WO2002013152A1 - Safety method and system for circulating confidential data on public-access communication means - Google Patents

Safety method and system for circulating confidential data on public-access communication means Download PDF

Info

Publication number
WO2002013152A1
WO2002013152A1 PCT/IT2000/000336 IT0000336W WO0213152A1 WO 2002013152 A1 WO2002013152 A1 WO 2002013152A1 IT 0000336 W IT0000336 W IT 0000336W WO 0213152 A1 WO0213152 A1 WO 0213152A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
auxiliary
verifier
primary
codes
Prior art date
Application number
PCT/IT2000/000336
Other languages
French (fr)
Inventor
Davide Martignon
Maurizio Cavaglione
Maurizio Hazan
Original Assignee
Davide Martignon
Maurizio Cavaglione
Maurizio Hazan
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Davide Martignon, Maurizio Cavaglione, Maurizio Hazan filed Critical Davide Martignon
Priority to PCT/IT2000/000336 priority Critical patent/WO2002013152A1/en
Priority to AU2000267243A priority patent/AU2000267243A1/en
Publication of WO2002013152A1 publication Critical patent/WO2002013152A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes

Definitions

  • the main side effect is that the client no longer needs to physically go to a shop or office to make a purchase or subscribe to a service, or to a bank to check his current account or make a transfer; thanks to telematics, he can instead act directly from home or from his workplace.
  • the first method consists in giving the seller the number of one's credit card: once the seller has received it, he is credited with the amount due by using the conventional payment networks to which the credit card belongs. This first method evidently has considerable drawbacks which affect the growth of e- commerce.
  • This method limits the risks for the customer, but has obvious disadvantages, ranging from the need to change money into prepaid cards before making a purchase to the possibility to purchase goods or services which are restricted to the offers of the seller that runs the e-commerce site where the card can be used, leading to dissatisfaction of the seller as well, who is forced to personally take on the efforts and risks inherent in the management of the payments.
  • the user is given security codes which allow the system to identify the user and allow access to the service.
  • security codes which allow the system to identify the user and allow access to the service.
  • the user is assigned an individual user name and a password: every time the user connects to a service, he enters his user name and his password. Also in this case, the risks for the user are very high, since the codes that he uses for access can be intercepted and used illicitly by unauthorized third parties, posing severe security problems both for the user and for the service provider.
  • the aim of the present invention is to overcome the above-noted problems by introducing a new security method and system which prevent third-party violation of critical data, such as credit card numbers or personal login data, during use or circulation on public-access communication means.
  • an object of the present invention is to provide a system in which no critical data are circulated or stored on public- access telematic networks.
  • Another object of the present invention is to provide a method and a system which are perceived by the user as a security system which is comprehensible because of its operation and simplicity, giving the user confidence in the use of telematic networks also for making transactions or accessing remote services.
  • Another object of the present invention is to provide a method and a system of payment over telematic channels which eliminates the risks due to the use of credit cards.
  • Another object of the present invention is to provide a payment method and system which are easy and pleasant to use for users.
  • providing, on the part of a user, a primary code and an auxiliary code; ⁇ identifying, on the part of a verifier, critical data associated with a combination of said primary code and said auxiliary code, characterized in that said auxiliary code is a single-use code.
  • the step of providing a primary code and an auxiliary code on the part of the user can occur over telematic channels, over telephone or fax channels or on paper.
  • said primary code and said at least one auxiliary code are generated by the verifier, which generates and transmits to the user a new set of auxiliary codes when the number of available auxiliary codes drops below a threshold.
  • the step of providing a primary code and an auxiliary code on the part of the user can consist in entering data in a graphical interface of an e-commerce site which can be reached over a first telematic network and is managed by a seller, in order to perform a financial transaction, and further comprises the steps of transferring, on the part of the seller, the entered primary code and auxiliary code to the verifier; retrieving, on the part of the verifier, a credit card number or critical datum which corresponds to the combination of the primary code and of the auxiliary code; and transferring the credit card number or critical datum to a validator over a second telematic network for routing the data to a credit institution.
  • the step of retrieving the credit card number or the critical datum can occur by request of the validator.
  • the transmission of the primary and auxiliary codes over the first telematic network can optionally be performed by means of an encrypted protocol.
  • the verifier provides the user with a software device which is parameterized on the primary code and is adapted to generate auxiliary codes; the user activates the software device, which generates a new set of codes and reports to the verifier its own primary code and the number of generated auxiliary codes; the verifier activates a second software device capable of generating exactly the same auxiliary codes in connection to the primary code.
  • Figures la and lb are block diagrams of the inventive concept on which the present invention is based;
  • Figure 2 is a data flowchart in a preferred embodiment of the system according to the invention, used for payment systems over a telematic network;
  • Figure 3 is a data flowchart in a second preferred embodiment of the system according to the invention, used for payment systems over a telematic network.
  • Figures la and lb illustrate the core of the inventive concept on which the present invention is based, and show in particular: a block 100, in which a primary code and a single-use auxiliary code are entered; a block 200, in which the entered codes are verified, a corresponding critical datum is retrieved from a file 11 and the used auxiliary code is invalidated; a block 300, in which access to the system that uses the retrieved critical datum occurs. Operation of the system is as follows: a user connects to a service which requires the use of critical data, such as for example credit card numbers or login information for telephone banking, home banking, stock trading, mailing services or any other service accessible by means of user identification.
