[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2010140876A8 - Method, system and secure server for multi-factor transaction authentication - Google Patents

Method, system and secure server for multi-factor transaction authentication Download PDF

Info

Publication number
WO2010140876A8
WO2010140876A8 PCT/MY2010/000088 MY2010000088W WO2010140876A8 WO 2010140876 A8 WO2010140876 A8 WO 2010140876A8 MY 2010000088 W MY2010000088 W MY 2010000088W WO 2010140876 A8 WO2010140876 A8 WO 2010140876A8
Authority
WO
WIPO (PCT)
Prior art keywords
channel
secure server
transaction authentication
factor
ussd
Prior art date
Application number
PCT/MY2010/000088
Other languages
French (fr)
Other versions
WO2010140876A1 (en
Inventor
Ching Wee Ho
Original Assignee
Infinitium Solutions Sdn. Bhd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Infinitium Solutions Sdn. Bhd. filed Critical Infinitium Solutions Sdn. Bhd.
Priority to PCT/MY2010/000088 priority Critical patent/WO2010140876A1/en
Publication of WO2010140876A1 publication Critical patent/WO2010140876A1/en
Publication of WO2010140876A8 publication Critical patent/WO2010140876A8/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • G06Q20/3255Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method of providing multi-factor payment authentication system in which a customer transaction by a first communication channel is authenticated by a unique confirmation through a second communication channel of differing protocol to the first channel. In one embodiment, the second channel is an SMS or USSD channel and the unique confirmation is sent by the customer in response to an SMS message or USSD session received on his mobile device. The method can be adopted as a security enhancement to 3-D SecureTM or similar authentication protocols.
PCT/MY2010/000088 2009-06-01 2010-05-26 Method, system and secure server for multi-factor transaction authentication WO2010140876A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/MY2010/000088 WO2010140876A1 (en) 2009-06-01 2010-05-26 Method, system and secure server for multi-factor transaction authentication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI20092244 2009-06-01
PCT/MY2010/000088 WO2010140876A1 (en) 2009-06-01 2010-05-26 Method, system and secure server for multi-factor transaction authentication

Publications (2)

Publication Number Publication Date
WO2010140876A1 WO2010140876A1 (en) 2010-12-09
WO2010140876A8 true WO2010140876A8 (en) 2013-05-10

Family

ID=43297889

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2010/000088 WO2010140876A1 (en) 2009-06-01 2010-05-26 Method, system and secure server for multi-factor transaction authentication

Country Status (1)

Country Link
WO (1) WO2010140876A1 (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2332102A4 (en) 2008-08-26 2012-07-25 Adaptive Payments Inc System and method of secure payment transactions
US8346672B1 (en) * 2012-04-10 2013-01-01 Accells Technologies (2009), Ltd. System and method for secure transaction process via mobile device
US9098850B2 (en) 2011-05-17 2015-08-04 Ping Identity Corporation System and method for transaction security responsive to a signed authentication
US9830594B2 (en) 2011-05-17 2017-11-28 Ping Identity Corporation System and method for performing a secure transaction
US20120323762A1 (en) * 2011-06-14 2012-12-20 Shashi Kapur System and Method of Multi-Factor Balance Inquiry and Electronic Funds Transfer
WO2013030832A1 (en) 2011-08-31 2013-03-07 Accells Technologies (2009) Ltd. System and method for secure transaction process via mobile device
US9832649B1 (en) 2011-10-12 2017-11-28 Technology Business Management, Limted Secure ID authentication
GB2518877A (en) * 2013-10-04 2015-04-08 Technology Business Man Ltd Secure ID authentication
EP2667343A1 (en) * 2012-05-24 2013-11-27 Stefano Petta Method for managing an authorization of a financial transaction request
FI20135275A (en) 2013-03-22 2014-09-23 Meontrust Oy Transaction authorization method and system
WO2014174342A1 (en) * 2013-04-25 2014-10-30 Elharras Mohamed Mobile payment with strong authentication and non repudiation
US9940608B2 (en) 2013-05-16 2018-04-10 Mts Holdings, Inc. Real time EFT network-based person-to-person transactions
DE102014000644A1 (en) 2014-01-17 2015-07-23 Giesecke & Devrient Gmbh Procedure for authorizing a transaction
US9781105B2 (en) 2015-05-04 2017-10-03 Ping Identity Corporation Fallback identity authentication techniques
EP3335371A4 (en) * 2015-08-10 2019-02-06 Idsidy, Inc. A method and system for transaction authorization basd on a parallel autonomous channel multi-user and multi-factor authentication
WO2019077436A1 (en) * 2017-10-19 2019-04-25 Impression Signatures (Proprietary) Limited A system and method of electronically signing an electronic document or electronic transaction data
GB2582326B (en) * 2019-03-19 2023-05-31 Securenvoy Ltd A method of mutual authentication
IT201900003249A1 (en) * 2019-04-03 2020-10-03 Francesco Ricci SYSTEM AND METHOD FOR IMPLEMENTING SECURITY PROCEDURES IN THE EXECUTION OF ELECTRONIC TRANSACTIONS
CN110264212B (en) * 2019-05-24 2023-09-01 创新先进技术有限公司 Wind control method and device, electronic equipment and storage medium

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002007110A2 (en) * 2000-07-17 2002-01-24 Connell Richard O System and methods of validating an authorized user of a payment card and authorization of a payment card transaction
GB2379525A (en) * 2001-09-08 2003-03-12 Int Computers Ltd Electronic payment authorisation
US7360694B2 (en) * 2003-01-23 2008-04-22 Mastercard International Incorporated System and method for secure telephone and computer transactions using voice authentication
CN1635525A (en) * 2003-12-31 2005-07-06 中国银联股份有限公司 Security Internet payment system and security Internet payment authentication method
US7533047B2 (en) * 2005-05-03 2009-05-12 International Business Machines Corporation Method and system for securing card payment transactions using a mobile communication device
US20080021761A1 (en) * 2006-07-20 2008-01-24 Factortrust, Inc. Transaction processing systems and methods
SI22595A (en) * 2007-07-23 2009-02-28 Halcom D.D. Procedure and system for safe and simple paying by way of mobile terminal

Also Published As

Publication number Publication date
WO2010140876A1 (en) 2010-12-09

Similar Documents

Publication Publication Date Title
WO2010140876A8 (en) Method, system and secure server for multi-factor transaction authentication
WO2011158217A3 (en) Device and method for providing secured access to services
WO2011123671A3 (en) Mutual mobile authentication using a key management center
WO2013120026A3 (en) Enabling secure access to a discovered location server for a mobile device
WO2012018528A3 (en) Methods for anonymous authentication and key agreement
WO2013185147A3 (en) Authorizing a transaction between a client device and a server using a scannable code
WO2013106094A3 (en) System and method for device registration and authentication
WO2013045898A3 (en) Methods and apparatus for brokering a transaction
WO2015023341A3 (en) Secure authorization systems and methods
WO2012141555A3 (en) Method and apparatus for providing machine-to-machine service
GB201302087D0 (en) Initiating communications using short-range wireless communications
WO2012109154A3 (en) Methods, apparatusses and article for location privacy via selectively authorizing request to access a location estimate based on location identifier
WO2011046393A3 (en) Apparatus and method for establishing a personal network for providing a cpns service
EP2589001A4 (en) Methods, server, merchant device, computer programs and computer program products for setting up communication
WO2012051582A3 (en) Transaction alerting in a multi-network environment
WO2014028647A3 (en) Payment in a chat session
WO2013013168A3 (en) Mobile banking system with cryptographic expansion device
WO2015036789A3 (en) Communicating with a device
WO2011146678A3 (en) Method and device for conducting trusted remote payment transactions
WO2013151851A3 (en) Secure authentication in a multi-party system
WO2012174071A3 (en) System and method of multi-factor balance inquiry and electronic funds transfer
WO2013126759A3 (en) Method and devices for obscuring device identifier
WO2012097075A3 (en) Systems and methods for peer-to- peer authorization via non-access stratum procedures
MX346828B (en) A wireless communication system.
WO2012068078A3 (en) System and method for transaction authentication using a mobile communication device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10783622

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

WPC Withdrawal of priority claims after completion of the technical preparations for international publication

Ref document number: PI20092244

Country of ref document: MY

Date of ref document: 20111115

Free format text: WITHDRAWN AFTER TECHNICAL PREPARATION FINISHED

122 Ep: pct application non-entry in european phase

Ref document number: 10783622

Country of ref document: EP

Kind code of ref document: A1