WO1998025371A1 - Portable electronic authorization devices and methods therefor - Google Patents
Portable electronic authorization devices and methods therefor Download PDFInfo
- Publication number
- WO1998025371A1 WO1998025371A1 PCT/US1997/023125 US9723125W WO9825371A1 WO 1998025371 A1 WO1998025371 A1 WO 1998025371A1 US 9723125 W US9723125 W US 9723125W WO 9825371 A1 WO9825371 A1 WO 9825371A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- portable electronic
- authorization device
- user
- electronic authorization
- digital data
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/18—Payment architectures involving self-service terminals [SST], vending machines, kiosks or multimedia terminals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
- G06Q20/3415—Cards acting autonomously as pay-media
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3674—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F19/00—Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
- G07F19/20—Automatic teller machines [ATMs]
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0873—Details of the card reader
- G07F7/088—Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
- G07F7/0886—Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Definitions
- the present invention relates to methods and apparatus for conducting electronic transactions. More particularly, the present invention relates to portable electronic authorization devices (PEADs) which advantageously and substantially eliminate the security risks associated with prior art techniques of approving transactions between a user and an electronic transaction system.
- PEADs portable electronic authorization devices
- An electronic transaction system typically permits a user to conduct designated transactions electronically, which substantially improves efficiency and convenience to the user.
- Examples of electronic transactions include transactions conducted via computer networks, automated teller machines (ATM's), automated point-of-sale systems, automated library systems, and the like.
- Transactions conducted via computer networks may encompass a wide range of transactions, including exchanging information and data via a computer network popularly known as the Internet, e.g., to make a purchase from a vendor on the network.
- ATM's typically permit users to conduct financial transactions (such as withdrawals, transfers, deposits, and the like) vis-a- vis a financial institution in an electronic manner.
- Automated point-of-sale systems may be employed by merchants to permit users to purchase products or services using the users' electronic account, and automated library systems may be employed to permit library users to check out and return library materials.
- automated transaction systems are readily available in popular literature and are not enumerated herein for brevity sake.
- electronic transaction systems typically request the user to provide identification data to authenticate himself as the user authorized to approve the proposed transaction or transactions. If the user fails to provide the requested identification data, the proposed transaction or transactions are not authorized and will not be processed.
- the identification data may be required with each transaction.
- an automated point-of-sale system may require the user to approve a purchase transaction and will accept an approval message only if it is satisfied that the person approving the transaction has furnished adequate identifying data authenticating himself as the person authorized to perform the approval.
- the identification data may be entered by the user at the start of a session to authenticate himself and enable that user to subsequently perform any number of transactions without further authentication.
- identification data In the prior art, users are typically required to manually enter the identification data into the electronic transaction system for authentication.
- the entry of identification data involves typing in a password on a numeric keypad or on a keyboard.
- the identification data is then compared with data previously stored within the electronic transaction system, and authentication is satisfied when there is a match. As mentioned previously, the transaction or transactions proposed will not be allowed to proceed if there is no match.
- FIG. 1 shows an automated teller machine (ATM) 100, representing the requesting device of an electronic transaction system 102.
- Electronic transaction system 102 may include, for example, a central database 104 which contains previously-stored identification data and account data of user 106.
- Data card 107 typically includes a magnetic stripe that contains the account number and other information related to the user, which may then be read by card reader 109.
- the data stored in data card 107 enables electronic transaction system 102 to ascertain which account in database 104 user 106 wishes to transact business.
- user 106 may then be able to enter his identification data, e.g., his personal identification number (PLN), to authenticate himself. If the entered identification data matches the identification data stored with the account in database 104 that is identified by data card 107, the user is authenticated and granted access to his account. If there is no match, authentication fails. After authentication, user 106 may be able to, for example, employ a combination of keypad 108 and a screen 110 to withdraw cash from his account, which results in cash being dispensed from ATM 100 and the balance in his account within database 104 correspondingly reduced.
- PPN personal identification number
- the identification data entered into ATM 100 should be secure. In reality, there are many potential security risks to the identification data in prior art authentication techniques. Since the identification data is not encrypted before being entered into ATM 100, the non-encrypted identification data is vulnerable to unauthorized access and procurement. Encryption of the identification data is not practical in the prior art since it would have been too complicated and/or inconvenient for the user to perform encryption or memorize the encrypted identification data. Unauthorized procurement of the identification data in the prior art may occur, for example, upon entry if it is inadvertently seen by another party, e.g., by another person behind user 106, either on screen 110 or more likely at keypad 108.
- the storage of the user's private key within ATM 100 renders this private key vulnerable to theft, further exposing the user's account to risk.
- the stolen password and/or private key may then be employed to allow unauthorized persons to access the user's account to the user's detriment.
- the present invention relates, in one embodiment, to a method in a portable electronic authorization device for approving a transaction request originated from an electronic transaction system.
- the method includes receiving at the portable electronic authorization device first digital data, the first digital data representing the transaction request.
- the method further includes transmitting a second digital data to the electronic transaction system if the transaction request is approved by a user of the portable electronic authorization device.
- the second digital data is encrypted by circuitries within the portable electronic authorization device and signifies the user's approval of the transaction request.
- the invention in another embodiment, relates to a portable electronic authorization device for approving a transaction request originated from an electronic transaction system.
- the inventive portable electronic authorization device includes first logic circuit configured to receive first digital data representative of the transaction request.
- second logic circuit configured to form second digital data responsive to the transaction request received by the first logic circuit if the transaction request is approved by a user of the portable electronic transaction device.
- the second digital data represents encrypted data signifying an approval by the user of the transaction request.
- the inventive portable electronic authorization device includes transmission circuitry coupled to the second logic circuit. The transmission circuitry is configured to transmit the second digital data from the portable electronic authorization apparatus to the electronic transaction system if the user approves the transaction request.
- FIG. 1 shows a prior art electronic transaction system, including an automated teller machine (ATM).
- ATM automated teller machine
- Fig. 2 illustrates, in accordance with one embodiment of the present invention, a portable electronic authorization device (PEAD), representing the apparatus for securely approving transactions conducted vis-a-vis an electronic transaction system.
- PEAD portable electronic authorization device
- Fig. 3A shows, in one embodiment of the present invention, a simplified schematic of the PEAD of Fig. 2.
- Fig. 3B shows, in one embodiment, the format of representative transaction approval data.
- Fig. 4 illustrates, in accordance with one embodiment of the present invention, a logic block schematic of the PEAD.
- Fig. 5A represents, in accordance with one embodiment of the present invention, a high level hardware implementation of the PEAD.
- Fig. 5B illustrates one implementation of a PEAD wherein the PEAD circuitries are implemented on an IC.
- Fig. 5C represents an external view of the PEAD of Fig. 5B after being embedded in a card-like package.
- Fig. 6A illustrates an external view of the PEAD in accordance with a preferred embodiment of the present invention.
- Fig. 6B illustrates, in a simplified manner and in accordance with one aspect of the present invention, the hardware for implementing the PEAD of Fig. 6A
- Fig. 7 is a flowchart illustrating, in accordance with one aspect of the present invention, the approval technique employing the inventive PEAD.
- Fig. 8 is a flowchart illustrating, in accordance with one aspect of the present invention, steps involved in encrypting transaction approval data using a public key cryptography technique.
- Fig. 2 illustrates, in accordance with one embodiment of the present invention, a portable electronic authorization device (PEAD) 200, representing the apparatus for securely approving transactions conducted vis-a-vis an electronic transaction system.
- PEAD portable electronic authorization device
- requesting device 202 may initiate a transaction approval process with PEAD 200 by transmitting to PEAD 200, via communication port 204, a transaction request pertaining to a proposed transaction.
- Requesting device 202 may represent, for example, an ATM machine, a computer terminal in a network, an automated library check-out terminal, or similar devices for permitting the user to transact business with the electronic transaction system.
- the proposed transaction may be, for example, a sale transaction of a particular item for a certain amount of money.
- the transaction request itself may include, for example, the transaction ID, the merchant's name, the merchant's LD, the time of the proposed purchase, and the like.
- the transaction request from requesting device 202 may be encrypted for enhanced security but this is not required.
- Data pertaining to the proposed transaction reaches PEAD 200 via path 206 in Fig. 2.
- Port 204 may represent an infrared port to facilitate infrared communication with PEAD 200.
- port 204 may represent a wireless port for facilitating wireless communication.
- Port 204 may even represent a contact-type connection port, such as a magnetic read/write mechanism or a plug having electrical contacts for directly plugging PEAD 200 into port 204 to facilitate communication.
- Other techniques to facilitate communication between requesting device 202 and PEAD 200 are readily appreciable to those skilled.
- the data pertaining to proposed transaction(s) may then be reviewed by the user, either on a screen 208 of requesting device 202 or optionally on a display screen provided with PEAD 200 (not shown in Fig. 2). If the user approves the transaction, e.g., a purchase of an item for a given amount of money, the user may then signify his approval by activating a switch 210 on PEAD 200, which causes an approval message to be created with the user's identification data, encrypted and transmitted back to requesting device 202 via path 212. If the transaction is not approved, the user may simply do nothing and let the transaction request times out after an elapsed time or may activate another switch on PEAD 200 (not shown in Fig.
- the present invention is different from the prior art technique of Fig. 1 in that the user is required in the prior art to enter his identification data into the electronic transaction system, e.g., into ATM 100, to authenticate himself. In contrast, the present invention keeps the identification data related to the user secure within PEAD 200 at all times. Transaction approval occurs within PEAD 200, and the data representing such approval is encrypted, again within PEAD 200, prior to being transmitted to the electronic transaction system, e.g., to requesting device 202 in Fig. 2.
- the approval data is intercepted, its encryption would prevent unauthorized users from employing the identification data for illicit purposes.
- public key cryptography is employed to encrypt the approval data
- the user's private key is also always kept within PEAD 200. Since the user's private key is required for encryption and is unknown to others, even to the electronic transaction system in one embodiment, the encrypted approval data, if intercepted, would be useless to unauthorized third parties even if the approval data can be deciphered using the user's public key.
- this is different from prior art authentication techniques wherein encryption takes place within the electronic transaction system and requires the entry of the identification data and/or reading the user's private key from the ID card such as an ATM card, a credit card, and the like.
- the fact that the prior art electronic transaction system requires this identification data and/or user's private key exposes these data to risks, e.g., if the requesting device is not secure or open to data interception via software or hardware.
- the present invention employs the circuitries within the portable electronic authorization device (PEAD) to perform the approval and encryption of the transaction approval data within the PEAD itself.
- PEAD portable electronic authorization device
- prior art data cards are essentially passive devices.
- prior art ATM cards or credit cards only has a magnetic stripe for storing account information and do not have any facility to perform approval and/or encryption of the transaction approval data.
- smart cards or IC cards which are currently being developed, may contain electronic circuitries, current standards for their implementation still requires a reader associated with the requesting device to read out the identification data and/or user's private key in order for the requesting device to perform any approval and/or encryption.
- the transmission of these data to the requesting device unnecessarily exposes these data to risks of theft and/or unauthorized interception once transmitted.
- transaction approval in the prior art occurs within the electronic transaction system.
- the present invention allows transaction approvals to occur within PEAD 200.
- the fact that transaction approvals occur entirely within PEAD 200 provides many advantages. By way of example, this feature eliminates the need to have, in one embodiment, the identification data and/or the user's private key in the requesting device.
- the fact that transaction approvals occur entirely within PEAD 200 substantially enhances the confidentiality of the user identification data and the user's private key, as well as the integrity of the transaction approval process.
- the user identification data that is employed to authenticate transactions may be more complicated and elaborate to ensure greater security.
- the user identification data may be more elaborate than a simple password and may include any of the user's name, his birth date, his social security number, or other unique biometrics or unique identifying data such as fingerprint, DNA coding sequence, voice print, or the like.
- prior art authentication techniques limit the user identification data to simple patterns, e.g., simple password of few characters, that are easily memorized by the user since more elaborate identification data may be too difficult to remember or too cumbersome to manually enter.
- the complicated ID data may be stored in the prior art data card, it is still required to be read into the requesting device of the electronic transaction system, again exposing this data to interception or theft once read.
- Additional safeguards may also be provided to prevent access, whether electronically or by physical means, to the user identification data and/or the user's private key within PEAD 200. Since the identification data and/or the user's private key are never exposed, security risks to the these data are substantially minimized.
- Fig. 3 A shows, in one embodiment of the present invention, a simplified schematic of PEAD 200 of Fig. 2, including switch 210.
- Data path 206 is provided for receiving transaction requests from the electronic transaction system
- data path 212 is provided for transmitting transaction approval data back to the electronic transaction system.
- these data paths and other data paths herein may, in one embodiment, represent logical data paths and may be implemented via a single physical data connection.
- the different ports herein may represent, in one embodiment, logical data ports for ease of understanding and may in fact be implemented using a single physical port.
- a transaction request e.g., a withdrawal transaction from an ATM machine in the amount of $200.00
- this transaction is received by encryption logic 300.
- the user may review the proposed transaction, e.g., via the display screen provided with the electronic transaction system and or PEAD 200, and has a choice to either approve or disapprove the proposed transaction. If the user approves the transaction, he may, in one embodiment, activate a switch 210, which causes the transaction approval data to be created and then encrypted by encryption logic 300 prior to being transmitted back to the electronic transaction system via path 212.
- the user identification data block 302 which is employed in the transaction approval process, is not directly coupled to paths 206 and 212.
- the memory portion storing the user identification data is intentionally decoupled from the input and output ports of PEAD 200 to prevent direct access thereto.
- access to user identification data 302 is desired, e.g., to approve a transaction, the access can only be made by encryption logic block 300.
- access to user's private key 304 is desired, e.g., to encrypt the transaction approval data, the access can only be made by encryption logic block 300.
- user identification 302 and user's private key 304 are shown stored in different memory portions, such illustration is made for ease of understanding and both of these may in fact be stored, in one embodiment, at different addresses on the same memory module.
- the transaction approval data requires the inclusion of certain pieces of identification data 302.
- a transaction embodied in the transaction request from the electronic transaction system may be appended with data representative of an "electronic signature" prior to being encrypted and retransmitted back to the electronic transaction system.
- Fig. 3B shows, in one embodiment, the format of representative transaction approval data 350.
- transaction data 352 representing a portion of or the entire transaction request received from the electronic transaction system, is appended with certain user identification data 354 and optionally a time stamp 356.
- the formation of transaction approval data 350 only occurs if the transaction request has already been approved by the user. Once appended, transaction approval data 350 is then encrypted prior to being retransmitted back to the electronic transaction system.
- certain transaction partners e.g., vendors or other users on the computer network, may wish to keep the information within a transaction request confidential and may prefer to encrypt the transaction request before furnishing it to the PEAD.
- Data encryption is also desirable when, for example, the user identification data and the user's private key is written into a blank PEAD for the first time to configure a PEAD that is unique to a given user.
- the configuration data pertaining the user identification data and the user's private key while must be written only once into PEAD 200 by the issuer of PEAD 200, is preferably encrypted to render them less vulnerable to theft.
- Issuers of PEAD 200 may represent, for example, credit card issuers, the government, or any other institution with whom the user maintains an account.
- Fig. 4 illustrates, in accordance with one embodiment of the present invention, a schematic of PEAD 200 of Fig. 2.
- the PEAD 200 of Fig. 4 further employs decryption logic for receiving the encrypted configuration data and optionally the encrypted transaction requests.
- encryption logic 300, user's private key 304, and data paths 206 and 212 are arranged and function substantially as discussed in connection with Fig. 3A.
- Transaction requests are normally non-encrypted, i.e., they are received and processed in the manner discussed in connection with Fig. 3A.
- the transaction requests may be encrypted and transmitted to PEAD 200 via data path 206 and input into decryption logic 402 to be decrypted.
- decryption logic 402 If a public key cryptography is employed, the encrypted transaction requests may be decrypted with a transaction partner public key 404.
- the transaction request is then displayed to the user for approval.
- the transaction approval data may be furnished to encryption logic 300 via path 406 to be encrypted if approved, e.g., responsive to the activation of switch 210.
- the encryption is preferably performed with the user's private key 304 if a public key cryptography technique is employed, and the encrypted transaction approval data is then transmitted back to the electronic transaction system via data path 212.
- configuration data typically includes sensitive user identification data and user's private key, it is often encrypted prior to being transmitted to PEAD 200 via data path 408.
- the encrypted configuration data is received by decryption logic 402 and decrypted therein prior to being written into user identification data block 410 and user's private key block 304.
- public key cryptography is employed, the encrypted configuration data may be encrypted by the issuer's private key in the electronic transaction system prior to transmission and decrypted once received by PEAD 200 with an issuer public key 412. Note that once the configuration data is decrypted and written into user identification data block 410 and user's private key block 304, the user identification data and user's private key can only be accessed subsequently by encryption logic 300.
- the sensitive user identification data and user's private key therein are not susceptible to access from outside once written into respective blocks 410 and 304 (which may, in one implementation, simply represent memory blocks in PEAD 200' s memory).
- the user identification data and the user's private key cannot be updated by those not having the issuer's private key.
- data can only be written into user's private key block 304 and user identification block 410 after it is decrypted via decryption logic 402 with issuer public key 412. Accordingly, unless the updated configuration data has been encrypted using the issuer's private key (which is presumably highly secure), the updated configuration data will not be decrypted and written into respective blocks 304 and 410.
- configuration data within blocks 304 and 410 cannot be updated physically, e.g., they are stored using memory that can be written only once such as PROM (programmable read-only memory), WORM (write once, read many), or the like, the security consideration associated with unauthorized alteration of configuration data is substantially eliminated.
- PROM programmable read-only memory
- WORM write once, read many
- the user' s private key may be optionally be scrambled or randomized prior to being written into user's private key block 304 by optional scrambler/descrambler logic 413.
- Scrambler/descrambler logic 413 may, in one embodiment, receive the user's private key, which is furnished by the institution that issues PEAD 200 to the user, and scrambles and/or randomizes it to generate yet another user's private key and a corresponding user's public key.
- This scrambled/randomized user's private key is then stored in user's private key block 304, which is now unknown even to the issuer of PEAD 200, and the corresponding user's public key may be made known to the issuer and/or the transaction partners to facilitate transactions.