  • a service which requires the use of critical data, such as for example credit card numbers or login information for telephone banking, home banking, stock trading, mailing services or any other service accessible by means of user identification.
  • connection is understood in a broad sense, since it can be a connection made over a telematic network, for example the Internet, or a connection made by means of conventional media, for example a telephone line, a fax or mail.
  • the common characteristic of the media used to make the connection is the fact that they are publicly accessible, i.e., they are media which do not allow absolute secrecy during the transfer of critical data from the user to the service provider.
  • the user does not communicate the critical data to the service provider, which in the diagram of Figure 1 coincides with the verifier; he instead communicates a fixed primary code which has been assigned to him and a variable auxiliary code which belongs to a set of single-use auxiliary codes.
  • the communicated code pair can be used only once, since once the user has received the codes the verifier verifies the validity of the codes, comparing them with the codes stored in the file 11, and in connection with said codes it retrieves one or more critical data associated with said pair, said data being then used for the rest of the operation on channels which at this point are no longer publicly accessible and are illustrated in Figure la by means of an arrow drawn in dashed lines. Meanwhile, the used auxiliary code is deleted from the file 11, thus making it pointless for unauthorized third parties to intercept the previously entered data.
  • the system and the method according to the invention apply to any field requiring a high degree of security, particularly to e-commerce over public-access telematic networks such as the Internet.
  • FIGS 2 and 3 are two different schematic illustrations of the physical and data flows that characterize the system and the method according to the invention applied to financial transactions over the Internet.
  • Said figures illustrate a verifier 10, a user 20, a seller 30 and a validator 40 for credit cards or critical data in general, which comprises a router for data routing.
  • the verifier 10 manages a file 11 which contains the primary codes 1 and the auxiliary codes 2 associated with critical data 3, in this case credit card numbers that belong to the user 20.
  • the verifier 10, the user 20 and the seller 30 are further all connected to a public-access telematic network 90, which coincides with the Internet in the preferred embodiment described herein, the verifier 10 being further connected to the validator 40 over an additional telematic network 95 which is not publicly accessible.
  • the verifier 10 When requested by the user 20, the verifier 10 issues an identification code or primary code 1 which corresponds to a credit card number or critical datum 3 that belongs to the user 20.
  • Said primary identification code 1 is a unique code which can comprise any number of digits, is of the numeric or alphanumeric type and is generated independently of the credit card number or critical datum 3 or from it according to an appropriate processing of said datum.
  • the primary code thus created is stored in the file 11 together with the corresponding credit card number or critical datum 3.
  • the verifier 10, or an appropriate organization to which this task is assigned further generates a first set of secondary or auxiliary codes 2 which are associated with the primary code 1.
  • the auxiliary codes can be codes of any kind or size, numeric or alphanumeric, and are likewise stored in the file 11.
  • the primary code 1 is reported by the verifier 10 to the user 20, using the conventional security precautions used when reporting personal codes which are already adopted by banks and the like.
  • the primary code 1 can be collected directly at a teller by the user 10 or sent by sealed mail, as occurs for the PINs (personal identification numbers) of ATM cards.
  • the verifier 10 also provides the user 20 with said first set of auxiliary codes 2.
  • the user 20 has his own primary code 1 and a set of auxiliary codes 2.
  • the user 20 can therefore connect, over appropriate connection means such as a modem or a local network, to a telematic network 90, for example the Internet, and can surf in search of e-commerce sites to purchase products in which he is interested.
  • a telematic network 90 for example the Internet
  • the user enters in the appropriately provided boxes of the graphical interface provided by the seller 30 his fixed primary code 1 and an auxiliary code 2.
  • the site of the seller 30 is not altered in any way with respect to conventional use, i.e., it does not require the addition of any hardware and/or software device.
  • the data entered by the user be they actual credit card numbers or a combination of primary code 1 and auxiliary code 2, are transmitted, together with the appropriate required corollary data, to the validator 40, which is conveniently provided with a device which is capable of verifying the type of data entered.
  • the validator 40 routes the data to the corresponding credit institution 50; otherwise it sends the received data to the verifier 10 over the Internet 90 or over a dedicated telematic network 95.
  • the verifier 10 verifies whether the transmitted auxiliary code 2 is a valid code with respect to the primary code 1, checking that the auxiliary code has actually been issued and has not yet been used by the user 20. If the verification of the codes 1 and 2 is successful, the verifier 10 retrieves from the file 11 the corresponding credit card number or critical datum 3 and routes it to the validator 40 by using private telematic circuits 95 or in any case circuits other than the publicly accessible telematic network 90. The data are then routed according to normal procedures to the credit institution 50.
  • the verifier 10 further deletes the auxiliary code 2 used by the user 20, which can no longer be used subsequently. In turn, the user 20 then deletes from his personal list the used auxiliary code 2, which can no longer be used for future transactions.
  • the illustrated embodiment has the advantage that it requires no changes to existing e-commerce sites if the critical datum 3 is constituted by a credit card number. By setting the primary and auxiliary codes so that their total number of digits is 16, i.e., the number of digits of an ordinary credit card, the user dial interface 20 remains unchanged and so do the communication means used to communicate with the validator 40.
  • the user 20 again enters in the appropriately provided boxes of the graphical interface provided by the seller 30 his fixed primary code 1 and an auxiliary code 2 and confirms his intention to make the transaction for the amount due.
  • the resulting complete code which comprises the primary code 1 and a single-use auxiliary code 2 is then sent by the seller 30 to the verifier 10, which checks the correctness of the received data by comparing them with the contents of the file 11. Again, the verifier 10 checks whether the transmitted auxiliary code 2 is a valid code with respect to the primary code 1, checking that the auxiliary code has actually been issued and has not been used yet by the user 20. If this check fails, the verifier 10 reports to the user 20, by means of the seller 30 and by means of a transmission on said network 90, that the entered codes are not valid and then asks to re-enter codes 1 and 2.
  • the verifier 10 retrieves from the file 11 the corresponding credit card number or critical datum 3 and routes it to the validator 40 by using telematic circuits 95 which are private or in any case different from the publicly accessible network 90. The data are then routed according to normal procedures to the credit institution 50. After receiving confirmation on the part of the validator 40 regarding the validity of the credit card or critical datum of the user 20, the verifier 10 deletes the auxiliary code 2 used by the user 20 and sends a confirmation to the seller 30, reporting that the transaction has been completed successfully; in turn, the seller notifies the user 20, for example by means of a text or graphic message displayed in the graphical interface.
  • the user 20 then in turn deletes from his personal list the used auxiliary code 2, which can no longer be used for future transactions. If the user 20 is left without auxiliary codes, he can explicitly request them from the verifier 10, which issues a new set thereof and stores it in the file 11. As an alternative, auxiliary codes can be generated automatically by the verifier 10 when the last valid auxiliary code is deleted from the file 11 or when the number of auxiliary codes drops below a preset threshold.
  • the system further has protection means for further ensuring the security of the user 20. In particular, after a presettable number of attempts in which the auxiliary code 2 has already been used or is not among those associated with the primary code 1, the verifier 10 blocks any further transaction related to the affected primary code.
  • the device used by the e-commerce site of the seller 30 for entry and communication with the verifier 10 is a software module supplied by the verifier, which can be included transparently in the information system used for e-commerce and can be accessed by means of a graphical interface displayed in a page of the site of the seller.
  • the software device for example, can be provided as an ActiveX object or as a Java applet and in no way affects the operation of the site where it is installed, other than by adding the features that allow to transfer data related to the new system.
  • a first embodiment of the software device provides for the exclusive management of codes 1 and 2 according to the invention of any kind (numeric or alphanumeric) and size deemed useful.
  • This embodiment ensures maximum flexibility in the composition of the primary and secondary codes.
  • the sum of the characters of the primary code 1 and of the secondary code 2 is equal to 16, i.e., the number of digits of an ordinary credit card.
  • the primary and secondary codes are generated so as to be automatically recognizable by the software device 35, which is thus capable of autonomously determining whether the user 20 is using a conventional credit card number or a combination of codes according to the invention simply by analyzing the entered alphanumeric characters.
  • the primary code 1 might include at least one alphabetic character, in contrast with the entirely numeric codes used for credit cards. The same possibility of automatic recognition is of course maintained even if it is the auxiliary codes that must contain at least one character of the alphabet.
  • one embodiment of the method and system according to the invention entails implementing software which is supplied to the user 20, is parameterized according to his primary code 1 and is capable of automatically generating new auxiliary codes 2 and of synchronizing with the verifier 10 for updating the file 11.
  • This embodiment operates as follows: the software device used by the user 20 generates a series of n codes and reports to the verifier 10 the generation of said n codes and the corresponding primary code. Upon receiving these data, the verifier 10 activates a corresponding software device 15 which acts on its side and generates auxiliary codes 2 which are identical to the ones generated by the software device 25 which is active on the personal computer of the user 20 and stores them in the file 11.
  • the auxiliary codes 2 thus generated can then be used by the user 20.
  • the software device 25 can comprise means for the automatic entry of the user's primary code 1 and of an auxiliary code 2 in e-commerce sites which use the invention, for example by way of the so-called “drag and drop” technique.
  • the communications between the seller 30, the verifier 10 and the validator 40 occur in real time, without encryption or by using a transmission protocol of the protected type, such as the SSL (Secure Sockets Layer) protocol, which provides an additional level of protection also for the circulation of data which is not strictly reserved, even if it is not necessary.
  • SSL Secure Sockets Layer
  • the invention thus conceived is susceptible of numerous modifications and variations which can be obviously deduced logically or operatively by the expert in the field and all of which are within the protective scope of the inventive concept.
  • the number of digits or characters that compose the primary or secondary codes may be any according to requirements, even zero, and the use of the system can be transferred to similar systems requiring the use of critical data, for example services provided by credit institutions, banks and home banking services or electronic check handling systems.
  • the players identified in the description of the system i.e., the validator, the verifier and the credit institution, may coincide in a same organization.
  • the verifier can coincide with the validator and can also coincide with the credit institution.
  • communications between the seller and the validator and/or between the seller and the verifier can occur over dedicated networks, not shown.
  • the security provided by the use of the method and the system according to the invention further makes it unnecessary to use expensive dedicated structures on a home-banking remote host, in favor of home banking entirely on the Internet, which is far cheaper and more efficient.
  • the method and the system thus conceived may of course also be used for financial transactions over the telephone, by mail or other transactions.
  • the described software devices can be provided by means of hardware equivalents.

Abstract

A security method and system for protecting the use and circulation of critical or confidential data on public-access communication means, with particular reference to the means used in the telematic field. A verification organization issues, in connection with a critical datum, a primary code and a set of single-use auxiliary codes associated with the primary code which are circulated on the public-access communication means instead of the critical data. The invention fully eliminates the risks araising from the use of reusable secret codes entailed, for example, by the circulation of the numbers on public-access telematic networks.

Description

SAFETY METHOD AND SYSTEM FOR CIRCULATING CONFIDENTIAL DATA ON PUBLIC-ACCESS COMMUNICATION
MEANS
Recent technological development and the spreading of low-cost telematic tools has radically changed market operating methods as regards the trading of tangible and intangible property and as regards banking or financial asset-management operations.
Moreover, the worldwide diffusion of the Internet and the exponential growth of the number of private users connected to it have opened, and are still opening, new possibilities, creating new requirements also from the commercial standpoint and revolutionizing the behaviors leading and related to ordinary buying/selling and customer/supplied relationships.
The main side effect is that the client no longer needs to physically go to a shop or office to make a purchase or subscribe to a service, or to a bank to check his current account or make a transfer; thanks to telematics, he can instead act directly from home or from his workplace. Many firms in fact already presently offer a virtual shop or office, constituted by an Internet site to which a user can connect simply by entering the address (URL) of the chosen site in his Internet browser. After entering the virtual shop, the user can inspect the products on sale and, for example, fill a virtual shopping cart with his purchases. Once he has selected the items of interest, the user confirms to the seller who runs the e- commerce site his intention to make the purchase, triggering a financial transaction process for the amount due. Likewise, all the main world banks and securities brokerage companies allow remote access to personal data over the Internet. However, every service offered through telematic channels always reveals a high risk factor as regards the circulation and/or storage of strictly private data on a public-access telematic network. For example, in the case of online financial transactions, the currently available payment methods are unable to meet the true requirements of the market. Two different payment methods are in fact mainly used. The first method consists in giving the seller the number of one's credit card: once the seller has received it, he is credited with the amount due by using the conventional payment networks to which the credit card belongs. This first method evidently has considerable drawbacks which affect the growth of e- commerce. In particular, the use of credit cards is notoriously subject to fraud and attacks by unauthorized third parties, who are often able to penetrate security systems used and acquire the credit card numbers temporarily stored or in transit on the public-access telematic network, thus exposing the customer to possibly substantial loss. Many customers therefore refuse this method, limiting the growth of e-commerce. In order to cope with this problem, some sellers who operate an e-commerce site use a second method, which consists in supplying optionally rechargeable prepaid cards or electronic wallets in general which are managed in-house and can be spent on products offered by the seller. This method limits the risks for the customer, but has obvious disadvantages, ranging from the need to change money into prepaid cards before making a purchase to the possibility to purchase goods or services which are restricted to the offers of the seller that runs the e-commerce site where the card can be used, leading to dissatisfaction of the seller as well, who is forced to personally take on the efforts and risks inherent in the management of the payments.
In the case of services provided remotely on a telematic network, such as for example home banking services or online stock trading services, the user is given security codes which allow the system to identify the user and allow access to the service. Typically, the user is assigned an individual user name and a password: every time the user connects to a service, he enters his user name and his password. Also in this case, the risks for the user are very high, since the codes that he uses for access can be intercepted and used illicitly by unauthorized third parties, posing severe security problems both for the user and for the service provider. The aim of the present invention is to overcome the above-noted problems by introducing a new security method and system which prevent third-party violation of critical data, such as credit card numbers or personal login data, during use or circulation on public-access communication means. Within the scope of this aim, an object of the present invention is to provide a system in which no critical data are circulated or stored on public- access telematic networks.
Another object of the present invention is to provide a method and a system which are perceived by the user as a security system which is comprehensible because of its operation and simplicity, giving the user confidence in the use of telematic networks also for making transactions or accessing remote services.
Another object of the present invention is to provide a method and a system of payment over telematic channels which eliminates the risks due to the use of credit cards.
Another object of the present invention is to provide a payment method and system which are easy and pleasant to use for users.
This aim, these objects and others which will become better apparent from the description that follows are achieved by a system and a method for making payments over telematic channels, comprising the steps of:
~ providing, on the part of a user, a primary code and an auxiliary code; ~ identifying, on the part of a verifier, critical data associated with a combination of said primary code and said auxiliary code, characterized in that said auxiliary code is a single-use code. Advantageously, the step of providing a primary code and an auxiliary code on the part of the user can occur over telematic channels, over telephone or fax channels or on paper.
Conveniently, said primary code and said at least one auxiliary code are generated by the verifier, which generates and transmits to the user a new set of auxiliary codes when the number of available auxiliary codes drops below a threshold.
Advantageously, the step of providing a primary code and an auxiliary code on the part of the user can consist in entering data in a graphical interface of an e-commerce site which can be reached over a first telematic network and is managed by a seller, in order to perform a financial transaction, and further comprises the steps of transferring, on the part of the seller, the entered primary code and auxiliary code to the verifier; retrieving, on the part of the verifier, a credit card number or critical datum which corresponds to the combination of the primary code and of the auxiliary code; and transferring the credit card number or critical datum to a validator over a second telematic network for routing the data to a credit institution.
Conveniently, the step of retrieving the credit card number or the critical datum can occur by request of the validator.
Conveniently, the transmission of the primary and auxiliary codes over the first telematic network, typically the Internet, can optionally be performed by means of an encrypted protocol.
Conveniently, the verifier provides the user with a software device which is parameterized on the primary code and is adapted to generate auxiliary codes; the user activates the software device, which generates a new set of codes and reports to the verifier its own primary code and the number of generated auxiliary codes; the verifier activates a second software device capable of generating exactly the same auxiliary codes in connection to the primary code.
Further characteristics and advantages of the invention will become better apparent from the following detailed description, given by way of non-limitative example and accompanied by the corresponding figures, wherein:
Figures la and lb are block diagrams of the inventive concept on which the present invention is based; Figure 2 is a data flowchart in a preferred embodiment of the system according to the invention, used for payment systems over a telematic network;
Figure 3 is a data flowchart in a second preferred embodiment of the system according to the invention, used for payment systems over a telematic network.
Figures la and lb illustrate the core of the inventive concept on which the present invention is based, and show in particular: a block 100, in which a primary code and a single-use auxiliary code are entered; a block 200, in which the entered codes are verified, a corresponding critical datum is retrieved from a file 11 and the used auxiliary code is invalidated; a block 300, in which access to the system that uses the retrieved critical datum occurs. Operation of the system is as follows: a user connects to a service which requires the use of critical data, such as for example credit card numbers or login information for telephone banking, home banking, stock trading, mailing services or any other service accessible by means of user identification. The connection is understood in a broad sense, since it can be a connection made over a telematic network, for example the Internet, or a connection made by means of conventional media, for example a telephone line, a fax or mail. The common characteristic of the media used to make the connection is the fact that they are publicly accessible, i.e., they are media which do not allow absolute secrecy during the transfer of critical data from the user to the service provider. The user does not communicate the critical data to the service provider, which in the diagram of Figure 1 coincides with the verifier; he instead communicates a fixed primary code which has been assigned to him and a variable auxiliary code which belongs to a set of single-use auxiliary codes. The communicated code pair can be used only once, since once the user has received the codes the verifier verifies the validity of the codes, comparing them with the codes stored in the file 11, and in connection with said codes it retrieves one or more critical data associated with said pair, said data being then used for the rest of the operation on channels which at this point are no longer publicly accessible and are illustrated in Figure la by means of an arrow drawn in dashed lines. Meanwhile, the used auxiliary code is deleted from the file 11, thus making it pointless for unauthorized third parties to intercept the previously entered data. The system and the method according to the invention apply to any field requiring a high degree of security, particularly to e-commerce over public-access telematic networks such as the Internet.
Figures 2 and 3 are two different schematic illustrations of the physical and data flows that characterize the system and the method according to the invention applied to financial transactions over the Internet. Said figures illustrate a verifier 10, a user 20, a seller 30 and a validator 40 for credit cards or critical data in general, which comprises a router for data routing. The verifier 10 manages a file 11 which contains the primary codes 1 and the auxiliary codes 2 associated with critical data 3, in this case credit card numbers that belong to the user 20. The verifier 10, the user 20 and the seller 30 are further all connected to a public-access telematic network 90, which coincides with the Internet in the preferred embodiment described herein, the verifier 10 being further connected to the validator 40 over an additional telematic network 95 which is not publicly accessible.
When requested by the user 20, the verifier 10 issues an identification code or primary code 1 which corresponds to a credit card number or critical datum 3 that belongs to the user 20. Said primary identification code 1 is a unique code which can comprise any number of digits, is of the numeric or alphanumeric type and is generated independently of the credit card number or critical datum 3 or from it according to an appropriate processing of said datum. The primary code thus created is stored in the file 11 together with the corresponding credit card number or critical datum 3. The verifier 10, or an appropriate organization to which this task is assigned, further generates a first set of secondary or auxiliary codes 2 which are associated with the primary code 1. Also the auxiliary codes can be codes of any kind or size, numeric or alphanumeric, and are likewise stored in the file 11. The primary code 1 is reported by the verifier 10 to the user 20, using the conventional security precautions used when reporting personal codes which are already adopted by banks and the like. For example, the primary code 1 can be collected directly at a teller by the user 10 or sent by sealed mail, as occurs for the PINs (personal identification numbers) of ATM cards. The verifier 10 also provides the user 20 with said first set of auxiliary codes 2. At this point the user 20 has his own primary code 1 and a set of auxiliary codes 2. The user 20 can therefore connect, over appropriate connection means such as a modem or a local network, to a telematic network 90, for example the Internet, and can surf in search of e-commerce sites to purchase products in which he is interested. When he finds products to be purchased at the site of a seller 30, he is asked to enter data for payment of the goods being purchased by way of appropriate entry means 25, preferably constituted by an appropriate software device provided with a graphical interface.
According to the first preferred embodiment of the system according to the invention used to make payments over telematic networks, the user enters in the appropriately provided boxes of the graphical interface provided by the seller 30 his fixed primary code 1 and an auxiliary code 2. The site of the seller 30 is not altered in any way with respect to conventional use, i.e., it does not require the addition of any hardware and/or software device. The data entered by the user, be they actual credit card numbers or a combination of primary code 1 and auxiliary code 2, are transmitted, together with the appropriate required corollary data, to the validator 40, which is conveniently provided with a device which is capable of verifying the type of data entered. In the case of an actual credit card number, the validator 40 routes the data to the corresponding credit institution 50; otherwise it sends the received data to the verifier 10 over the Internet 90 or over a dedicated telematic network 95. The verifier 10 verifies whether the transmitted auxiliary code 2 is a valid code with respect to the primary code 1, checking that the auxiliary code has actually been issued and has not yet been used by the user 20. If the verification of the codes 1 and 2 is successful, the verifier 10 retrieves from the file 11 the corresponding credit card number or critical datum 3 and routes it to the validator 40 by using private telematic circuits 95 or in any case circuits other than the publicly accessible telematic network 90. The data are then routed according to normal procedures to the credit institution 50. The verifier 10 further deletes the auxiliary code 2 used by the user 20, which can no longer be used subsequently. In turn, the user 20 then deletes from his personal list the used auxiliary code 2, which can no longer be used for future transactions. The illustrated embodiment has the advantage that it requires no changes to existing e-commerce sites if the critical datum 3 is constituted by a credit card number. By setting the primary and auxiliary codes so that their total number of digits is 16, i.e., the number of digits of an ordinary credit card, the user dial interface 20 remains unchanged and so do the communication means used to communicate with the validator 40. According to a second preferred embodiment of the system according to the invention in its version for making payments over telematic networks, the user 20 again enters in the appropriately provided boxes of the graphical interface provided by the seller 30 his fixed primary code 1 and an auxiliary code 2 and confirms his intention to make the transaction for the amount due.
The resulting complete code, which comprises the primary code 1 and a single-use auxiliary code 2, is then sent by the seller 30 to the verifier 10, which checks the correctness of the received data by comparing them with the contents of the file 11. Again, the verifier 10 checks whether the transmitted auxiliary code 2 is a valid code with respect to the primary code 1, checking that the auxiliary code has actually been issued and has not been used yet by the user 20. If this check fails, the verifier 10 reports to the user 20, by means of the seller 30 and by means of a transmission on said network 90, that the entered codes are not valid and then asks to re-enter codes 1 and 2.
If the verification of the codes 1 and 2 is successful, the verifier 10 retrieves from the file 11 the corresponding credit card number or critical datum 3 and routes it to the validator 40 by using telematic circuits 95 which are private or in any case different from the publicly accessible network 90. The data are then routed according to normal procedures to the credit institution 50. After receiving confirmation on the part of the validator 40 regarding the validity of the credit card or critical datum of the user 20, the verifier 10 deletes the auxiliary code 2 used by the user 20 and sends a confirmation to the seller 30, reporting that the transaction has been completed successfully; in turn, the seller notifies the user 20, for example by means of a text or graphic message displayed in the graphical interface. The user 20 then in turn deletes from his personal list the used auxiliary code 2, which can no longer be used for future transactions. If the user 20 is left without auxiliary codes, he can explicitly request them from the verifier 10, which issues a new set thereof and stores it in the file 11. As an alternative, auxiliary codes can be generated automatically by the verifier 10 when the last valid auxiliary code is deleted from the file 11 or when the number of auxiliary codes drops below a preset threshold. The system further has protection means for further ensuring the security of the user 20. In particular, after a presettable number of attempts in which the auxiliary code 2 has already been used or is not among those associated with the primary code 1, the verifier 10 blocks any further transaction related to the affected primary code. In the second preferred embodiment illustrated with reference to e-commerce, the device used by the e-commerce site of the seller 30 for entry and communication with the verifier 10 is a software module supplied by the verifier, which can be included transparently in the information system used for e-commerce and can be accessed by means of a graphical interface displayed in a page of the site of the seller. The software device, for example, can be provided as an ActiveX object or as a Java applet and in no way affects the operation of the site where it is installed, other than by adding the features that allow to transfer data related to the new system.
A first embodiment of the software device provides for the exclusive management of codes 1 and 2 according to the invention of any kind (numeric or alphanumeric) and size deemed useful. This embodiment ensures maximum flexibility in the composition of the primary and secondary codes. As an alternative, the sum of the characters of the primary code 1 and of the secondary code 2 is equal to 16, i.e., the number of digits of an ordinary credit card. In this case, the primary and secondary codes are generated so as to be automatically recognizable by the software device 35, which is thus capable of autonomously determining whether the user 20 is using a conventional credit card number or a combination of codes according to the invention simply by analyzing the entered alphanumeric characters. For example, the primary code 1 might include at least one alphabetic character, in contrast with the entirely numeric codes used for credit cards. The same possibility of automatic recognition is of course maintained even if it is the auxiliary codes that must contain at least one character of the alphabet.
As regards the generation of additional single-use auxiliary codes 2, one embodiment of the method and system according to the invention entails implementing software which is supplied to the user 20, is parameterized according to his primary code 1 and is capable of automatically generating new auxiliary codes 2 and of synchronizing with the verifier 10 for updating the file 11. This embodiment operates as follows: the software device used by the user 20 generates a series of n codes and reports to the verifier 10 the generation of said n codes and the corresponding primary code. Upon receiving these data, the verifier 10 activates a corresponding software device 15 which acts on its side and generates auxiliary codes 2 which are identical to the ones generated by the software device 25 which is active on the personal computer of the user 20 and stores them in the file 11. The auxiliary codes 2 thus generated can then be used by the user 20. Moreover, the software device 25 can comprise means for the automatic entry of the user's primary code 1 and of an auxiliary code 2 in e-commerce sites which use the invention, for example by way of the so-called "drag and drop" technique. These embodiments thus described allow to provide the user 20 with a payment system which is not only safe but also easy and pleasant to use.
As regards communication of the codes on the public-access network, the communications between the seller 30, the verifier 10 and the validator 40 occur in real time, without encryption or by using a transmission protocol of the protected type, such as the SSL (Secure Sockets Layer) protocol, which provides an additional level of protection also for the circulation of data which is not strictly reserved, even if it is not necessary.
The intended aim and all the objects have thus been achieved: in particular, a method and a system for using and circulating confidential data on public-access communications means have been provided which are safe, easy and pleasant to use and allow transparent integration in e-commerce sites.
The description of the above-described preferred embodiments is of course given merely by way of non-limitative example.
The invention thus conceived is susceptible of numerous modifications and variations which can be obviously deduced logically or operatively by the expert in the field and all of which are within the protective scope of the inventive concept. For example, as mentioned, the number of digits or characters that compose the primary or secondary codes may be any according to requirements, even zero, and the use of the system can be transferred to similar systems requiring the use of critical data, for example services provided by credit institutions, banks and home banking services or electronic check handling systems. Clearly, the players identified in the description of the system, i.e., the validator, the verifier and the credit institution, may coincide in a same organization. For example, the verifier can coincide with the validator and can also coincide with the credit institution. Moreover, also communications between the seller and the validator and/or between the seller and the verifier can occur over dedicated networks, not shown. The security provided by the use of the method and the system according to the invention further makes it unnecessary to use expensive dedicated structures on a home-banking remote host, in favor of home banking entirely on the Internet, which is far cheaper and more efficient. The method and the system thus conceived may of course also be used for financial transactions over the telephone, by mail or other transactions. Moreover, the described software devices can be provided by means of hardware equivalents.

Claims

1. A method for using confidential codes over telematic channels, comprising the steps of:
~ providing, on the part of a user, a primary code and an auxiliary code; ~ identifying, on the part of a verifier, critical data associated with a combination of said primary code and said auxiliary code, characterized in that said auxiliary code is a single-use code.
2. The method according to claim 1, characterized in that said step of providing a primary code and an auxiliary code on the part of the user occurs in one of the following manners: ~ over telematic media ~ over telephone or fax media — on paper.
3. The method according to claim 2, characterized in that said primary code and said at least one auxiliary code are generated by said verifier.
4. The method according to claim 3, characterized in that said verifier generates and transmits to the user a new set of auxiliary codes when the number of available auxiliary codes drops below a threshold.
5. The method according to claim 4, characterized in that said step of providing a primary code and an auxiliary code on the part of the user consists in entering data in a graphical interface of an e-commerce site which can be reached over a first telematic network and is operated by a seller, in order to perform a financial transaction, further comprising the steps of: ~ on the part of the seller, transferring said primary code and said auxiliary code to the verifier;
~ on the part of the verifier, retrieving a credit card number or critical datum which corresponds to said combination of primary code and auxiliary code; ~ transferring said credit card number or critical datum to a validator over a second telematic network for routing the data to a credit institution.
6. The method according to claim 4, characterized in that said step of providing a primary code and an auxiliary code on the part of said user consists in entering data in a graphical interface of an e-commerce site which can be reached over a first telematic network and is operated by a seller, in order to perform a financial transaction, further comprising the steps of:
— on the part of the seller, transferring said primary code and said auxiliary code to a validator; ~ on the part of the validator, requesting from the verifier a credit card number or critical datum which corresponds to said combination of primary code and auxiliary code;
~ on the part of the verifier, transferring said credit card number or critical datum to the validator over a second telematic network.
7. The method according to claims 5 or 6, characterized in that said first telematic network is the Internet.
8. The method according to claims 5 or 6, characterized in that said step of transferring said primary code and said at least one auxiliary code to said validator is performed by means of an encrypted protocol.
9. The method according to claims 5 or 6, characterized in that the sum of the number of characters that compose said primary code and said secondary code is 16.
10. The method according to claim 3, further comprising the steps of: ~ on the part of the verifier, providing the user with a software device which is parameterized on said primary code and is adapted to generate auxiliary codes;
~ on the part of the user, activating said software device in order to generate a new set of auxiliary codes and notifying to the verifier said primary code and the generated quantity of said auxiliary codes; ~ on the part of the verifier, activating a software device capable of generating exactly the same auxiliary codes in connection with said primary code.
11. A security system for using confidential data, comprising:
~ means for providing, on the part of a user, a primary code and an auxiliary code; and
~ means for identifying, on the part of a verifier, critical data associated with a combination of said primary and secondary codes, characterized in that said auxiliary code is a single-use code.
12. The system according to claim 11, further comprising: — connection means for allowing a user to connect, over a first telematic network, to an e-commerce site operated by a seller; and
~ entry means for entering said primary code and said at least one auxiliary code in order to perform a financial transaction;
~ first transfer means for transferring said primary code and said at least one auxiliary code to the verifier;
~ verification means for verifying said primary code and said auxiliary code, deleting said auxiliary code and identifying a credit card number or critical datum which corresponds to said combination of said primary and secondary codes; ~ second transfer means for transferring said credit card number or critical datum to a validator by means of a second telematic network for routing the data to a credit institution.
13. The system according to claim 11, further comprising:
~ connection means for allowing a user to connect, over a first telematic network, to an e-commerce site operated by a seller; and
~ entry means for entering said primary code and said at least one auxiliary code in order to perform a financial transaction;
— first transfer means for transferring said primary code and said at least one auxiliary code to a credit institution over said first telematic network; — means for identifying the type of code received and for requesting , , ,-
16 from the verifier a credit card number or critical datum which corresponds to said combination of said primary and secondary codes;
~ second transfer means for transferring said credit card number or critical datum from the verifier to the validator.
14. The system according to claims 12 or 13, characterized in that said first transfer means use an encrypted protocol.
15. The system according to claim 14, further comprising means for automatically generating and sending auxiliary codes to the user when the quantity of auxiliary codes available in connection to said primary code drops below a threshold.
16. The system according to claim 11, further comprising:
~ first generation means which are parameterized on a primary code in order to generate, on the part of a user, auxiliary codes which correspond to said primary code and transfer to the verifier data which comprise said primary code and the quantity of generated auxiliary codes;
— second generation means for generating, on the part of the verifier, when said data are received, auxiliary codes which are exactly identical to the ones generated by said first generation means.
17. The system according to claim 16, characterized in that said first and second generation means are software devices.
PCT/IT2000/000336 2000-08-08 2000-08-08 Safety method and system for circulating confidential data on public-access communication means WO2002013152A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/IT2000/000336 WO2002013152A1 (en) 2000-08-08 2000-08-08 Safety method and system for circulating confidential data on public-access communication means
AU2000267243A AU2000267243A1 (en) 2000-08-08 2000-08-08 Safety method and system for circulating confidential data on public-access communication means

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IT2000/000336 WO2002013152A1 (en) 2000-08-08 2000-08-08 Safety method and system for circulating confidential data on public-access communication means

Publications (1)

Publication Number Publication Date
WO2002013152A1 true WO2002013152A1 (en) 2002-02-14

Family

ID=11133544

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2000/000336 WO2002013152A1 (en) 2000-08-08 2000-08-08 Safety method and system for circulating confidential data on public-access communication means

Country Status (2)

Country Link
AU (1) AU2000267243A1 (en)
WO (1) WO2002013152A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080302876A1 (en) * 2005-05-09 2008-12-11 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1995025391A1 (en) * 1994-03-16 1995-09-21 Security Dynamics Technologies, Inc. Method and apparatus for utilizing a token for resource access
US5606614A (en) * 1993-10-15 1997-02-25 British Telecommunications Public Limited Company Personal identification systems
US5617470A (en) * 1995-06-02 1997-04-01 Depasquale; George B. Apparatus and method for preventing unauthorized access to a system
US5627355A (en) * 1994-07-13 1997-05-06 Rahman; Sam Transaction device, equipment and method for protecting account numbers and their associated personal identification numbers
WO1999049424A1 (en) * 1998-03-25 1999-09-30 Orbis Patents Limited Credit card system and method
US5971272A (en) * 1997-08-19 1999-10-26 At&T Corp. Secured personal identification number
WO2000025262A1 (en) * 1998-10-28 2000-05-04 American Express Travel Related Services Company, Inc. Systems and methods for authorizing a transaction card
GB2345175A (en) * 1998-12-21 2000-06-28 Richard Mervyn Gardner Payment card authentication

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5606614A (en) * 1993-10-15 1997-02-25 British Telecommunications Public Limited Company Personal identification systems
WO1995025391A1 (en) * 1994-03-16 1995-09-21 Security Dynamics Technologies, Inc. Method and apparatus for utilizing a token for resource access
US5627355A (en) * 1994-07-13 1997-05-06 Rahman; Sam Transaction device, equipment and method for protecting account numbers and their associated personal identification numbers
US5617470A (en) * 1995-06-02 1997-04-01 Depasquale; George B. Apparatus and method for preventing unauthorized access to a system
US5971272A (en) * 1997-08-19 1999-10-26 At&T Corp. Secured personal identification number
WO1999049424A1 (en) * 1998-03-25 1999-09-30 Orbis Patents Limited Credit card system and method
WO2000025262A1 (en) * 1998-10-28 2000-05-04 American Express Travel Related Services Company, Inc. Systems and methods for authorizing a transaction card
GB2345175A (en) * 1998-12-21 2000-06-28 Richard Mervyn Gardner Payment card authentication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080302876A1 (en) * 2005-05-09 2008-12-11 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card

Also Published As

Publication number Publication date
AU2000267243A1 (en) 2002-02-18

Similar Documents

Publication Publication Date Title
US6078902A (en) System for transaction over communication network
US7024395B1 (en) Method and system for secure credit card transactions
KR100933387B1 (en) Online payer authentication service
US20020032663A1 (en) Apparatus and method for performing secure network transactions
US20050085931A1 (en) Online ATM transaction with digital certificate
US20100179906A1 (en) Payment authorization method and apparatus
US20010047335A1 (en) Secure payment method and apparatus
US20030069792A1 (en) System and method for effecting secure online payment using a client payment card
KR20100054757A (en) Payment transaction processing using out of band authentication
JP2013539561A (en) Management method of electronic money
CA2267314A1 (en) System and method for pseudo cash transactions
WO2002039342A1 (en) Private electronic value bank system
US20100043064A1 (en) Method and system for protecting sensitive information and preventing unauthorized use of identity information
US20040054624A1 (en) Procedure for the completion of an electronic payment
US20010034721A1 (en) System and method for providing services to a remote user through a network
EP0848343A2 (en) Shopping system
CN114240408A (en) Electronic ticket business transaction method based on block chain technology
EP1134707A1 (en) Payment authorisation method and apparatus
US20230009385A1 (en) Transaction authentication method, server and system using two communication channels
WO2001061662A2 (en) Accessing information for multiple financial accounts via the internet
WO2002013152A1 (en) Safety method and system for circulating confidential data on public-access communication means
JP2001325439A (en) Service contracting method
KR20090036160A (en) System and method for operating multi-application card linked online account with saved value and recording medium
WO2002015077A1 (en) Apparatus and method for performing secure network transactions
RU2162249C1 (en) System for control of conclusion of transactions

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1)EPC DATED 17/04/03

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP