WO2001099070A3 - An improved method and system for conducting secure payments over a computer network - Google Patents

An improved method and system for conducting secure payments over a computer network Download PDF

Info

Publication number
WO2001099070A3
WO2001099070A3 PCT/US2001/019753 US0119753W WO0199070A3 WO 2001099070 A3 WO2001099070 A3 WO 2001099070A3 US 0119753 W US0119753 W US 0119753W WO 0199070 A3 WO0199070 A3 WO 0199070A3
Authority
WO
WIPO (PCT)
Prior art keywords
pseudo
key
account number
expiration date
authentication code
Prior art date
Application number
PCT/US2001/019753
Other languages
French (fr)
Other versions
WO2001099070A2 (en
Inventor
Edward J Hogan
Carl M Campbell
Original Assignee
Mastercard International Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/809,367 external-priority patent/US9672515B2/en
Priority claimed from US09/833,049 external-priority patent/US7379919B2/en
Application filed by Mastercard International Inc filed Critical Mastercard International Inc
Priority to EP01948538A priority Critical patent/EP1320839A2/en
Priority to JP2002503837A priority patent/JP5093957B2/en
Priority to CA002382696A priority patent/CA2382696A1/en
Priority to AU70011/01A priority patent/AU781671B2/en
Publication of WO2001099070A2 publication Critical patent/WO2001099070A2/en
Publication of WO2001099070A3 publication Critical patent/WO2001099070A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/14Payment architectures specially adapted for billing systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/122Online card verification

Abstract

A secure method of conducting an electronic transaction over a public communications network is provided which utilizes a pseudo-expiration date in the expiration date field of an authorization request. One of the preferred methods comprises: generating a per-card key associated with an account number; generating a message authentication code using the per-card key; converting the message authentication code into a pseudo expiration date; generating an authorization request for the transaction, the request having an expiration date field containing the pseudo expiration date; and verifying the message authentication code based on the pseudo expiration date. Another embodiment of the invention includes a method of conducting an electronic transaction over a public communications network, with a payment account number having an associated pseudo account number, comprising: a) providing the pseudo account number with a control field indicating one of a plurality of key-generation processes to be used to generate an authentication key; b) generating an authentication key associated with the pseudo account number using one of the plurality of key-generation processes indicated in the control field of the pseudo account number; c) using the authentication key to generate a message authentication code specific to the transaction; d) generating an authorization request message including the message authentication code and the pseudo account number; and e) verifying the message authentication code using the indicated key-generation process and the authentication key.
PCT/US2001/019753 2000-06-21 2001-06-21 An improved method and system for conducting secure payments over a computer network WO2001099070A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP01948538A EP1320839A2 (en) 2000-06-21 2001-06-21 An improved method and system for conducting secure payments over a computer network
JP2002503837A JP5093957B2 (en) 2000-06-21 2001-06-21 Improved method and system for making secure payments over a computer network
CA002382696A CA2382696A1 (en) 2000-06-21 2001-06-21 An improved method and system for conducting secure payments over a computer network
AU70011/01A AU781671B2 (en) 2000-06-21 2001-06-21 An improved method and system for conducting secure payments over a computer network

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US21306300P 2000-06-21 2000-06-21
US60/213,063 2000-06-21
US22622700P 2000-08-18 2000-08-18
US60/226,227 2000-08-18
US09/809,367 US9672515B2 (en) 2000-03-15 2001-03-15 Method and system for secure payments over a computer network
US09/809,367 2001-03-15
US09/833,049 US7379919B2 (en) 2000-04-11 2001-04-11 Method and system for conducting secure payments over a computer network
US09/833,049 2001-04-11

Publications (2)

Publication Number Publication Date
WO2001099070A2 WO2001099070A2 (en) 2001-12-27
WO2001099070A3 true WO2001099070A3 (en) 2003-01-16

Family

ID=27498921

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/019753 WO2001099070A2 (en) 2000-06-21 2001-06-21 An improved method and system for conducting secure payments over a computer network

Country Status (5)

Country Link
EP (1) EP1320839A2 (en)
JP (1) JP5093957B2 (en)
AU (1) AU781671B2 (en)
CA (1) CA2382696A1 (en)
WO (1) WO2001099070A2 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
PT1503308E (en) * 2002-01-31 2010-02-19 Servicios Para Medios De Pago Reversible method of generating mutated payment cards using a mathematical algorithm
EP1783708A1 (en) * 2005-10-06 2007-05-09 First Data Corporation Transaction method and system
WO2008034083A2 (en) * 2006-09-15 2008-03-20 Visa International Service Association Method and system for cross-issuer registration of transaction cards
FR2914763B1 (en) * 2007-04-06 2013-02-15 Grp Des Cartes Bancaires DYNAMIC CRYPTOGRAM
EP2026267A1 (en) * 2007-07-31 2009-02-18 Nederlandse Organisatie voor toegepast- natuurwetenschappelijk onderzoek TNO Issuing electronic vouchers
US8181861B2 (en) 2008-10-13 2012-05-22 Miri Systems, Llc Electronic transaction security system and method
EP2401711A4 (en) * 2009-02-25 2016-12-28 Miri Systems Llc Payment system and method
EP2486693B1 (en) 2009-10-05 2023-05-31 Miri Systems, LLC Electronic transaction security system and method
US8762284B2 (en) * 2010-12-16 2014-06-24 Democracyontheweb, Llc Systems and methods for facilitating secure transactions
GB2566402A (en) * 2016-07-01 2019-03-13 American Express Travel Related Services Co Inc Systems and methods for validating transmissions over communication channels
KR102184807B1 (en) * 2018-05-23 2020-11-30 신한카드 주식회사 Payment apparatus and method of processing user identification based on automatic response service
US20190385160A1 (en) * 2018-06-19 2019-12-19 Mastercard International Incorporated System and process for on-the-fly cardholder verification method selection
EP3767569A1 (en) * 2019-07-18 2021-01-20 Mastercard International Incorporated An electronic transaction method and device using a flexible transaction identifier

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
US5956699A (en) * 1996-10-03 1999-09-21 Jaesent Inc. System for secured credit card transactions on the internet
EP1028401A2 (en) * 1999-02-12 2000-08-16 Citibank, N.A. Method and system for performing a bankcard transaction

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2708083B2 (en) * 1991-12-27 1998-02-04 国際電信電話株式会社 Credit card billing simple dial operation service device
WO1995016971A1 (en) * 1993-12-16 1995-06-22 Open Market, Inc. Digital active advertising
JPH07231367A (en) * 1994-02-17 1995-08-29 Fujitsu Ltd Personal communication charging service device by credit card
US5826245A (en) * 1995-03-20 1998-10-20 Sandberg-Diment; Erik Providing verification information for a transaction
NL1001863C2 (en) * 1995-12-08 1997-06-10 Nederland Ptt Method for securely writing down an electronic payment method, as well as payment method for implementing the method.
US5953710A (en) * 1996-10-09 1999-09-14 Fleming; Stephen S. Children's credit or debit card system
JPH1139401A (en) * 1997-07-16 1999-02-12 Nippon Shinpan Kk Credit card system and method for using credit card through network
US6000832A (en) * 1997-09-24 1999-12-14 Microsoft Corporation Electronic online commerce card with customer generated transaction proxy number for online transactions
GB2345775A (en) * 1998-10-21 2000-07-19 Ordertrust Llc Analyzing transaction information
US6327578B1 (en) * 1998-12-29 2001-12-04 International Business Machines Corporation Four-party credit/debit payment protocol
US6847953B2 (en) * 2000-02-04 2005-01-25 Kuo James Shaw-Han Process and method for secure online transactions with calculated risk and against fraud

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5956699A (en) * 1996-10-03 1999-09-21 Jaesent Inc. System for secured credit card transactions on the internet
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
EP1028401A2 (en) * 1999-02-12 2000-08-16 Citibank, N.A. Method and system for performing a bankcard transaction

Also Published As

Publication number Publication date
JP2003536180A (en) 2003-12-02
JP5093957B2 (en) 2012-12-12
AU781671B2 (en) 2005-06-02
AU7001101A (en) 2002-01-02
EP1320839A2 (en) 2003-06-25
WO2001099070A2 (en) 2001-12-27
CA2382696A1 (en) 2001-12-27

Similar Documents

Publication Publication Date Title
CN105243313B (en) For the method whenever confirmed to verifying token
US6957185B1 (en) Method and apparatus for the secure identification of the owner of a portable device
CN106850699A (en) A kind of mobile terminal login authentication method and system
CN101241572B (en) A kind of method of operating of electric signing tools and electric signing tools
CN107798531B (en) Electronic payment method and system
US20070220597A1 (en) Verification system
WO2001099070A3 (en) An improved method and system for conducting secure payments over a computer network
WO2002075478A3 (en) Method for performing secure online payment transactions
CN204856630U (en) Electron ticketing system
NO993939D0 (en) Authorization check procedure
HUP0400771A2 (en) Method for enabling pki functions in a smart card
MXPA05013422A (en) Systems and methods for conducting secure payment transactions using a formatted data structure.
WO2002073877A3 (en) System and method of user and data verification
JPH1079006A (en) Using request considering method for virtual prepaid card capable of reusing continuous number
WO2003065164A3 (en) System and method for conducting secure payment transaction
HK1055183A1 (en) Method and system for facilitation of wireless e-commerce transactions
CN106779705B (en) Dynamic payment method and system
CN110620763B (en) Mobile identity authentication method and system based on mobile terminal APP
TW431105B (en) Method for strongly authenticating another process in a different address space
CN101790166A (en) Digital signing method based on mobile phone intelligent card
KR20000024445A (en) User Authentication Algorithm Using Digital Signature and/or Wireless Digital Signature with a Portable Device
MY137667A (en) Method and system for verifying authenticity of an object
US20080313720A1 (en) System, Device and Method for Conducting Secure Economic Transactions
WO2001078024A3 (en) An improved method and system for conducting secure payments over a computer network
EP1276066A3 (en) Licensing method and license providing system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2002/01382

Country of ref document: ZA

Ref document number: 70011/01

Country of ref document: AU

Ref document number: 200201382

Country of ref document: ZA

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2382696

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2001948538

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 2001948538

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 70011/01

Country of ref document: AU

WWW Wipo information: withdrawn in national office

Ref document number: 2001948538

Country of ref document: EP