- the corresponding user's public key may be made known to the issuer and/or the transaction partners to facilitate transactions.
- an optional key generation logic 414 which, responsive to a request from the issuing institution, generates the user's private key and the user's public key on its own, i.e., without first requiring the receipt of a user's private key from the issuing institution and randomizing it.
- the generated user's private key is then stored in private key block 304 and the public key is made known to the issuing institution and/or the transaction partners to facilitate transactions. In this manner, no version of the user's private key, whether randomized or not, exists outside the PEAD itself.
- the use of key generation logic 414 further enhances the confidentiality of the user's private key.
- Fig. 5A represents, in accordance with one embodiment of the present invention, a high level hardware implementation of PEAD 200.
- PEAD 200 includes logic circuitry 502, which may represent a central processing unit such as a microprocessor or a microcontroller, discrete logic, programmable logic, an application- specific integrated circuit (ASIC), or the like, for implementing encryption logic 300 of Fig. 2 and optionally decryption logic 402 of Fig. 4.
- ASIC application- specific integrated circuit
- Program/data memory 504 stores, among others, the codes which operate PEAD 200 as well as the user identification data and the user's private key.
- Program/data memory 504 is preferably implemented using some form of non-volatile memory (NVM) such as flash memory, electrically programmable read-only memory (EPROM), electrically erasable, programmable read-only memory (EEPROM), or the like.
- NVM non-volatile memory
- EPROM electrically programmable read-only memory
- EEPROM electrically erasable, programmable read-only memory
- Temporary memory 506 serves as a scratch pad for calculation purposes and for temporary storage of data, and may be implemented using some form of random access memory (RAM) such as static RAM or dynamic RAM, which are known in the art.
- RAM random access memory
- either optical memory, magnetic memory, or other types of memory may be employed to implement program/data memory 504 and/or temporary memory 506.
- a bus 508 couples program/data memory 504 and temporary memory 506 with logic circuitry 502.
- Communication port 510 represents the communication gateway between PEAD 200 and the electronic transaction system and may be implemented using infrared technology, wireless RF technology, a magnetic read/write head, a contact-type plug for facilitating serial or parallel data transmission, or the like. Communication port may also represent, in one embodiment, a PC card port (popularly known to those skilled as a PCMCIA card).
- Data path 206 inputs transaction requests into logic circuitry 502 while data path 212 outputs transaction approval data from logic circuitry 502 to the electronic transaction system.
- Optional data path 408, which has been described in Fig. 4, inputs configuration data into PEAD 200 to write the user identification data and the user's private key into program/data memory 504 to uniquely configure PEAD 200 to a particular user.
- program/data memory 504 and the data therein can only be made by logic circuitry 502.
- the user identification data and the user's private key can only be written into program/data memory 504 if this data has been properly encrypted with the issuer's private key. Access to these memory blocks for writing thereto may also be restricted by logic circuitry 502 under appropriate software and/or firmware control.
- reading the user identification data and accessing the user's private key can only be accomplished via the encryption logic of logic circuitry 502.
- PEAD 200 is implemented as a single-chip design, i.e., substantially all components shown in Fig. 5A are fabricated on a single die, then power is external to the die itself. If contact-type communication is employed, e.g., if PEAD 200 must be plugged into the electronic transaction system to conduct transactions, power external to the entire PEAD may be employed for transaction approvals when plugged in, thereby eliminating the size, weight, and cost penalties associated with having a battery onboard the portable transaction apparatus.
- PEAD 200 may be implemented using a general purpose portable computing device, such as any of the miniaturized portable computers or personal digital assistants (PDA's) that are currently popular.
- PDA personal digital assistants
- a PDA such as the Apple Newton®, for example, may be employed to implement PEAD 200.
- Fig. 5B illustrates one implementation of a PEAD wherein the circuitries are implemented on an IC.
- components having like reference numbers to components in Fig. 5A have similar functions.
- Data paths 408, 206, and 212 which have been described in connection with Fig. 5A, is coupled to a serial I/O circuit 520, which facilitates data transmission and receipt in a serial manner on data path 522 between PEAD 200 and the electronic transaction system.
- Vcc pin 524 and ground pin 526 which provide power to PEAD 200 of Fig. 5B, are also shown.
- Fig. 5C represents an external view of the PEAD of Fig. 5B after being embedded in a card-like package for ease of carrying and insertion into a serial I/O port of the electronic transaction system.
- Card 550 which embeds the integrated circuit implementing the inventive PEAD, includes, in one embodiment, four external contacts.
- External serial contacts 552 and 554 carry data and ground respectively to facilitate serial communication with a serial device of an electronic transaction system.
- External Vcc contact 524 and external ground contact 526 which supply power to the PEAD as discussed in connection with Fig. 5A, are also shown.
- card 550 When card 550 is inserted into an electronic transaction system, it is powered through external contacts 524 and 526, thereby enabling the PEAD circuitries therein to receive transaction requests via external serial contacts 552 and 554, approve the requests within the PEAD if appropriate, encrypt transaction approval data within the PEAD circuitries, and serially communicate the encrypted transaction approval data to the electronic transaction system via external serial contacts 552 and 554.
- Fig. 6A represents an external view of a PEAD in accordance with a preferred embodiment of the present invention.
- PEAD 200 of Fig. 6A is preferably implemented as a small, self-containing package that is sufficiently ruggedized for daily use in the field.
- PEAD 200 of Fig. 6A is small enough to be comfortably carried with the user at all times, e.g., as a key chain attachment or a small package that can easily fit inside a purse or a wallet.
- the physical enclosure of PEAD 200 is preferably arranged such that the content will be tamper-proof (i.e., if it is opened in an unauthorized manner then the user's private key and/or the user identification data will be destroyed or the PEAD will no longer be able to approve transactions).
- the enclosure may be arranged such that if it is opened, there is a change in the flow of current in a current path, e.g., either the existing current flow is interrupted or a current path that has been idle starts to flow. The change in the flow of current may then force RE
- an infrared communication port 602 for receiving and transmitting data vis-a-vis the electronic transaction system.
- a small on/off switch 604 permits the user to turn off the PEAD to conserve power when not in use.
- Approve button 606 permits the user to signify approval of a proposed transaction.
- Optional skip button 608 permits the user to indicate rejection of a particular transaction. Skip button 608 may be omitted since a transaction request may be understood, in some embodiment, as not being approved if approve button 606 is not activated within a given period of time after receiving the request.
- Optional display 610 may be implemented using any type of display technology such as liquid crystal technology. Displays 610 displays, among others, the transaction being proposed for approval. Display 610 may be omitted if desired, in which case the transaction may be viewed, for example, at a display associated with the electronic transaction system itself.
- Optional user authentication mechanism 612 prevents PEAD 200 from being used for approving transactions unless the user is able to identify himself to PEAD 200 as the rightful and authorized user.
- Optional user authentication mechanism 612 may require the user to enter a password, to furnish a fingerprint or a voice print, or other biometrics and/or identifying characteristics specific to the authorized user before PEAD 200 can be activated and employed for approving transactions.
- Fig. 6B illustrates, in a simplified manner and in accordance with one aspect of the present invention, the hardware for implementing PEAD 200 of Fig. 6A.
- Battery 652 provides power to the circuitry of PEAD 200.
- a microcontroller 654 executes codes stored in flash memory 656 and employs random access memory 658 for the execution.
- microcontroller 654, flash memory 656, and even random access memory 658 may be implemented on a single chip, e.g., a NC68HC05SCXX family chip from Motorola Inc. of Schaumburg, Illinois such as the NC68HC05SC28.
- Approve button 606 and optional skip button 608 are coupled to microcontroller 654 to permit the user to indicate approval or rejection of a particular transaction displayed using display circuitry 660. Communication to and from the electronic transaction system is accomplished under control of microcontroller 654 via an infrared transceiver 662. Power switch 664 permits the user to power off PEAD 200 when not in use to conserve power and to prevent accidental approval.
- Fig. 7 is a flowchart illustrating, in accordance with one aspect of the present invention, the approval technique employing the inventive PEAD.
- a transaction request is received at the PEAD from the requesting device associated with the electronic transaction system.
- the user has the option whether to approve or disapprove the transaction proposed. If not approved, e.g., either by activating the skip button of the PEAD or simply allowing the request to time out, nothing will be done.
- the user may activate the approve button to create transaction approval data.
- the transaction approval data is then encrypted in step 708 within the PEAD.
- the encrypted transaction approval data is transmitted to the requesting device of the electronic transaction system after being encrypted.
- Fig. 8 is a flowchart illustrating, in accordance with one aspect of the present invention, the steps involved in encrypting transaction approval data using public key cryptography.
- the transaction approval data package is created.
- the transaction approval data may be created by appending any necessary user identification data to a portion of or the entire transaction request.
- a time stamp may also be appended thereto.
- the transaction approval data is encrypted using the user's private key, which is preferably kept secured at all times within the PEAD. Thereafter, the encrypted transaction approval data is transmitted back to the electronic transaction system.
- the encrypted transaction approval data is intercepted and decrypted for analysis by a third party, it is not possible to bypass the security features of the invention as long as the user's private key or the user identification data is secure.
- the user identification data is not accessible externally, it is always secure within the PEAD. This is unlike the prior art wherein the user is required to enter the identification data, e.g., password, at the electronic transaction system and risks exposure of this sensitive data. Even if the user identification data is compromised, transaction approval still cannot take place unless there is possession of the user's private key.
- the PEAD is implemented in a small, portable package makes it convenient and comfortable for the user to maintain the PEAD within his possession at all times. Even if the PEAD is physically stolen, however, the optional user authentication mechanism, e.g., user authentication mechanism 612 of Fig. 6A, provides an additional level of protection and renders the PEAD useless to all but the properly authenticated user. Of course the user can always notify the issuer of the PEAD if the PEAD is stolen or lost, and the issuer can inform transaction partners to refuse any transaction approval data encrypted with the user's private key of the stolen PEAD.
- the optional user authentication mechanism e.g., user authentication mechanism 612 of Fig. 6A
- the transaction approval data includes the time stamp, the merchant's name, the amount approved, and other relevant data also enhances the integrity of the transaction approval process. If the merchant inadvertently or intentionally submits multiple transaction approvals to the issuer, the issuer may be able to recognize from these data items that the submissions are duplicates and ignore any duplicate transaction approval data. For example, the issuer may recognize that is it unlikely for a user to purchase multiple identical dinners at the same restaurant at a given time and date.
- the PEAD may be employed to conduct any kind of transaction vis-a-vis an electronic transaction system any time secured data transmission from the user to the electronic transaction system is preferred.
- the PEAD may be employed for logging into highly sensitive computer systems or facilities.
- the computer terminal with which the PEAD communicates may be equipped with an infrared port, a magnetic reader port, or a contact-type plug for communication with the PEAD.
- the user may then employ the PEAD to perform any type of authentication tasks online.
- the PEAD may be employed to "sign" any computer file for authentication purposes (e.g., to authenticate the date or the user).
- the transaction approval data may then be saved along with the file to be authenticated for future reference. Note that the transaction authentication data is again tamper-proof since any transaction authentication data not encrypted using the user's private key will not be accepted as authentic.
- the PEAD is employed to approve only predefined transactions, the transaction data may be stored in advance within the PEAD and do not need to be received from externally by the PEAD. It is therefore intended that the following appended claims be interpreted as including all such alterations, permutations, and equivalents as fall within the true spirit and scope of the present invention.
Abstract
A portable electronic authorization device for approving a transaction request originated from an electronic transaction system. The portable electronic authorization device (200) includes first logic circuit configured to receive first digital data representative of the transaction request. There is further included second logic circuit configured to form second digital data responsive to the transaction request received by the first logic circuit if the transaction request is approved by a user of the portable electronic transaction device. The second digital data represents encrypted data signifying an approval by the user of the transaction request. Additionally, the portable electronic authorization device includes transmission circuitry coupled to the second logic circuit. The transmission circuitry is configured to transmit the second digital data from the portable electronic authorization apparatus to the electronic transaction system (202) if the user approves the transaction request.
Description
PORTABLE ELECTRONIC AUTHORIZATION DEVICES AND
METHODS THEREFOR
Background of the Invention
The present invention relates to methods and apparatus for conducting electronic transactions. More particularly, the present invention relates to portable electronic authorization devices (PEADs) which advantageously and substantially eliminate the security risks associated with prior art techniques of approving transactions between a user and an electronic transaction system.
Electronic transaction systems are known. An electronic transaction system typically permits a user to conduct designated transactions electronically, which substantially improves efficiency and convenience to the user. Examples of electronic transactions include transactions conducted via computer networks, automated teller machines (ATM's), automated point-of-sale systems, automated library systems, and the like. Transactions conducted via computer networks may encompass a wide range of transactions, including exchanging information and data via a computer network popularly known as the Internet, e.g., to make a purchase from a vendor on the network. ATM's typically permit users to conduct financial transactions (such as withdrawals, transfers, deposits, and the like) vis-a- vis a financial institution in an electronic manner. Automated point-of-sale systems may be employed by merchants to permit users to purchase products or services using the users' electronic account, and automated library systems may be employed to permit library users to check out and return library materials. Other examples of electronic transaction systems are readily available in popular literature and are not enumerated herein for brevity sake.
To enhance security to the user's account, electronic transaction systems typically request the user to provide identification data to authenticate himself as the user authorized to approve the proposed transaction or transactions. If the user fails to provide the requested identification data, the proposed transaction or transactions are not authorized and will not be processed. The identification data may be required with each transaction. By way of example, an automated point-of-sale system may require the user to approve a purchase transaction and will accept an approval message only if it is satisfied that the person approving the transaction has furnished adequate identifying data authenticating himself as the person authorized to perform the approval. Alternatively, the identification data may be
entered by the user at the start of a session to authenticate himself and enable that user to subsequently perform any number of transactions without further authentication.
In the prior art, users are typically required to manually enter the identification data into the electronic transaction system for authentication. Typically, the entry of identification data involves typing in a password on a numeric keypad or on a keyboard. The identification data is then compared with data previously stored within the electronic transaction system, and authentication is satisfied when there is a match. As mentioned previously, the transaction or transactions proposed will not be allowed to proceed if there is no match.
Although prior art electronic transaction systems provide some protection from unauthorized access and use of the user's account, there are disadvantages. To illustrate certain disadvantages associated with prior art electronic transaction systems, reference may be made to Fig. 1 herein. Fig. 1 shows an automated teller machine (ATM) 100, representing the requesting device of an electronic transaction system 102. Electronic transaction system 102 may include, for example, a central database 104 which contains previously-stored identification data and account data of user 106.
To initiate a typical transaction with ATM 100, user 106 first inserts a data card 107, such as a bank card or a credit card, into a card reader 109. Data card 107 typically includes a magnetic stripe that contains the account number and other information related to the user, which may then be read by card reader 109. The data stored in data card 107 enables electronic transaction system 102 to ascertain which account in database 104 user 106 wishes to transact business.
Via a keypad 108 on ATM 100, user 106 may then be able to enter his identification data, e.g., his personal identification number (PLN), to authenticate himself. If the entered identification data matches the identification data stored with the account in database 104 that is identified by data card 107, the user is authenticated and granted access to his account. If there is no match, authentication fails. After authentication, user 106 may be able to, for example, employ a combination of keypad 108 and a screen 110 to withdraw cash from his account, which results in cash being dispensed from ATM 100 and the balance in his account within database 104 correspondingly reduced.
Theoretically, the identification data entered into ATM 100 should be secure. In reality, there are many potential security risks to the identification data in prior art authentication techniques. Since the identification data is not encrypted before being entered into ATM 100, the non-encrypted identification data is vulnerable to unauthorized access and procurement. Encryption of the identification data is not practical in the prior art since it would have been too
complicated and/or inconvenient for the user to perform encryption or memorize the encrypted identification data. Unauthorized procurement of the identification data in the prior art may occur, for example, upon entry if it is inadvertently seen by another party, e.g., by another person behind user 106, either on screen 110 or more likely at keypad 108.
Even if encryption is employed on the identification data in the prior art, e.g., prior to transmission from ATM 100 to database 104, the encryption typically occurs within ATM 100 and still requires the entry of non-encrypted identification data from user 106 and the existence of the identification data for some duration of time in ATM 100. Unauthorized access to the identification data may then occur if an unauthorized party is able to gain entry into ATM 100 and intercepts, e.g., via software or hardware implemented in ATM 100, the non-encrypted identification data therein.
Furthermore, if public key cryptography is employed within ATM 100, the storage of the user's private key within ATM 100 renders this private key vulnerable to theft, further exposing the user's account to risk. The stolen password and/or private key may then be employed to allow unauthorized persons to access the user's account to the user's detriment.
In view of the foregoing, there are desired apparatus and methods for conducting transactions with the electronic transaction system while substantially eliminate the risk of unauthorized access to the user's account and unauthorized procurement of the user identification data. Preferably, such an apparatus should be easily portable to permit the user to conveniently and comfortably perform transaction authentication anywhere.
Summary of the Invention
The present invention relates, in one embodiment, to a method in a portable electronic authorization device for approving a transaction request originated from an electronic transaction system. The method includes receiving at the portable electronic authorization device first digital data, the first digital data representing the transaction request. The method further includes transmitting a second digital data to the electronic transaction system if the transaction request is approved by a user of the portable electronic authorization device. The second digital data is encrypted by circuitries within the portable electronic authorization device and signifies the user's approval of the transaction request.
In another embodiment, the invention relates to a portable electronic authorization device for approving a transaction request originated from an electronic transaction system. The inventive portable electronic authorization device includes first logic circuit configured to receive first digital data representative of the transaction request. There is further included second logic circuit configured to form second digital data responsive to the transaction request received by the first logic circuit if the transaction request is approved by a user of the portable electronic transaction device. The second digital data represents encrypted data signifying an approval by the user of the transaction request. Additionally, the inventive portable electronic authorization device includes transmission circuitry coupled to the second logic circuit. The transmission circuitry is configured to transmit the second digital data from the portable electronic authorization apparatus to the electronic transaction system if the user approves the transaction request.
These and other advantages of the present invention will become apparent upon reading the following detailed descriptions and studying the various figures of the drawings.
Brief Description of the Drawings
To facilitate discussion, Fig. 1 shows a prior art electronic transaction system, including an automated teller machine (ATM).
Fig. 2 illustrates, in accordance with one embodiment of the present invention, a portable electronic authorization device (PEAD), representing the apparatus for securely approving transactions conducted vis-a-vis an electronic transaction system.
Fig. 3A shows, in one embodiment of the present invention, a simplified schematic of the PEAD of Fig. 2.
Fig. 3B shows, in one embodiment, the format of representative transaction approval data.
Fig. 4 illustrates, in accordance with one embodiment of the present invention, a logic block schematic of the PEAD.
Fig. 5A represents, in accordance with one embodiment of the present invention, a high level hardware implementation of the PEAD.
Fig. 5B illustrates one implementation of a PEAD wherein the PEAD circuitries are implemented on an IC.
Fig. 5C represents an external view of the PEAD of Fig. 5B after being embedded in a card-like package.
Fig. 6A illustrates an external view of the PEAD in accordance with a preferred embodiment of the present invention.
Fig. 6B illustrates, in a simplified manner and in accordance with one aspect of the present invention, the hardware for implementing the PEAD of Fig. 6A
Fig. 7 is a flowchart illustrating, in accordance with one aspect of the present invention, the approval technique employing the inventive PEAD.
Fig. 8 is a flowchart illustrating, in accordance with one aspect of the present invention, steps involved in encrypting transaction approval data using a public key cryptography technique.
Detailed Description of the Preferred Embodiments
Fig. 2 illustrates, in accordance with one embodiment of the present invention, a portable electronic authorization device (PEAD) 200, representing the apparatus for securely approving transactions conducted vis-a-vis an electronic transaction system. With reference to Fig. 2, requesting device 202 may initiate a transaction approval process with PEAD 200 by transmitting to PEAD 200, via communication port 204, a transaction request pertaining to a proposed transaction. Requesting device 202 may represent, for example, an ATM machine, a computer terminal in a network, an automated library check-out terminal, or similar devices for permitting the user to transact business with the electronic transaction system. The proposed transaction may be, for example, a sale transaction of a particular item for a certain amount of money. The transaction request itself may include, for example, the transaction ID, the merchant's name, the merchant's LD, the time of the proposed purchase, and the like. In one embodiment, the transaction request from requesting device 202 may be encrypted for enhanced security but this is not required. Data pertaining to the proposed transaction reaches PEAD 200 via path 206 in Fig. 2.
Port 204 may represent an infrared port to facilitate infrared communication with PEAD 200. Alternatively, port 204 may represent a wireless port for facilitating wireless communication. Port 204 may even represent a contact-type connection port, such as a magnetic read/write mechanism or a plug having electrical contacts for directly plugging PEAD 200 into port 204 to facilitate communication. Other techniques to facilitate communication between requesting device 202 and PEAD 200 are readily appreciable to those skilled.
The data pertaining to proposed transaction(s) may then be reviewed by the user, either on a screen 208 of requesting device 202 or optionally on a display screen provided with PEAD 200 (not shown in Fig. 2). If the user approves the transaction, e.g., a purchase of an item for a given amount of money, the user may then signify his approval by activating a switch 210 on PEAD 200, which causes an approval message to be created with the user's identification data, encrypted and transmitted back to requesting device 202 via path 212. If the transaction is not approved, the user may simply do nothing and let the transaction request times out after an elapsed time or may activate another switch on PEAD 200 (not shown in Fig. 1), which causes a reject message, either encrypted or non- encrypted, to be transmitted back to the requesting device 202 via path 212.
The present invention is different from the prior art technique of Fig. 1 in that the user is required in the prior art to enter his identification data into the electronic transaction system, e.g., into ATM 100, to authenticate himself. In contrast, the present invention keeps the identification data related to the user secure within PEAD 200 at all times. Transaction approval occurs within PEAD 200, and the data representing such approval is encrypted, again within PEAD 200, prior to being transmitted to the electronic transaction system, e.g., to requesting device 202 in Fig. 2.
Accordingly, even if the approval data is intercepted, its encryption would prevent unauthorized users from employing the identification data for illicit purposes. If public key cryptography is employed to encrypt the approval data, the user's private key is also always kept within PEAD 200. Since the user's private key is required for encryption and is unknown to others, even to the electronic transaction system in one embodiment, the encrypted approval data, if intercepted, would be useless to unauthorized third parties even if the approval data can be deciphered using the user's public key. Again, this is different from prior art authentication techniques wherein encryption takes place within the electronic transaction system and requires the entry of the identification data and/or reading the user's private key from the ID card such as an ATM card, a credit card, and the like. As mentioned earlier, the fact that the prior art electronic transaction system requires this identification data and/or user's private key exposes these data to risks, e.g., if the requesting device is not secure or open to data interception via software or hardware.
As another difference, the present invention employs the circuitries within the portable electronic authorization device (PEAD) to perform the approval and encryption of the transaction approval data within the PEAD itself. In contrast, prior art data cards are essentially passive devices. For example, prior art ATM cards or credit cards only has a magnetic stripe for storing account information and do not have any facility to perform approval and/or encryption of the transaction approval data. While smart cards or IC cards, which are currently being developed, may contain electronic circuitries, current standards for their implementation still requires a reader associated with the requesting device to read out the identification data and/or user's private key in order for the requesting device to perform any approval and/or encryption. As mentioned earlier, the transmission of these data to the requesting device unnecessarily exposes these data to risks of theft and/or unauthorized interception once transmitted.
It should be borne in mind at this point that although public key cryptography is discussed throughout this disclosure to facilitate ease of understanding and to highlight a particular aspect of the invention, the overall invention is not limited to any particular cryptography algorithm and may be implemented using any conventional cryptography technique, including public key cryptography algorithms such as RSA, Diffie-Hellman,
other discrete logarithm systems, elliptic curve systems, or the like. For additional information on some of the different public key cryptography techniques, reference may be made to, for example, the IEEE P1363 Working Draft dated August 22, 1996, available from IEEE Standards Dept. 345 East Street, New York, New York 10017-2349.
As mentioned, transaction approval in the prior art occurs within the electronic transaction system. In contrast, the present invention allows transaction approvals to occur within PEAD 200. The fact that transaction approvals occur entirely within PEAD 200 provides many advantages. By way of example, this feature eliminates the need to have, in one embodiment, the identification data and/or the user's private key in the requesting device. The fact that transaction approvals occur entirely within PEAD 200 (using the user identification data and/or the user's private encryption key that are always kept secure within PEAD 200) substantially enhances the confidentiality of the user identification data and the user's private key, as well as the integrity of the transaction approval process.
Since approval occurs entirely within PEAD 200, the user identification data that is employed to authenticate transactions may be more complicated and elaborate to ensure greater security. By way of example, the user identification data may be more elaborate than a simple password and may include any of the user's name, his birth date, his social security number, or other unique biometrics or unique identifying data such as fingerprint, DNA coding sequence, voice print, or the like. In contrast, prior art authentication techniques limit the user identification data to simple patterns, e.g., simple password of few characters, that are easily memorized by the user since more elaborate identification data may be too difficult to remember or too cumbersome to manually enter. Furthermore, even if the complicated ID data may be stored in the prior art data card, it is still required to be read into the requesting device of the electronic transaction system, again exposing this data to interception or theft once read.
Additional safeguards, which will be described in detail herein, may also be provided to prevent access, whether electronically or by physical means, to the user identification data and/or the user's private key within PEAD 200. Since the identification data and/or the user's private key are never exposed, security risks to the these data are substantially minimized.
Fig. 3 A shows, in one embodiment of the present invention, a simplified schematic of PEAD 200 of Fig. 2, including switch 210. Data path 206 is provided for receiving transaction requests from the electronic transaction system, and data path 212 is provided for transmitting transaction approval data back to the electronic transaction system. It should be borne in mind that although two data paths are discussed herein for ease of understanding, these data paths and other data paths herein may, in one embodiment, represent logical data
paths and may be implemented via a single physical data connection. Likewise, the different ports herein may represent, in one embodiment, logical data ports for ease of understanding and may in fact be implemented using a single physical port.
When a transaction request, e.g., a withdrawal transaction from an ATM machine in the amount of $200.00, is transmitted via data path 206 to PEAD 200, this transaction is received by encryption logic 300. At this point, the user may review the proposed transaction, e.g., via the display screen provided with the electronic transaction system and or PEAD 200, and has a choice to either approve or disapprove the proposed transaction. If the user approves the transaction, he may, in one embodiment, activate a switch 210, which causes the transaction approval data to be created and then encrypted by encryption logic 300 prior to being transmitted back to the electronic transaction system via path 212.
Note that the user identification data block 302, which is employed in the transaction approval process, is not directly coupled to paths 206 and 212. In other words, the memory portion storing the user identification data is intentionally decoupled from the input and output ports of PEAD 200 to prevent direct access thereto.
If access to user identification data 302 is desired, e.g., to approve a transaction, the access can only be made by encryption logic block 300. Likewise, it is not possible to directly access the memory portion 304, which stores the user's private key. If access to user's private key 304 is desired, e.g., to encrypt the transaction approval data, the access can only be made by encryption logic block 300. It should be borne in mind that although user identification 302 and user's private key 304 are shown stored in different memory portions, such illustration is made for ease of understanding and both of these may in fact be stored, in one embodiment, at different addresses on the same memory module.
In some cases, the transaction approval data requires the inclusion of certain pieces of identification data 302. For example, a transaction embodied in the transaction request from the electronic transaction system may be appended with data representative of an "electronic signature" prior to being encrypted and retransmitted back to the electronic transaction system. Fig. 3B shows, in one embodiment, the format of representative transaction approval data 350. With reference to Fig. 3B, transaction data 352, representing a portion of or the entire transaction request received from the electronic transaction system, is appended with certain user identification data 354 and optionally a time stamp 356. The formation of transaction approval data 350 only occurs if the transaction request has already been approved by the user. Once appended, transaction approval data 350 is then encrypted prior to being retransmitted back to the electronic transaction system.
In some cases, it may be desirable to encrypt the transaction request prior to transmission to the PEAD to further enhance security. For example, certain transaction partners, e.g., vendors or other users on the computer network, may wish to keep the information within a transaction request confidential and may prefer to encrypt the transaction request before furnishing it to the PEAD. Data encryption is also desirable when, for example, the user identification data and the user's private key is written into a blank PEAD for the first time to configure a PEAD that is unique to a given user. The configuration data pertaining the user identification data and the user's private key, while must be written only once into PEAD 200 by the issuer of PEAD 200, is preferably encrypted to render them less vulnerable to theft. Issuers of PEAD 200 may represent, for example, credit card issuers, the government, or any other institution with whom the user maintains an account.
Fig. 4 illustrates, in accordance with one embodiment of the present invention, a schematic of PEAD 200 of Fig. 2. The PEAD 200 of Fig. 4 further employs decryption logic for receiving the encrypted configuration data and optionally the encrypted transaction requests. In Fig. 4, encryption logic 300, user's private key 304, and data paths 206 and 212 are arranged and function substantially as discussed in connection with Fig. 3A.
Transaction requests are normally non-encrypted, i.e., they are received and processed in the manner discussed in connection with Fig. 3A. For highly sensitive transactions, however, the transaction requests may be encrypted and transmitted to PEAD 200 via data path 206 and input into decryption logic 402 to be decrypted. If a public key cryptography is employed, the encrypted transaction requests may be decrypted with a transaction partner public key 404.
Once decrypted, the transaction request is then displayed to the user for approval. The transaction approval data may be furnished to encryption logic 300 via path 406 to be encrypted if approved, e.g., responsive to the activation of switch 210. The encryption is preferably performed with the user's private key 304 if a public key cryptography technique is employed, and the encrypted transaction approval data is then transmitted back to the electronic transaction system via data path 212.
As configuration data typically includes sensitive user identification data and user's private key, it is often encrypted prior to being transmitted to PEAD 200 via data path 408. The encrypted configuration data is received by decryption logic 402 and decrypted therein prior to being written into user identification data block 410 and user's private key block 304. If public key cryptography is employed, the encrypted configuration data may be encrypted by the issuer's private key in the electronic transaction system prior to transmission and decrypted once received by PEAD 200 with an issuer public key 412.
Note that once the configuration data is decrypted and written into user identification data block 410 and user's private key block 304, the user identification data and user's private key can only be accessed subsequently by encryption logic 300. Also note that there is no direct connection from any of the I O data paths, e.g., data path 206, 212, or 408, to user identification data block 410 as well to user's private key block 304. Advantageously, the sensitive user identification data and user's private key therein are not susceptible to access from outside once written into respective blocks 410 and 304 (which may, in one implementation, simply represent memory blocks in PEAD 200' s memory).
Additionally, the user identification data and the user's private key cannot be updated by those not having the issuer's private key. As represented in Fig. 4, data can only be written into user's private key block 304 and user identification block 410 after it is decrypted via decryption logic 402 with issuer public key 412. Accordingly, unless the updated configuration data has been encrypted using the issuer's private key (which is presumably highly secure), the updated configuration data will not be decrypted and written into respective blocks 304 and 410. Of course if the configuration data within blocks 304 and 410 cannot be updated physically, e.g., they are stored using memory that can be written only once such as PROM (programmable read-only memory), WORM (write once, read many), or the like, the security consideration associated with unauthorized alteration of configuration data is substantially eliminated.
If a greater level of security is desired, the user' s private key may be optionally be scrambled or randomized prior to being written into user's private key block 304 by optional scrambler/descrambler logic 413. Scrambler/descrambler logic 413 may, in one embodiment, receive the user's private key, which is furnished by the institution that issues PEAD 200 to the user, and scrambles and/or randomizes it to generate yet another user's private key and a corresponding user's public key. This scrambled/randomized user's private key is then stored in user's private key block 304, which is now unknown even to the issuer of PEAD 200, and the corresponding user's public key may be made known to the issuer and/or the transaction partners to facilitate transactions. Advantageously, there is no other copy of the scrambled/randomized user's private key anywhere else beside within user's private key block 304.
In an alternative embodiment, there may be employed an optional key generation logic 414 which, responsive to a request from the issuing institution, generates the user's private key and the user's public key on its own, i.e., without first requiring the receipt of a user's private key from the issuing institution and randomizing it. The generated user's private key is then stored in private key block 304 and the public key is made known to the issuing institution and/or the transaction partners to facilitate transactions. In this manner, no version of the user's private key, whether randomized or not, exists outside the PEAD
itself. As can be appreciated by those skilled in the art, the use of key generation logic 414 further enhances the confidentiality of the user's private key.
Fig. 5A represents, in accordance with one embodiment of the present invention, a high level hardware implementation of PEAD 200. As shown in Fig. 5A, PEAD 200 includes logic circuitry 502, which may represent a central processing unit such as a microprocessor or a microcontroller, discrete logic, programmable logic, an application- specific integrated circuit (ASIC), or the like, for implementing encryption logic 300 of Fig. 2 and optionally decryption logic 402 of Fig. 4.
Program/data memory 504 stores, among others, the codes which operate PEAD 200 as well as the user identification data and the user's private key. Program/data memory 504 is preferably implemented using some form of non-volatile memory (NVM) such as flash memory, electrically programmable read-only memory (EPROM), electrically erasable, programmable read-only memory (EEPROM), or the like. Temporary memory 506 serves as a scratch pad for calculation purposes and for temporary storage of data, and may be implemented using some form of random access memory (RAM) such as static RAM or dynamic RAM, which are known in the art. Alternatively, either optical memory, magnetic memory, or other types of memory may be employed to implement program/data memory 504 and/or temporary memory 506.
A bus 508 couples program/data memory 504 and temporary memory 506 with logic circuitry 502. Communication port 510 represents the communication gateway between PEAD 200 and the electronic transaction system and may be implemented using infrared technology, wireless RF technology, a magnetic read/write head, a contact-type plug for facilitating serial or parallel data transmission, or the like. Communication port may also represent, in one embodiment, a PC card port (popularly known to those skilled as a PCMCIA card). Data path 206 inputs transaction requests into logic circuitry 502 while data path 212 outputs transaction approval data from logic circuitry 502 to the electronic transaction system. Optional data path 408, which has been described in Fig. 4, inputs configuration data into PEAD 200 to write the user identification data and the user's private key into program/data memory 504 to uniquely configure PEAD 200 to a particular user.
Again, note that access to program/data memory 504 and the data therein (e.g., the user identification data and the user's private key) can only be made by logic circuitry 502. For example, the user identification data and the user's private key can only be written into program/data memory 504 if this data has been properly encrypted with the issuer's private key. Access to these memory blocks for writing thereto may also be restricted by logic circuitry 502 under appropriate software and/or firmware control.
Similarly, reading the user identification data and accessing the user's private key can only be accomplished via the encryption logic of logic circuitry 502. The advantages to security of this aspect has been discussed in connection with Figs. 3A and 4, the most important point being there is preferably no direct access to the sensitive user identification data and user's private key from the outside. Consequently, the confidentiality and security of these data items are greatly enhanced with the inventive design.
Some type of power source, such as a battery, may be provided as well. If PEAD 200 is implemented as a single-chip design, i.e., substantially all components shown in Fig. 5A are fabricated on a single die, then power is external to the die itself. If contact-type communication is employed, e.g., if PEAD 200 must be plugged into the electronic transaction system to conduct transactions, power external to the entire PEAD may be employed for transaction approvals when plugged in, thereby eliminating the size, weight, and cost penalties associated with having a battery onboard the portable transaction apparatus.
In one embodiment, PEAD 200 may be implemented using a general purpose portable computing device, such as any of the miniaturized portable computers or personal digital assistants (PDA's) that are currently popular. A PDA such as the Apple Newton®, for example, may be employed to implement PEAD 200.
Fig. 5B illustrates one implementation of a PEAD wherein the circuitries are implemented on an IC. In Fig. 5B, components having like reference numbers to components in Fig. 5A have similar functions. Data paths 408, 206, and 212, which have been described in connection with Fig. 5A, is coupled to a serial I/O circuit 520, which facilitates data transmission and receipt in a serial manner on data path 522 between PEAD 200 and the electronic transaction system. Vcc pin 524 and ground pin 526, which provide power to PEAD 200 of Fig. 5B, are also shown.
Fig. 5C represents an external view of the PEAD of Fig. 5B after being embedded in a card-like package for ease of carrying and insertion into a serial I/O port of the electronic transaction system. Card 550, which embeds the integrated circuit implementing the inventive PEAD, includes, in one embodiment, four external contacts. External serial contacts 552 and 554 carry data and ground respectively to facilitate serial communication with a serial device of an electronic transaction system. External Vcc contact 524 and external ground contact 526, which supply power to the PEAD as discussed in connection with Fig. 5A, are also shown. When card 550 is inserted into an electronic transaction system, it is powered through external contacts 524 and 526, thereby enabling the PEAD circuitries therein to receive transaction requests via external serial contacts 552 and 554, approve the requests within the PEAD if appropriate, encrypt transaction approval data
within the PEAD circuitries, and serially communicate the encrypted transaction approval data to the electronic transaction system via external serial contacts 552 and 554.
Fig. 6A represents an external view of a PEAD in accordance with a preferred embodiment of the present invention. PEAD 200 of Fig. 6A is preferably implemented as a small, self-containing package that is sufficiently ruggedized for daily use in the field.
Preferably, PEAD 200 of Fig. 6A is small enough to be comfortably carried with the user at all times, e.g., as a key chain attachment or a small package that can easily fit inside a purse or a wallet. The physical enclosure of PEAD 200 is preferably arranged such that the content will be tamper-proof (i.e., if it is opened in an unauthorized manner then the user's private key and/or the user identification data will be destroyed or the PEAD will no longer be able to approve transactions). By way of example, the enclosure may be arranged such that if it is opened, there is a change in the flow of current in a current path, e.g., either the existing current flow is interrupted or a current path that has been idle starts to flow. The change in the flow of current may then force RE
There is shown an infrared communication port 602 for receiving and transmitting data vis-a-vis the electronic transaction system. A small on/off switch 604 permits the user to turn off the PEAD to conserve power when not in use. Approve button 606 permits the user to signify approval of a proposed transaction. Optional skip button 608 permits the user to indicate rejection of a particular transaction. Skip button 608 may be omitted since a transaction request may be understood, in some embodiment, as not being approved if approve button 606 is not activated within a given period of time after receiving the request.
Optional display 610 may be implemented using any type of display technology such as liquid crystal technology. Displays 610 displays, among others, the transaction being proposed for approval. Display 610 may be omitted if desired, in which case the transaction may be viewed, for example, at a display associated with the electronic transaction system itself. Optional user authentication mechanism 612 prevents PEAD 200 from being used for approving transactions unless the user is able to identify himself to PEAD 200 as the rightful and authorized user. Optional user authentication mechanism 612 may require the user to enter a password, to furnish a fingerprint or a voice print, or other biometrics and/or identifying characteristics specific to the authorized user before PEAD 200 can be activated and employed for approving transactions.
Fig. 6B illustrates, in a simplified manner and in accordance with one aspect of the present invention, the hardware for implementing PEAD 200 of Fig. 6A. Battery 652 provides power to the circuitry of PEAD 200. A microcontroller 654 executes codes stored in flash memory 656 and employs random access memory 658 for the execution. In one embodiment, microcontroller 654, flash memory 656, and even random access memory 658
may be implemented on a single chip, e.g., a NC68HC05SCXX family chip from Motorola Inc. of Schaumburg, Illinois such as the NC68HC05SC28. Approve button 606 and optional skip button 608 are coupled to microcontroller 654 to permit the user to indicate approval or rejection of a particular transaction displayed using display circuitry 660. Communication to and from the electronic transaction system is accomplished under control of microcontroller 654 via an infrared transceiver 662. Power switch 664 permits the user to power off PEAD 200 when not in use to conserve power and to prevent accidental approval.
Fig. 7 is a flowchart illustrating, in accordance with one aspect of the present invention, the approval technique employing the inventive PEAD. In step 702, a transaction request is received at the PEAD from the requesting device associated with the electronic transaction system. In step 704, the user has the option whether to approve or disapprove the transaction proposed. If not approved, e.g., either by activating the skip button of the PEAD or simply allowing the request to time out, nothing will be done.
On the other hand, if the user approves the proposed transaction, the user may activate the approve button to create transaction approval data. The transaction approval data is then encrypted in step 708 within the PEAD. In step 710, the encrypted transaction approval data is transmitted to the requesting device of the electronic transaction system after being encrypted.
Fig. 8 is a flowchart illustrating, in accordance with one aspect of the present invention, the steps involved in encrypting transaction approval data using public key cryptography. In step 802, the transaction approval data package is created. As discussed earlier in connection with Fig. 3B, the transaction approval data may be created by appending any necessary user identification data to a portion of or the entire transaction request. Optionally, a time stamp may also be appended thereto. In step 804, the transaction approval data is encrypted using the user's private key, which is preferably kept secured at all times within the PEAD. Thereafter, the encrypted transaction approval data is transmitted back to the electronic transaction system.
In accordance with one aspect of the present invention, it is recognized that even if the encrypted transaction approval data is intercepted and decrypted for analysis by a third party, it is not possible to bypass the security features of the invention as long as the user's private key or the user identification data is secure. As mentioned earlier, since the user identification data is not accessible externally, it is always secure within the PEAD. This is unlike the prior art wherein the user is required to enter the identification data, e.g., password, at the electronic transaction system and risks exposure of this sensitive data.
Even if the user identification data is compromised, transaction approval still cannot take place unless there is possession of the user's private key. It would be useless to intercept the encrypted transaction approval data even if one can decrypt it using the user's public key since the transaction partner, e.g., the merchant requesting approval of the transaction, will not accept any transaction approval data not encrypted using the user's private key. Again, since the private key is not accessible externally, it is always secure within the PEAD. This aspect of the invention has great advantages in performing on-line transactions since the user's private key no longer has to be stored in a vulnerable computer file in a workstation, which may be accessible by other parties and may be difficult to conveniently tote along for other authentication tasks.
The fact that the PEAD is implemented in a small, portable package makes it convenient and comfortable for the user to maintain the PEAD within his possession at all times. Even if the PEAD is physically stolen, however, the optional user authentication mechanism, e.g., user authentication mechanism 612 of Fig. 6A, provides an additional level of protection and renders the PEAD useless to all but the properly authenticated user. Of course the user can always notify the issuer of the PEAD if the PEAD is stolen or lost, and the issuer can inform transaction partners to refuse any transaction approval data encrypted with the user's private key of the stolen PEAD.
The fact that the transaction approval data includes the time stamp, the merchant's name, the amount approved, and other relevant data also enhances the integrity of the transaction approval process. If the merchant inadvertently or intentionally submits multiple transaction approvals to the issuer, the issuer may be able to recognize from these data items that the submissions are duplicates and ignore any duplicate transaction approval data. For example, the issuer may recognize that is it unlikely for a user to purchase multiple identical dinners at the same restaurant at a given time and date.
While this invention has been described in terms of several preferred embodiments, there are alterations, permutations, and equivalents which fall within the scope of this invention. It should also be noted that there are many alternative ways of implementing the methods and apparatuses of the present invention. By way of example, while the discussion herein has focused on transaction approvals, it should be apparent to those skilled that the PEAD may be employed to conduct any kind of transaction vis-a-vis an electronic transaction system any time secured data transmission from the user to the electronic transaction system is preferred. For example, the PEAD may be employed for logging into highly sensitive computer systems or facilities. When so implemented, the computer terminal with which the PEAD communicates may be equipped with an infrared port, a magnetic reader port, or a contact-type plug for communication with the PEAD. The user may then employ the PEAD to perform any type of authentication tasks online.
As a further example, the PEAD may be employed to "sign" any computer file for authentication purposes (e.g., to authenticate the date or the user). The transaction approval data may then be saved along with the file to be authenticated for future reference. Note that the transaction authentication data is again tamper-proof since any transaction authentication data not encrypted using the user's private key will not be accepted as authentic. Also, it should be apparent that if the PEAD is employed to approve only predefined transactions, the transaction data may be stored in advance within the PEAD and do not need to be received from externally by the PEAD. It is therefore intended that the following appended claims be interpreted as including all such alterations, permutations, and equivalents as fall within the true spirit and scope of the present invention.
Claims
1 . In a portable electronic authorization device, a method for approving a transaction request originated from an electronic transaction system, comprising:
receiving at said portable electronic authorization device first digital data, said first digital data representing said transaction request; and
if said transaction request is approved by a user of said portable electronic authorization device, transmitting a second digital data to said electronic transaction system, said second digital data being encrypted by circuitries within said portable electronic authorization device and signifies said user's approval of said transaction request.
2. The method of claim 1 wherein said second digital data includes at least a portion of said transaction request.
3. The method of claim 1 wherein said second digital data is encrypted with a user's private key using public key cryptography, said user's private key being kept within said portable electronic authorization device thereby eliminating a need to exchange said user's private key between said portable electronic authorization device and said electronic transaction system for approving said transaction request.
4 The method of claim 3 wherein said user's private key is generated by a key generation logic within said portable electronic authorization device.
5. The method of claim 1 further comprising:
authenticating said user prior to permitting said user to approve said transaction request using said portable electronic authorization device, said authenticating requires one of a password, a finger print, a voice print at a user authentication mechanism associated with said portable electronic authorization device.
6. The method of claim 1 wherein said transmitting said second digital data is performed via an infrared communication port associated with said portable electronic authorization device.
7. The method of claim 1 wherein said transmitting said second digital data is performed via a contact-type serial communication port associated with said portable electronic authorization device.
8. The method of claim 1 further comprising displaying said transaction request for viewing by said user on a display screen associated with said portable electronic authorization device.
9. The method of claim 1 wherein said transaction request represents a request for authenticating an electronic file, said second digital data includes an electronic signature for authenticating said electronic file.
10. The method of claim 1 further comprising activating an approval switch associated with said portable electronic authorization device if said transaction request is approved by said user, said activating said approval switch causing said second digital device to be transmitted from said portable electronic authorization device to said electronic transaction system..
1 1. The method of claim 1 wherein said first digital data represents an encrypted version of said transaction request encrypted using public key cryptography with a private key associated with a transaction partner, wherein said receiving further comprising decrypting, using decryption logic associated with said portable electronic authorization device, said first digital data using a public key associated with said transaction partner.
12. The method of claim 1 wherein said portable electronic authorization device is enclosed in a tamper-proof enclosure, said tamper-proof enclosure being configured to prevent said user's private key from being extracted from said portable electronic authorization device if said tamper-proof enclosure has been tampered with.
13. The method of claim 1 wherein said portable electronic authorization device is implemented on a single chip.
14. The method of claim 1 wherein said transmitting said second digital data is performed via a PC card communication port associated with said portable electronic authorization device.
15. The method of claim 14 wherein said transaction request represents a transaction request for a transaction conducted via a computer network, said electronic transaction system includes a computer coupled to said computer network, said portable electronic authorization device configured for plugging into a PC card slot of said computer to facilitate said receiving said first digital data.
16. The method of claim 13 wherein said portable electronic authorization device is configured for portability and includes a power source.
17. The method of claim 1 wherein said second digital data comprises at least a portion of said transaction request, said transaction approval data further comprising identification data pertaining said user and a time stamp.
18. The method of claim 1 further comprising configuring said portable electronic authorization device for said user by receiving configuration data from an issuer of an account capable of transaction via said portable electronic authorization device, said configuration data includes at least one of identification data pertaining said user and said private key.
19. The method of claim 1 wherein said transmitting said second digital data is performed via a wireless RF communication port associated with said portable electronic authorization device.
20. The method of claim 1 wherein said transmitting said second digital data is performed via a contact-type parallel communication port associated with said portable electronic authorization device.
21. A portable electronic authorization device for approving a transaction request originated from an electronic transaction system, comprising:
means for receiving at said portable electronic authorization device first digital data, said first digital data representing said transaction request;
means within said portable electronic authorization device for forming second digital data responsive to a receipt of said transaction request if a user of said portable electronic authorization device approves said transaction request, said second digital data representing encrypted data signifying said user's approval of said transaction request; and
means, coupled to said forming means, for transmitting said second digital data to said electronic transaction system.
22. The portable electronic authorization device of claim 21 wherein said second digital data includes at least a portion of said transaction request.
23. The portable electronic authorization device of claim 21 further including first memory means coupled to said forming means for storing a user's private key for use in forming said second digital data in accordance with a public key cryptography technique, wherein said forming means includes encrypting means coupled to said first memory means for creating said encrypted data with said user's private key using said public key cryptography technique, whereby said presence of said user's private key in said first memory means eliminates a need to exchange said user's private key between said portable electronic authorization device and said electronic transaction system for approving said transaction request.
24. The portable electronic authorization device of claim 23 further comprising key generation logic coupled to said first memory means for generating said user's private key within said portable electronic authorization device.
25. The portable electronic authorization device of claim 23 further comprising means, coupled to said first memory means, for configuring said portable electronic authorization device for said user, said configuring means receives configuration data from an issuer of an account capable of transaction via said portable electronic authorization device, said configuration data includes at least one of identification data pertaining said user and said private key; and
means for writing said configuration data to memory of said portable electronic authorization device.
26. The portable electronic authorization device of claim 21 further comprising:
means coupled to said forming means for authenticating said user prior to permitting said user to approve said transaction request using said portable electronic authorization device, said authenticating means requires one of a password, a finger print, and a voice print.
27. The portable electronic authorization device of claim 21 wherein said means for transmitting said second digital data includes means for communicating with said electronic transaction system using infrared signals.
28. The portable electronic authorization device of claim 21 wherein said means for transmitting said second digital data includes means for communicating with said electronic transaction system using wireless RF signals.
29. The portable electronic authorization device of claim 21 wherein said means for transmitting said second digital data includes a contact-type serial port for communicating with said electronic transaction system.
30. The portable electronic authorization device of claim 21 wherein said means for transmitting said second digital data includes a contact-type parallel port for communicating with said electronic transaction system.
31. The portable electronic authorization device of claim 21 further comprising means, coupled to said receiving means, for displaying said transaction request for viewing by said user.
32. The portable electronic authorization device of claim 21 further comprising means, coupled to said forming means, for said user to indicate that said transaction request is approved, said means for said user to indicate that said transaction request is approved causes said second digital data to be transmitted from said portable electronic authorization device to said electronic transaction system.
33. The portable electronic authorization device of claim CIO wherein said means for said user to indicate that said transaction request is approved represents a switch configured for activation by said user.
34. The portable electronic authorization device of claim 21 wherein said first digital data represents an encrypted version of said transaction request, said first digital data being encrypted using public key cryptography with a private key associated with a transaction partner, wherein said means for receiving further comprising means for decrypting said first digital data using a public key associated with said transaction partner.
35. The portable electronic authorization device of claim 21 further comprising tamper-proof enclosure means for enclosing said receiving means, said forming means, and said transmitting means therein, said tamper-proof enclosure means being configured to prevent said user's private key from being extracted from said portable electronic authorization device if said tamper-proof enclosure means has been tampered with.
36. The portable electronic authorization device of claim 21 wherein said means for receiving, means for forming, and means for transmitting are implemented on a single chip.
37. The portable electronic authorization device of claim 21 wherein said means for transmitting said second digital data includes a first PC card communication port associated with said portable electronic authorization device.
38. The portable electronic authorization device of claim 37 wherein said transaction request represents a transaction request for a transaction conducted via a computer network, said electronic transaction system includes a computer coupled to said computer network, said portable electronic authorization device being configured for plugging into a second PC card communication port of said computer to facilitate receiving said first digital data.
39. The portable electronic authorization device of claim 21 further including a power source for providing power to said forming means.
40. The portable electronic authorization device of claim 21 wherein said second digital data comprises at least a portion of said transaction request, said second digital data further comprising identification data pertaining said user and a time stamp.
41. The portable electronic authorization device of claim 21 wherein said transaction request represents a request for authenticating an electronic file, said second digital data includes an electronic signature for authenticating said electronic file.
42. A portable electronic authorization device for approving a transaction request originated from an electronic transaction system, comprising:
first logic circuit configured to receive first digital data representative of said transaction request; second logic circuit configured to form second digital data responsive to said transaction request received by said first logic circuit if said transaction request is approved by a user of said portable electronic transaction device, said second digital data representing encrypted data signifying an approval by said user of said transaction request; and
transmission circuitry coupled to said second logic circuit, said transmission circuitry being configured to transmit said second digital data from said portable electronic authorization apparatus to said electronic transaction system if said user approves said transaction request.
43. The portable electronic authorization device of claim 42 wherein said second digital data includes at least a portion of said transaction request.
44. The portable electronic authorization device of claim 42 wherein said first digital data represents an encrypted version of said transaction request, said first digital data being encrypted using public key cryptography with a private key associated with a transaction partner, wherein said first logic circuit comprises decrypting circuitry configured to decrypt said first digital data using a public key associated with said transaction partner.
45. The portable electronic authorization device of claim 44 further including first memory circuit coupled to said decrypting circuitry, said first memory circuit being configured for storing a user's private key for use in forming said second digital data in accordance with a public key cryptography technique, wherein said second logic circuit includes encrypting logic coupled to said first memory circuit for creating said encrypted data with said user's private key using said public key cryptography technique, whereby said presence of said user's private key in said first memory circuit eliminates a need to exchange said user's private key between said portable electronic authorization device and said electronic transaction system for approving said transaction request.
46 The portable electronic authorization device of claim 45 further comprising key generation logic coupled to said first memory means for generating said user's private key within said portable electronic authorization device.
47 The portable electronic authorization device of claim 46 wherein said first logic circuit comprises receiving circuit coupled to said decrypting logic, said receiving circuit being configured to receive said first digital data from said electronic transaction system prior to passing said first digital data to said decrypting logic for decryption, said receiving circuit being decoupled from said first memory circuit, wherein said user's private key stored in said first memory circuit is inaccessible directly by said receiving logic, thereby preventing said user's private key from being accessed from externally without traversing said decrypting logic.
48 The portable electronic authorization device of claim 47 wherein said transmission circuitry is decoupled from said first memory circuit, wherein said user's private key stored in said first memory circuit is inaccessible directly by said transmission circuit, thereby preventing said user's private key from being accessed from externally without traversing one of said decrypting logic and said encrypting logic.
49. The portable electronic authorization device of claim 42 further comprising:
user authentication mechanism coupled to said second logic circuit, said user authentication mechanism being configured to authenticate said user prior to permitting said user to approve said transaction request using said portable electronic authorization device, said authentication mechanism requires one of a password, a finger print, and a voice print.
50. The portable electronic authorization device of claim 42 wherein said transmission circuitry includes circuitry configured for communicating with said electronic transaction system using infrared signals.
51. The portable electronic authorization device of claim 42 wherein said transmission circuitry includes circuitry configured for communicating with said electronic transaction system using wireless RF signals.
52. The portable electronic authorization device of claim 42 wherein said transmission circuitry includes a contact-type serial port for communicating with said electronic transaction system.
53. The portable electronic authorization device of claim 42 wherein said transmission circuitry includes a contact-type parallel port for communicating with said electronic transaction system.
54. The portable electronic authorization device of claim 42 further comprising a display coupled to said first logic circuit, said display being configured to display said transaction request for viewing by said user.
55. The portable electronic authorization device of claim 42 further comprising a switch coupled to said second logic circuit, said switch permitting said user to indicate through activating said switch that said transaction request is approved by said user.
56. The portable electronic authorization device of claim 42 further comprising tamper-proof enclosure for enclosing said first logic circuit, said second logic circuit, and said transmission circuitry therein, said tamper-proof enclosure being configured to prevent said user's private key from being extracted from said portable electronic authorization device if said tamper-proof enclosure has been tampered with.
57. The portable electronic authorization device of claim 42 wherein said first logic circuit, said second logic circuit, and said transmission circuitry are implemented on a single chip.
58. The portable electronic authorization device of claim 42 wherein said transmission circuitry includes a PC card communication port associated with said portable electronic authorization device.
59. The portable electronic authorization device of claim 58 wherein said transaction request represents a transaction request for a transaction conducted via a computer network, said electronic transaction system includes a computer coupled to said computer network, said portable electronic authorization device being configured for plugging into a PC card slot of said computer to facilitate receiving said first digital data.
60. The portable electronic authorization device of claim 42 further including a power source to facilitate portability.
61. The portable electronic authorization device of claim 42 wherein said second digital data comprises at least a portion of said transaction request, said second digital data further comprising identification data pertaining said user and a time stamp.
62. The portable electronic authorization device of claim 42 wherein said transaction request represents a request for authenticating an electronic file, said second digital data includes an electronic signature for authenticating said electronic file.
63. In a portable electronic authorization device, a method for approving a transaction request originated from an electronic transaction system, comprising:
receiving at said portable electronic authorization device first digital data, said first digital data representing said transaction request;
if said transaction request is approved by a user of said portable electronic authorization device, generating second digital data, said second digital data representing transaction approval data signifying said user's approval of said transaction request;
encrypting within said portable electronic authorization device said second digital data, thereby creating third digital data representing an encrypted version of said second digital data; and
transmitting said third digital data from said portable electronic authorization device to said electronic transaction system, thereby permitting said electronic transaction system to ascertain whether said transaction request is approved by said user.
64. The method of claim 63 wherein said encrypting is performed using a public key cryptography technique, said portable electronic authorization device containing a user's private key for encrypting said second digital data to form said third digital data, thereby eliminating a need to transmit said user's private key from said portable electronic authorization device to said electronic transaction system, said third digital data being configured for being decrypted at said electronic transaction system using a user's public key.
65 The method of claim 64 wherein said user's private key is generated by a key generation logic within said portable electronic authorization device.
66. The method of claim 63 further comprising:
authenticating said user prior to permitting said user to approve said transaction request using said portable electronic authorization device, said authenticating requires one of a password, a finger print, a voice print at a user authentication mechanism associated with said portable electronic authorization device.
67. The method of claim 63 wherein said user's private key is generated using a key generation logic within said portable electronic authorization device, thereby eliminating a need to transmit said user's private key from said electronic transaction system to said portable electronic authorization device.
68. The method of claim 63 wherein said transmitting said third digital data is performed via an infrared communication port associated with said portable electronic authorization device.
69. The method of claim 63 wherein said transmitting said third digital data is performed via a wireless RF communication port associated with said portable electronic authorization device.
70. The method of claim 63 wherein said transmitting said third digital data is performed via a contact-type parallel communication port associated with said portable electronic authorization device.
71. The method of claim 63 wherein said transmitting said third digital data is performed via a contact-type serial communication port associated with said portable electronic authorization device.
72. The method of claim 63 further comprising displaying said transaction request for viewing by said user on a display screen associated with said portable electronic authorization device.
73. The method of claim 63 further comprising activating an approval switch associated with said portable electronic authorization device if said transaction request is approved by said user.
74. The method of claim 63 wherein said first digital data represents an encrypted version of said transaction request encrypted using public key cryptography, wherein said receiving further comprising decrypting, using decryption logic associated with said portable electronic authorization device, said first digital data using a transaction partner's public key .
75. The method of claim 63 wherein said portable electronic authorization device is enclosed in a tamper-proof enclosure, said tamper-proof enclosure being configured to prevent said user's private key from being extracted from said portable electronic authorization device if said tamper-proof enclosure has been tampered with.
76. The method of claim 63 wherein said portable electronic authorization device is implemented on a single chip.
77. The method of claim 63 wherein said transmitting said third digital data is performed via a PC card communication port associated with said portable electronic authorization device.
78. The method of claim 77 wherein said transaction request represents a transaction request for a transaction conducted via a computer network, said electronic transaction system includes a computer coupled to said computer network, said portable electronic authorization device configured for plugging into a PC card slot of said computer to facilitate said receiving said first digital data.
79. The method of claim 63 wherein said portable electronic authorization device is configured for portability and includes a power source.
80. The method of claim 63 wherein said transaction approval data comprises at least a portion of said transaction request, said transaction approval data further comprising identification data pertaining said user and a time stamp.
81. The method of claim 63 further comprising configuring said portable electronic authorization device for said user by receiving configuration data from an issuer of an account capable of transaction via said portable electronic authorization device, said configuration data includes at least one of identification data pertaining said user and said private key.
82. The method of claim 63 wherein said transaction request represents a request for authenticating an electronic file, said transaction approval data includes an electronic signature attached to said electronic file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU53831/98A AU5383198A (en) | 1996-12-04 | 1997-12-04 | Portable electronic authorization devices and methods therefor |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/759,555 | 1996-12-04 | ||
US08/759,555 US5917913A (en) | 1996-12-04 | 1996-12-04 | Portable electronic authorization devices and methods therefor |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1998025371A1 true WO1998025371A1 (en) | 1998-06-11 |
Family
ID=25056097
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US1997/023125 WO1998025371A1 (en) | 1996-12-04 | 1997-12-04 | Portable electronic authorization devices and methods therefor |
Country Status (4)
Country | Link |
---|---|
US (3) | US5917913A (en) |
AU (1) | AU5383198A (en) |
TW (1) | TW565786B (en) |
WO (1) | WO1998025371A1 (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0933733A2 (en) * | 1998-01-30 | 1999-08-04 | Citicorp Development Center, Inc. | Method and system of contactless interfacing for smart card banking |
WO2001011575A1 (en) * | 1999-08-09 | 2001-02-15 | Wow Company S.A. | Portable certification device with acoustic coupling |
WO2002048978A2 (en) * | 2000-12-12 | 2002-06-20 | Giesecke & Devrient Gmbh | Method and device for transferring electronic value units |
GB2371397A (en) * | 2001-01-20 | 2002-07-24 | Ncr Int Inc | Self-service terminal with mobile detection features |
WO2002067211A1 (en) * | 2001-02-23 | 2002-08-29 | Infineon Technologies Ag | Method for securely handling a data communication concerning a financial transaction |
EP1272933A1 (en) * | 2000-03-13 | 2003-01-08 | Esign, Inc. | Electronic transaction systems and methods therefor |
JP2003517658A (en) * | 1999-03-02 | 2003-05-27 | エサイン インコーポレーテッド | Portable electronic billing / authentication device and method |
EP0980053A3 (en) * | 1998-08-11 | 2003-09-17 | Citibank, N.A. | Advanced plastic card for financial and informational transactions |
WO2003081377A2 (en) * | 2001-12-21 | 2003-10-02 | Esignx Corporation | Methods of exchanging secure messages |
WO2006029596A1 (en) * | 2004-09-14 | 2006-03-23 | Wincor Nixdorf International Gmbh | Device for entering and transmitting encrypted signals |
EP1758053A1 (en) * | 2005-08-01 | 2007-02-28 | Fujitsu Limited | Wireless computer wallet for physical point of sale (POS) transactions |
US7353382B2 (en) | 2002-08-08 | 2008-04-01 | Fujitsu Limited | Security framework and protocol for universal pervasive transactions |
EP1923844A1 (en) | 2006-11-18 | 2008-05-21 | Fiducia IT AG | Method for interaction of a bank customer with a cash machine, corresponding mobile in/output device and system for performing such interaction |
ITBZ20100042A1 (en) * | 2010-11-30 | 2012-05-31 | Enzo Ferrarin | ELECTROMECHANICAL ENCODER TO SET SECRET CODES AND / OR A PIN FOR CREDIT CARDS AND / OR CARDS AND SUPPORTS FOR THE ACTIVATION OF ANY SYSTEM. |
WO2013064493A1 (en) * | 2011-10-31 | 2013-05-10 | Money And Data Protection Lizenz Gmbh & Co. Kg | Authentication method |
WO2013064504A1 (en) | 2011-10-31 | 2013-05-10 | Money And Data Protection Lizenz Gmbh & Co. Kg | Device for mobile communication |
US10147089B2 (en) | 2012-01-05 | 2018-12-04 | Visa International Service Association | Data protection with translation |
EP2213044B1 (en) * | 2007-10-19 | 2020-05-06 | DataLocker Inc. | Method of providing assured transactions using secure transaction appliance and watermark verification |
Families Citing this family (349)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5742845A (en) | 1995-06-22 | 1998-04-21 | Datascape, Inc. | System for extending present open network communication protocols to communicate with non-standard I/O devices directly coupled to an open network |
WO1997040600A2 (en) * | 1996-04-23 | 1997-10-30 | Ascom Hasler Mailing Systems, Inc. | System for identifying the user of postal equipment |
US6945457B1 (en) | 1996-05-10 | 2005-09-20 | Transaction Holdings Ltd. L.L.C. | Automated transaction machine |
US6593372B2 (en) * | 1996-11-13 | 2003-07-15 | Cold Spring Harbor Laboratory | Therapeutic uses for nitric oxide inhibitors |
US5917913A (en) | 1996-12-04 | 1999-06-29 | Wang; Ynjiun Paul | Portable electronic authorization devices and methods therefor |
US8225089B2 (en) | 1996-12-04 | 2012-07-17 | Otomaku Properties Ltd., L.L.C. | Electronic transaction systems utilizing a PEAD and a private key |
GB2321741B (en) * | 1997-02-03 | 2000-10-04 | Certicom Corp | Data card verification system |
AUPO799197A0 (en) * | 1997-07-15 | 1997-08-07 | Silverbrook Research Pty Ltd | Image processing method and apparatus (ART01) |
ATE220814T1 (en) * | 1997-06-27 | 2002-08-15 | Swisscom Mobile Ag | TRANSACTION METHOD USING A PORTABLE IDENTIFICATION ELEMENT |
WO1999008415A2 (en) * | 1997-08-06 | 1999-02-18 | Infineon Technologies Ag | System for generating electronic signatures in absolute security |
US6246751B1 (en) * | 1997-08-11 | 2001-06-12 | International Business Machines Corporation | Apparatus and methods for user identification to deny access or service to unauthorized users |
JP2001522057A (en) * | 1997-10-28 | 2001-11-13 | ブロカット・インフォズュステムス・アーゲー | How to digitally sign a message |
US7167711B1 (en) * | 1997-12-23 | 2007-01-23 | Openwave Systems Inc. | System and method for controlling financial transactions over a wireless network |
US7668782B1 (en) * | 1998-04-01 | 2010-02-23 | Soverain Software Llc | Electronic commerce system for offer and acceptance negotiation with encryption |
US7392938B1 (en) * | 1998-04-17 | 2008-07-01 | Diebold, Incorporated | Cash withdrawal from ATM via videophone |
US7089214B2 (en) * | 1998-04-27 | 2006-08-08 | Esignx Corporation | Method for utilizing a portable electronic authorization device to approve transactions between a user and an electronic transaction system |
US6078566A (en) | 1998-04-28 | 2000-06-20 | Genesys Telecommunications Laboratories, Inc. | Noise reduction techniques and apparatus for enhancing wireless data network telephony |
US6795406B2 (en) * | 1999-07-12 | 2004-09-21 | Genesys Telecommunications Laboratories, Inc. | Methods and apparatus for enhancing wireless data network telephony, including quality of service monitoring and control |
US6167518A (en) * | 1998-07-28 | 2000-12-26 | Commercial Electronics, Llc | Digital signature providing non-repudiation based on biological indicia |
US8914507B2 (en) | 1998-09-01 | 2014-12-16 | International Business Machines Corporation | Advice provided for offering highly targeted advice without compromising individual privacy |
US6263362B1 (en) | 1998-09-01 | 2001-07-17 | Bigfix, Inc. | Inspector for computed relevance messaging |
US7197534B2 (en) | 1998-09-01 | 2007-03-27 | Big Fix, Inc. | Method and apparatus for inspecting the properties of a computer |
US6460138B1 (en) * | 1998-10-05 | 2002-10-01 | Flashpoint Technology, Inc. | User authentication for portable electronic devices using asymmetrical cryptography |
US8006177B1 (en) * | 1998-10-16 | 2011-08-23 | Open Invention Network, Llc | Documents for commerce in trading partner networks and interface definitions based on the documents |
US7386727B1 (en) | 1998-10-24 | 2008-06-10 | Encorus Holdings Limited | Method for digital signing of a message |
EP1129439A1 (en) * | 1998-11-11 | 2001-09-05 | NCR International, Inc. | Digital data interchange devices and networks |
AUPP752398A0 (en) * | 1998-12-04 | 1999-01-07 | Collins, Lyal Sidney | Secure multi-point data transfer system |
US8538801B2 (en) | 1999-02-19 | 2013-09-17 | Exxonmobile Research & Engineering Company | System and method for processing financial transactions |
US6813636B1 (en) * | 1999-03-01 | 2004-11-02 | Aspect Communications Corporation | Method and apparatus for routing a transaction within a network environment |
US7607572B2 (en) * | 1999-03-19 | 2009-10-27 | Bigfix, Inc. | Formalizing, diffusing, and enforcing policy advisories and monitoring policy compliance in the management of networks |
US6594762B1 (en) * | 1999-05-05 | 2003-07-15 | Ericsson Inc. | Methods and devices enabling displays of electronic devices based on separation thereof |
AU6053700A (en) * | 1999-06-28 | 2001-01-31 | Starpay.Com, Inc. | Apparatus and method for performing secure network transactions |
US7376583B1 (en) | 1999-08-10 | 2008-05-20 | Gofigure, L.L.C. | Device for making a transaction via a communications link |
US7343351B1 (en) | 1999-08-31 | 2008-03-11 | American Express Travel Related Services Company, Inc. | Methods and apparatus for conducting electronic transactions |
US7505941B2 (en) * | 1999-08-31 | 2009-03-17 | American Express Travel Related Services Company, Inc. | Methods and apparatus for conducting electronic transactions using biometrics |
US7953671B2 (en) * | 1999-08-31 | 2011-05-31 | American Express Travel Related Services Company, Inc. | Methods and apparatus for conducting electronic transactions |
US7889052B2 (en) | 2001-07-10 | 2011-02-15 | Xatra Fund Mx, Llc | Authorizing payment subsequent to RF transactions |
AU7705200A (en) * | 1999-09-20 | 2001-04-24 | Ethentica, Inc. | Context sensitive dynamic authentication in a cryptographic system |
US7391865B2 (en) | 1999-09-20 | 2008-06-24 | Security First Corporation | Secure data parser method and system |
EP1216460A1 (en) * | 1999-09-28 | 2002-06-26 | Chameleon Network Inc. | Portable electronic authorization system and associated method |
US7340439B2 (en) * | 1999-09-28 | 2008-03-04 | Chameleon Network Inc. | Portable electronic authorization system and method |
US7080037B2 (en) * | 1999-09-28 | 2006-07-18 | Chameleon Network Inc. | Portable electronic authorization system and method |
US20050108096A1 (en) * | 1999-09-28 | 2005-05-19 | Chameleon Network Inc. | Portable electronic authorization system and method |
GB2363874B (en) * | 1999-11-06 | 2004-08-04 | Dennis Sunga Fernandez | Bioinformatic transaction scheme |
US6718468B1 (en) * | 1999-11-12 | 2004-04-06 | International Business Machines Corporation | Method for associating a password with a secured public/private key pair |
US6704868B1 (en) * | 1999-11-12 | 2004-03-09 | International Business Machines Corporation | Method for associating a pass phase with a secured public/private key pair |
JP2001167054A (en) * | 1999-12-09 | 2001-06-22 | Casio Comput Co Ltd | Portable information equipment, device and system for authentication |
EP1237091A4 (en) * | 1999-12-10 | 2006-08-23 | Fujitsu Ltd | Personal authentication system and portable electronic device having personal authentication function using body information |
US6955299B1 (en) | 1999-12-17 | 2005-10-18 | Centre For Wireless Communications Of National University Of Singapore | System and method for using a smart card |
US6816724B1 (en) * | 1999-12-28 | 2004-11-09 | Nokia Corporation | Apparatus, and associated method, for remotely effectuating a transaction service |
US7720754B1 (en) | 2000-01-05 | 2010-05-18 | Uniteller Financial Services, Inc. | Money-transfer techniques |
US7870065B2 (en) | 2000-01-05 | 2011-01-11 | Uniteller Financial Services, Inc. | Money-transfer techniques |
US6938013B1 (en) | 2000-01-05 | 2005-08-30 | Uniteller Financial Services, Inc. | Money-transfer techniques |
US7065503B2 (en) * | 2000-01-14 | 2006-06-20 | Matsushita Electric Industrial Co., Ltd. | Cookie data stored on transportable recording medium |
DE20001117U1 (en) * | 2000-01-24 | 2001-06-07 | Wincor Nixdorf Gmbh & Co Kg | Wireless operation of ATMs |
US7493497B1 (en) | 2000-02-03 | 2009-02-17 | Integrated Information Solutions | Digital identity device |
WO2001059732A2 (en) * | 2000-02-10 | 2001-08-16 | Jon Shore | Apparatus, systems and methods for wirelessly transacting financial transfers, electronically recordable authorization transfers, and other information transfers |
US6453301B1 (en) | 2000-02-23 | 2002-09-17 | Sony Corporation | Method of using personal device with internal biometric in conducting transactions over a network |
US7716133B1 (en) * | 2000-03-10 | 2010-05-11 | Ncr Corporation | Self service terminal |
US7284266B1 (en) * | 2000-03-21 | 2007-10-16 | Broadcom Corporation | System and method for secure biometric identification |
US7016859B2 (en) * | 2000-04-04 | 2006-03-21 | Michael Whitesage | System and method for managing purchasing contracts |
JP2001313636A (en) * | 2000-04-28 | 2001-11-09 | Sony Corp | Authentication system, authenticating method and authenticating device and method |
GB2362070B (en) * | 2000-05-05 | 2004-06-16 | Nokia Mobile Phones Ltd | Communication devices and method of communication |
US20020026584A1 (en) * | 2000-06-05 | 2002-02-28 | Janez Skubic | Method for signing documents using a PC and a personal terminal device |
JP3437148B2 (en) * | 2000-06-13 | 2003-08-18 | 株式会社エイティング | Electronic payment method by mobile terminal |
DE10034993B4 (en) * | 2000-07-19 | 2005-05-19 | Sc Itec Gmbh | Universal security module |
US7552333B2 (en) | 2000-08-04 | 2009-06-23 | First Data Corporation | Trusted authentication digital signature (tads) system |
CA2417916A1 (en) * | 2000-08-04 | 2002-02-14 | Lynn Henry Wheeler | Method and apparatus for access authentication entity |
WO2002015138A1 (en) * | 2000-08-14 | 2002-02-21 | Adbeep, L.C.C. | Method and apparatus for displaying advertising indicia on a wireless device |
JP4187935B2 (en) * | 2000-08-23 | 2008-11-26 | 株式会社東芝 | RADIO COMMUNICATION SYSTEM, TRANSMITTING DEVICE, RECEIVING DEVICE, AND CONTENT DATA TRANSFER METHOD |
US7392388B2 (en) * | 2000-09-07 | 2008-06-24 | Swivel Secure Limited | Systems and methods for identity verification for secure transactions |
US7233920B1 (en) * | 2000-09-07 | 2007-06-19 | Paymentech, L.P. | System and apparatus for credit transaction data transmission |
US7596223B1 (en) * | 2000-09-12 | 2009-09-29 | Apple Inc. | User control of a secure wireless computer network |
US20020059100A1 (en) * | 2000-09-22 | 2002-05-16 | Jon Shore | Apparatus, systems and methods for customer specific receipt advertising |
US7774231B2 (en) * | 2000-09-29 | 2010-08-10 | Nokia Corporation | Electronic payment methods for a mobile device |
US6819219B1 (en) * | 2000-10-13 | 2004-11-16 | International Business Machines Corporation | Method for biometric-based authentication in wireless communication for access control |
JP2002157632A (en) * | 2000-11-22 | 2002-05-31 | Fujitsu Ltd | Network shopping method and system and automatic transfer machine |
US20020095580A1 (en) * | 2000-12-08 | 2002-07-18 | Brant Candelore | Secure transactions using cryptographic processes |
US7251633B2 (en) * | 2000-12-11 | 2007-07-31 | Sony Corporation | Method or system for executing deferred transactions |
US7765163B2 (en) * | 2000-12-12 | 2010-07-27 | Sony Corporation | System and method for conducting secure transactions over a network |
US20020078380A1 (en) * | 2000-12-20 | 2002-06-20 | Jyh-Han Lin | Method for permitting debugging and testing of software on a mobile communication device in a secure environment |
US9613483B2 (en) | 2000-12-27 | 2017-04-04 | Proxense, Llc | Personal digital key and receiver/decoder circuit system and method |
US7606771B2 (en) | 2001-01-11 | 2009-10-20 | Cardinalcommerce Corporation | Dynamic number authentication for credit/debit cards |
US20060269061A1 (en) * | 2001-01-11 | 2006-11-30 | Cardinalcommerce Corporation | Mobile device and method for dispensing authentication codes |
JP2002236667A (en) * | 2001-02-09 | 2002-08-23 | Sony Corp | Authentication method, authentication system, authentication device, and module for authentication |
US20020124190A1 (en) * | 2001-03-01 | 2002-09-05 | Brian Siegel | Method and system for restricted biometric access to content of packaged media |
US7292999B2 (en) * | 2001-03-15 | 2007-11-06 | American Express Travel Related Services Company, Inc. | Online card present transaction |
US20020138316A1 (en) * | 2001-03-23 | 2002-09-26 | Katz Steven Bruce | Value chain intelligence system and methods |
WO2002093365A1 (en) | 2001-05-11 | 2002-11-21 | Sospita As | Sequence numbering mechanism to ensure execution order integrity of inter-dependent smart card applications |
US7540015B2 (en) * | 2001-05-11 | 2009-05-26 | Privacy Shield Llc | System, method and apparatus for establishing privacy in internet transactions and communications |
US8701170B1 (en) * | 2001-05-11 | 2014-04-15 | Kount Inc. | System for secure enrollment and secure verification of network users by a centralized identification service |
US7870012B2 (en) * | 2001-05-15 | 2011-01-11 | Agile Software Corporation | Method for managing a workflow process that assists users in procurement, sourcing, and decision-support for strategic sourcing |
US8403228B2 (en) | 2001-05-15 | 2013-03-26 | Inadam Corporation | Computer readable universal authorization card system and method for using same |
US7299980B2 (en) * | 2001-05-15 | 2007-11-27 | Inadam Corporation | Computer readable universal authorization card system and method for using same |
US7810735B2 (en) | 2001-05-15 | 2010-10-12 | Inadam Corporation | Computer readable universal authorization card system and method for using same |
US7725427B2 (en) | 2001-05-25 | 2010-05-25 | Fred Bishop | Recurrent billing maintenance with radio frequency payment devices |
US20030078890A1 (en) * | 2001-07-06 | 2003-04-24 | Joachim Schmidt | Multimedia content download apparatus and method using same |
US8284025B2 (en) | 2001-07-10 | 2012-10-09 | Xatra Fund Mx, Llc | Method and system for auditory recognition biometrics on a FOB |
US7360689B2 (en) | 2001-07-10 | 2008-04-22 | American Express Travel Related Services Company, Inc. | Method and system for proffering multiple biometrics for use with a FOB |
US7249112B2 (en) | 2002-07-09 | 2007-07-24 | American Express Travel Related Services Company, Inc. | System and method for assigning a funding source for a radio frequency identification device |
US7996324B2 (en) | 2001-07-10 | 2011-08-09 | American Express Travel Related Services Company, Inc. | Systems and methods for managing multiple accounts on a RF transaction device using secondary identification indicia |
US9031880B2 (en) | 2001-07-10 | 2015-05-12 | Iii Holdings 1, Llc | Systems and methods for non-traditional payment using biometric data |
US7735725B1 (en) | 2001-07-10 | 2010-06-15 | Fred Bishop | Processing an RF transaction using a routing number |
US7303120B2 (en) | 2001-07-10 | 2007-12-04 | American Express Travel Related Services Company, Inc. | System for biometric security using a FOB |
US9454752B2 (en) | 2001-07-10 | 2016-09-27 | Chartoleaux Kg Limited Liability Company | Reload protocol at a transaction processing entity |
US8548927B2 (en) | 2001-07-10 | 2013-10-01 | Xatra Fund Mx, Llc | Biometric registration for facilitating an RF transaction |
US8001054B1 (en) | 2001-07-10 | 2011-08-16 | American Express Travel Related Services Company, Inc. | System and method for generating an unpredictable number using a seeded algorithm |
US8294552B2 (en) | 2001-07-10 | 2012-10-23 | Xatra Fund Mx, Llc | Facial scan biometrics on a payment device |
US9024719B1 (en) | 2001-07-10 | 2015-05-05 | Xatra Fund Mx, Llc | RF transaction system and method for storing user personal data |
US20040232221A1 (en) * | 2001-07-10 | 2004-11-25 | American Express Travel Related Services Company, Inc. | Method and system for voice recognition biometrics on a fob |
US7705732B2 (en) * | 2001-07-10 | 2010-04-27 | Fred Bishop | Authenticating an RF transaction using a transaction counter |
US20040236699A1 (en) | 2001-07-10 | 2004-11-25 | American Express Travel Related Services Company, Inc. | Method and system for hand geometry recognition biometrics on a fob |
US7668750B2 (en) | 2001-07-10 | 2010-02-23 | David S Bonalle | Securing RF transactions using a transactions counter |
US7216237B2 (en) * | 2001-07-16 | 2007-05-08 | Certicom Corp. | System and method for trusted communication |
JP4602606B2 (en) * | 2001-08-15 | 2010-12-22 | ソニー株式会社 | Authentication processing system, authentication processing method, authentication device, and computer program |
US6999589B2 (en) | 2001-08-29 | 2006-02-14 | International Business Machines Corporation | Method and system for automatic brokered transactions |
US7386726B2 (en) * | 2001-11-02 | 2008-06-10 | Telefonaktiebolaget L M Ericsson (Publ) | Personal certification authority device |
US20030086591A1 (en) * | 2001-11-07 | 2003-05-08 | Rudy Simon | Identity card and tracking system |
US9231827B2 (en) * | 2001-11-09 | 2016-01-05 | International Business Machines Corporation | Formalizing, diffusing and enforcing policy advisories and monitoring policy compliance in the management of networks |
AU2002343798A1 (en) | 2001-11-22 | 2003-06-17 | Hitachi, Ltd. | Information processing system using information on base sequence |
US20030101134A1 (en) * | 2001-11-28 | 2003-05-29 | Liu James C. | Method and system for trusted transaction approval |
US7243853B1 (en) | 2001-12-04 | 2007-07-17 | Visa U.S.A. Inc. | Method and system for facilitating memory and application management on a secured token |
FR2834156B1 (en) * | 2001-12-20 | 2004-03-05 | Gemplus Card Int | METHOD FOR ACCESSING A SERVICE BY RADIO FREQUENCY ASSOCIATED WITH A PORTABLE ELECTRONIC CHIP OBJECT |
DE10203705A1 (en) * | 2002-01-31 | 2003-08-14 | Giesecke & Devrient Gmbh | Electronic payment transfer process |
US7395503B1 (en) | 2002-02-06 | 2008-07-01 | Adobe Systems Incorporated | Dynamic preview of electronic signature appearance |
EP1488385A2 (en) * | 2002-03-19 | 2004-12-22 | Chameleon Network Inc. | Portable electronic authorization system and method |
EP2290730B1 (en) * | 2002-04-24 | 2013-08-21 | SK Planet Co., Ltd. | Battery pack for a mobile terminal |
US7200577B2 (en) * | 2002-05-01 | 2007-04-03 | America Online Incorporated | Method and apparatus for secure online transactions |
JP3677258B2 (en) * | 2002-07-15 | 2005-07-27 | 株式会社日立製作所 | Information processing system using base sequence related information |
US7580873B1 (en) * | 2002-07-23 | 2009-08-25 | At&T Intellectual Property I, L.P. | Electronic financial assistant |
US6805287B2 (en) | 2002-09-12 | 2004-10-19 | American Express Travel Related Services Company, Inc. | System and method for converting a stored value card to a credit card |
US20040059923A1 (en) * | 2002-09-25 | 2004-03-25 | Shamrao Andrew Divaker | Systems and methods for authentication |
US7729984B1 (en) | 2002-09-27 | 2010-06-01 | Abas Enterprises Llc | Effecting financial transactions |
US20040139021A1 (en) | 2002-10-07 | 2004-07-15 | Visa International Service Association | Method and system for facilitating data access and management on a secure token |
US7205883B2 (en) * | 2002-10-07 | 2007-04-17 | Safenet, Inc. | Tamper detection and secure power failure recovery circuit |
US20050240418A1 (en) * | 2002-10-11 | 2005-10-27 | Pierre Chappuis | Identification of a user of a mobile terminal and generation of an action authorisation |
US7039813B2 (en) * | 2002-10-29 | 2006-05-02 | Symbol Technologies, Inc. | System and method for biometric verification in a delivery process |
TW587226B (en) * | 2002-12-26 | 2004-05-11 | Min-Jie Su | Card verification and authorization system and method thereof |
EP1596528A1 (en) * | 2003-01-22 | 2005-11-16 | Semiconductores Investigacion Y Diseno S.A. -(SIDSA) | Encryption and copy-protection system based on personalised configurations |
US7424115B2 (en) * | 2003-01-30 | 2008-09-09 | Nokia Corporation | Generating asymmetric keys in a telecommunications system |
JP2004272561A (en) * | 2003-03-07 | 2004-09-30 | Bitwallet Inc | Portable terminal device, portable terminal method, portable terminal program, providing server device, providing server method, and providing server program |
US7386721B1 (en) * | 2003-03-12 | 2008-06-10 | Cisco Technology, Inc. | Method and apparatus for integrated provisioning of a network device with configuration information and identity certification |
DK200300384A (en) | 2003-03-13 | 2004-09-14 | Quard Technology I S | Self-Approving Biometric Device with Dynamic PIN Code Creation |
US7398272B2 (en) * | 2003-03-24 | 2008-07-08 | Bigfix, Inc. | Enterprise console |
US6883706B2 (en) * | 2003-05-05 | 2005-04-26 | International Business Machines Corporation | Point-of-sale bill authentication |
US8065235B2 (en) * | 2003-05-05 | 2011-11-22 | International Business Machines Corporation | Portable intelligent shopping device |
US7797192B2 (en) * | 2003-05-06 | 2010-09-14 | International Business Machines Corporation | Point-of-sale electronic receipt generation |
US20050027991A1 (en) * | 2003-06-23 | 2005-02-03 | Difonzo Joseph | System and method for digital rights management |
AU2003246995A1 (en) | 2003-07-22 | 2005-02-04 | Nokia Corporation | Reader device for radio frequency identification transponder with transponder functionality |
US20050039027A1 (en) * | 2003-07-25 | 2005-02-17 | Shapiro Michael F. | Universal, biometric, self-authenticating identity computer having multiple communication ports |
DE10336070A1 (en) * | 2003-08-06 | 2005-01-20 | Siemens Ag | Safety process transaction method e.g. for paying process over data network, involves entering payment amounts about buyer for equipment attached to data network with payment amount conveyed to server computer by salesman |
US7761374B2 (en) | 2003-08-18 | 2010-07-20 | Visa International Service Association | Method and system for generating a dynamic verification value |
US7740168B2 (en) | 2003-08-18 | 2010-06-22 | Visa U.S.A. Inc. | Method and system for generating a dynamic verification value |
US8489452B1 (en) | 2003-09-10 | 2013-07-16 | Target Brands, Inc. | Systems and methods for providing a user incentive program using smart card technology |
US20050075985A1 (en) * | 2003-10-03 | 2005-04-07 | Brian Cartmell | Voice authenticated credit card purchase verification |
TWI290439B (en) * | 2005-11-09 | 2007-11-21 | Min-Chieh Su | Mobile communication terminal verification authorization system and method thereof |
DE602004007830T2 (en) * | 2004-01-23 | 2008-04-17 | Nokia Corp. | METHOD, DEVICE AND SYSTEM FOR AUTOMATED, CONTEXT INFORMATION BASED SELF-DATA PROVISION BY IDENTIFICATION AGENT |
US9020854B2 (en) | 2004-03-08 | 2015-04-28 | Proxense, Llc | Linked account system using personal digital key (PDK-LAS) |
US20050203843A1 (en) * | 2004-03-12 | 2005-09-15 | Wood George L. | Internet debit system |
US8225014B2 (en) * | 2004-03-17 | 2012-07-17 | Nokia Corporation | Continuous data provision by radio frequency identification (RFID) transponders |
DE602004020684D1 (en) | 2004-03-19 | 2009-05-28 | Nokia Corp | ND METHOD FOR IMPROVING TERMINAL OPERATION |
NZ550746A (en) * | 2004-04-26 | 2007-11-30 | Trek 2000 Int Ltd | Portable data storage device with encryption system |
US20050269401A1 (en) * | 2004-06-03 | 2005-12-08 | Tyfone, Inc. | System and method for securing financial transactions |
WO2005119607A2 (en) * | 2004-06-03 | 2005-12-15 | Tyfone, Inc. | System and method for securing financial transactions |
US7314164B2 (en) | 2004-07-01 | 2008-01-01 | American Express Travel Related Services Company, Inc. | System for biometric security using a smartcard |
US7363504B2 (en) | 2004-07-01 | 2008-04-22 | American Express Travel Related Services Company, Inc. | Method and system for keystroke scan recognition biometrics on a smartcard |
US7314165B2 (en) | 2004-07-01 | 2008-01-01 | American Express Travel Related Services Company, Inc. | Method and system for smellprint recognition biometrics on a smartcard |
US20060000896A1 (en) * | 2004-07-01 | 2006-01-05 | American Express Travel Related Services Company, Inc. | Method and system for voice recognition biometrics on a smartcard |
US7341181B2 (en) * | 2004-07-01 | 2008-03-11 | American Express Travel Related Services Company, Inc. | Method for biometric security using a smartcard |
US7325724B2 (en) | 2004-07-01 | 2008-02-05 | American Express Travel Related Services Company, Inc. | Method for registering a biometric for use with a smartcard |
US7318550B2 (en) | 2004-07-01 | 2008-01-15 | American Express Travel Related Services Company, Inc. | Biometric safeguard method for use with a smartcard |
JP4898101B2 (en) * | 2004-07-02 | 2012-03-14 | 株式会社リコー | Printing apparatus, printing method, printing program, and recording medium |
US20100081375A1 (en) * | 2008-09-30 | 2010-04-01 | Apple Inc. | System and method for simplified control of electronic devices |
CN101375284B (en) | 2004-10-25 | 2012-02-22 | 安全第一公司 | Secure data parser method and system |
US8117452B2 (en) * | 2004-11-03 | 2012-02-14 | Cisco Technology, Inc. | System and method for establishing a secure association between a dedicated appliance and a computing platform |
WO2006053304A2 (en) * | 2004-11-12 | 2006-05-18 | Pufco, Inc. | Volatile device keys and applications thereof |
CA2591751A1 (en) | 2004-12-20 | 2006-06-29 | Proxense, Llc | Biometric personal data key (pdk) authentication |
US7124937B2 (en) | 2005-01-21 | 2006-10-24 | Visa U.S.A. Inc. | Wireless payment methods and systems |
US7890428B2 (en) * | 2005-02-04 | 2011-02-15 | Microsoft Corporation | Flexible licensing architecture for licensing digital application |
US7789294B2 (en) * | 2005-02-18 | 2010-09-07 | Ebet Systems Pty Ltd | System and method for monitoring a validator |
US7581678B2 (en) * | 2005-02-22 | 2009-09-01 | Tyfone, Inc. | Electronic transaction card |
EP1699252A1 (en) * | 2005-03-01 | 2006-09-06 | Sony Ericsson Mobile Communications AB | Method and system to pay for a content downloaded to a mobile terminal |
US7611060B2 (en) | 2005-03-11 | 2009-11-03 | Hand Held Products, Inc. | System and method to automatically focus an image reader |
US7780089B2 (en) | 2005-06-03 | 2010-08-24 | Hand Held Products, Inc. | Digital picture taking optical reader having hybrid monochrome and color image sensor array |
US7568628B2 (en) | 2005-03-11 | 2009-08-04 | Hand Held Products, Inc. | Bar code reading device with global electronic shutter control |
US7353034B2 (en) | 2005-04-04 | 2008-04-01 | X One, Inc. | Location sharing and tracking using mobile phones or other wireless devices |
US8024809B2 (en) | 2005-04-04 | 2011-09-20 | Research In Motion Limited | System and method for deleting confidential information |
DE602005010209D1 (en) * | 2005-04-04 | 2008-11-20 | Research In Motion Ltd | Device and method for deleting confidential data |
US20060226217A1 (en) * | 2005-04-07 | 2006-10-12 | Tyfone, Inc. | Sleeve for electronic transaction card |
US7670501B2 (en) * | 2005-05-27 | 2010-03-02 | Bayer Materialscience Llc | Carbon dioxide blown low density, flexible microcellular polyurethane elastomers |
US7770799B2 (en) | 2005-06-03 | 2010-08-10 | Hand Held Products, Inc. | Optical reader having reduced specular reflection read failures |
JP2007025992A (en) * | 2005-07-14 | 2007-02-01 | Nec Electronics Corp | Electronic service providing system, terminal, radio tag providing device, and server device |
US8477940B2 (en) * | 2005-07-15 | 2013-07-02 | Tyfone, Inc. | Symmetric cryptography with user authentication |
US7805615B2 (en) * | 2005-07-15 | 2010-09-28 | Tyfone, Inc. | Asymmetric cryptography with user authentication |
US8189788B2 (en) * | 2005-07-15 | 2012-05-29 | Tyfone, Inc. | Hybrid symmetric/asymmetric cryptography with user authentication |
WO2008054406A2 (en) | 2005-11-18 | 2008-05-08 | Orsini Rick L | Secure data parser method and system |
US11206664B2 (en) | 2006-01-06 | 2021-12-21 | Proxense, Llc | Wireless network synchronization of cells and client devices on a network |
US8219129B2 (en) | 2006-01-06 | 2012-07-10 | Proxense, Llc | Dynamic real-time tiered client access |
US7828204B2 (en) * | 2006-02-01 | 2010-11-09 | Mastercard International Incorporated | Techniques for authorization of usage of a payment device |
WO2007098156A2 (en) * | 2006-02-20 | 2007-08-30 | Wms Gaming Inc. | Wagering game machine wireless key |
US8200320B2 (en) * | 2006-03-03 | 2012-06-12 | PhysioWave, Inc. | Integrated physiologic monitoring systems and methods |
US20070208232A1 (en) * | 2006-03-03 | 2007-09-06 | Physiowave Inc. | Physiologic monitoring initialization systems and methods |
EP2540215B1 (en) * | 2006-03-03 | 2015-11-25 | Physiowave Inc. | Physiologic monitoring systems and methods |
TWM298197U (en) * | 2006-03-27 | 2006-09-21 | Shi-Ming Jeng | Electronic card with fingerprint recognition function |
US9065643B2 (en) | 2006-04-05 | 2015-06-23 | Visa U.S.A. Inc. | System and method for account identifier obfuscation |
US7818264B2 (en) | 2006-06-19 | 2010-10-19 | Visa U.S.A. Inc. | Track data encryption |
JP4929805B2 (en) * | 2006-04-11 | 2012-05-09 | 沖電気工業株式会社 | Automatic transaction equipment |
US7904718B2 (en) | 2006-05-05 | 2011-03-08 | Proxense, Llc | Personal digital key differentiation for secure transactions |
US20080126251A1 (en) * | 2006-09-21 | 2008-05-29 | Tomas Karl-Axel Wassingbo | System and method for utilizing a portable network device to initiate and authorize a payment transaction |
US7802719B2 (en) * | 2006-09-29 | 2010-09-28 | Sony Ericsson Mobile Communications Ab | System and method for presenting multiple transaction options in a portable device |
WO2008049186A1 (en) * | 2006-10-23 | 2008-05-02 | Behruz Nader Daroga | Digital transmission system (dts) for bank automated teller machines (atm) security |
US9269221B2 (en) | 2006-11-13 | 2016-02-23 | John J. Gobbi | Configuration of interfaces for a location detection system and application |
CA2670597A1 (en) * | 2006-12-05 | 2008-06-12 | Don Martin | Improved tape backup method using a secure data parser |
US7991158B2 (en) * | 2006-12-13 | 2011-08-02 | Tyfone, Inc. | Secure messaging |
US8027096B2 (en) | 2006-12-15 | 2011-09-27 | Hand Held Products, Inc. | Focus module and components with actuator polymer control |
US7813047B2 (en) | 2006-12-15 | 2010-10-12 | Hand Held Products, Inc. | Apparatus and method comprising deformable lens element |
US8161149B2 (en) | 2007-03-07 | 2012-04-17 | International Business Machines Corporation | Pseudo-agent |
US8495157B2 (en) * | 2007-03-07 | 2013-07-23 | International Business Machines Corporation | Method and apparatus for distributed policy-based management and computed relevance messaging with remote attributes |
AU2008256640A1 (en) * | 2007-05-25 | 2008-12-04 | Hypercom Corporation | Payment terminal with hybrid card reader |
US8060447B2 (en) * | 2007-08-08 | 2011-11-15 | Imation Corp. | Method of providing transactions employing advertising based verification |
US8924309B2 (en) * | 2007-08-08 | 2014-12-30 | Imation Corp. | Method of providing assured transactions by watermarked file display verification |
US20090052670A1 (en) * | 2007-08-21 | 2009-02-26 | Samsung Electronics Co., Ltd. | Method and apparatus for storing digital content in storage device |
CN102932136B (en) | 2007-09-14 | 2017-05-17 | 安全第一公司 | Systems and methods for managing cryptographic keys |
US20090103730A1 (en) * | 2007-10-19 | 2009-04-23 | Mastercard International Incorporated | Apparatus and method for using a device conforming to a payment standard for access control and/or secure data storage |
US8659427B2 (en) | 2007-11-09 | 2014-02-25 | Proxense, Llc | Proximity-sensor supporting multiple application services |
US8171528B1 (en) | 2007-12-06 | 2012-05-01 | Proxense, Llc | Hybrid device having a personal digital key and receiver-decoder circuit and methods of use |
US9741027B2 (en) * | 2007-12-14 | 2017-08-22 | Tyfone, Inc. | Memory card based contactless devices |
US9251332B2 (en) | 2007-12-19 | 2016-02-02 | Proxense, Llc | Security system and method for controlling access to computing resources |
CA2710868A1 (en) * | 2008-01-07 | 2009-07-16 | Security First Corp. | Systems and methods for securing data using multi-factor or keyed dispersal |
US9558485B2 (en) * | 2008-01-30 | 2017-01-31 | Paypal, Inc. | Two step near field communication transactions |
US9098851B2 (en) | 2008-02-14 | 2015-08-04 | Mastercard International Incorporated | Method and apparatus for simplifying the handling of complex payment transactions |
US8508336B2 (en) | 2008-02-14 | 2013-08-13 | Proxense, Llc | Proximity-based healthcare management system with automatic access to private information |
EP2416541A1 (en) | 2008-02-22 | 2012-02-08 | Security First Corporation | Systems and methods for secure workgroup management and communication |
US11120449B2 (en) | 2008-04-08 | 2021-09-14 | Proxense, Llc | Automated service-based order processing |
US20090307140A1 (en) | 2008-06-06 | 2009-12-10 | Upendra Mardikar | Mobile device over-the-air (ota) registration and point-of-sale (pos) payment |
US9626363B2 (en) | 2008-06-08 | 2017-04-18 | Apple Inc. | System and method for placeshifting media playback |
US8401681B2 (en) | 2008-06-08 | 2013-03-19 | Apple Inc. | System and method for placeshifting media playback |
US11258652B2 (en) | 2008-06-08 | 2022-02-22 | Apple Inc. | System and method for placeshifting media playback |
US7961101B2 (en) | 2008-08-08 | 2011-06-14 | Tyfone, Inc. | Small RFID card with integrated inductive element |
US8451122B2 (en) | 2008-08-08 | 2013-05-28 | Tyfone, Inc. | Smartcard performance enhancement circuits and systems |
US20100063893A1 (en) * | 2008-09-11 | 2010-03-11 | Palm, Inc. | Method of and system for secure on-line purchases |
US8341084B2 (en) | 2009-06-08 | 2012-12-25 | Mastercard International Incorporated | Method, apparatus, and computer program product for topping up prepaid payment cards for offline use |
US20100082485A1 (en) * | 2008-09-30 | 2010-04-01 | Apple Inc. | Portable point of purchase devices and methods |
US9037513B2 (en) * | 2008-09-30 | 2015-05-19 | Apple Inc. | System and method for providing electronic event tickets |
US8850052B2 (en) * | 2008-09-30 | 2014-09-30 | Apple Inc. | System and method for simplified resource sharing |
US20100082490A1 (en) * | 2008-09-30 | 2010-04-01 | Apple Inc. | Systems and methods for secure wireless transactions |
US8060627B2 (en) * | 2008-09-30 | 2011-11-15 | Apple Inc. | Device-to-device workflows |
US10380573B2 (en) * | 2008-09-30 | 2019-08-13 | Apple Inc. | Peer-to-peer financial transaction devices and methods |
US8131645B2 (en) * | 2008-09-30 | 2012-03-06 | Apple Inc. | System and method for processing media gifts |
US9026462B2 (en) * | 2008-09-30 | 2015-05-05 | Apple Inc. | Portable point of purchase user interfaces |
US8215546B2 (en) * | 2008-09-30 | 2012-07-10 | Apple Inc. | System and method for transportation check-in |
US20100078471A1 (en) * | 2008-09-30 | 2010-04-01 | Apple Inc. | System and method for processing peer-to-peer financial transactions |
US9070149B2 (en) * | 2008-09-30 | 2015-06-30 | Apple Inc. | Media gifting devices and methods |
US8239276B2 (en) * | 2008-09-30 | 2012-08-07 | Apple Inc. | On-the-go shopping list |
US20100078472A1 (en) * | 2008-09-30 | 2010-04-01 | Apple Inc. | Group peer-to-peer financial transactions |
US20100082455A1 (en) * | 2008-09-30 | 2010-04-01 | Apple Inc. | Real-time bargain hunting |
US20100125492A1 (en) * | 2008-11-14 | 2010-05-20 | Apple Inc. | System and method for providing contextual advertisements according to dynamic pricing scheme |
CN101770668B (en) * | 2008-12-31 | 2012-05-30 | 技嘉科技股份有限公司 | Mobile phone capable of transacting with electronic transaction device |
US10853816B1 (en) * | 2009-02-02 | 2020-12-01 | United Services Automobile Association (Usaa) | Systems and methods for authentication of an individual on a communications device |
US8231061B2 (en) * | 2009-02-24 | 2012-07-31 | Tyfone, Inc | Contactless device with miniaturized antenna |
US8305691B2 (en) * | 2009-04-29 | 2012-11-06 | Hand Held Products, Inc. | Fluid lens element for use in changing thermal operating environment |
AU2010249631B2 (en) | 2009-05-19 | 2016-02-18 | Security First Corp. | Systems and methods for securing data in the cloud |
EP2280580A1 (en) * | 2009-07-07 | 2011-02-02 | Nokia Corporation | Data transfer with wirelessly powered communication devices |
US8966110B2 (en) | 2009-09-14 | 2015-02-24 | International Business Machines Corporation | Dynamic bandwidth throttling |
US20110076941A1 (en) * | 2009-09-30 | 2011-03-31 | Ebay Inc. | Near field communication and network data/product transfer |
US8781393B2 (en) * | 2009-09-30 | 2014-07-15 | Ebay Inc. | Network updates of time and location |
WO2011058563A1 (en) | 2009-11-16 | 2011-05-19 | Nsof Connect Ltd | Integrated network based e-commerce and analysis systems and methods |
WO2011068738A2 (en) | 2009-11-25 | 2011-06-09 | Orsini Rick L | Systems and methods for securing data in motion |
US9418205B2 (en) | 2010-03-15 | 2016-08-16 | Proxense, Llc | Proximity-based system for automatic application or data access and item tracking |
AU2011235075B2 (en) | 2010-03-31 | 2015-10-01 | Security First Corp. | Systems and methods for securing data in motion |
US10460316B2 (en) | 2010-04-05 | 2019-10-29 | Paypal, Inc. | Two device authentication |
US8600167B2 (en) | 2010-05-21 | 2013-12-03 | Hand Held Products, Inc. | System for capturing a document in an image signal |
US9047531B2 (en) | 2010-05-21 | 2015-06-02 | Hand Held Products, Inc. | Interactive user interface for capturing a document in an image signal |
US8366002B2 (en) | 2010-05-26 | 2013-02-05 | Hand Held Products, Inc. | Solid elastic lens element and method of making same |
US8601498B2 (en) | 2010-05-28 | 2013-12-03 | Security First Corp. | Accelerator system for use with secure data storage |
US9322974B1 (en) | 2010-07-15 | 2016-04-26 | Proxense, Llc. | Proximity-based system for object tracking |
EP2617165B1 (en) | 2010-09-17 | 2018-06-13 | Oracle International Corporation | System and method for providing ethernet over infiniband virtual hub scalability in a middleware machine environment |
US10692081B2 (en) | 2010-12-31 | 2020-06-23 | Mastercard International Incorporated | Local management of payment transactions |
US20120210438A1 (en) * | 2011-02-15 | 2012-08-16 | Guobiao Zhang | Secure Three-Dimensional Mask-Programmed Read-Only Memory |
US8857716B1 (en) | 2011-02-21 | 2014-10-14 | Proxense, Llc | Implementation of a proximity-based system for object tracking and automatic application initialization |
US9900293B2 (en) | 2011-06-03 | 2018-02-20 | Oracle International Corporation | System and method for supporting automatic disabling of degraded links in an infiniband (IB) network |
US9935848B2 (en) | 2011-06-03 | 2018-04-03 | Oracle International Corporation | System and method for supporting subnet manager (SM) level robust handling of unkown management key in an infiniband (IB) network |
US8862767B2 (en) | 2011-09-02 | 2014-10-14 | Ebay Inc. | Secure elements broker (SEB) for application communication channel selector optimization |
US8271394B1 (en) | 2011-10-27 | 2012-09-18 | Bogaard Erik T | Confirming local marketplace transaction consummation for online payment consummation |
US10339525B2 (en) | 2011-10-27 | 2019-07-02 | Boom! Payments, Inc. | Confirming local marketplace transaction consummation for online payment consummation |
US8629926B2 (en) | 2011-11-04 | 2014-01-14 | Honeywell International, Inc. | Imaging apparatus comprising image sensor array having shared global shutter circuitry |
US8978983B2 (en) | 2012-06-01 | 2015-03-17 | Honeywell International, Inc. | Indicia reading apparatus having sequential row exposure termination times |
US9251392B2 (en) | 2012-06-01 | 2016-02-02 | Honeywell International, Inc. | Indicia reading apparatus |
US9397982B2 (en) | 2012-06-28 | 2016-07-19 | Ologn Technologies Ag | Secure key storage systems, methods and apparatuses |
EP2709006A1 (en) * | 2012-09-14 | 2014-03-19 | Alcatel Lucent | Peripheral interface for residential IaaS |
CN103218714A (en) * | 2013-03-13 | 2013-07-24 | 北京宏基恒信科技有限责任公司 | Protection method, system, protection device and auxiliary server of electronic cash transaction |
US9405898B2 (en) | 2013-05-10 | 2016-08-02 | Proxense, Llc | Secure element as a digital pocket |
KR102405189B1 (en) | 2013-10-30 | 2022-06-07 | 애플 인크. | Displaying relevant user interface objects |
US11074580B2 (en) * | 2013-12-18 | 2021-07-27 | PayRange Inc. | Device and method for providing external access to multi-drop bus peripheral devices |
US9324067B2 (en) | 2014-05-29 | 2016-04-26 | Apple Inc. | User interface for payments |
US9949662B2 (en) | 2014-06-12 | 2018-04-24 | PhysioWave, Inc. | Device and method having automatic user recognition and obtaining impedance-measurement signals |
US9568354B2 (en) | 2014-06-12 | 2017-02-14 | PhysioWave, Inc. | Multifunction scale with large-area display |
US10130273B2 (en) | 2014-06-12 | 2018-11-20 | PhysioWave, Inc. | Device and method having automatic user-responsive and user-specific physiological-meter platform |
US9546898B2 (en) | 2014-06-12 | 2017-01-17 | PhysioWave, Inc. | Fitness testing scale |
US9943241B2 (en) | 2014-06-12 | 2018-04-17 | PhysioWave, Inc. | Impedance measurement devices, systems, and methods |
US9794392B2 (en) | 2014-07-10 | 2017-10-17 | Hand Held Products, Inc. | Mobile-phone adapter for electronic transactions |
US9693696B2 (en) | 2014-08-07 | 2017-07-04 | PhysioWave, Inc. | System with user-physiological data updates |
US9498137B2 (en) | 2014-08-07 | 2016-11-22 | PhysioWave, Inc. | Multi-function fitness scale with display |
WO2016036552A1 (en) | 2014-09-02 | 2016-03-10 | Apple Inc. | User interactions for a mapping application |
US10037528B2 (en) | 2015-01-14 | 2018-07-31 | Tactilis Sdn Bhd | Biometric device utilizing finger sequence for authentication |
US10395227B2 (en) | 2015-01-14 | 2019-08-27 | Tactilis Pte. Limited | System and method for reconciling electronic transaction records for enhanced security |
US9607189B2 (en) | 2015-01-14 | 2017-03-28 | Tactilis Sdn Bhd | Smart card system comprising a card and a carrier |
US20160224973A1 (en) | 2015-02-01 | 2016-08-04 | Apple Inc. | User interface for payments |
US9574896B2 (en) | 2015-02-13 | 2017-02-21 | Apple Inc. | Navigation user interface |
US10042589B2 (en) | 2015-03-11 | 2018-08-07 | Secure Cloud Systems, Inc. | Encrypted data storage and retrieval system |
US9940637B2 (en) | 2015-06-05 | 2018-04-10 | Apple Inc. | User interface for loyalty accounts and private label accounts |
US20160358133A1 (en) | 2015-06-05 | 2016-12-08 | Apple Inc. | User interface for loyalty accounts and private label accounts for a wearable device |
US10945671B2 (en) | 2015-06-23 | 2021-03-16 | PhysioWave, Inc. | Determining physiological parameters using movement detection |
US9342774B1 (en) * | 2015-07-08 | 2016-05-17 | Wu-Hsu Lin | Smart card with a fingerprint identifying module |
US10553306B2 (en) | 2015-11-20 | 2020-02-04 | PhysioWave, Inc. | Scaled-based methods and apparatuses for automatically updating patient profiles |
US10980483B2 (en) | 2015-11-20 | 2021-04-20 | PhysioWave, Inc. | Remote physiologic parameter determination methods and platform apparatuses |
US10436630B2 (en) | 2015-11-20 | 2019-10-08 | PhysioWave, Inc. | Scale-based user-physiological data hierarchy service apparatuses and methods |
US10923217B2 (en) | 2015-11-20 | 2021-02-16 | PhysioWave, Inc. | Condition or treatment assessment methods and platform apparatuses |
US11561126B2 (en) | 2015-11-20 | 2023-01-24 | PhysioWave, Inc. | Scale-based user-physiological heuristic systems |
US10395055B2 (en) | 2015-11-20 | 2019-08-27 | PhysioWave, Inc. | Scale-based data access control methods and apparatuses |
US10390772B1 (en) | 2016-05-04 | 2019-08-27 | PhysioWave, Inc. | Scale-based on-demand care system |
DK179186B1 (en) | 2016-05-19 | 2018-01-15 | Apple Inc | REMOTE AUTHORIZATION TO CONTINUE WITH AN ACTION |
US10621581B2 (en) | 2016-06-11 | 2020-04-14 | Apple Inc. | User interface for transactions |
US11580608B2 (en) | 2016-06-12 | 2023-02-14 | Apple Inc. | Managing contact information for communication applications |
DK201670622A1 (en) | 2016-06-12 | 2018-02-12 | Apple Inc | User interfaces for transactions |
AU2017296055A1 (en) | 2016-07-15 | 2019-02-07 | Cardinalcommerce Corporation | Authentication to authorization bridge using enriched messages |
US9842330B1 (en) | 2016-09-06 | 2017-12-12 | Apple Inc. | User interfaces for stored-value accounts |
US10215619B1 (en) | 2016-09-06 | 2019-02-26 | PhysioWave, Inc. | Scale-based time synchrony |
US10860199B2 (en) | 2016-09-23 | 2020-12-08 | Apple Inc. | Dynamically adjusting touch hysteresis based on contextual data |
US11294641B2 (en) * | 2017-05-30 | 2022-04-05 | Dimitris Lyras | Microprocessor including a model of an enterprise |
US20190050590A1 (en) * | 2017-08-14 | 2019-02-14 | Bank Of America Corporation | Ensuring Information Security by Utilizing Encryption of Data |
KR102185854B1 (en) | 2017-09-09 | 2020-12-02 | 애플 인크. | Implementation of biometric authentication |
EP4155988A1 (en) | 2017-09-09 | 2023-03-29 | Apple Inc. | Implementation of biometric authentication for performing a respective function |
WO2019099690A1 (en) * | 2017-11-15 | 2019-05-23 | Ipsidy Inc. | Systems and methods using a primary account number to represent identity attributes |
US11329963B2 (en) | 2018-02-22 | 2022-05-10 | Eclypses, Inc. | System and method for securely transferring data |
US11012722B2 (en) | 2018-02-22 | 2021-05-18 | Secure Cloud Systems, Inc. | System and method for securely transferring data |
DK201870380A1 (en) | 2018-05-07 | 2020-01-29 | Apple Inc. | Displaying user interfaces associated with physical activities |
KR20240024294A (en) | 2018-06-03 | 2024-02-23 | 애플 인크. | User interfaces for transfer accounts |
US11100498B2 (en) | 2018-06-03 | 2021-08-24 | Apple Inc. | User interfaces for transfer accounts |
US11328352B2 (en) | 2019-03-24 | 2022-05-10 | Apple Inc. | User interfaces for managing an account |
DK201970530A1 (en) | 2019-05-06 | 2021-01-28 | Apple Inc | Avatar integration with multiple applications |
US11481094B2 (en) | 2019-06-01 | 2022-10-25 | Apple Inc. | User interfaces for location-related communications |
US11477609B2 (en) | 2019-06-01 | 2022-10-18 | Apple Inc. | User interfaces for location-related communications |
CN114365073A (en) | 2019-09-29 | 2022-04-15 | 苹果公司 | Account management user interface |
US11169830B2 (en) | 2019-09-29 | 2021-11-09 | Apple Inc. | Account management user interfaces |
US11405203B2 (en) | 2020-02-17 | 2022-08-02 | Eclypses, Inc. | System and method for securely transferring data using generated encryption keys |
US11354640B2 (en) * | 2020-07-06 | 2022-06-07 | Bank Of America Corporation | Dynamically authorizing and processing contactless events |
US11720693B2 (en) | 2021-03-05 | 2023-08-08 | Eclypses, Inc. | System and method for securely transferring data |
US11522707B2 (en) | 2021-03-05 | 2022-12-06 | Eclypses, Inc. | System and method for detecting compromised devices |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5373561A (en) * | 1992-12-21 | 1994-12-13 | Bell Communications Research, Inc. | Method of extending the validity of a cryptographic certificate |
US5416842A (en) * | 1994-06-10 | 1995-05-16 | Sun Microsystems, Inc. | Method and apparatus for key-management scheme for use with internet protocols at site firewalls |
US5440633A (en) * | 1993-08-25 | 1995-08-08 | International Business Machines Corporation | Communication network access method and system |
US5455863A (en) * | 1993-06-29 | 1995-10-03 | Motorola, Inc. | Method and apparatus for efficient real-time authentication and encryption in a communication system |
US5548106A (en) * | 1994-08-30 | 1996-08-20 | Angstrom Technologies, Inc. | Methods and apparatus for authenticating data storage articles |
US5623637A (en) * | 1993-12-06 | 1997-04-22 | Telequip Corporation | Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys |
US5724423A (en) * | 1995-09-18 | 1998-03-03 | Telefonaktiebolaget Lm Ericsson | Method and apparatus for user authentication |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
UA41387C2 (en) * | 1994-01-13 | 2001-09-17 | Сертко, Інк | Method for setting of true communication being checked, method for protected communication, method for renewal of micro-software, method for execution of enciphered communication and method for giving to device checked on identity of right on electron transaction |
US5539828A (en) * | 1994-05-31 | 1996-07-23 | Intel Corporation | Apparatus and method for providing secured communications |
US5586304A (en) * | 1994-09-08 | 1996-12-17 | Compaq Computer Corporation | Automatic computer upgrading |
US6246767B1 (en) * | 1995-04-03 | 2001-06-12 | Scientific-Atlanta, Inc. | Source authentication of download information in a conditional access system |
US5721832A (en) * | 1995-05-12 | 1998-02-24 | Regal Greetings & Gifts Inc. | Method and apparatus for an interactive computerized catalog system |
US5978843A (en) * | 1995-12-06 | 1999-11-02 | Industrial Technology Research Institute | Scalable architecture for media-on-demand servers |
FR2745966B1 (en) | 1996-03-08 | 1998-06-05 | Jean Luc Leleu | Toll gateway for a data transmission network |
US5970122A (en) * | 1996-07-24 | 1999-10-19 | Lucent Technologies Inc. | Two-way wireless messaging system having user agent |
US5848155A (en) * | 1996-09-04 | 1998-12-08 | Nec Research Institute, Inc. | Spread spectrum watermark for embedded signalling |
US5978840A (en) * | 1996-09-26 | 1999-11-02 | Verifone, Inc. | System, method and article of manufacture for a payment gateway system architecture for processing encrypted payment transactions utilizing a multichannel, extensible, flexible architecture |
US5844986A (en) * | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US5917913A (en) | 1996-12-04 | 1999-06-29 | Wang; Ynjiun Paul | Portable electronic authorization devices and methods therefor |
-
1996
- 1996-12-04 US US08/759,555 patent/US5917913A/en not_active Expired - Fee Related
-
1997
- 1997-12-04 AU AU53831/98A patent/AU5383198A/en not_active Abandoned
- 1997-12-04 WO PCT/US1997/023125 patent/WO1998025371A1/en active Application Filing
-
1998
- 1998-04-27 US US09/067,176 patent/US6282656B1/en not_active Expired - Lifetime
- 1998-12-29 US US09/222,368 patent/US6594759B1/en not_active Expired - Lifetime
-
2000
- 2000-09-05 TW TW089118122A patent/TW565786B/en not_active IP Right Cessation
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5373561A (en) * | 1992-12-21 | 1994-12-13 | Bell Communications Research, Inc. | Method of extending the validity of a cryptographic certificate |
US5455863A (en) * | 1993-06-29 | 1995-10-03 | Motorola, Inc. | Method and apparatus for efficient real-time authentication and encryption in a communication system |
US5440633A (en) * | 1993-08-25 | 1995-08-08 | International Business Machines Corporation | Communication network access method and system |
US5524052A (en) * | 1993-08-25 | 1996-06-04 | International Business Machines Corp. | Communication network access method and system |
US5623637A (en) * | 1993-12-06 | 1997-04-22 | Telequip Corporation | Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys |
US5416842A (en) * | 1994-06-10 | 1995-05-16 | Sun Microsystems, Inc. | Method and apparatus for key-management scheme for use with internet protocols at site firewalls |
US5548106A (en) * | 1994-08-30 | 1996-08-20 | Angstrom Technologies, Inc. | Methods and apparatus for authenticating data storage articles |
US5724423A (en) * | 1995-09-18 | 1998-03-03 | Telefonaktiebolaget Lm Ericsson | Method and apparatus for user authentication |
Non-Patent Citations (1)
Title |
---|
IEEE SPECTRUM, February 1997, FANCHER, "In Your Pocket Smartcards", pp. 47-53. * |
Cited By (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8924293B1 (en) | 1998-01-30 | 2014-12-30 | Citicorp Development Center, Inc. | Method and system of contactless interfacing for smart card banking |
EP0933733A3 (en) * | 1998-01-30 | 2003-10-29 | Citicorp Development Center, Inc. | Method and system of contactless interfacing for smart card banking |
EP0933733A2 (en) * | 1998-01-30 | 1999-08-04 | Citicorp Development Center, Inc. | Method and system of contactless interfacing for smart card banking |
US10078834B2 (en) | 1998-01-30 | 2018-09-18 | Citicorp Credit Services, Inc. (Usa) | Method and system of contactless interfacing for smart card banking |
US8346663B2 (en) | 1998-01-30 | 2013-01-01 | Citicorp Development Center, Inc. | Method and system of contactless interfacing for smart card banking |
US6850916B1 (en) * | 1998-04-27 | 2005-02-01 | Esignx Corporation | Portable electronic charge and authorization devices and methods therefor |
EP0980053A3 (en) * | 1998-08-11 | 2003-09-17 | Citibank, N.A. | Advanced plastic card for financial and informational transactions |
JP2010170561A (en) * | 1999-03-02 | 2010-08-05 | Esign Inc | Portable electronic charge and authorization device and method therefor |
JP2003517658A (en) * | 1999-03-02 | 2003-05-27 | エサイン インコーポレーテッド | Portable electronic billing / authentication device and method |
WO2001011575A1 (en) * | 1999-08-09 | 2001-02-15 | Wow Company S.A. | Portable certification device with acoustic coupling |
EP1272933A4 (en) * | 2000-03-13 | 2009-11-04 | Esign Inc | Electronic transaction systems and methods therefor |
EP1272933A1 (en) * | 2000-03-13 | 2003-01-08 | Esign, Inc. | Electronic transaction systems and methods therefor |
WO2002048978A3 (en) * | 2000-12-12 | 2002-09-19 | Giesecke & Devrient Gmbh | Method and device for transferring electronic value units |
WO2002048978A2 (en) * | 2000-12-12 | 2002-06-20 | Giesecke & Devrient Gmbh | Method and device for transferring electronic value units |
GB2371397B (en) * | 2001-01-20 | 2004-09-01 | Ncr Int Inc | Self service terminal |
GB2371397A (en) * | 2001-01-20 | 2002-07-24 | Ncr Int Inc | Self-service terminal with mobile detection features |
US7716134B2 (en) | 2001-01-20 | 2010-05-11 | Ncr Corporation | Self service terminal |
WO2002067211A1 (en) * | 2001-02-23 | 2002-08-29 | Infineon Technologies Ag | Method for securely handling a data communication concerning a financial transaction |
WO2003081377A3 (en) * | 2001-12-21 | 2004-03-04 | Esignx Corp | Methods of exchanging secure messages |
WO2003081377A2 (en) * | 2001-12-21 | 2003-10-02 | Esignx Corporation | Methods of exchanging secure messages |
US7353382B2 (en) | 2002-08-08 | 2008-04-01 | Fujitsu Limited | Security framework and protocol for universal pervasive transactions |
WO2006029596A1 (en) * | 2004-09-14 | 2006-03-23 | Wincor Nixdorf International Gmbh | Device for entering and transmitting encrypted signals |
EP1758053A1 (en) * | 2005-08-01 | 2007-02-28 | Fujitsu Limited | Wireless computer wallet for physical point of sale (POS) transactions |
EP1923844A1 (en) | 2006-11-18 | 2008-05-21 | Fiducia IT AG | Method for interaction of a bank customer with a cash machine, corresponding mobile in/output device and system for performing such interaction |
EP2213044B1 (en) * | 2007-10-19 | 2020-05-06 | DataLocker Inc. | Method of providing assured transactions using secure transaction appliance and watermark verification |
ITBZ20100042A1 (en) * | 2010-11-30 | 2012-05-31 | Enzo Ferrarin | ELECTROMECHANICAL ENCODER TO SET SECRET CODES AND / OR A PIN FOR CREDIT CARDS AND / OR CARDS AND SUPPORTS FOR THE ACTIVATION OF ANY SYSTEM. |
US9246903B2 (en) | 2011-10-31 | 2016-01-26 | Money And Data Protection Lizenz Gmbh & Co. Kg | Authentication method |
CN103988218A (en) * | 2011-10-31 | 2014-08-13 | 金钱及数字保护许可两合有限公司 | Authentication method |
US9294921B2 (en) | 2011-10-31 | 2016-03-22 | Money And Data Protection Lizenz Gmbh & Co. Kg | Device for mobile communication |
WO2013064504A1 (en) | 2011-10-31 | 2013-05-10 | Money And Data Protection Lizenz Gmbh & Co. Kg | Device for mobile communication |
WO2013064493A1 (en) * | 2011-10-31 | 2013-05-10 | Money And Data Protection Lizenz Gmbh & Co. Kg | Authentication method |
EP4333554A3 (en) * | 2011-10-31 | 2024-03-13 | CosmoKey Solutions GmbH & Co. KG | Authentication method |
US10147089B2 (en) | 2012-01-05 | 2018-12-04 | Visa International Service Association | Data protection with translation |
US11276058B2 (en) | 2012-01-05 | 2022-03-15 | Visa International Service Association | Data protection with translation |
Also Published As
Publication number | Publication date |
---|---|
TW565786B (en) | 2003-12-11 |
US6282656B1 (en) | 2001-08-28 |
US6594759B1 (en) | 2003-07-15 |
AU5383198A (en) | 1998-06-29 |
US5917913A (en) | 1999-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5917913A (en) | Portable electronic authorization devices and methods therefor | |
US6850916B1 (en) | Portable electronic charge and authorization devices and methods therefor | |
US7089214B2 (en) | Method for utilizing a portable electronic authorization device to approve transactions between a user and an electronic transaction system | |
US6175922B1 (en) | Electronic transaction systems and methods therefor | |
US7107246B2 (en) | Methods of exchanging secure messages | |
US8016189B2 (en) | Electronic transaction systems and methods therefor | |
US7870998B2 (en) | Private information exchange in smart card commerce | |
US20060136332A1 (en) | System and method for electronic check verification over a network | |
US20050044377A1 (en) | Method of authenticating user access to network stations | |
US8620824B2 (en) | Pin protection for portable payment devices | |
US20030070078A1 (en) | Method and apparatus for adding security to online transactions using ordinary credit cards | |
CN1360265B (en) | Portable electronic license device | |
JP2003006547A (en) | Individual authentication system on the internet utilizing ic card | |
Rohland | Token-based information security for commercial and federal information networks | |
Krellenstein | The commercial view: shipping the digital library V1. 0 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW AM AZ BY KG KZ MD RU TJ TM |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH KE LS MW SD SZ UG ZW AT BE CH DE DK ES FI FR GB GR IE IT LU MC |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase |