to start over. A unsuccessful registration can result for a variety of reasons, such as incorrect information supplied too issuer authority 306 , a communications failure between terminal 302 and issuer authority 306 , etc.
  • step 536 execution of installation module 208 and autoplay module 206 is terminated and, assuming enrollment was successful, the user is ready to use their token 106 in online transactions.
  • installation module 208 can be configured to delete all registration entries made on terminal 302 during the enrollment process. This is an added security feature. Because the registration entries are deleted, there is nothing stored on terminal 302 that can be accessed, e.g., by a “hacker”, and used to fraudulently gain access to the user's account or account information.
  • authentication should provide verification of more than one factor so that strong multi-factor authentication is achieved.
  • authentication preferably verifies that token 106 is present and that the user is who the user is supposed to be, i.e., the user to whom token 106 was issued.
  • the latter factor can be achieved via a static password, as explained above, or using, for example, a certificate stored on token 106 .
  • the use of certificates for identification/authentication is well known and will not be discussed here. But as mentioned, these techniques do not necessarily offer the strong authentication required to reduce fraud.
  • FIG. 8 is a flow chart illustrating an example authentication process according to one embodiment of the system and methods described herein.
  • the process begins in step 802 when an authentication authority receives a request to authenticate an electronic transaction.
  • an authentication authority receives a request to authenticate an electronic transaction.
  • issuer authority 306 can act as the authentication authority and the authentication request can originate with merchant server 304 .
  • issuer authority 306 can send an authentication message to terminal 302 in step 804 .
  • the purpose of the authentication message is to illicit from terminal 302 information that can be used to authenticate the transaction.
  • the information should allow issuer authority 306 to verify the presence of token 106 and the identity of the user.
  • terminal 302 can prompt the user to interface their token 106 with terminal 302 .
  • terminal 302 can extract information from token 106 that can be used to verify the presence of token 106 . For example, certain unique information can be stored on token 106 that once validated by issuer authority 306 will verify that token 106 was present and interfaced with terminal 302 .
  • the user should supply some form of personal identifier, such as a PIN, that has been linked with information stored on or interfaced with issuer authority 306 and that will allow issuer authority 306 to verify the identity of the user.
  • a PIN personal identifier
  • the unique information and the personal identifier can then be sent to issuer authority 306 ; however, from a security standpoint, it is preferable if the information is encrypted before it is sent to issuer authority 306 .
  • Any conventional encryption technique or combination of techniques can be used for encryption, but in the embodiment of FIG. 8 , a transactional unique session key is generated in step 812 and used to encrypt the information in step 814 .
  • transactional unique means that a different session key is generated for every transaction entered into in system 300 .
  • Security can be enhanced by using a transactional unique session key to encrypt the information, because the transactionally unique session key is not stored anywhere that it can be accessed by the wrong party and then used to intercept and decode the authentication information.
  • Generation of the session key and example encryption techniques are discussed more fully below.
  • the encrypted information is then sent to issuer authority 306 in step 816 .
  • Issuer authority can then decrypt the received information, using the session key, in step 818 . Once the information is decrypted, it is validated in step 820 to verify that token 106 is present and that the user is who they say they are. If the verification is successful, then issuer authority 306 can authorize the transaction in step 822 .
  • FIGS. 9A and 9B comprise a flow chart illustrating a specific implementation of secured multi-factor authentication in accordance with an example embodiment of the systems and methods described herein.
  • the authentication process can be triggered when the authentication authority 306 receives a request message.
  • This request messages preferably includes transaction information from the merchant.
  • the authentication authority 306 then generates constructs a request message to solicit a cryptogram, i.e., a predetermined encrypted combination of pieces of information, from the user terminal.
  • the generation of this request message in this embodiment is described in steps 902 - 914 .
  • This request message is preferably transmitted over a secure communication channel, while this transmission can, for example, take place over the Internet, a WAN, or a LAN using a secure sockets layer (SSL), or over a Wireless LAN using Wired Equivalent Privacy (WEP), this embodiment adds protection by using encryption as described in steps 922 - 932 .
  • the user terminal upon receiving a valid request constructs a cryptogram which can be used to validate a plurality of factors, which is described for this embodiment in steps 942 - 956 .
  • the cryptogram is preferably transmitted over a secure communication channel. Once more, this preferred embodiment adds additional encryption, as described in steps 962 - 970 , to what can be a channel already protected by SSL.
  • the authenticating authority 306 verifies the various desired factors at the user terminal by validating the cryptogram, described in this embodiment in steps 982 - 992 .
  • the example process of FIGS. 9A and 9B begins in step 902 with the authentication authority 306 receiving an authentication request.
  • Authentication authority 306 can be configured to then extract, in step 904 , certain information related to the transaction from the request.
  • authentication authority 306 can be configured to extract transaction information such as a purchase amount, the merchant's country code, a transaction currency code, and the transaction date.
  • Authentication authority 306 can, for example, generate a one time random, or pseudo random, number in step 906 , which is used to cryptographically strengthen the authentication process by making it significantly more difficult for an eavesdropper to detect patterns in repeated transmissions. Authentication authority 306 can further strengthen the authentication process by generating a timestamp in step 908 , which can be used to set a time limit on the authentication process, thereby reducing the exposure to potential attack.
  • authenticating authority 306 can further extend trust in its credentials by generating an electronic signature.
  • An example of this is to form a hash code by concatenating a collection of some or all of: transaction information, time stamp, random, or pseudo random, number, and applying a cryptographic hash, such as SHA-1 (Secure Hash Algorithm) or MD-5 (Message Digest Algorithm).
  • This hash code is then encoded by using a public key decoder (using the authority's private key), yielding a signature.
  • a message key can then be retrieved, for example, from a database within the authentication authority 306 .
  • authentication authority 306 can then take the transaction information, time stamp, random, or pseudo random, number, and electronic signature and generate a plaintext request message.
  • the plaintext request message is first generated by combining, e.g., concatenating, the session information. It should be noted that for security purposes it is desirable for the session information to be ephemeral, that is relevant only for this transaction.
  • the plaintext request message is now ready to be transmitted to terminal 302 as a request for cryptogram.
  • the plaintext request message is preferably transmitted over a secure communication channel.
  • the communication channel is the Internet, which can be secured by using a secure sockets layer (SSL).
  • SSL secure sockets layer
  • Authenticating authority 306 can now send the encrypted plaintext request message over the communication channel, as shown in step 924 .
  • terminal 302 receives the encrypted plaintext request message.
  • a message key needs to be retrieved from token 106 .
  • a prompt can be displayed to the user asking them to interface their token 106 .
  • the message key can be retrieved in step 930 . It is preferable for the message key to reside on a removable medium such as token 106 , so that the message key resides in terminal 302 only during the transaction process thereby limiting its exposure to potential hacker attack.
  • the received request message can be decrypted.
  • reception of the request message can act as a triggering action that causes terminal 302 to enroll token 106 if it is not already enrolled. Additionally, upon receiving the request message, terminal 302 can proceed to extract the session information in step 942 .
  • terminal 302 can, for example, use the extracted time stamp to synchronize its own session clock.
  • the session clock does not, however, need to be the system clock of terminal 302 . Rather, it can be a dedicated clock used for the purposes of authentication.
  • the session information is additionally used to validate the integrity of authentication authority 306 , e.g., validate the electronic signature, in step 946 .
  • This can comprise concatenated and cryptographically hashing the session information, as described in step 910 .
  • the resulting digital signature is then encoded with the public key, using a public key algorithm such as the Digital Signature Algorithm. Since the hash code was “pre-decoded” by the private key, encoding it yields the original hash code which can be compared to the one just generated. Since only the owner of the private key can decode a message, the validity of the sender, i.e., the authentication authority, is proven.
  • the user can be prompted to input a personal identifier, such as a PIN.
  • a personal identifier such as a PIN.
  • the personal identifier is some type of password or secret number that is associated with the user, but may include additional factors such as biometric parameters or a graphical PIN. It can also be a response to a cryptographic challenge if one were included among the session information, in effect, a digital signature. Association of the personal identifier with the user is explained with respect to enrollment.
  • the cryptogram can be formed by cryptographically combining, in step 950 , selected information, such as the personal identifier described above, unique information extracted from token 106 , and ephemeral session information described above. It should also be noted that the cryptogram should include at least one personal identifier to establish the presence of the person, and at least one unique element to establish the presence of the token. Further, it should be noted that both the unique information and the personal identifier tend to be persistent, secret, and shared between the user and authenticating authority 306 .
  • Cryptographic module 218 can, for example, be configured to generate the combined cryptogram in such a way that it is difficult to synthesize another set of elements to yield the same cryptogram, so that it is difficult to retrieve any information about the elements, including full or partial retrieval of some or all of the constituent elements.
  • Some example methods of cryptographic combination include: the concatenation of elements and encryption with a one-way cipher, i.e., a cipher for which encryption is easy, but decryption is not feasible; concatenation of elements with the application of a hash function, i.e., a function which transforms data into a representation, usually a shorter message that, again, is easy to encrypt, but hard to decrypt, and that is collision-free, i.e., not feasible to find another set of elements with the same representation; concatenation of elements with a symmetric cipher, i.e.
  • FIGS. 9A and 9B employs the latter.
  • the time stamp, one-time random, or pseudo random, number, and personal identifier can be used to generate a symmetric session key, in step 952 .
  • the PBKDF1 password based key derivation function
  • PKCS #5 Public Key Cryptographic Standards #5
  • using the SHA-1 hash function can be used to generate three 64 bit keys. These three keys form the requisite 192 bit key used in DES-EDE or DES-EEE, two forms of the Triple-DES cipher.
  • a Triple-DES cipher incorporates three DES ciphers, each requiring a key; hence, each of the 64 bit component keys are used in each of the three internal DES ciphers.
  • a hash function can form two strings.
  • the first string concatenates select bits, or digits, from the PIN, the one-time random, or pseudo random, number, and the serial number of token 106 , and additional unique information stored on token 106 .
  • the second string concatenates select bits from the one-time random number, the time stamp, and other unique information stored on token 106 but not used in the first string. These two strings are then combined using an exclusive-or (XOR) operation to result in a special format.
  • XOR exclusive-or
  • the value of the hash function is that some information is not included in case the cryptogram is somehow compromised.
  • the resultant format data of step 954 is encrypt using the session key of step 992 . For added security, an added timestamp can be generated and appended to the cryptogram.
  • the decryption/encryption process of steps 942 - 956 is carried out in memory that is included in terminal 302 .
  • Another option is to carry out the process on token 106 , but this increases the token resource requirements, because token 106 will need to comprise sufficient memory to carry out the process. This can be less desirable, because it can, for example, increase the cost and size of token 106 .
  • Terminal 302 transmits securely to the authentication authority 306 in steps 962 - 970 .
  • the cryptogram can be encrypted by enciphering the cryptogram with the issuer's, or authority's, public key using a public key cipher, such as DSA or Rivest-Shamir-Adelman (RSA), ensuring that only the authentication authority 306 can decipher the cryptogram.
  • a public key cipher such as DSA or Rivest-Shamir-Adelman (RSA)
  • the encrypted cryptogram is transmitted back to authentication authority 306 . Again, this can be over the Internet and additionally can employ SSL.
  • authenticating authority 306 receives the encrypted cryptogram. Authentication authority 306 can then decipher the encrypted cryptogram with its private key in step 970 .
  • Authentication authority 306 can be configured to then validate the cryptogram. This process can, for example, comprise stripping out the timestamp and comparing it to the original time stamp and the current time, as shown in step 982 . If too much time has elapsed, the validation process has expired and authentication has failed. If time has not lapsed, then in step 984 , the unique information and personal identifier can be retrieved as well as the session information.
  • the cryptogram can be verified in a number of ways depending on the method of encoding. For example, if a one-way cipher was employed, the same elements used to generate it can be combined and enciphered. The result can be compared with the cryptogram.
  • the same method described above for validation can also be applied for other types cryptographic combination; however, some types of combinations have additional methods of validation. For instance, if a symmetric cipher was employed, the cryptogram can be decrypted and the elements extracted. Those elements can then be compared to the original elements. In the case were a hash function and a symmetric cipher is used, the relevant elements can be combined and hashed by the hash appropriate function, while the cryptogram is being deciphered. The result of both operations are two hash codes, the former derived from the authentication authority's information and the latter from the cryptogram, i.e., terminal 302 .
  • the same relevant elements can, in step 986 , be mapped into the special format described in step 954 .
  • the same session keys can then be generated as in step 986 .
  • the cryptogram can be partially decrypted using the session key as shown in step 988 .
  • the special format results can be compared in step 990 . If they equate in step 992 , then the authentication is complete and the validation is established. If not, the validation failed. The result of the authentication can then be propagated to the rest of the transaction system.
  • biometric information can be obtained and included in the cryptogram.
  • authentication authority 306 can validate the biometric information. For instance, by decrypting the cryptogram, extracting the biometric information, and verifying it. This, of course, requires authentication authority 306 to have access to a stored reference of the biometric information.
  • the number of authentication factors can be increased depending on the number and types of inputs available to terminal 302 .
  • a high level of security can be achieved due to the use of public key-private key technology, random number generation, and unique session key generation as described above.
  • several layers of security can be implemented in the encryption/decryption process. Accordingly, fraud can be reduced to well within manageable levels using the systems and methods described.
  • a token 106 can be any type of media that can be interfaced with a terminal 102 through a standard input device 104 .
  • One such common input device is the CD drive, or CD R/W drive.
  • token 106 can be a CD media that can be interfaced with terminal 102 through a CD drive.
  • token 106 is actually a mini-CD such as mini-CD 1000 illustrated in FIG. 10 .
  • Mini-CDs are common and, therefore, the dimensions and properties will not be described here.
  • One aspect, however, of mini-CD 1000 that can vary from implementation to implementation is the location of hole 1010 . Hole 1010 allows mini-CD 1000 to be installed in a standard CD drive. Often, hole 1010 will be located in the middle of mini-CD 1000 . It other embodiments and implementations, however, hole 1010 can be offset from center.
  • Mini-CD 1000 includes CD data on one side that is read by a CD drive.
  • the data capacity can be for example 50 Megbytes (Mb). This is often much more than is needed to store the data required for enrollment and authentication as described above.
  • the extra data capacity can be used, therefore, to store advertising information or to other information that can be displayed to the user on their terminal 102 . In fact, this other information can include links to other network addresses or pages.
  • token 106 From a user point of view, it would be preferable to use token 106 for offline as well as online transactions. This reduces the number of tokens that a user must carry and keep track off. But this also means that token 106 needs to be able to fit in conventional credit card readers, for example. Unfortunately, a mini-CD is too thick to fit in conventional card readers. If mini-CD 1000 is made thinner, however, then it will not be readable by conventional CD drives.
  • token 106 comprises a thin mini-CD 1104 that is capable of being read by conventional card readers.
  • thin mini-CD 1104 can be completely compatible with the ISO 7811 standard for plastic cards, e.g., credit cards.
  • Thin mini-CD 1104 can, therefore, work in ATM machines, and conventional credit card readers.
  • thin mini-CD 1104 is 0.78 millimeters (mm) thick. This is too thin, however, for thin mini-CD 1104 to be read by conventional CD drives.
  • a carrier 1100 can be used to allow thin mini-CD 1104 to be read by conventional CD drives. Therefore, thin mini-CD 1104 can be placed in a cutout 1102 within carrier 1100 and then installed in a conventional CD drive. The combined thickness of carrier 1102 and thin mini-CD 1104 is returned to that required by a conventional CD drive, i.e., 1.2 mm.
  • cutout 1102 can vary depending on the embodiment. For example, if hole 1010 included in thin mini-CD 1104 is in the center of thin mini-CD 1104 , then cutout 1102 can be centered within carrier 1102 . But, hole 1010 can be off-center. Therefore, cutout 1102 can be located as required.
  • hole 1010 in thin mini-CD 1104 can be off-center to accommodate a smart card chip.
  • thin mini-CD 1104 can be configured to work in a smart card reader as well as a CD drive. In order to work properly, however, thin mini-CD 1104 must have a smart card chip just like a conventional smart card. If hole 1010 is centered, however, there may not be enough room to accommodate a smart card chip on thin mini-CD 1104 . Therefore, hole 1010 can be placed off-center to allow enough room to accommodate a smart card chip.
  • thin mini-CD In order to work in conventional card readers that are configured to read magnetic strips, thin mini-CD needs to have a magnetic strip. Thus, the position of hole 1010 can also be effected by the location of a magnetic strip included on thin mini-CD 1104 .
  • a users token or card is embossed with an account identifier, for example.
  • the embossing is then used in card imprinting devices in certain situations.
  • Thin mini-CD 1104 , and mini-CD 1000 for that matter cannot, however, be embossed. This is because embossing is achieved from the underside of the card or token. But in the case of thin mini-CD 1104 , the CD readable data is on the underside. Therefore, embossing will destroy the data or the readability of the data.
  • FIG. 1206 illustrates an embodiment of a thin mini-CD 1206 that comprises multiple laminate layers 1202 and 1204 so that thin mini-CD 1206 can in fact be embossed.
  • top layer 1202 is embossed as required.
  • Layer 1204 includes the CD readable data. The two layers are then laminated to form a thin mini-CD 1206 that can be read by a conventional CD drive using carrier 1100 for example, as well as conventional card readers including smart card readers if needed, and also includes embossing.
  • embossing layer 1202 is 0.5 mm thick and CD data layer 1204 is 0.28 mm thick so that combined, they are 0.78 mm thick just like thin mini-CD 1104 .
  • FIGS. 10-12 are by way of example only. Other implementations of the embodiments illustrated in FIGS. 10-12 are possible. Other token embodiments are also required for different types of standard input devices 104 . Although, it should be clear, for example, that similar token 106 embodiments will work in a standard DVD drive as well.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Biomedical Technology (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

An online transaction system configured to implement authentication methods that allow for strong multi-factor authentication in online environments. The authentication methods can be combined with strong security methods to further ensure that the authentication process is secure. Further, the strong multi-factor authentication can be implemented with zero adoption dependencies through the implementation of automated enrollment methods.

Description

    RELATED APPLICATIONS INFORMATION
  • This application claims priority under 35 U.S.C. §119 to U.S. Provisional Application Ser. No. 60/409,422, entitled “Authentication of Online Transactions,” filed Sep. 9, 2002, which is incorporated by reference in its entirety as if set forth herein.
  • BACKGROUND
  • 1. Field of the Inventions
  • The field of the invention relates generally to electronic transactions and more particularly to the authentication of such transactions.
  • 2. Background Information
  • Electronic transactions, including electronic commerce, are becoming more prevalent, fueled of course by increasing Internet use. As the number and type of electronic transactions increase, so to does the need to verify the identity of participants in these transactions. Electronic commerce provides a good example. In a typical electronic commerce scenario, a user uses a web browser running on their computer to access a merchants web page via the Internet. Once the user has accessed the web page, they can typically browse product offerings, select products for purchase, and then purchase the selected products. The purchasing step often requires the user to supply identifying information, e.g., name and address, and a charge account number against which the transaction can be charged.
  • Unlike an off-line transaction, however, the merchant has no ability to verify the identifying information supplied in the electronic commerce scenario. In other words, in an electronic commerce transaction, the merchant cannot verify that the user is who they say they are, or therefore that the charge account belongs to the user making the purchase. In fact, the Gartner Group estimates that in 2001 1.14% of the $61.8 billion in online transactions involved fraud. The resulting $776.34 million dollars in losses is 5-20 times the losses for off-line sales transactions. With U.S. households predicted to spend $184 billion on-line by the year 2004, such losses clearly present a serious problem that is only going to get worse.
  • Fear of fraud, however, may prevent on-line sales from rising to predicted levels. The Gartner group estimates that 1 in 20 on-line customers are victims of credit card fraud. As a result, Jupiter reports that 60% of users avoid using their credit card in online transactions. Further, fraud losses often fall on the merchant, even though the merchant currently has no way to verify the identity provided by the user. Thus, both users and merchants need greater protection from fraud.
  • In response, many major credit card associations have promulgated new authentication mandates to reduce the massive losses resulting from online credit card fraud. While these mandates do not necessarily provide an increased ability to verify the identity of the user, they do shift the liability for fraud to card issuers. Accordingly, card issuers need to reliably authenticate their users when the users are involved in an online transaction.
  • Essentially, the new mandates allow merchants to request that the issuer authenticate the transaction, i.e., verify the identity of the user. The issuer can then, for example, verify the account number and some form of personal identifier, such as a Personal Identification Number (PIN), presented by the user. Once verified, the issuer will authenticate the transaction; however, the issuer is also liable if it turns out that the user is not who they are supposed to be.
  • Unfortunately for issuers, verification methods currently available still fail to match that of off-line transactions. In an off-line transaction, there is strong two factor authentication. The first factor being the actual presence of the card (card present), the second factor being the ability to verify that the person is who they say they are, e.g., via a signature, PIN, photo identification, etc. The combination of physical card presence and evidence of identification can provide sufficient authentication to reduce fraud to acceptable levels. But in the online environment, the first factor—card present verification—is often not available. Therefore, it is difficult even with the new authentication mandates to achieve a satisfactory level of authentication.
  • Physical, or actual, card present detection should be discerned from a card present detection generated in compliance with some of the new mandates. For example, in some of the new mandates, the user provides their account number, which is verified. The user is then requested to supply a PIN. If the PIN verifies correctly, then a “card present” indication is generated; however, the actual presence of the card was not in fact verified. In other words, these new mandates at best provide a surrogate card present verification that is inferior to an actual card present verification.
  • Smart cards, i.e., cards with a special integrated circuit embedded in them, and smart card readers are currently available to address the card present issue in online transactions. A smart card reader can be purchased and connected with a user's computer. During an online transaction, the user can then insert the smart card into the smart card reader, which can then authenticate the smart card.
  • There are, however, several drawbacks to smart card technology. For example, the user must become educated about how to use the smart card. The user is also often required to purchase a smart card reader and attempt to interface the reader with their computer. Alternatively, the user may be forced to pay extra for a computer with a smart card reader already attached or installed. The cost of an exemplary smart card reader can be, for example, $40. And once interfaced with the user's computer, software must typically be downloaded into the smart card reader, which again requires some education of the user regarding how to download and configure the software. Thus, adoption of smart card technology has been slow, e.g., as low as 1% market penetration or lower, and therefore not very effective at reducing fraud.
  • SUMMARY OF THE INVENTION
  • An electronic transaction authentication system allows for multi-factor authentication to reduce fraud and increase the reliability of identity verification. In one aspect, the presence of a card, or token, during an electronic transaction can be authenticated using standard equipment and, therefore, does not require any custom hardware. The token can be configured to work with standard input/output devices for a plurality of terminals that can be used in electronic transactions.
  • These and other features, aspects, and embodiments of the invention are described below in the section entitled “Detailed Description of the Preferred Embodiments.”
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • Features, aspects, and embodiments of the inventions are described in conjunction with the attached drawings, in which:
  • FIG. 1 is a diagram illustrating an online transaction system in accordance with an example embodiment of the invention;
  • FIG. 2 is a diagram illustrating the online transaction system of FIG. 1 in more detail;
  • FIG. 3 is a diagram illustrating an exemplary electronic commerce system configured in accordance with an example embodiment of the invention;
  • FIG. 4 is a flow chart illustrating a method for enrolling a token used in the system of FIG. 3 in accordance with an example embodiment of the invention;
  • FIG. 5 is a flow chart illustrating a more detailed embodiment of the method illustrated in FIG. 4;
  • FIG. 6 is a diagram illustrating an example PIN construction screen that can be displayed on a terminal included in the system of FIG. 3 during the process illustrated in FIG. 5;
  • FIG. 7 is a diagram illustrating an exemplary mapping scheme that can be used in conjunction with the PIN construction screen of FIG. 6;
  • FIG. 8 is a flow chart illustrating a method for authenticating an online transaction in accordance with an example embodiment of the invention;
  • FIGS. 9A and 9B comprise a flow chart illustrating a more detailed embodiment of the method illustrated in FIG. 8;
  • FIG. 10 is a diagram illustrating an example embodiment of a token configured in accordance with one embodiment of the invention;
  • FIG. 11 is a diagram illustrating an example embodiment of a token configured in accordance with another embodiment of the invention; and
  • FIG. 12 is a diagram illustrating an example embodiment of a token configured in accordance with still another embodiment of the invention.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • To help better understand the systems and methods described herein, some specific examples involving electronic commerce over the Internet, i.e., online transactions, are examined below. It should be remembered, however, that the examples provided are not intended to limit the systems and methods described to electronic commerce or Internet implementations. Rather, the systems and methods described can be implemented for any type of electronic transaction that requires authentication.
  • FIG. 1 is a diagram illustrating an example embodiment of an online transaction system 100 configured in accordance with one embodiment of the systems and methods described herein. System 100 comprises a terminal 102 that is configured to engage in an online transaction. Terminal 102 can also be configured to communicate through a communication network 108 with an authentication authority 110 configured to authenticate the electronic transaction. Network 108 can also be used to engage in the online transaction. Alternatively, terminal 102 can be configured to engage in the online transaction over another network.
  • Network 108 can, for example, be the Internet, but it can also be some other type of network. Network 108 can, for example, be a wired, or wireless Wide Area Network (WAN), such as a telephone network, a wired, or wireless Metropolitan area Network (MAN), a wired, or wireless Local Area Network (LAN) or even a wired, or wireless Personal Area Network (PAN).
  • Accordingly, terminal 102 can be any type of terminal configured to communicate over any of the above networks. In one particular embodiment that is discussed in detail below, terminal 102 can be any terminal configured to communicate over the Internet, such as a personal computer, laptop computer, Internet enabled phone, or handled computer, e.g., a Personal Digital Assistant (PDA) with communication capability.
  • Terminal 102 includes a standard input device 104 through which a token 106 can be interfaced with terminal 102. For purposes of this specification and the claims that follow, the term “standard input device” means a standard, or widely adopted device for inputting, or transferring information into a particular type of terminal 102. Thus, for example, if terminal 102 is a personal computer, then standard input device 104 can be a floppy drive, a Compact Disc (CD) drive, a CD Read/Write (R/W) drive, a Digital Video Disc (DVD) drive, or any other type of drive that is commonly included, or interfaced with a personal computer.
  • Token 106 is, therefore, a physical device, such as CD media or USB storage, that can be interfaced with terminal 102 through standard input device 104. Some specific token embodiments are described in detail below. Token 106 is configured to allow authentication authority 110 to verify the presence of token 106, through network 108, once it is interfaced with terminal 102 through standard input device 104.
  • An input device, the only purpose of which is to allow a token, such as token 106, to be interfaced with a terminal, such as terminal 102, to enable an online transaction is expressly not included in the definition of the term “standard input device.” The point being that the systems and methods described herein do not require the cost, integration, or maintenance of specialized hardware in order to ensure a high level of authentication for online transactions. Rather, the systems and methods described herein allow the use of standard equipment to achieve high level authentication.
  • Thus, authentication authority 110 can be configured to verify the presence of token 106 if terminal 102 is engaged in a transaction that requires authentication. Authentication authority 110 can, depending on the embodiment, include or be interfaced with an authentication database 112 configured to store information related to a plurality of tokens 106. The information stored in authentication database 112 can then be used to authenticate transactions involving the plurality of tokens 106. For example, if token 106 comprises credit card information, then authentication database 112 can be configured to store valid credit card numbers. Authentication authority 110 can be configured to then verify both the presence of token 106 and the validity of a credit card number stored thereon.
  • Additionally, the person using terminal 102 can be required to provide a personal identifier, such as a PIN. In which case, information stored in authentication database 112 can also be used to verify the personal identifier provided. Thus, authentication authority 110 can be configured to supply two-factor authentication for electronic transactions involving terminal 102.
  • Verification of other factors can also be incorporated to provide even stronger multi-factor authentication. For example, if terminal 302 includes a biometric reader, such as a fingerprint sensor, then verification of a biometric can also be incorporated to provide multi-factor authentication. Further, other authentication techniques can be included such as digital signature techniques or other public key-private key techniques.
  • Before authentication authority 110 can authenticate a token 106, however, the personal identifier, e.g., PIN, should be “linked” with authentication information available in, for example, a database such as authentication database 112. The process of linking the personal identifier with the account information can be referred to as an enrollment process. Preferably, enrollment is seamless from the point of view of the user. In other words, enrollment should occur automatically, without requiring the user to affirmatively decide to enroll. And once the enrollment process starts, it should be quick, efficient and cause as little inconvenience as possible.
  • It should be pointed out that network 108 can be an unsecured network, e.g., the Internet, communications sent from terminal 102 to authentication authority 110 can be intercepted by an unintended party. Thus, from a security standpoint, it is preferable to encrypt communications between terminal 102 and authentication authority 110.
  • Distribution of tokens 106 can be handled, or initiated, by an issuing authority such as a bank can distribute token 106. For reasons described below, token 106 often is not associated with a user until enrollment takes place. When issued, token 106 can, as illustrated in FIG. 2, comprise client software 222, which can consist of software modules 206-218, and unique information such as: a unique serial number; a message key, e.g., a 192-bit Triple-DES user messaging key; random data, e.g., a 64-byte blob of unique, truly random alphanumeric data, a network address associated with authentication authority 110, e.g., a URL, and an issuer public key. The unique data can be used to link a token 106 to a user during enrollment. Further, after enrollment, the unique data can be used for authentication purposes.
  • Client software 222 can be configured such that correct execution of client software 222 depends on the presence of token 106 in terminal 102. This can be achieved for example, using authentication processes in which the unique information on every token 106 forms the basis for authentication. Thus, in the systems and methods described herein, authentication cannot take place if token 106 is not present in terminal 102.
  • In one specific implementation, client software 222 can also comprises Dynamic Link Libraries (DLL's), such as Active-X DLL's, which can be registered with terminal 102 during installation. The DLL's, together with the unique data, can then provide the functionality to authenticate users.
  • As mentioned, some or all of these modules can be loaded onto terminal 106. Terminal 106 can also include a browser application 204, which can be configured to act as a mediator between authentication authority 110 and software modules 206-212. For example, messages intended for software modules 206-212 can be received by browser application 204 from authentication authority 110 and transported, e.g., via JavaScript, to the appropriate software module 206-212. Responses from software modules 206-212 can then be sent to authentication authority 110 via browser application 204. For example, browser application 204 can be configured to insert the responses into Hyper Text Markup Language (HTML) pages that are then transmitted back to authentication authority 110 via a Hyper Text Transfer Protocol (HTTP) request, such as a POST request.
  • The ability to use a browser application 204, such as a web browser application, allows the systems and methods described herein to integrate seamlessly into conventional online transaction systems. For example, in most conventional online transaction systems, authentication authority 110 implements web-based logon using a browser application and all transmissions between authentication authority 110 and terminals 106 are web-based. It should be noted that in certain embodiments, enrollment is not web based. Thus, as described below, the systems and methods described herein allow for non-web based enrollment.
  • Authentication authority 110 can comprise a login server 202 that can be responsible for handling logon requests from different terminals 106. The authentication information described above can be stored as user profiles in user profile database 224, which can be located within a Hardware Security Module (HSM) 220. HSM 220 can actually be part of login server 202 or it can be separate as illustrated in the example embodiment of FIG. 2. As described in more detail below, user profile database 224 can be configured to store user key values and, after enrollment, information necessary to authenticate a user. User profile database 224 can be part of login server 202 or it can be standalone as illustrated in the example embodiment of FIG. 2.
  • Example implementations of modules 206-212 are now described for purposes of illustration.
  • Autoplay module 206 can, for example, be configured to initiate installation of client software 222 onto terminal 102. For ease of use, it is preferable if the installation process is automated, i.e., does not require user intervention to begin the installation process. A common example of an automated installation process is the process that occurs when a CD is placed into a computer's CD drive. On the typical personal computer, the computer's operating system automatically searches CDs inserted into the CD drive for an autoplay file, which is a “pointer” to an installation program on the CD. Thus, autoplay module 206 can be configured so that it is automatically executed every time token 106 is inserted into terminal 102. This assumes that such an auto play option is enabled within the operating system of terminal 102. Alternatively, the user can be required, or have the option, of manually activating autoplay module 206.
  • As described above, autoplay module 206 can be configured to point to another program that is configured to handle the installation process. In the example embodiment of FIG. 2, the program pointed to by autoplay module 206 is installation module 208. Installation module 208 can, for example, be configured to install client software 222 and register DLL's included therewith on terminal 102. Registration of DLL's can provide a link between the DLL name and its actual location.
  • In one particular embodiment, installation module 208 first checks for existing installations. If no existing installations are detected, installation module 208 starts a new installation. If an existing installation is detected, installation module 208 can be configured, for example, to check if the existing installation corresponds to token 106. For example, to accommodate for the situation in which multiple users are using the same terminal 102 to engage in online transactions each using a different token 106, installation module 208 can be configured to perform a unique installation process for each token 106. Thus, for example, the components installed and/or registered with each installation can be identified by token 106, e.g., using a unique serial number stored on each token 106. Therefore, installation module 208 can be configured to register DLL's and install client software modules 206-218 and associate them with a unique token serial number. If an existing installation is detected and the DLL's and client software modules 206-218 share the same serial number as the ones stored on token 106, then installation module 208 can be configured to forgo reinstalling the DLL's and client software 222.
  • Installation module 208 can be further configured to check if the drive, or interface identification associated with the existing registration matches the drive, or interface presently associated with token 106. If the installation and drive match, then there is no need to reinstall client software 222. Further, newer tokens 106, for example, can comprise updated versions of the DLL's and/or client software modules 206-218. Therefore, installation module 208 can also be configured to detect the version of any previously installed DLL's and/or client software modules. Installation module 208 can be configured to then forgo installation of any DLL's or client software modules that are the same version as those already installed.
  • Installation module 208 can also be configured to determine if token 106 has been enrolled with authentication authority 110. Thus, when the user first interfaces token 106 with terminal 102, installation module 208 can detect if token 106 is enrolled in an authentication program used by authentication authority 110. If enrollment is required, installation module 206 can be configured to call enrollment module 210 to handle the enrollment process. Installation module 208 can also be configured to prompt the user as to whether they want to enroll their token. The user can choose to skip the enrollment process if, for example, they have already enrolled, possibly using another terminal 102. An example enrollment process is described in detail below.
  • Enrollment module 210 can, for example, be configured to interact with logon server 202 via communications module 212. Enrollment module 210 can collect the unique information stored on token 106, e.g., a unique serial number, unique data, and a 192-bit message key, etc. and transmit it to logon server 202. In certain embodiments, enrollment module 210 is only active once, when the user enrolls. Subsequent installations of client software 222 should not require enrollment, because the user information is already captured.
  • Communications module 212 can be configured to interface with logon server 202 so that enrollment information can be exchanged with logon server 202. Thus, in one embodiment, communications module 212 can, for example, be Hyper Text Transfer Protocol/Secure (HTTP/S)-based and can, for example, be responsible for: establishing a connection to the correct logon server 202, e.g., using the network address, or URL, stored on token 106, transmitting enrollment information to logon server 202, and interfacing enrollment module 210 with logon server 202.
  • It should be noted that, depending on the embodiment, browser application 204 can be used to communicate with logon server 202 during authentication, while, as illustrated in the example of FIG. 2, communications module 212 can be used for enrollment. Alternatively, browser application 204 can also be used for enrollment. But using communications module 212 for enrollment instead of browser application 204 can ensure that logon server 202 is valid before enrollment information is sent. Thus, from a security standpoint, using communications module 212 for enrollment is preferred.
  • In one embodiment, trigger module 214 can be passed to terminal 102 from authentication authority 110 and can be configured as the calling function, or “trigger”, that evokes autoplay module 206. In one specific implementation, trigger module 214 can be present within browser application 204, e.g., as a JavaScript that is passed down from the logon server 202 with specific initialization parameters.
  • Trigger module 214 acts as a mediator between logon server 202, browser application 204, and client software 222. Trigger module 214 can be configured to receive responses from client software 222 and then, for example, force a POST of the responses within browser application 204 to logon server 202. Trigger module 214 can also, for example, be configured to initiate message format module 216 whenever it posts messages to logon server 202.
  • Message format module 216 can form the main control loop for client software 222. Message format module 216 can be configured to initiate cryptographic module 218 and check responses therefrom. Message format module 216 can also be configured to execute cryptogram extraction on messages received from authentication authority 110. Message format module 216 can also be configured to format responses so that they can be interpreted by logon server 202 and to perform a first-run test to ensure that messages are valid, so that no additional action is taken if they are not.
  • Cryptographic module 218 can be configured as the security core of client software 222. As described below, authentication of token 106 can require a cryptogram to be generated. Thus, cryptographic module 218 can be configured to perform this task. A specialized security library (not shown) of cryptographic functions can be included on token 106, and installed on terminal 102 depending on the embodiment. Cryptographic module 218 can be configured to rely on the security library (not shown) to perform cryptogram generation.
  • Some example processes that Cryptographic module 218 can be responsible for include: importing message keys from token 106, mediating access to cryptographic objects via a secure kernel, performing encryption, performing decryption, performing key derivation from a user password, creation of cryptograms, overall security features, including memory page locking, object access control, attribute encryption, and data enveloping, to name just a few.
  • FIG. 3 illustrates an exemplary online transaction system in more detail. Example enrollment and authentication methods will be explained in connection with system 300. System 300 comprises a merchant server 304 interface with a user terminal 302. System 300 also comprises an issuer authority 306, a directory 312, and a acquirer authority 308.
  • For purposes of explanation, it is assumed that terminal 302 is a computer, e.g., a desktop or laptop computer. Terminal 302 comprises a standard input device for interfacing with a token 106 as described above. Thus, a user can use their terminal 302 to go online and browse items offered by a merchant through merchant server 304. Often, therefore, merchant server 304 will be a web server configured to display web pages that present a merchant's offerings to users who access merchant server 304 using a web browser installed on their terminal 302.
  • Once the user selects an item to purchase, they normally supply some type of charge account information through their browser to merchant server 304 to make the purchase. For purposes of this specification and the claims that follow, the term “charge account” can mean any type of account against which charges can be posted. Thus, for example, it can be a credit account or a bank account.
  • Often, the transaction described above is completed by providing an account number that corresponds to a card, or token that is issued in relation to the charge account being used for the purchase. For example, the user can be issued a credit card in association with a credit account. Thus, the user can supply the credit card number to merchant server 304. More generically, however, it can be said that the user supplies a token identifier, i.e., some identifier or serial number associated with a token issued to the user, e.g., in connection with a charge account used by the user to make a purchase.
  • The term “token” is used to indicate that the systems and methods described herein are not limited to credit cards, or any other type of cards. Rather, the systems and methods described herein can be used with a variety of physical devices that are configured to store charge account, or other, information used in online transactions. Any of these various physical devices can be described as a token. Some specific types of token are described in detail below, but for purposes of illustration it can be assumed that token 106 can be read by a CD drive. Thus, in the example of FIG. 3, all the user has to do to is insert their token 106 into the CD drive of their computer 302.
  • Issuer authority 306 can be the institution that issued token 106 to the user. Accordingly, issuer authority 306 can comprise a server and can comprises, or have access to, information related to token 106 and to the user account associated with token 106.
  • Acquirer authority 308 is associated with the merchant of merchant server 304. Acquirer authority 308 is responsible for handling some of the overhead involved with charge account transactions handled by the merchant.
  • In a conventional online transaction, merchant server 304 must attempt to verify the authenticity of the token identifier supplied by the user. Under some of the new authentication mandates, merchant server 304 can query a directory 312 to verify the participation of the token issuer in one of the new authentication programs that comply with the new authentication mandates. Directory 312 can, therefore, be configured to store information related to tokens 106 issued by issuers. For example, for the situation were the tokens 106 are credit cards or the like, directory 312 can be associated with a credit card association. Each issuer authority 306 can then be configured to update directory 312 with information about issued tokens 106.
  • Thus, when merchant server 304 queries directory 312, directory 312 can be configured to determine whether the token identifier is in a participating identifier range, i.e., is associated with an issuer authority that is participating in the authentication program. If the token is in a participating range, then directory 312 can be configured to query the appropriate issuer authority 306 to validate the token and send a response back to merchant server 304.
  • Once merchant server. 304 receives a response from directory 312, it can be configured to send an authentication request to issuer authority 306, i.e., issuer authority 306 can be configured to act as an authentication authority 110. The authentication request, can be directed to issuer authority 306 via terminal 302, e.g., via browser 204 running on terminal 302. Issuer authority 306 can be configured to then query terminal 302 for a password, or some other form of personal identifier. The user can then enter the password and terminal 302 can transmit it to issuer authority 306, which can be configured to verify the password.
  • Issuer authority 306 can be configured to then transmit an authentication response to merchant server 304, for example, through the user's browser 204. Merchant server 304 can receive and validate the authentication response. If authentication was successful, then merchant server 304 can be configured to transmit certain data to acquirer authority 308 and complete the transaction.
  • As can be seen, the new mandates provide stronger authentication for online transactions through the verification of an additional factor, namely a password; however, it is generally understood that a password, used in the way described, provides very weak authentication because passwords are easily accessed or “cracked”. Further, the online security of passwords is weak, because a server on which they are stored can be “hacked” into or they can be intercepted as they pass from device to device. Thus, while the new mandates supply better authentication than before, they still do not approach that of off-line transaction, where strong two-factor authentication can be achieved.
  • To overcome these and other issues and to strengthen the authentication for online transactions, the systems and methods described herein provide the means to achieve strong multi-factor authentication with a high level of security. First, however, an example enrollment process is described, because a token 106 should first be enrolled before it can authenticated.
  • As mentioned above, in order to obtain the strong multi-factor authentication using a personal identifier, the personal identifier must be linked with token 106. For example, if token 106 is a charge card capable of being interfaced with a computer 302 and the personal identifier is a PIN, then the PIN should be linked with the charge card account information stored on, or interfaced with, issuer authority 306. If the PIN is linked with the charge card account, then issuer authority 306 can, for example, verify the PIN in conjunction with verifying the presence of token 106. This allows issuer authority 306 to authorize online transactions using strong two-factor authentication.
  • FIG. 4 illustrates an exemplary method for implementing online enrollment in accordance with the systems and methods described herein. It is assumed that issuer authority 306 will act as the enrollment authority; however, a separate, or third party enrollment authority can also be used. First, in step 402 a user inserts a token 106 into a standard input device interfaced with terminal 302. This could be, for example, the first time a user attempts to use token 106 in an online transaction. In step 404, token 106 can be configured to automatically load client software 222 onto terminal 302, as described above.
  • In step 406, the user can be prompted to enter identifying information. For example, the user can be prompted to enter their banking or account information so that issuer authority 302 can verify the identity of the user. Thus, the identifying information can include name, address, account number (or token identifier), expiration date, mother's maiden name, identity number, etc.
  • In step 408, the user can establish a personal identifier that will be shared with issuer authority 306 and linked with the account information. This is described in more detail below.
  • Client software 322 can be configured to automatically establish a connection with issuer authority 306, in step 410, using, for example, a URL stored on token 106, and then automatically transmit the personal identifier, identifying information, and depending on the embodiment, a unique information stored on token 106 to issuer authority 306, in step 412.
  • In step 414, issuer authority 306 matches the identifying information against information stored in a profile associated with the user's account stored on, or interfaced with, issuer authority 306, e.g., in a user profile database 224. If the identifying information matches the stored information, issuer authority 306 can be configured to link the personal identifier, and possibly some or all of the identifying information and unique information, with the profile in step 416. The personal identifier can then be used to authenticate an online transaction engaged in using token 106. And because the personal identifier has been linked with the account profile, strong multi-factor authentication can be achieved.
  • Thus, by combining the enrollment methods just described with the authentication methods described herein, strong multi-factor authentication as well compliance with new authentication mandates can be achieved. Moreover, the multi-factor authentication and compliance with the new mandates can be achieved with zero adoption dependencies. In other words, no new hardware is required, nor does the user need to be educated on new software or hardware. Accordingly, the systems and methods described herein are easy to use, easy to adopt, and easy to deploy. In fact, a token issuer can, for example, simply mail out tokens 106 without fear they will be lost or stolen, since the tokens 106 are useless, i.e., not associated with an account, until the enrollment process is complete. Further, because the user needs to supply the identifying information, it is very unlikely that someone other than the intended user will be able to complete the enrollment process. Once the user gets an issued token 106, they are ready to start using it because enrollment will automatically be taken care of the first time they attempt to use their token 106, and all the user needs to do is simply follow the prompts displayed on their terminal 302.
  • Not only does the issuer no longer need to worry that an issued token will be stolen or lost in the mail, there is also no longer any need to send a password or PIN, i.e., a personal identifier, to the user. This is because the user can create their personal identifier during enrollment. Therefore, the issuer also does not need to worry about the user's personal identifier ending up in the wrong hands. As a result, issuance is made simpler, less risky, and less burdensome for both the issuer and the user.
  • Because client software 222 stored on token 106 can be configured to automatically establish a connection with the enrollment authority, the problem of spoofing is also eliminated. Spoofing is when someone creates a web page intended to look like another web page, such as an issuer's enrollment web page. The spoofer tricks a user, for example, into visiting their fake web page thinking it is the real web page. In this scenario, someone could spoof an issuer's enrollment page and then send an email to a user containing a link to the spoofed page. The email may ask the user to click on the link and then, once connected to the spoofed page, provide their personal identifier, account information, identifying information, etc., for enrollment purpose. But once the information is entered, the spoofer has all the information they need to fraudulently access and use the user's account. By implementing the systems and methods described herein, however, the user never has to click on a link and, therefore, spoofing can be prevented.
  • FIG. 5 is a flow chart illustrates a specific implementation of an enrollment process using software modules 206-218. The flow chart of FIG. 5 illustrates the interaction between the various software modules 206-218 as they execute the example steps involved in the enrollment process. It is also assumed that issuer authority 306 is acting as the enrollment authority.
  • First, in step 502, a user interfaces their token 106 with their terminal 302, which can for example invoke autoplay module 206, i.e. autoplay module 206 can be activated by the operating system of terminal 302. If the user does not have the option of auto play enabled, then token 106 can comprise a software program configured to display instructions to the user asking them to run a setup program stored on token 106. Such setup programs are often named setup.exe and are often stored on the root directory of token 106. If the auto play option is enabled, then autoplay module 206 can be configured to automatically run such a setup.exe file stored on token 106.
  • In one implementation, if a problem is experienced installing client software 222, then the operating system can report that installation failed, e.g., that the setup.exe file could not be executed. Instructions stored on token 106 can then be displayed to inform the user of the appropriate procedure that should be followed in such a situation. Alternatively, autoplay module 206 can be configured to report installation failure if it was the calling mechanism for the setup.exe file.
  • Next, in step 504, autoplay module 206, or the setup.exe program, can call installation module 208. In one example implementation, installation module 208, after it has been called in step 504, begins, in step 506, by checking the registry of terminal 302 to determine if there are any current installations of client software 222. As explained above, this can comprise checking to see if any current installations share the same serial number as that associated with token 106. This step can also comprise checking component versions, to ensure that the component versions associated with token 106 match the versions of any current installations.
  • Thus, in one implementation, there can be two results in step 506: installation module 208 can determine that client software 222 is installed and that the serial number, versions, etc. are the same, or that client software 222 is not installed, or is installed but the serial numbers, versions, etc. do not match. If the later is true, then installation module 208 can be configured to register the DLL's and install client software modules 206-218 included with token 106. Registering the DLL's can comprise forming a registry link between the name and CLS-ID of a DLL and the physical path to the DLL. In a Microsoft windows based operating system, for example, installation module 208 can be configured to call regsrv32, which can then perform the DLL registration.
  • Installation module 208 can be configured to then make a registry entry on terminal 302, using a serial number associated with token 106. For security, the serial number can be encrypted.
  • Thus, the installation can result in a successful registration or an error. If installation results in an error, installation function 208 can be configured to prompt the user to retry or cancel the operation. If the user wants to retry, then the installation procedure can be repeated. If the user decides to cancel, then the process can, for example, jump to step 536, which is described in detail below. If on the other hand, the installation was successful, then installation module 208 can be configured to determine if token 106 has been enrolled with issuer authority 306 in step 508.
  • In one example embodiment, if token 106 is already enrolled, then a value can be set in the registry of terminal 302 indicating that such is the case. For example, the value can be generated based on a scrambled version of the serial number associated with token 106. In certain implementations, the user can indicate that he does not wish to be asked to enroll. If the user has so indicated, then the value stored in the registry can, for example, indicate that such is the case. Thus, in step 508, depending on the implementation, installation module 208 can determine, e.g., based on a registry value, that token 106 is enrolled, that it is not enrolled, or that the user does not wish to enroll their token 106.
  • If installation module 208 determines that token 106 is enrolled, then the process can jump to step 534, which is explained in detail below. If the user does not wish to enroll, then the process can jump to step 536. If, on the other hand, installation module 208 determines that token 106 is not enrolled, then installation module 208 can be configured to prompt the user to enroll their token 106.
  • If the user chooses to enroll their token 106, then installation module 208 can be configured to call enrollment module 210, in step 510, at which point, enrollment module 210 takes over. In one specific implementation, enrollment module 210 prompts the user to enter their identifying information, e.g., banking details, in step 512, so that an account can be linked to token 106 and the user. In step 514, the user can enter their identifying information and enrollment module 210 can be configured to ensure that the identifying information provided is in the correct format. The format can, for example, be issuer specific. If enrollment module 210 determines that the details are not in the correct format, then the user can be prompted to re-enter them.
  • The user can cancel the process either when initially prompted to enter their identifying information or if they are prompted to re-enter it. In which case, the process can jump to step 536.
  • As explained in more detail below, a session key, such as a 192-bit Triple-DES session key, can be generated at this point. The session key can then be used for encryption in the following steps.
  • Next, the user can be asked to create a personal identifier that will be associated with their account and token 106, and that will be used later on to authenticate online transactions using token 106. In this example, the personal identifier is a PIN; however, it will be understood that the personal identifier can take a variety of forms. In step 516, enrollment module 210 creates a PIN entry screen that is displayed to the user.
  • The PIN entry screen can be used by the user to construct their PIN in step 520. An example PIN entry screen 600 configured to allow the user to generate a graphical PIN is illustrated in FIG. 6. PIN entry screen 600 comprises a field of dots 602 that the user can “click” on to construct a graphical PIN. For example, once PIN entry screen 600 is displayed, the user can be prompted to click on the dots to generate a pattern. In the example of FIG. 6, the user has created a pattern consisting of squares 604 and 606.
  • Each dot in field 602 can be mapped to a co-ordinate value as illustrated by table 700 in FIG. 7. Thus, the pattern of FIG. 6 maps to the following co-ordinates: (1,1)(2,1)(2,2)(1,2)(4,4)(5,4)(5,5)(4,5). With every click, the co-ordinates can be mapped and encrypted with the session key mentioned above.
  • Once the user has generated a graphical PIN, he can attempt to submit it by, for example, clicking on the submit button 608. Enrollment module 210 can be configured to then validated the PIN based on certain criteria, such as length. The criteria can, for example, be based on criteria promulgated by the issuer of token 106. If validation fails, the user can retry the operation. Alternatively, the user can, for example, click on cancel button 610 to end the process. If cancel button 610 is clicked, then the process can jump to step 536. In which case, terminal 302 memory can be cleared of all account information previously entered.
  • It should be noted that the systems and methods described herein are not limited to the use of graphical PINs or to PINs in general. Thus, other personal identifiers and personal identifier creation techniques can also be used.
  • If the PIN entered in step 520 is validated, then enrollment module 210 can be configured to prepare a “enrollment form”. The enrollment form can, for example, comprise the PIN co-ordinates, a token serial number, random data stored on token 106, and a message key. Communications module 612 can then be invoked, in step 524, in order to transmit the enrollment form to the enrollment authority, which can be issuer authority 306. But first, the enrollment form information can be encrypted for security. Encryption can comprise the following steps: first, all the enrollment form information is encrypted with the session key. In one implementation, a user account number and an account identifier are used to derive a 192-bit Triple-DES session key. This can, for example, be achieved by hashing the account identifier and the last four digits of the user account number into a 64-bit key and using three equal keys for Triple-DES encryption. The token serial number, random data, message key, and PIN co-ordinates can then be concatenated and encrypted with the three equal keys to form a cipher.
  • In step 526, a network address, in this case a URL, is obtained from token 106. The URL can, for example, comprise the following format: http://www.someacs.com/RegistereCard.asp?AccNum=123456789012345&Info=anmdsa#@!#dsjkajdlskajdksla. As can be seen, two parameters are included in the query string of this example URL. The first is the user account number and the second is the cipher that was described above. Communications module 212 can be configured to use the URL constructed above to establish a connection with issuer authority 306 and then transmit the enrollment information to issuer authority 306, in step 528. If this step fails, then the user can be prompted to retry. Alternatively, the process can simply jump to step 536 and exit, or the user may decide to end the enrollment process in response to the retry prompt, which can again can cause the process to jump to step 536.
  • If no errors occur during transmission, then issuer authority 306 can be configured to take over at this point. A connection with issuer authority 306 is established as described, so an active (secure) session is assumed to exist. The following steps are an overview of the processing that can take place on issuer authority 306, i.e., by the enrollment authority. Specific implementation details, however, will depend on the enrollment authority and/or on the particular issuer authority 306.
  • Issuer authority 306 can verify the account number and cipher. Assuming the account number and cipher are verified, then issuer authority 306 can determine whether the user has already enrolled. In one implementation, issuer authority 306 can not allow enrollment of a previously enrolled user, unless the user's token 106 has been lost or disabled. If issuer authority 306 determines that the user is already enrolled, and the user's token has not been lost or disabled, then issuer authority 306 can simply return a successful enrollment message in step 532.
  • If, on the other hand, issuer authority 306 determines that the user is not previously enrolled, then issuer authority 306 can be configured to verify the existence of an account corresponding to the account number provided in step 528. If the account number can be verified, then issuer authority 306 can extract the PIN information provided in step 528. If the information provide in step 528 is encrypted, then issuer authority 306 can derive the same session key as used to encrypt the information, e.g. concatenating the last 4 numbers of the account identifier and the account number. Then using the result to produce a 192-bit Triple-DES key comprising three equal 64-bit keys.
  • Once the session key has been derived, issuer authority 306 can attempt to decrypt the cipher. If the cipher can be decrypted, the enrollment information can, for example, be assumed valid. If the cipher cannot be decrypted, the enrollment information can be assumed invalid. Further, once the information is decrypted, issuer authority 306 can be in possession of the enrollment information, e.g., token serial number, random data, message key, and the PIN.
  • Issuer authority 306 can be configured to then determine if the enrollment information comprises the correct format. If the format is correct, then issuer authority 306 can be configured to store the enrollment information in a user profile. Finally, the PIN is linked with the user profile. When it is subsequently received from a terminal, issuer authority 306 can verify the identity of the user base don the PIN. In one implementation, the PIN is encrypted with the session key before it is stored in the user profile.
  • Next, the results of the enrollment process can be communicated to terminal 302. Thus, in step 532, communications module 212 can receive a response from issuer authority 306. Clearly, the enrollment can either be successful or unsuccessful. If enrollment was successful, then the user can be notified in step 534. If it was unsuccessful, then the user can be prompted to re-enter information or to start over. A unsuccessful registration can result for a variety of reasons, such as incorrect information supplied too issuer authority 306, a communications failure between terminal 302 and issuer authority 306, etc.
  • In step 536, execution of installation module 208 and autoplay module 206 is terminated and, assuming enrollment was successful, the user is ready to use their token 106 in online transactions. First, however, installation module 208 can be configured to delete all registration entries made on terminal 302 during the enrollment process. This is an added security feature. Because the registration entries are deleted, there is nothing stored on terminal 302 that can be accessed, e.g., by a “hacker”, and used to fraudulently gain access to the user's account or account information.
  • An example authentication process will now be described. Preferably, authentication should provide verification of more than one factor so that strong multi-factor authentication is achieved. Thus, authentication preferably verifies that token 106 is present and that the user is who the user is supposed to be, i.e., the user to whom token 106 was issued. The latter factor can be achieved via a static password, as explained above, or using, for example, a certificate stored on token 106. The use of certificates for identification/authentication is well known and will not be discussed here. But as mentioned, these techniques do not necessarily offer the strong authentication required to reduce fraud. Thus, it is preferable if a personal identifier generated during enrollment and linked with the user's user profile, as described above, is used for authentication.
  • FIG. 8 is a flow chart illustrating an example authentication process according to one embodiment of the system and methods described herein. The process begins in step 802 when an authentication authority receives a request to authenticate an electronic transaction. For purposes of illustration, it will be assumed that the electronic transaction is an online transaction occurring in system 300. Thus, issuer authority 306 can act as the authentication authority and the authentication request can originate with merchant server 304.
  • Once issuer authority 306 receives the authentication request in step 802, it can send an authentication message to terminal 302 in step 804. The purpose of the authentication message is to illicit from terminal 302 information that can be used to authenticate the transaction. The information should allow issuer authority 306 to verify the presence of token 106 and the identity of the user. Thus, in step 806, terminal 302 can prompt the user to interface their token 106 with terminal 302. Once token 106 is interfaced with terminal 302, terminal 302 can extract information from token 106 that can be used to verify the presence of token 106. For example, certain unique information can be stored on token 106 that once validated by issuer authority 306 will verify that token 106 was present and interfaced with terminal 302.
  • In addition, the user should supply some form of personal identifier, such as a PIN, that has been linked with information stored on or interfaced with issuer authority 306 and that will allow issuer authority 306 to verify the identity of the user. Thus, in step 810, the user is prompted to supply the personal identifier.
  • The unique information and the personal identifier can then be sent to issuer authority 306; however, from a security standpoint, it is preferable if the information is encrypted before it is sent to issuer authority 306. Any conventional encryption technique or combination of techniques can be used for encryption, but in the embodiment of FIG. 8, a transactional unique session key is generated in step 812 and used to encrypt the information in step 814.
  • The term transactional unique means that a different session key is generated for every transaction entered into in system 300. Security can be enhanced by using a transactional unique session key to encrypt the information, because the transactionally unique session key is not stored anywhere that it can be accessed by the wrong party and then used to intercept and decode the authentication information. Generation of the session key and example encryption techniques are discussed more fully below.
  • The encrypted information is then sent to issuer authority 306 in step 816. Issuer authority can then decrypt the received information, using the session key, in step 818. Once the information is decrypted, it is validated in step 820 to verify that token 106 is present and that the user is who they say they are. If the verification is successful, then issuer authority 306 can authorize the transaction in step 822.
  • FIGS. 9A and 9B comprise a flow chart illustrating a specific implementation of secured multi-factor authentication in accordance with an example embodiment of the systems and methods described herein. The authentication process can be triggered when the authentication authority 306 receives a request message. This request messages preferably includes transaction information from the merchant. The authentication authority 306 then generates constructs a request message to solicit a cryptogram, i.e., a predetermined encrypted combination of pieces of information, from the user terminal. The generation of this request message in this embodiment is described in steps 902-914. This request message is preferably transmitted over a secure communication channel, while this transmission can, for example, take place over the Internet, a WAN, or a LAN using a secure sockets layer (SSL), or over a Wireless LAN using Wired Equivalent Privacy (WEP), this embodiment adds protection by using encryption as described in steps 922-932. The user terminal upon receiving a valid request constructs a cryptogram which can be used to validate a plurality of factors, which is described for this embodiment in steps 942-956. The cryptogram is preferably transmitted over a secure communication channel. Once more, this preferred embodiment adds additional encryption, as described in steps 962-970, to what can be a channel already protected by SSL. The authenticating authority 306 verifies the various desired factors at the user terminal by validating the cryptogram, described in this embodiment in steps 982-992.
  • By coordinating the encryption /decryption process between the authentication authority 306 and terminal 302, secure, multi-factor authentication can be achieved that increases the level of authentication and that is easy to implement with very little overhead. Accordingly, fraud can be reduced significantly.
  • The example process of FIGS. 9A and 9B begins in step 902 with the authentication authority 306 receiving an authentication request. Authentication authority 306 can be configured to then extract, in step 904, certain information related to the transaction from the request. For example, in one particular implementation, authentication authority 306 can be configured to extract transaction information such as a purchase amount, the merchant's country code, a transaction currency code, and the transaction date.
  • Authentication authority 306 can, for example, generate a one time random, or pseudo random, number in step 906, which is used to cryptographically strengthen the authentication process by making it significantly more difficult for an eavesdropper to detect patterns in repeated transmissions. Authentication authority 306 can further strengthen the authentication process by generating a timestamp in step 908, which can be used to set a time limit on the authentication process, thereby reducing the exposure to potential attack.
  • In step 910, authenticating authority 306 can further extend trust in its credentials by generating an electronic signature. An example of this is to form a hash code by concatenating a collection of some or all of: transaction information, time stamp, random, or pseudo random, number, and applying a cryptographic hash, such as SHA-1 (Secure Hash Algorithm) or MD-5 (Message Digest Algorithm). This hash code is then encoded by using a public key decoder (using the authority's private key), yielding a signature.
  • In step 912, a message key can then be retrieved, for example, from a database within the authentication authority 306. In step 914, authentication authority 306 can then take the transaction information, time stamp, random, or pseudo random, number, and electronic signature and generate a plaintext request message. For example, in one particular implementation, the plaintext request message is first generated by combining, e.g., concatenating, the session information. It should be noted that for security purposes it is desirable for the session information to be ephemeral, that is relevant only for this transaction.
  • The plaintext request message is now ready to be transmitted to terminal 302 as a request for cryptogram. The plaintext request message is preferably transmitted over a secure communication channel. In one embodiment, therefore, the communication channel is the Internet, which can be secured by using a secure sockets layer (SSL). The process of FIGS. 9A and 9B can, however, also allow for further security steps.
  • By first encrypting the plaintext request message using the message key (retrieved in step 912) as illustrated in step 922. The plaintext request message can then be encrypted using the following algorithm:
    O=E k(I)  EQ.(1)
  • where: k=the message key;
      • Ek=an encryption algorithm, such as a Triple-DES algorithm, using the message key, k;
      • I=the concatenated information; and
      • O=the output.
  • Authenticating authority 306 can now send the encrypted plaintext request message over the communication channel, as shown in step 924. In step 926, terminal 302 receives the encrypted plaintext request message. In order to decrypt the received message, a message key needs to be retrieved from token 106. Thus, for example, if token 106 is not interfaced with terminal 302, a prompt can be displayed to the user asking them to interface their token 106. Once token 106 is interfaced, the message key can be retrieved in step 930. It is preferable for the message key to reside on a removable medium such as token 106, so that the message key resides in terminal 302 only during the transaction process thereby limiting its exposure to potential hacker attack. In step 932, using the retrieved message key, the received request message can be decrypted.
  • It should be recalled from FIG. 8 that reception of the request message can act as a triggering action that causes terminal 302 to enroll token 106 if it is not already enrolled. Additionally, upon receiving the request message, terminal 302 can proceed to extract the session information in step 942.
  • In step 944, terminal 302 can, for example, use the extracted time stamp to synchronize its own session clock. The session clock does not, however, need to be the system clock of terminal 302. Rather, it can be a dedicated clock used for the purposes of authentication.
  • Preferably, the session information is additionally used to validate the integrity of authentication authority 306, e.g., validate the electronic signature, in step 946. This can comprise concatenated and cryptographically hashing the session information, as described in step 910. The resulting digital signature is then encoded with the public key, using a public key algorithm such as the Digital Signature Algorithm. Since the hash code was “pre-decoded” by the private key, encoding it yields the original hash code which can be compared to the one just generated. Since only the owner of the private key can decode a message, the validity of the sender, i.e., the authentication authority, is proven.
  • Next, in step 948, the user can be prompted to input a personal identifier, such as a PIN. In general, the personal identifier is some type of password or secret number that is associated with the user, but may include additional factors such as biometric parameters or a graphical PIN. It can also be a response to a cryptographic challenge if one were included among the session information, in effect, a digital signature. Association of the personal identifier with the user is explained with respect to enrollment.
  • The cryptogram can be formed by cryptographically combining, in step 950, selected information, such as the personal identifier described above, unique information extracted from token 106, and ephemeral session information described above. It should also be noted that the cryptogram should include at least one personal identifier to establish the presence of the person, and at least one unique element to establish the presence of the token. Further, it should be noted that both the unique information and the personal identifier tend to be persistent, secret, and shared between the user and authenticating authority 306.
  • Cryptographic module 218 can, for example, be configured to generate the combined cryptogram in such a way that it is difficult to synthesize another set of elements to yield the same cryptogram, so that it is difficult to retrieve any information about the elements, including full or partial retrieval of some or all of the constituent elements. Some example methods of cryptographic combination that can accomplish these goals, include: the concatenation of elements and encryption with a one-way cipher, i.e., a cipher for which encryption is easy, but decryption is not feasible; concatenation of elements with the application of a hash function, i.e., a function which transforms data into a representation, usually a shorter message that, again, is easy to encrypt, but hard to decrypt, and that is collision-free, i.e., not feasible to find another set of elements with the same representation; concatenation of elements with a symmetric cipher, i.e. a cipher using the same private key for encryption and decryption, where select shared elements can be used to generate keys; and concatenation of elements, a second hash function, and a symmetric cipher, and again the keys can be generated from select shared elements. The example embodiment of FIGS. 9A and 9B employs the latter.
  • In this embodiment, the time stamp, one-time random, or pseudo random, number, and personal identifier can be used to generate a symmetric session key, in step 952. For instance, the PBKDF1 (password based key derivation function), as described in the Public Key Cryptographic Standards #5 (PKCS #5), using the SHA-1 hash function can be used to generate three 64 bit keys. These three keys form the requisite 192 bit key used in DES-EDE or DES-EEE, two forms of the Triple-DES cipher. To clarify, a Triple-DES cipher incorporates three DES ciphers, each requiring a key; hence, each of the 64 bit component keys are used in each of the three internal DES ciphers.
  • In step 954, a hash function can form two strings. The first string concatenates select bits, or digits, from the PIN, the one-time random, or pseudo random, number, and the serial number of token 106, and additional unique information stored on token 106. The second string concatenates select bits from the one-time random number, the time stamp, and other unique information stored on token 106 but not used in the first string. These two strings are then combined using an exclusive-or (XOR) operation to result in a special format. The value of the hash function is that some information is not included in case the cryptogram is somehow compromised. In step 956, the resultant format data of step 954 is encrypt using the session key of step 992. For added security, an added timestamp can be generated and appended to the cryptogram.
  • Preferably, the decryption/encryption process of steps 942-956 is carried out in memory that is included in terminal 302. Another option is to carry out the process on token 106, but this increases the token resource requirements, because token 106 will need to comprise sufficient memory to carry out the process. This can be less desirable, because it can, for example, increase the cost and size of token 106.
  • Terminal 302 transmits securely to the authentication authority 306 in steps 962-970. Thus, in step 962, the cryptogram can be encrypted by enciphering the cryptogram with the issuer's, or authority's, public key using a public key cipher, such as DSA or Rivest-Shamir-Adelman (RSA), ensuring that only the authentication authority 306 can decipher the cryptogram. In step 964, the encrypted cryptogram is transmitted back to authentication authority 306. Again, this can be over the Internet and additionally can employ SSL. In step 966, authenticating authority 306 receives the encrypted cryptogram. Authentication authority 306 can then decipher the encrypted cryptogram with its private key in step 970.
  • Authentication authority 306 can be configured to then validate the cryptogram. This process can, for example, comprise stripping out the timestamp and comparing it to the original time stamp and the current time, as shown in step 982. If too much time has elapsed, the validation process has expired and authentication has failed. If time has not lapsed, then in step 984, the unique information and personal identifier can be retrieved as well as the session information.
  • Once these elements are retrieved, the cryptogram can be verified in a number of ways depending on the method of encoding. For example, if a one-way cipher was employed, the same elements used to generate it can be combined and enciphered. The result can be compared with the cryptogram.
  • The same method described above for validation can also be applied for other types cryptographic combination; however, some types of combinations have additional methods of validation. For instance, if a symmetric cipher was employed, the cryptogram can be decrypted and the elements extracted. Those elements can then be compared to the original elements. In the case were a hash function and a symmetric cipher is used, the relevant elements can be combined and hashed by the hash appropriate function, while the cryptogram is being deciphered. The result of both operations are two hash codes, the former derived from the authentication authority's information and the latter from the cryptogram, i.e., terminal 302.
  • In embodiment of FIGS. 9A and 9B, the same relevant elements can, in step 986, be mapped into the special format described in step 954. The same session keys can then be generated as in step 986. The cryptogram can be partially decrypted using the session key as shown in step 988. The special format results can be compared in step 990. If they equate in step 992, then the authentication is complete and the validation is established. If not, the validation failed. The result of the authentication can then be propagated to the rest of the transaction system.
  • A couple of general points should be carefully noted. First, using the authentication process described, strong two factor authentication is achieved, because the authentication authority has verified that the token was present, and that the user is who they say they are through use of the personal identifier.
  • Second, other factors such as a biometric can also be verified. For example, if terminal 302 comprises a biometric input such as a fingerprint sensor, then biometric information can be obtained and included in the cryptogram. Once the cryptogram is received, then authentication authority 306 can validate the biometric information. For instance, by decrypting the cryptogram, extracting the biometric information, and verifying it. This, of course, requires authentication authority 306 to have access to a stored reference of the biometric information. Thus, the number of authentication factors can be increased depending on the number and types of inputs available to terminal 302.
  • Third, a high level of security can be achieved due to the use of public key-private key technology, random number generation, and unique session key generation as described above. In fact, several layers of security can be implemented in the encryption/decryption process. Accordingly, fraud can be reduced to well within manageable levels using the systems and methods described.
  • Some example token embodiments will now be described. As explained above, a token 106 can be any type of media that can be interfaced with a terminal 102 through a standard input device 104. One such common input device is the CD drive, or CD R/W drive. Thus, in one embodiment, token 106 can be a CD media that can be interfaced with terminal 102 through a CD drive. In one specific embodiment, token 106 is actually a mini-CD such as mini-CD 1000 illustrated in FIG. 10. Mini-CDs are common and, therefore, the dimensions and properties will not be described here. One aspect, however, of mini-CD 1000 that can vary from implementation to implementation is the location of hole 1010. Hole 1010 allows mini-CD 1000 to be installed in a standard CD drive. Often, hole 1010 will be located in the middle of mini-CD 1000. It other embodiments and implementations, however, hole 1010 can be offset from center.
  • Mini-CD 1000 includes CD data on one side that is read by a CD drive. The data capacity can be for example 50 Megbytes (Mb). This is often much more than is needed to store the data required for enrollment and authentication as described above. The extra data capacity can be used, therefore, to store advertising information or to other information that can be displayed to the user on their terminal 102. In fact, this other information can include links to other network addresses or pages.
  • From a user point of view, it would be preferable to use token 106 for offline as well as online transactions. This reduces the number of tokens that a user must carry and keep track off. But this also means that token 106 needs to be able to fit in conventional credit card readers, for example. Unfortunately, a mini-CD is too thick to fit in conventional card readers. If mini-CD 1000 is made thinner, however, then it will not be readable by conventional CD drives.
  • In FIG. 11 an alternative embodiment of token 106 is illustrated that comprises a thin mini-CD 1104 that is capable of being read by conventional card readers. Thus, for example, thin mini-CD 1104 can be completely compatible with the ISO 7811 standard for plastic cards, e.g., credit cards. Thin mini-CD 1104 can, therefore, work in ATM machines, and conventional credit card readers.
  • In the example embodiment of FIG. 11, thin mini-CD 1104 is 0.78 millimeters (mm) thick. This is too thin, however, for thin mini-CD 1104 to be read by conventional CD drives. To remedy this, a carrier 1100 can be used to allow thin mini-CD 1104 to be read by conventional CD drives. Therefore, thin mini-CD 1104 can be placed in a cutout 1102 within carrier 1100 and then installed in a conventional CD drive. The combined thickness of carrier 1102 and thin mini-CD 1104 is returned to that required by a conventional CD drive, i.e., 1.2 mm.
  • The location of cutout 1102 can vary depending on the embodiment. For example, if hole 1010 included in thin mini-CD 1104 is in the center of thin mini-CD 1104, then cutout 1102 can be centered within carrier 1102. But, hole 1010 can be off-center. Therefore, cutout 1102 can be located as required.
  • In one implementation, hole 1010 in thin mini-CD 1104 can be off-center to accommodate a smart card chip. In other words, thin mini-CD 1104 can be configured to work in a smart card reader as well as a CD drive. In order to work properly, however, thin mini-CD 1104 must have a smart card chip just like a conventional smart card. If hole 1010 is centered, however, there may not be enough room to accommodate a smart card chip on thin mini-CD 1104. Therefore, hole 1010 can be placed off-center to allow enough room to accommodate a smart card chip.
  • In order to work in conventional card readers that are configured to read magnetic strips, thin mini-CD needs to have a magnetic strip. Thus, the position of hole 1010 can also be effected by the location of a magnetic strip included on thin mini-CD 1104.
  • Often, in the offline world, a users token or card is embossed with an account identifier, for example. The embossing is then used in card imprinting devices in certain situations. Thin mini-CD 1104, and mini-CD 1000 for that matter, cannot, however, be embossed. This is because embossing is achieved from the underside of the card or token. But in the case of thin mini-CD 1104, the CD readable data is on the underside. Therefore, embossing will destroy the data or the readability of the data.
  • FIG. 1206 illustrates an embodiment of a thin mini-CD 1206 that comprises multiple laminate layers 1202 and 1204 so that thin mini-CD 1206 can in fact be embossed. In this embodiment, top layer 1202 is embossed as required. Layer 1204 includes the CD readable data. The two layers are then laminated to form a thin mini-CD 1206 that can be read by a conventional CD drive using carrier 1100 for example, as well as conventional card readers including smart card readers if needed, and also includes embossing. In the embodiment of FIG. 12, embossing layer 1202 is 0.5 mm thick and CD data layer 1204 is 0.28 mm thick so that combined, they are 0.78 mm thick just like thin mini-CD 1104.
  • Clearly, the example token embodiments of FIGS. 10-12 are by way of example only. Other implementations of the embodiments illustrated in FIGS. 10-12 are possible. Other token embodiments are also required for different types of standard input devices 104. Although, it should be clear, for example, that similar token 106 embodiments will work in a standard DVD drive as well.
  • In general, while certain embodiments of the inventions have been described above, it will be understood that the embodiments described are by way of example only. Accordingly, the inventions should not be limited based on the described embodiments. Rather, the scope of the inventions described herein should only be limited in light of the claims that follow when taken in conjunction with the above description and accompanying drawings.

Claims (28)

1. A method for secure authentication, comprising:
receiving an authentication request message at a terminal from an authentication authority;
prompting a user to interface a token with the terminal;
extracting unique information from the token once it is interfaced with the terminal;
prompting the user for a personal identifier; and
generating a response to the authentication request message based on the personal identifier and the unique information.
2. The method of claim 1, further comprising generating a transactionally unique session key, using the transactionally unique session key to encrypt the response, and transmitting the encrypted response to the authentication authority.
3. The method of claim 1, wherein the personal identifier is linked with an account associated with the token.
4. The method of claim 1, wherein the unique information comprises a unique serial number.
5. The method of claim 1, wherein the unique information comprises a message key.
6. The method of claim 1, wherein the unique information comprises random data.
7. The method of claim 1, wherein the unique information comprises a network address associated with the authentication authority.
8. The method of claim 1, further comprising generating a time stamp and generating the response based on the time stamp.
9. The method of claim 1, wherein the authentication request message is encrypted, and wherein the method further comprises decrypting the received authentication request message.
10. The method of claim 1, further comprising synchronizing a time associated with the response based at least in part on time information included in the authentication request message.
11. A method for secure authentication, comprising:
receiving an authentication request comprising transactional information;
generating an authentication request message in response to the authentication request;
transmitting the authentication request message to a terminal; and
receiving a response to the authentication request message from the terminal that is encrypted using a transactionally unique session key.
12. The method of claim 11, wherein generating the authentication request message comprises encrypting the authentication request message.
13. The method of claim 12, wherein encrypting the authentication message comprises generating a random number.
14. The method of claim 12, wherein encrypting the authentication message comprises generating a time stamp.
15. The method of claim 12, wherein encrypting the authentication message comprises generating an electronic signature.
16. The method of claim 12, wherein encrypting the authentication message comprises retrieving a message key.
17. The method of claim 11, further comprising decrypting the received response using the transactionally unique session key.
18. A terminal configured for secure authentication, the termianl comprising client software configured to allow the terminal to:
receive an authentication request message from an authentication authority;
prompt a user to interface a token with the terminal;
extract unique information from the token once it is interfaced with the terminal;
prompt the user for a personal identifier; and
generate a response to the authentication request message based on the personal identifier and the unique information.
19. The terminal of claim 18, wherein the client software is further configured to allow the terminal to generate a transactionally unique session key, use the transactionally unique session key to encrypt the response, and transmit the encrypted response to the authentication authority.
20. The terminal of claim 18, wherein the personal identifier is linked with an account associated with the token.
21. The terminal of claim 18, wherein the unique information comprises a unique serial number.
22. The terminal of claim 18, wherein the unique information comprises a message key.
23. The terminal of claim 18, wherein the unique information comprises random data.
23. The terminal of claim 18, wherein the unique information comprises a network address associated with the authentication authority.
24. The terminal of claim 23, wherein the client software is further configured to access the network address and automatically connect with the authentication authority.
25. The terminal of claim 18, wherein the client software is further configured to allow the terminal to generate a time stamp and generate the response based on the time stamp.
26. The terminal of claim 18, wherein the authentication request message is encrypted, and wherein the client software is further configured to allow the terminal to decrypt the received authentication request message.
27. The terminal of claim 18, wherein the client software is further configured to allow the terminal to associated a time with the response based at least in part on time information included in the authentication request message.
US10/338,822 2002-09-09 2003-01-07 Systems and methods for secure authentication of electronic transactions Abandoned US20050044385A1 (en)

Priority Applications (10)

Application Number Priority Date Filing Date Title
US10/338,822 US20050044385A1 (en) 2002-09-09 2003-01-07 Systems and methods for secure authentication of electronic transactions
US10/346,733 US7412420B2 (en) 2002-09-09 2003-01-16 Systems and methods for enrolling a token in an online authentication program
US10/346,732 US20050033702A1 (en) 2002-09-09 2003-01-16 Systems and methods for authentication of electronic transactions
US10/346,708 US7437757B2 (en) 2002-09-09 2003-01-16 Token for use in online electronic transactions
AU2003270036A AU2003270036A1 (en) 2002-09-09 2003-08-28 Systems and methods for secure authentication of electronic transactions
EP13152739.2A EP2600560A3 (en) 2002-09-09 2003-08-28 Systems and methods for secure authentication of electronic transactions
PCT/US2003/027189 WO2004023712A1 (en) 2002-09-09 2003-08-28 Systems and methods for secure authentication of electronic transactions
EP03751930.3A EP1547298B1 (en) 2002-09-09 2003-08-28 Systems and methods for secure authentication of electronic transactions
ZA2005/02178A ZA200502178B (en) 2002-09-09 2005-03-15 Systems and methods for secure authentication of electronic transactions
AU2009202963A AU2009202963B2 (en) 2002-09-09 2009-07-23 Token for use in online electronic transactions

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US40942202P 2002-09-09 2002-09-09
US10/338,822 US20050044385A1 (en) 2002-09-09 2003-01-07 Systems and methods for secure authentication of electronic transactions

Related Child Applications (3)

Application Number Title Priority Date Filing Date
US10/346,733 Continuation US7412420B2 (en) 2002-09-09 2003-01-16 Systems and methods for enrolling a token in an online authentication program
US10/346,708 Continuation US7437757B2 (en) 2002-09-09 2003-01-16 Token for use in online electronic transactions
US10/346,732 Continuation US20050033702A1 (en) 2002-09-09 2003-01-16 Systems and methods for authentication of electronic transactions

Publications (1)

Publication Number Publication Date
US20050044385A1 true US20050044385A1 (en) 2005-02-24

Family

ID=38291103

Family Applications (5)

Application Number Title Priority Date Filing Date
US10/338,822 Abandoned US20050044385A1 (en) 2002-09-09 2003-01-07 Systems and methods for secure authentication of electronic transactions
US10/346,708 Expired - Fee Related US7437757B2 (en) 2002-09-09 2003-01-16 Token for use in online electronic transactions
US10/346,732 Abandoned US20050033702A1 (en) 2002-09-09 2003-01-16 Systems and methods for authentication of electronic transactions
US10/346,733 Expired - Fee Related US7412420B2 (en) 2002-09-09 2003-01-16 Systems and methods for enrolling a token in an online authentication program
US12/107,715 Abandoned US20080228653A1 (en) 2002-09-09 2008-04-22 Systems and methods for enrolling a token in an online authentication program

Family Applications After (4)

Application Number Title Priority Date Filing Date
US10/346,708 Expired - Fee Related US7437757B2 (en) 2002-09-09 2003-01-16 Token for use in online electronic transactions
US10/346,732 Abandoned US20050033702A1 (en) 2002-09-09 2003-01-16 Systems and methods for authentication of electronic transactions
US10/346,733 Expired - Fee Related US7412420B2 (en) 2002-09-09 2003-01-16 Systems and methods for enrolling a token in an online authentication program
US12/107,715 Abandoned US20080228653A1 (en) 2002-09-09 2008-04-22 Systems and methods for enrolling a token in an online authentication program

Country Status (1)

Country Link
US (5) US20050044385A1 (en)

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040143730A1 (en) * 2001-06-15 2004-07-22 Wu Wen Universal secure messaging for remote security tokens
US20050036611A1 (en) * 2003-03-31 2005-02-17 Visa U.S.A., Inc. Method and system for secure authentication
US20050160264A1 (en) * 2004-01-21 2005-07-21 Reid Kuhn Trusted authentication credential exchange methods and apparatuses
US20050278542A1 (en) * 2004-06-14 2005-12-15 Greg Pierson Network security and fraud detection system and method
US20070028107A1 (en) * 2005-07-27 2007-02-01 Ingenia Holdings (Uk) Limited Prescription Authentication
US20070025619A1 (en) * 2005-07-27 2007-02-01 Ingenia Holdings (Uk) Limited Verification
US20070053005A1 (en) * 2005-09-08 2007-03-08 Ingenia Holdings (Uk) Limited Copying
US20070113076A1 (en) * 2005-07-27 2007-05-17 Ingenia Holdings (Uk) Limited Keys
US20080002243A1 (en) * 2004-03-12 2008-01-03 Ingenia Technology Limited Methods and Apparatuses for Creating Authenticatable Printed Articles and Subsequently Verifying Them
US20080089521A1 (en) * 2003-04-29 2008-04-17 Eric Le Saint Universal secure messaging for cryptographic modules
US20080104672A1 (en) * 2006-10-25 2008-05-01 Iovation, Inc. Detecting and preventing man-in-the-middle phishing attacks
US20080104684A1 (en) * 2006-10-25 2008-05-01 Iovation, Inc. Creating and verifying globally unique device-specific identifiers
US20080175377A1 (en) * 2007-01-22 2008-07-24 Global Crypto Systems Methods and Systems for Digital Authentication Using Digitally Signed Images
US20080229401A1 (en) * 2007-03-13 2008-09-18 John Magne Methods and systems for configurable smartcard
US20090016535A1 (en) * 2007-06-13 2009-01-15 Ingenia Holdings (Uk) Limited Fuzzy Keys
US20090283583A1 (en) * 2008-05-14 2009-11-19 Ingenia Holdings (Uk) Limited Two Tier Authentication
US20100144314A1 (en) * 2008-12-09 2010-06-10 Research In Motion Limited Verification Methods And Apparatus For Use In Providing Application Services To Mobile Communication Devices
US20100158377A1 (en) * 2008-12-19 2010-06-24 Ingenia Holdings (Uk) Limited Authentication
US20100161529A1 (en) * 2008-12-19 2010-06-24 Ingenia Holdings (Uk) Limited Self-Calibration
US7812935B2 (en) 2005-12-23 2010-10-12 Ingenia Holdings Limited Optical authentication
US7853792B2 (en) 2004-03-12 2010-12-14 Ingenia Holdings Limited Authenticity verification methods, products and apparatuses
US8078875B2 (en) 2005-07-27 2011-12-13 Ingenia Holdings Limited Verification of authenticity
US8103046B2 (en) 2004-08-13 2012-01-24 Ingenia Holdings Limited Authenticity verification of articles using a database
US8676684B2 (en) 2010-04-12 2014-03-18 Iovation Inc. System and method for evaluating risk in fraud prevention
US8892556B2 (en) 2009-11-10 2014-11-18 Ingenia Holdings Limited Optimisation
CN104320261A (en) * 2014-11-05 2015-01-28 北京大唐智能卡技术有限公司 Method for achieving identity authentication through financial smart card, financial smart card and terminal
US8959595B2 (en) 2013-03-15 2015-02-17 Bullaproof, Inc. Methods and systems for providing secure transactions
WO2015085137A1 (en) * 2013-12-06 2015-06-11 Mastercard International Incorporated Method and system for split-hashed payment account processing
US20160300224A1 (en) * 2014-01-07 2016-10-13 Tencent Technology (Shenzhen) Company Limited Method, Server, And Storage Medium For Verifying Transactions Using A Smart Card
US9818249B1 (en) 2002-09-04 2017-11-14 Copilot Ventures Fund Iii Llc Authentication method and system
EP3745288A1 (en) * 2019-05-28 2020-12-02 BSH Hausgeräte GmbH Method and system for authorising the implementation of a process

Families Citing this family (184)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120323788A1 (en) * 2002-02-05 2012-12-20 Cardinalcommerce Corporation Dynamic pin pad for credit/debit/other electronic transactions
US7500099B1 (en) * 2003-05-16 2009-03-03 Microsoft Corporation Method for mitigating web-based “one-click” attacks
US9240891B2 (en) * 2003-06-11 2016-01-19 Symantec Corporation Hybrid authentication
US9412123B2 (en) 2003-07-01 2016-08-09 The 41St Parameter, Inc. Keystroke analysis
US8321946B2 (en) * 2003-12-05 2012-11-27 Hewlett-Packard Development Company, L.P. Method and system for preventing identity theft in electronic communications
US20050192895A1 (en) * 2004-02-10 2005-09-01 First Data Corporation Methods and systems for processing transactions
GB0402894D0 (en) * 2004-02-10 2004-03-17 Nokia Corp Controlling communication sessions in a communication system
US20060010072A1 (en) * 2004-03-02 2006-01-12 Ori Eisen Method and system for identifying users and detecting fraud by use of the Internet
US10999298B2 (en) * 2004-03-02 2021-05-04 The 41St Parameter, Inc. Method and system for identifying users and detecting fraud by use of the internet
US20050229171A1 (en) * 2004-04-07 2005-10-13 Henry Steven G Distributing upgrades
US7562218B2 (en) * 2004-08-17 2009-07-14 Research In Motion Limited Method, system and device for authenticating a user
US20060167811A1 (en) * 2005-01-24 2006-07-27 Microsoft Corporation Product locker for multi-merchant purchasing environment for downloadable products
US20060167809A1 (en) * 2005-01-24 2006-07-27 Microsoft Corporation Software assistant for multi-merchant purchasing environment for downloadable products
US7536722B1 (en) * 2005-03-25 2009-05-19 Sun Microsystems, Inc. Authentication system for two-factor authentication in enrollment and pin unblock
JP2006304167A (en) * 2005-04-25 2006-11-02 Sony Corp Key generating method and key generating apparatus
CA2607562C (en) 2005-05-06 2016-07-12 Verisign, Inc. Token sharing system and method
EP1886269A4 (en) * 2005-05-19 2010-05-05 Sandisk Il Ltd Transaction authentication by a token, contingent on personal presence
EP1897051B1 (en) * 2005-06-27 2019-07-31 The 41st Parameter, Inc. Method and system for identifying users and detecting fraud by use of the internet
US8335920B2 (en) 2005-07-14 2012-12-18 Imation Corp. Recovery of data access for a locked secure storage device
US8321953B2 (en) * 2005-07-14 2012-11-27 Imation Corp. Secure storage device with offline code entry
US8438647B2 (en) * 2005-07-14 2013-05-07 Imation Corp. Recovery of encrypted data from a secure storage device
US8015606B1 (en) 2005-07-14 2011-09-06 Ironkey, Inc. Storage device with website trust indication
EP1922632B1 (en) * 2005-08-11 2014-05-07 SanDisk IL Ltd. Extended one-time password method and apparatus
US20070067620A1 (en) * 2005-09-06 2007-03-22 Ironkey, Inc. Systems and methods for third-party authentication
US20140089120A1 (en) 2005-10-06 2014-03-27 C-Sam, Inc. Aggregating multiple transaction protocols for transacting between a plurality of distinct payment acquiring devices and a transaction acquirer
US20130332343A1 (en) 2005-10-06 2013-12-12 C-Sam, Inc. Multi-tiered, secure mobile transactions ecosystem enabling platform comprising a personalization tier, a service tier, and an enabling tier
KR20080078820A (en) * 2005-11-09 2008-08-28 일렉트로닉 플라스틱스, 엘엘씨 Device providing a secure work environment and utilizing a virtual interface
US20070136604A1 (en) * 2005-12-06 2007-06-14 Motorola, Inc. Method and system for managing secure access to data in a network
US7673135B2 (en) * 2005-12-08 2010-03-02 Microsoft Corporation Request authentication token
US8938671B2 (en) 2005-12-16 2015-01-20 The 41St Parameter, Inc. Methods and apparatus for securely displaying digital images
US11301585B2 (en) 2005-12-16 2022-04-12 The 41St Parameter, Inc. Methods and apparatus for securely displaying digital images
EP1802155A1 (en) * 2005-12-21 2007-06-27 Cronto Limited System and method for dynamic multifactor authentication
US8639873B1 (en) 2005-12-22 2014-01-28 Imation Corp. Detachable storage device with RAM cache
US8266378B1 (en) 2005-12-22 2012-09-11 Imation Corp. Storage device with accessible partitions
US7747540B2 (en) * 2006-02-24 2010-06-29 Microsoft Corporation Account linking with privacy keys
US8151327B2 (en) 2006-03-31 2012-04-03 The 41St Parameter, Inc. Systems and methods for detection of session tampering and fraud prevention
US7992203B2 (en) * 2006-05-24 2011-08-02 Red Hat, Inc. Methods and systems for secure shared smartcard access
US8364952B2 (en) 2006-06-06 2013-01-29 Red Hat, Inc. Methods and system for a key recovery plan
US8332637B2 (en) * 2006-06-06 2012-12-11 Red Hat, Inc. Methods and systems for nonce generation in a token
US8495380B2 (en) * 2006-06-06 2013-07-23 Red Hat, Inc. Methods and systems for server-side key generation
US8180741B2 (en) 2006-06-06 2012-05-15 Red Hat, Inc. Methods and systems for providing data objects on a token
US8098829B2 (en) 2006-06-06 2012-01-17 Red Hat, Inc. Methods and systems for secure key delivery
US8589695B2 (en) * 2006-06-07 2013-11-19 Red Hat, Inc. Methods and systems for entropy collection for server-side key generation
US8099765B2 (en) * 2006-06-07 2012-01-17 Red Hat, Inc. Methods and systems for remote password reset using an authentication credential managed by a third party
US8412927B2 (en) 2006-06-07 2013-04-02 Red Hat, Inc. Profile framework for token processing system
US9769158B2 (en) * 2006-06-07 2017-09-19 Red Hat, Inc. Guided enrollment and login for token users
US8707024B2 (en) 2006-06-07 2014-04-22 Red Hat, Inc. Methods and systems for managing identity management security domains
US20070300031A1 (en) * 2006-06-22 2007-12-27 Ironkey, Inc. Memory data shredder
US20070299920A1 (en) * 2006-06-27 2007-12-27 Crespo Arturo E Anonymous Email Address Management
US20080015986A1 (en) * 2006-06-30 2008-01-17 Wright Robert E Systems, methods and computer program products for controlling online access to an account
US8787566B2 (en) 2006-08-23 2014-07-22 Red Hat, Inc. Strong encryption
US8806219B2 (en) * 2006-08-23 2014-08-12 Red Hat, Inc. Time-based function back-off
US8074265B2 (en) 2006-08-31 2011-12-06 Red Hat, Inc. Methods and systems for verifying a location factor associated with a token
US9038154B2 (en) * 2006-08-31 2015-05-19 Red Hat, Inc. Token Registration
US8977844B2 (en) 2006-08-31 2015-03-10 Red Hat, Inc. Smartcard formation with authentication keys
US8356342B2 (en) 2006-08-31 2013-01-15 Red Hat, Inc. Method and system for issuing a kill sequence for a token
US8424061B2 (en) 2006-09-12 2013-04-16 International Business Machines Corporation Method, system and program product for authenticating a user seeking to perform an electronic service request
US10068220B2 (en) 2006-10-11 2018-09-04 Visa International Service Association Systems and methods for brokered authentication express seller links
CN101554005A (en) 2006-10-11 2009-10-07 国际签证服务协会 Method and system for processing micropayment transactions
US8424073B2 (en) * 2006-11-13 2013-04-16 Microsoft Corporation Refreshing a page validation token
US8693690B2 (en) 2006-12-04 2014-04-08 Red Hat, Inc. Organizing an extensible table for storing cryptographic objects
WO2008074366A1 (en) * 2006-12-19 2008-06-26 Telefonaktiebolaget Lm Ericsson (Publ) Managing user access in a communications network
US8813243B2 (en) 2007-02-02 2014-08-19 Red Hat, Inc. Reducing a size of a security-related data object stored on a token
US7866551B2 (en) 2007-02-15 2011-01-11 Visa U.S.A. Inc. Dynamic payment device characteristics
US9846866B2 (en) * 2007-02-22 2017-12-19 First Data Corporation Processing of financial transactions using debit networks
US8639940B2 (en) * 2007-02-28 2014-01-28 Red Hat, Inc. Methods and systems for assigning roles on a token
US8832453B2 (en) * 2007-02-28 2014-09-09 Red Hat, Inc. Token recycling
US20080235513A1 (en) * 2007-03-19 2008-09-25 Microsoft Corporation Three Party Authentication
EP2026266B1 (en) * 2007-07-27 2011-02-16 NTT DoCoMo, Inc. Method and apparatus for performing delegated transactions
US8230490B2 (en) * 2007-07-31 2012-07-24 Keycorp System and method for authentication of users in a secure computer system
US8839383B2 (en) * 2007-08-20 2014-09-16 Goldman, Sachs & Co. Authentification broker for the securities industry
US8359630B2 (en) 2007-08-20 2013-01-22 Visa U.S.A. Inc. Method and system for implementing a dynamic verification value
US9060012B2 (en) * 2007-09-26 2015-06-16 The 41St Parameter, Inc. Methods and apparatus for detecting fraud with time based computer tags
US8666841B1 (en) 2007-10-09 2014-03-04 Convergys Information Management Group, Inc. Fraud detection engine and method of using the same
US8214291B2 (en) 2007-10-19 2012-07-03 Ebay Inc. Unified identity verification
US8875259B2 (en) * 2007-11-15 2014-10-28 Salesforce.Com, Inc. On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service
US8533474B2 (en) * 2008-02-27 2013-09-10 Red Hat, Inc. Generating session keys
US20090271629A1 (en) * 2008-04-29 2009-10-29 Microsoft Corporation Wireless pairing ceremony
WO2009137371A2 (en) * 2008-05-02 2009-11-12 Ironkey, Inc. Enterprise device recovery
WO2009152250A2 (en) * 2008-06-10 2009-12-17 True Commerce, Inc. User-deployable data transformation and exchange platform including on demand item synchronization and user deployable order management system
WO2010005681A1 (en) 2008-06-16 2010-01-14 Visa U.S.A. Inc. System and method for authorizing financial transactions with online merchants
US8898089B2 (en) * 2008-06-24 2014-11-25 Visa U.S.A. Inc. Dynamic verification value system and method
US9390384B2 (en) * 2008-07-01 2016-07-12 The 41 St Parameter, Inc. Systems and methods of sharing information through a tagless device consortium
US8032932B2 (en) 2008-08-22 2011-10-04 Citibank, N.A. Systems and methods for providing security token authentication
US20100051686A1 (en) * 2008-08-29 2010-03-04 Covenant Visions International Limited System and method for authenticating a transaction using a one-time pass code (OTPK)
US8070061B2 (en) * 2008-10-21 2011-12-06 Habraken G Wouter Card credential method and system
US8689013B2 (en) * 2008-10-21 2014-04-01 G. Wouter Habraken Dual-interface key management
AU2015200974B2 (en) * 2008-11-13 2016-06-16 Visa International Service Association Device including authentication glyph
US8159327B2 (en) * 2008-11-13 2012-04-17 Visa International Service Association Device including authentication glyph
US7827108B2 (en) * 2008-11-21 2010-11-02 Visa U.S.A. Inc. System and method of validating a relationship between a user and a user account at a financial institution
US8838503B2 (en) * 2008-12-08 2014-09-16 Ebay Inc. Unified identity verification
KR101224717B1 (en) * 2008-12-26 2013-01-21 에스케이플래닛 주식회사 Method for Protecting Software License, System, Server, Terminal And Computer-Readable Recording Medium with Program therefor
US20100228906A1 (en) * 2009-03-06 2010-09-09 Arunprasad Ramiya Mothilal Managing Data in a Non-Volatile Memory System
EP2228746A1 (en) * 2009-03-13 2010-09-15 Assa Abloy Ab Realization of access control conditions as boolean expressions in credential authentications
US20100235900A1 (en) * 2009-03-13 2010-09-16 Assa Abloy Ab Efficient two-factor authentication
US9032058B2 (en) * 2009-03-13 2015-05-12 Assa Abloy Ab Use of SNMP for management of small footprint devices
EP2406749B1 (en) * 2009-03-13 2018-06-13 Assa Abloy Ab Transfer device for sensitive material such as a cryptographic key
US20100241571A1 (en) * 2009-03-20 2010-09-23 Mcdonald Greg System and method for cardless secure on-line credit card/debit card purchasing
US9112850B1 (en) 2009-03-25 2015-08-18 The 41St Parameter, Inc. Systems and methods of sharing information through a tag-based consortium
US9715681B2 (en) 2009-04-28 2017-07-25 Visa International Service Association Verification of portable consumer devices
US8326759B2 (en) * 2009-04-28 2012-12-04 Visa International Service Association Verification of portable consumer devices
US10846683B2 (en) 2009-05-15 2020-11-24 Visa International Service Association Integration of verification tokens with mobile communication devices
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US9105027B2 (en) 2009-05-15 2015-08-11 Visa International Service Association Verification of portable consumer device for secure services
US8893967B2 (en) 2009-05-15 2014-11-25 Visa International Service Association Secure Communication of payment information to merchants using a verification token
US8602293B2 (en) 2009-05-15 2013-12-10 Visa International Service Association Integration of verification tokens with portable computing devices
US8534564B2 (en) 2009-05-15 2013-09-17 Ayman Hammad Integration of verification tokens with mobile communication devices
US7891560B2 (en) 2009-05-15 2011-02-22 Visa International Service Assocation Verification of portable consumer devices
US8745365B2 (en) * 2009-08-06 2014-06-03 Imation Corp. Method and system for secure booting a computer by booting a first operating system from a secure peripheral device and launching a second operating system stored a secure area in the secure peripheral device on the first operating system
US8683088B2 (en) 2009-08-06 2014-03-25 Imation Corp. Peripheral device data integrity
US8676639B2 (en) * 2009-10-29 2014-03-18 Visa International Service Association System and method for promotion processing and authorization
US8280788B2 (en) 2009-10-29 2012-10-02 Visa International Service Association Peer-to-peer and group financial management systems and methods
US8332325B2 (en) 2009-11-02 2012-12-11 Visa International Service Association Encryption switch processing
US8522335B2 (en) * 2009-12-01 2013-08-27 International Business Machines Corporation Token mediation service in a data management system
US20110145152A1 (en) * 2009-12-15 2011-06-16 Mccown Steven Harvey Systems, apparatus, and methods for identity verification and funds transfer via a payment proxy system
US10255591B2 (en) 2009-12-18 2019-04-09 Visa International Service Association Payment channel returning limited use proxy dynamic value
US8437985B2 (en) * 2009-12-22 2013-05-07 Empire Technology Development Llc Sensor-based data filtering systems
WO2011094869A1 (en) * 2010-02-05 2011-08-11 Lipso Systèmes Inc. Secure authentication system and method
US10255601B2 (en) 2010-02-25 2019-04-09 Visa International Service Association Multifactor authentication using a directory server
US9277403B2 (en) * 2010-03-02 2016-03-01 Eko India Financial Services Pvt. Ltd. Authentication method and device
US20110296514A1 (en) * 2010-05-26 2011-12-01 Koennecke Joerge Method for creating a personalized insignia
CA2704864A1 (en) * 2010-06-07 2010-08-16 S. Bhinder Mundip Method and system for controlling access to a monetary valued account
DE102010030590A1 (en) * 2010-06-28 2011-12-29 Bundesdruckerei Gmbh Procedure for generating a certificate
ES2473472T3 (en) * 2010-07-09 2014-07-07 Siemens Aktiengesellschaft Secure data transmission in an automation network
US20130219515A1 (en) * 2011-08-16 2013-08-22 Extegrity Inc. System and Method for Providing Tools VIA Automated Process Allowing Secure Creation, Transmittal, Review of And Related Operations on, High Value Electronic Files
US8601602B1 (en) * 2010-08-31 2013-12-03 Google Inc. Enhanced multi-factor authentication
WO2012054646A2 (en) 2010-10-19 2012-04-26 The 41St Parameter, Inc. Variable risk engine
EP2447873A1 (en) * 2010-10-27 2012-05-02 Gemalto SA A method and a corresponding device for accessing an application
EP2681701A4 (en) 2011-03-04 2014-08-20 Visa Int Service Ass Integration of payment capability into secure elements of computers
WO2013022994A2 (en) * 2011-08-08 2013-02-14 Visa International Service Association Payment card with integrated chip
US9075979B1 (en) 2011-08-11 2015-07-07 Google Inc. Authentication based on proximity to mobile device
IN2014KN00998A (en) 2011-10-12 2015-09-04 C Sam Inc
US10754913B2 (en) 2011-11-15 2020-08-25 Tapad, Inc. System and method for analyzing user device information
US9191405B2 (en) 2012-01-30 2015-11-17 Microsoft Technology Licensing, Llc Dynamic cross-site request forgery protection in a web-based client application
US20140053250A1 (en) * 2012-02-10 2014-02-20 University Of Utah Research Foundation Access to Web Application via a Mobile Computing Device
CN104115464B (en) * 2012-02-22 2017-09-29 诺基亚通信公司 Control is accessed
US9633201B1 (en) 2012-03-01 2017-04-25 The 41St Parameter, Inc. Methods and systems for fraud containment
US10282724B2 (en) 2012-03-06 2019-05-07 Visa International Service Association Security system incorporating mobile device
US10592645B2 (en) 2012-03-14 2020-03-17 Id.Me, Inc. Method and system for online third-party authentication of identity attributes
US9521551B2 (en) 2012-03-22 2016-12-13 The 41St Parameter, Inc. Methods and systems for persistent cross-application mobile device identification
US8639619B1 (en) 2012-07-13 2014-01-28 Scvngr, Inc. Secure payment method and system
WO2014022813A1 (en) 2012-08-02 2014-02-06 The 41St Parameter, Inc. Systems and methods for accessing records via derivative locators
US20140053252A1 (en) * 2012-08-14 2014-02-20 Opera Solutions, Llc System and Method for Secure Document Distribution
CN102983973B (en) * 2012-11-02 2018-11-30 天地融科技股份有限公司 Transaction system and method for commerce
WO2014078569A1 (en) 2012-11-14 2014-05-22 The 41St Parameter, Inc. Systems and methods of global identification
US9124582B2 (en) 2013-02-20 2015-09-01 Fmr Llc Mobile security fob
US20140279554A1 (en) * 2013-03-12 2014-09-18 Seth Priebatsch Distributed authenticity verification for consumer payment transactions
US8694438B1 (en) 2013-03-12 2014-04-08 Scvngr Distributed authenticity verification for consumer payment transactions
US9760886B2 (en) * 2013-05-10 2017-09-12 Visa International Service Association Device provisioning using partial personalization scripts
US8770478B2 (en) 2013-07-11 2014-07-08 Scvngr, Inc. Payment processing with automatic no-touch mode selection
US10902327B1 (en) 2013-08-30 2021-01-26 The 41St Parameter, Inc. System and method for device identification and uniqueness
CN115082065A (en) 2013-12-19 2022-09-20 维萨国际服务协会 Cloud-based transaction method and system
US9922322B2 (en) 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
US9264539B2 (en) * 2014-01-02 2016-02-16 Chung-Yu Lin Authentication method and system for screening network caller ID spoofs and malicious phone calls
WO2015106248A1 (en) * 2014-01-13 2015-07-16 Visa International Service Association Efficient methods for protecting identity in authenticated transmissions
EP3146747B1 (en) 2014-05-21 2020-07-01 Visa International Service Association Offline authentication
CN104125067B (en) * 2014-06-26 2017-05-24 小米科技有限责任公司 Account and token secret key binding method and device
US9667424B2 (en) * 2014-06-26 2017-05-30 Xiaomi Inc. Methods and apparatuses for binding token key to account
US10212136B1 (en) 2014-07-07 2019-02-19 Microstrategy Incorporated Workstation log-in
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US20160104154A1 (en) * 2014-10-13 2016-04-14 Sequent Software, Inc. Securing host card emulation credentials
US9680816B2 (en) * 2014-10-14 2017-06-13 Cisco Technology, Inc. Attesting authenticity of infrastructure modules
US10091312B1 (en) 2014-10-14 2018-10-02 The 41St Parameter, Inc. Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups
US10187363B2 (en) 2014-12-31 2019-01-22 Visa International Service Association Hybrid integration of software development kit with secure execution environment
US10701067B1 (en) 2015-04-24 2020-06-30 Microstrategy Incorporated Credential management using wearable devices
AU2016324490A1 (en) * 2015-09-18 2018-04-19 First Data Corporation System for validating a biometric input
US10231128B1 (en) 2016-02-08 2019-03-12 Microstrategy Incorporated Proximity-based device access
US10855664B1 (en) 2016-02-08 2020-12-01 Microstrategy Incorporated Proximity-based logical access
US10242235B2 (en) * 2016-09-27 2019-03-26 International Business Machines Corporation Authentication of a smart pen and computing device
US11895240B2 (en) * 2016-12-15 2024-02-06 Nec Corporation System, apparatus, method and program for preventing illegal distribution of an access token
US11140157B1 (en) 2017-04-17 2021-10-05 Microstrategy Incorporated Proximity-based access
US10771458B1 (en) 2017-04-17 2020-09-08 MicoStrategy Incorporated Proximity-based user authentication
US10657242B1 (en) 2017-04-17 2020-05-19 Microstrategy Incorporated Proximity-based access
US10496810B2 (en) * 2017-09-26 2019-12-03 Google Llc Methods and systems of performing preemptive generation of second factor authentication
US10956905B2 (en) * 2017-10-05 2021-03-23 The Toronto-Dominion Bank System and method of session key generation and exchange
US11134071B2 (en) * 2018-04-23 2021-09-28 Oracle International Corporation Data exchange during multi factor authentication
US11108762B2 (en) * 2018-06-05 2021-08-31 The Toronto-Dominion Bank Methods and systems for controlling access to a protected resource
US11164206B2 (en) * 2018-11-16 2021-11-02 Comenity Llc Automatically aggregating, evaluating, and providing a contextually relevant offer
CN109561093B (en) * 2018-12-06 2022-06-03 平安科技(深圳)有限公司 Unauthorized behavior detection method and device, computer equipment and storage medium
US12062104B2 (en) * 2019-07-01 2024-08-13 Visa International Service Association Systems and methods for security alerts
WO2021071464A1 (en) * 2019-10-07 2021-04-15 Radpay, Inc. Dynamic provisioning of wallets in a secure payment system
CN114787845A (en) * 2019-12-13 2022-07-22 维萨国际服务协会 Plan interaction with passwords
US11165586B1 (en) * 2020-10-30 2021-11-02 Capital One Services, Llc Call center web-based authentication using a contactless card
US20230142147A1 (en) * 2021-11-10 2023-05-11 Microsoft Technology Licensing, Llc Network communication using proof of presence

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4223403A (en) * 1978-06-30 1980-09-16 International Business Machines Corporation Cryptographic architecture for use with a high security personal identification system
US4723284A (en) * 1983-02-14 1988-02-02 Prime Computer, Inc. Authentication system
US4774399A (en) * 1986-10-01 1988-09-27 Tokyo Electric Co., Ltd. Mechanism for preventing erroneous mounting and dismounting of memory card
US5943423A (en) * 1995-12-15 1999-08-24 Entegrity Solutions Corporation Smart token system for secure electronic transactions and identification
US6026166A (en) * 1997-10-20 2000-02-15 Cryptoworx Corporation Digitally certifying a user identity and a computer system in combination
US6076167A (en) * 1996-12-04 2000-06-13 Dew Engineering And Development Limited Method and system for improving security in network applications
US6263446B1 (en) * 1997-12-23 2001-07-17 Arcot Systems, Inc. Method and apparatus for secure distribution of authentication credentials to roaming users
US20030005291A1 (en) * 2000-12-20 2003-01-02 William Burn Hardware token self enrollment process
US20030018580A1 (en) * 1996-11-27 2003-01-23 Diebold, Incorporated Automated banking machine apparatus and system
US20030055738A1 (en) * 2001-04-04 2003-03-20 Microcell I5 Inc. Method and system for effecting an electronic transaction
US20030135751A1 (en) * 2002-01-11 2003-07-17 O'donnell James F. Transaction terminal encryption apparatus comprising encryption mode indicator
US20030212642A1 (en) * 2000-04-24 2003-11-13 Visa International Service Association Online payer authentication service
US20030218066A1 (en) * 2001-12-26 2003-11-27 Vivotech, Inc. Adaptor for magnetic stripe card reader
US20040059590A1 (en) * 2002-09-13 2004-03-25 Dwayne Mercredi Credential promotion
US6970852B1 (en) * 1999-04-28 2005-11-29 Imx Solutions, Inc. Methods and apparatus for conducting secure, online monetary transactions
US7031470B1 (en) * 1998-01-22 2006-04-18 Nds Limited Protection of data on media recording disks

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US477399A (en) * 1892-06-21 Car-coupling
US4529870A (en) * 1980-03-10 1985-07-16 David Chaum Cryptographic identification, financial transaction, and credential device
US5577121A (en) * 1994-06-09 1996-11-19 Electronic Payment Services, Inc. Transaction system for integrated circuit cards
US7290288B2 (en) * 1997-06-11 2007-10-30 Prism Technologies, L.L.C. Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network
US6651168B1 (en) * 1999-01-29 2003-11-18 International Business Machines, Corp. Authentication framework for multiple authentication processes and mechanisms
US7100195B1 (en) * 1999-07-30 2006-08-29 Accenture Llp Managing user information on an e-commerce system
CA2400440C (en) * 2000-02-18 2016-07-19 Vasco Data Security, Inc. Field programmable smart card terminal and token device
US7140036B2 (en) * 2000-03-06 2006-11-21 Cardinalcommerce Corporation Centralized identity authentication for electronic communication networks
US20020128977A1 (en) * 2000-09-12 2002-09-12 Anant Nambiar Microchip-enabled online transaction system
US6694399B1 (en) * 2000-09-14 2004-02-17 Schlumberger Malco, Inc. Method and device for universal serial bus smart card traffic signaling
US7499889B2 (en) * 2000-10-23 2009-03-03 Cyota Inc. Transaction system
US20020143567A1 (en) * 2000-11-20 2002-10-03 Maritzen L. Michael Information-based digital currency and bartering
US20020082995A1 (en) * 2000-12-27 2002-06-27 Christie, Samuel H. Payment authorization system
US20020123972A1 (en) * 2001-02-02 2002-09-05 Hodgson Robert B. Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet
US7292999B2 (en) * 2001-03-15 2007-11-06 American Express Travel Related Services Company, Inc. Online card present transaction
US7003497B2 (en) * 2001-05-23 2006-02-21 International Business Machines Corporation System and method for confirming electronic transactions
KR100453220B1 (en) * 2001-12-05 2004-10-15 한국전자통신연구원 Apparatus and method for authenticating user by using a fingerprint feature
US6993596B2 (en) * 2001-12-19 2006-01-31 International Business Machines Corporation System and method for user enrollment in an e-community
US7200577B2 (en) * 2002-05-01 2007-04-03 America Online Incorporated Method and apparatus for secure online transactions
US7406601B2 (en) * 2003-05-23 2008-07-29 Activecard Ireland, Ltd. Secure messaging for security token
WO2007072450A2 (en) * 2005-12-23 2007-06-28 Koninklijke Philips Electronics N.V. Puf protocol with improved backward security

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4223403A (en) * 1978-06-30 1980-09-16 International Business Machines Corporation Cryptographic architecture for use with a high security personal identification system
US4723284A (en) * 1983-02-14 1988-02-02 Prime Computer, Inc. Authentication system
US4774399A (en) * 1986-10-01 1988-09-27 Tokyo Electric Co., Ltd. Mechanism for preventing erroneous mounting and dismounting of memory card
US5943423A (en) * 1995-12-15 1999-08-24 Entegrity Solutions Corporation Smart token system for secure electronic transactions and identification
US20030018580A1 (en) * 1996-11-27 2003-01-23 Diebold, Incorporated Automated banking machine apparatus and system
US6076167A (en) * 1996-12-04 2000-06-13 Dew Engineering And Development Limited Method and system for improving security in network applications
US6026166A (en) * 1997-10-20 2000-02-15 Cryptoworx Corporation Digitally certifying a user identity and a computer system in combination
US6263446B1 (en) * 1997-12-23 2001-07-17 Arcot Systems, Inc. Method and apparatus for secure distribution of authentication credentials to roaming users
US7031470B1 (en) * 1998-01-22 2006-04-18 Nds Limited Protection of data on media recording disks
US6970852B1 (en) * 1999-04-28 2005-11-29 Imx Solutions, Inc. Methods and apparatus for conducting secure, online monetary transactions
US20030212642A1 (en) * 2000-04-24 2003-11-13 Visa International Service Association Online payer authentication service
US20030005291A1 (en) * 2000-12-20 2003-01-02 William Burn Hardware token self enrollment process
US20030055738A1 (en) * 2001-04-04 2003-03-20 Microcell I5 Inc. Method and system for effecting an electronic transaction
US20030218066A1 (en) * 2001-12-26 2003-11-27 Vivotech, Inc. Adaptor for magnetic stripe card reader
US20030135751A1 (en) * 2002-01-11 2003-07-17 O'donnell James F. Transaction terminal encryption apparatus comprising encryption mode indicator
US20040059590A1 (en) * 2002-09-13 2004-03-25 Dwayne Mercredi Credential promotion

Cited By (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040143730A1 (en) * 2001-06-15 2004-07-22 Wu Wen Universal secure messaging for remote security tokens
US8209753B2 (en) * 2001-06-15 2012-06-26 Activcard, Inc. Universal secure messaging for remote security tokens
US9818249B1 (en) 2002-09-04 2017-11-14 Copilot Ventures Fund Iii Llc Authentication method and system
US20050036611A1 (en) * 2003-03-31 2005-02-17 Visa U.S.A., Inc. Method and system for secure authentication
US20080089521A1 (en) * 2003-04-29 2008-04-17 Eric Le Saint Universal secure messaging for cryptographic modules
US10554393B2 (en) 2003-04-29 2020-02-04 Assa Abloy Ab Universal secure messaging for cryptographic modules
US8306228B2 (en) 2003-04-29 2012-11-06 Activcard Ireland, Limited Universal secure messaging for cryptographic modules
US20050160264A1 (en) * 2004-01-21 2005-07-21 Reid Kuhn Trusted authentication credential exchange methods and apparatuses
US8749386B2 (en) 2004-03-12 2014-06-10 Ingenia Holdings Limited System and method for article authentication using signatures
US20080002243A1 (en) * 2004-03-12 2008-01-03 Ingenia Technology Limited Methods and Apparatuses for Creating Authenticatable Printed Articles and Subsequently Verifying Them
US8421625B2 (en) 2004-03-12 2013-04-16 Ingenia Holdings Limited System and method for article authentication using thumbnail signatures
US8502668B2 (en) 2004-03-12 2013-08-06 Ingenia Holdings Limited System and method for article authentication using blanket illumination
US8766800B2 (en) 2004-03-12 2014-07-01 Ingenia Holdings Limited Authenticity verification methods, products, and apparatuses
US7853792B2 (en) 2004-03-12 2010-12-14 Ingenia Holdings Limited Authenticity verification methods, products and apparatuses
US8757493B2 (en) 2004-03-12 2014-06-24 Ingenia Holdings Limited System and method for article authentication using encoded signatures
US8896885B2 (en) 2004-03-12 2014-11-25 Ingenia Holdings Limited Creating authenticatable printed articles and subsequently verifying them based on scattered light caused by surface structure
US9019567B2 (en) 2004-03-12 2015-04-28 Ingenia Holdings Limited Methods and apparatuses for creating authenticatable printed articles and subsequently verifying them
US8699088B2 (en) 2004-03-12 2014-04-15 Ingenia Holdings Limited Methods and apparatuses for creating authenticatable printed articles and subsequently verifying them
US9203837B2 (en) 2004-06-14 2015-12-01 Iovation, Inc. Network security and fraud detection system and method
US20050278542A1 (en) * 2004-06-14 2005-12-15 Greg Pierson Network security and fraud detection system and method
US8776225B2 (en) 2004-06-14 2014-07-08 Iovation, Inc. Network security and fraud detection system and method
US9118646B2 (en) 2004-06-14 2015-08-25 Iovation, Inc. Network security and fraud detection system and method
US8103046B2 (en) 2004-08-13 2012-01-24 Ingenia Holdings Limited Authenticity verification of articles using a database
US20070025619A1 (en) * 2005-07-27 2007-02-01 Ingenia Holdings (Uk) Limited Verification
US8078875B2 (en) 2005-07-27 2011-12-13 Ingenia Holdings Limited Verification of authenticity
US20070028107A1 (en) * 2005-07-27 2007-02-01 Ingenia Holdings (Uk) Limited Prescription Authentication
US20070113076A1 (en) * 2005-07-27 2007-05-17 Ingenia Holdings (Uk) Limited Keys
US20070053005A1 (en) * 2005-09-08 2007-03-08 Ingenia Holdings (Uk) Limited Copying
US8497983B2 (en) 2005-12-23 2013-07-30 Ingenia Holdings Limited Optical authentication
US20100316251A1 (en) * 2005-12-23 2010-12-16 Ingenia Holdings Limited Optical Authentication
US7812935B2 (en) 2005-12-23 2010-10-12 Ingenia Holdings Limited Optical authentication
WO2008052128A2 (en) * 2006-10-25 2008-05-02 Iovation, Inc. Detecting and preventing man-in-the middle phishing attacks
US20080104672A1 (en) * 2006-10-25 2008-05-01 Iovation, Inc. Detecting and preventing man-in-the-middle phishing attacks
US8751815B2 (en) * 2006-10-25 2014-06-10 Iovation Inc. Creating and verifying globally unique device-specific identifiers
US20080104684A1 (en) * 2006-10-25 2008-05-01 Iovation, Inc. Creating and verifying globally unique device-specific identifiers
WO2008052128A3 (en) * 2006-10-25 2008-11-20 Iovation Inc Detecting and preventing man-in-the middle phishing attacks
US20080175377A1 (en) * 2007-01-22 2008-07-24 Global Crypto Systems Methods and Systems for Digital Authentication Using Digitally Signed Images
US8122255B2 (en) 2007-01-22 2012-02-21 Global Crypto Systems Methods and systems for digital authentication using digitally signed images
US20080229401A1 (en) * 2007-03-13 2008-09-18 John Magne Methods and systems for configurable smartcard
US9081948B2 (en) * 2007-03-13 2015-07-14 Red Hat, Inc. Configurable smartcard
US20090016535A1 (en) * 2007-06-13 2009-01-15 Ingenia Holdings (Uk) Limited Fuzzy Keys
US20090283583A1 (en) * 2008-05-14 2009-11-19 Ingenia Holdings (Uk) Limited Two Tier Authentication
US20090307112A1 (en) * 2008-05-14 2009-12-10 Ingenia Holdings (Uk) Limited Two Tier Authentication
US8954744B2 (en) 2008-12-09 2015-02-10 Blackberry Limited Verification methods and apparatus for use in providing application services to mobile communication devices
US8386773B2 (en) * 2008-12-09 2013-02-26 Research In Motion Limited Verification methods and apparatus for use in providing application services to mobile communication devices
US20100144314A1 (en) * 2008-12-09 2010-06-10 Research In Motion Limited Verification Methods And Apparatus For Use In Providing Application Services To Mobile Communication Devices
US20100161529A1 (en) * 2008-12-19 2010-06-24 Ingenia Holdings (Uk) Limited Self-Calibration
US20100158377A1 (en) * 2008-12-19 2010-06-24 Ingenia Holdings (Uk) Limited Authentication
US8682076B2 (en) 2008-12-19 2014-03-25 Ingenia Holdings Limited Signature generation for use in authentication and verification using a non-coherent radiation source
US8615475B2 (en) 2008-12-19 2013-12-24 Ingenia Holdings Limited Self-calibration
US8892556B2 (en) 2009-11-10 2014-11-18 Ingenia Holdings Limited Optimisation
US8676684B2 (en) 2010-04-12 2014-03-18 Iovation Inc. System and method for evaluating risk in fraud prevention
US8959595B2 (en) 2013-03-15 2015-02-17 Bullaproof, Inc. Methods and systems for providing secure transactions
AU2014360385B2 (en) * 2013-12-06 2017-11-30 Mastercard International Incorporated Method and system for split-hashed payment account processing
WO2015085137A1 (en) * 2013-12-06 2015-06-11 Mastercard International Incorporated Method and system for split-hashed payment account processing
US20160300224A1 (en) * 2014-01-07 2016-10-13 Tencent Technology (Shenzhen) Company Limited Method, Server, And Storage Medium For Verifying Transactions Using A Smart Card
US10878413B2 (en) * 2014-01-07 2020-12-29 Tencent Technology (Shenzhen) Company Limited Method, server, and storage medium for verifying transactions using a smart card
US20210073809A1 (en) * 2014-01-07 2021-03-11 Tencent Technology (Shenzhen) Company Limited Method, server, and storage medium for verifying transactions using a smart card
US11640605B2 (en) * 2014-01-07 2023-05-02 Tencent Technology (Shenzhen) Company Limited Method, server, and storage medium for verifying transactions using a smart card
CN104320261A (en) * 2014-11-05 2015-01-28 北京大唐智能卡技术有限公司 Method for achieving identity authentication through financial smart card, financial smart card and terminal
EP3745288A1 (en) * 2019-05-28 2020-12-02 BSH Hausgeräte GmbH Method and system for authorising the implementation of a process

Also Published As

Publication number Publication date
US7412420B2 (en) 2008-08-12
US20050033703A1 (en) 2005-02-10
US20050044393A1 (en) 2005-02-24
US7437757B2 (en) 2008-10-14
US20050033702A1 (en) 2005-02-10
US20080228653A1 (en) 2008-09-18

Similar Documents

Publication Publication Date Title
US7437757B2 (en) Token for use in online electronic transactions
US9860245B2 (en) System and methods for online authentication
US9124433B2 (en) Remote authentication and transaction signatures
US20150220912A1 (en) Systems and methods for enrolling a token in an online authentication program
US9258296B2 (en) System and method for generating a strong multi factor personalized server key from a simple user password
EP1710980B1 (en) Authentication services using mobile device
US8190893B2 (en) Portable security transaction protocol
US20080216172A1 (en) Systems, methods, and apparatus for secure transactions in trusted systems
US20100325438A1 (en) System and Method for Binding a Smartcard and a Smartcard Reader
US11949785B1 (en) Biometric authenticated biometric enrollment
AU2009202963B2 (en) Token for use in online electronic transactions
AU2016203264A1 (en) System and methods for secure authentication of electronic transactions
ZA200502178B (en) Systems and methods for secure authentication of electronic transactions
AU2012216410A1 (en) System And Methods For Secure Authentication Of Electronic Transactions

Legal Events

Date Code Title Description
AS Assignment

Owner name: U.S. ENCODE CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HOLDSWORTH, JOHN;REEL/FRAME:014018/0782

Effective date: 20021204

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION