• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The present invention is directed to a method for approving a transaction comprising: entering a user name and password corresponding to a user account, generating a random key, generating a secure key, characterized in that the step of generating the secure key is based on the password and the random key. The present invention is further directed to a system for approving a transaction comprising: means for entering a username and password corresponding to a user account, means for generating a random key, means for generating a secure key characterized in that said means for generating the secure key further comprises means for combining the password and the random key.
    公开号:BE1025817B1
    申请号:E2014/0815
    申请日:2014-10-29
    公开日:2019-11-18
    发明作者:Ronals Beelen;Giovanni Vreborg;Johan Maris;Dean Talboys
    申请人:Vitisco Nv;
    IPC主号:
    专利说明:

    Method for approving a transaction
    FIELD OF THE INVENTION
    The present invention relates to a method for approving a transaction comprising: entering a username and password corresponding to a user account, generating a random key and generating a secure key.
    BACKGROUND OF THE INVENTION
    Security in combination with transactions is a hot topic today. Even when we are talking about exchanging information or financial transactions, fraud is a fear that is common among people around the world. Documents such as US 2012 0 185 398 or WO 2013 089 591 deal with different ways of sending or exchanging personal information on different electronic media. However, none of these ways excludes the risk that such personal information will be intercepted and further used in new transactions.
    Furthermore, some of the methods of said documents introduce different methods and physical or electronic devices to be used in different locations in combination with personal information, which would be a burden for a user who wants to access multiple locations.
    In view of the above disadvantages, it is an object of the present invention to provide a method
    BE2014 / 0815 for the approval of a transaction that minimizes the risk of personal data being intercepted and used by an external party, and the possibility that such personal data may be used in a new transaction that the owner is unaware of.
    It is another purpose of the current invention to a method for to approve of a transaction to fresh buy that much easier is to use and That less input of the user necessary.It is another purpose of the current invention to a method for to approve of a
    provide a transaction that would be implemented at different locations or different domains, without the user having to use an additional physical or electronic device.
    It is another object of the present invention to provide a method for approving a transaction that can be easily implemented at the location of the service provider without the need for additional electronic devices.
    It is a further object of the present invention to provide a method for approving a transaction that would be usable at different geographic locations, without additional measures or restrictions.
    Summary of the invention
    The present invention addresses the problems identified above by providing a method for approving a transaction comprising:
    BE2014 / 0815 entering a username and password corresponding to a user account, generating a random key, generating a secure key, characterized in that the step of generating the secure key is based on the password and the random key.
    The present invention is further directed to a system for approving a transaction comprising: means for entering a username and password corresponding to a user account, means for generating a random key, means for generating a secure key characterized in that said means for generating the secure key further comprises means for combining the password and the random key.
    Brief description of the drawings
    FIG 1 illustrates a process flow for a transaction request at the service provider in accordance with an embodiment of the present invention
    FIG 2 illustrates a life cycle of a transaction in accordance with an embodiment of the present invention
    FIG 3 illustrates a process flow for a deferred payment in accordance with a specific embodiment of the present invention
    FIG 4 illustrates a measured transaction in accordance with a specific embodiment of the present invention
    BE2014 / 0815
    FIG 5 illustrates a process flow for validating an on-demand transaction at the server in accordance with an embodiment of the present invention
    FIG 6 illustrates a process flow for validating a transaction on the mobile device in accordance with a specific embodiment of the present invention
    Description of the invention
    In the context of the present invention, a transaction means any exchange of money, goods or information, such as, for example: a purchase of a good, gaining access to a file, gaining access in or out of a building, or any type of communication between electronic devices or between a human and an electronic device.
    The present invention is directed to a method for approving a transaction comprising: entering a user name and password corresponding to a user account in an electronic device, said electronic device generating a random key and a secure key, the feature that the step of generating the secure key is based on the password and the random key.
    By generating a secure key based on the password and the random key, in fact no personal information will be used directly and literally when approving such a transaction, which is the method in accordance with the
    BE2014 / 0815 makes the present invention much safer. Even if an unauthorized person intercepted the secure key, he / she would not be in possession of the user's password and would therefore not be able to approve a transaction that the account owner is not aware of.
    To further increase the safety of such a method, the electronic device can check whether the random key is a unique random key. In the event that such a check would not have a positive result, another random key is generated.
    In a preferred embodiment in accordance with the present invention, the random key is generated every time a user wishes to approve a transaction, therefore, the result of the method according to the present invention is different for each transaction request. By implementing such a method, the risk of an unauthorized person intercepting the secure key is excluded.
    In the context of the present invention, the password and / or the random key must be understood as a combination of characters such as, for example: a combination of letters, numbers, special symbols or a combination thereof.
    The random key can be of variable length, it is even better if the random key has a fixed length.
    In another embodiment in accordance with the present invention, the method may further be one
    BE2014 / 0815 additional step in which the password is further protected by applying any cryptographic or encryption method, such as for example: symmetric key encryption (Data Encryption Standard (DES) and Advanced Encryption Standard (AES), triple-DES, cryptographic hash functions), public key encryption (Diffie-Hellman key exchange protocol, RSA algorithm, Cramer-Shoup cryptosystem, ElGamal encryption system, elliptic curve techniques), Constant Bit Rate Encoding (CBR), Two-Pass Constant Bit Rate Encoding, Quality-Based Variable Bit Rate Encoding, Unconstrained Variable Bit Rate Encoding, PeakConstrained Variable Bit Rate Encoding, or the like.
    Preferably, a cyclical module encryption method is used to protect the password. Furthermore, the result of the cryptographic or coding method will be referred to as the modifier code.
    In another embodiment in accordance with the present invention (FIG. 1), the modifier code is further used in combination with the random key to generate the secure key.
    By applying a method for approving a transaction as described above, in fact not only privacy and security requirements are met, but also the risks of fraud or identity theft are excluded.
    In an embodiment in accordance with the present invention, generating the secure key involves applying: a modulo-n
    BE2014 / 0815 encryption method, or an insertion function, or a consolidation function, or the like, on the modifier code and random key.
    Furthermore, the modifier code is generated by a first electronic device and sent via a network to a server to identify the user account.
    Furthermore, the random key can be stored on the server and / or on the electronic device on a permanent memory, such as, for example, on a read-only memory, flash memory, ferroelectric RAM (F-RAM, etc.). username, random key and modifier code stored in, for example, transaction tables on the server and / or on the electronic device.
    In the context of the present invention, an electronic device is to be understood as a fixed or mobile electronic device.
    A fixed electronic device must be understood as any kind of device that is limited by a continuous source of electricity such as, for example, a scanner, a desktop computer, a printer, a video camera, or the like.
    A mobile device is to be understood as any type of device that is not limited by a continuous source of electricity such as, for example, and not limited to: mobile phone, tablet computer, personal digital assistant (PDA), laptop, music player, mp3 player, pager receiver, portable scanner, game console, electronic reading device, slatecomputer,
    BE2014 / 0815 global positioning system receiver, camera, digital camera, video camera, digital video camera or the like.
    In a preferred embodiment in accordance with the present invention, said first electronic device is a mobile electronic device. This feature enhances the accessibility and ease of use of a method in accordance with the present invention. It will not further limit the user to a specific service provider or geographical area such as: a city, a region, a country or a continent. As long as the user is in possession of his / her mobile device and his / her password, he / she will be able to use a method in accordance with the present invention to approve a transaction.
    In the context of the present invention, a service provider is understood to mean a provider of any kind of service where a transaction as defined above can take place, such as for example: a store, a website, a bank, a private location, a public location, an electronic platform.
    To further tighten security and privacy measures, neither the password nor the modifier code is stored on the first electronic device. The modifier code will only be present temporarily as a variable on the first electronic device and will be used to generate the secure key. Therefore, if the first electronic device is stolen or lost, an unauthorized person would not be able to approve a transaction. The password is not passed through a
    BE2014 / 0815 network sent without being secured. If an unauthorized person were to intercept the secure key for that reason, he would not be able to approve another transaction because he would not be in possession of the random key, and / or the cryptographic or encryption method to recover the password. to gain. In addition, the random key is generated individually for each transaction, making it even more difficult for an unauthorized person to copy the method of the present invention.
    In a preferred embodiment in accordance with the present invention, the user must identify himself by providing a username and password. The password is further protected by the modifier code generation, and this modifier code is then sent to the server along with the username. Preferably, said server generates a random key with a fixed length. The random key can be a combination of characters, such as for example: a combination of letters, numbers, special symbols or a combination of these. The generated random key is then sent by the server to the first electronic device.
    Furthermore, the electronic device and / or the server can generate the secure key using the same method. Furthermore, the secure key can be stored in the transaction table on the server.
    When the server receives the secure key generated by the first electronic device, the server compares the electronic key
    BE2014 / 0815 device received secure key with the transaction table stored on said server. If the result of this comparison is not positive, the server may request a new secure key, more preferably the server may request the user to re-enter his password in the first electronic device via, for example: a popup message, an SMS, a message that is sent to the user account. If this step is repeated more than 10 times, preferably more than 5 times, even better more than 2 times, the server can block the account so that no further transactions can be approved until specific authentication steps are performed by the user.
    This feature further guarantees a very high level of security in communication between the first electronic device and the server, because no relevant personal data is stored on the first electronic device, mainly due to the lack of registration of the password required by the server to clear error messages.
    In a further embodiment in accordance with the present invention, if the server requests the user to enter his / her password, the server may also request an additional security check previously stored on the server, such as, for example: a secure key, a security question, a personal question, a
    BE2014 / 0815 card number, a card issuer, a CID code, a security password or the like.
    If such a check is unsuccessful, the server may block the account and further communicate with the user through various registered means, such as: by sending an SMS to a second phone number stored for this account, or by sending a voice message to send the aforementioned stored second telephone number, or by sending an e-mail or something similar.
    If such an account stores financial information and financial transactions, the server may further include means to communicate directly with the issuing bank and may request to block an account until the owner can take appropriate action.
    In a preferred embodiment in accordance with the present invention, the server stores the secure key and random key for the transaction.
    In another embodiment in accordance with the present invention, the server may generate a unique identifier for said transaction, such as, for example, a unique random number, or a sequential number containing details about the date and time of the purchase, or a sequential number containing details. about the GPS location and the purchase date, and the like. Furthermore, the server may send said unique identifier to the user via an SMS, or a pop-up message or an e-mail or the like. This feature would further enable the user
    BE2014 / 0815 to check and verify his account and to retrieve reports if necessary.
    Furthermore, the unique identifier can be stored at a different location on the server, such as, for example, in a database of a transaction track. This feature gives the user the ability to create transaction reports at any time.
    Preferably, the server can make a transaction table containing information about approval time and / or transaction type and / or location and / or the random key and / or the secure key and / or said unique identification number.
    In another embodiment in accordance with the present invention, the server can build more than one transaction table.
    Preferably, the random key and the secure key of a particular transaction are unique within said transaction table. Furthermore, the random key and the secure key can be unique within all transaction tables built on the server. This feature will increase the security level of a method in accordance with the present invention by eliminating the risk of duplicate transactions.
    In a further embodiment in accordance with the present invention, the first electronic device can generate the generated secure key
    and / or random send key as a SMS, if a e-mail, through Bluetooth, Near Field Communication (NFC) or infrared (IR). Bee preferred
    BE2014 / 0815 the first electronic device shows the secure key and / or the random key as an electronically readable image, such as in the form of: a barcode, Quick Response (QR) code, a string, SPARQCode, ShotCode, PDF417 ( Portable Data File), MaxiCode, High Capacity Color Barcode, data matrix, Aztec Code or the like. Furthermore, the user can select in which format of electronically readable image the secure key and / or the random key is displayed. Preferably, the user can switch from one format to the other format when the secure key and / or the random key is displayed.
    Because the secure key and / or random key are shown as an electronically readable image, someone close to the user would not be able to see the characters of the secure key and / or random key and would not otherwise can use in a new transaction.
    In a further embodiment in accordance with the present invention, said barcode can be of any format, such as for example: linear barcodes or matrix barcodes or images such as: Code 39, Code 39 Full ASCII, Code 39 HIBC, CodaBar, Code 93, Code 128, UCC / EAN 128 (unique product code / European Article number), Interleaved 2 Or 5, PostNET (Postal Numeric Encoding Technique), UPC-A, UPC-E, EAN / JAN-8 (European Article number / Japanese article number), EAN / JAN-13 , BookLand, MSI / Plessey (Modified Plessey) or the like.
    BE2014 / 0815
    In a further embodiment in accordance with the present invention, the server can record additional notes for each account, by storing specific device information of the first electronic device such as, for example: used IP range of the network, telephone number, international identity equipment for mobile stations (IMEI), Media Access Control (MAC) address, international mobile subscriber identity (IMSI) or the like.
    If a transaction request received by the server does not contain at least one of the stored notes, the server may ask the user to enter the password or the server may immediately block the account until the user takes appropriate authentication steps. This feature eliminates the risk that another person in the vicinity of the user may copy a transaction and send a request to approve a transaction from another unregistered / unknown electronic device.
    In a further embodiment in accordance with the present invention, the second electronic device is capable of scanning and / or reading the displayed safe key and / or random key and the safe key and / or random key together with the identity information of the electronic device from the second electronic device to the server.
    In a further embodiment in accordance with the present invention, the server,
    BE2014 / 0815 if the random key is sent to the server and is not found by the server in the transaction table, send a message to the electronic device in the second location. Furthermore, the user can generate and display the secure key and the electronic device at a second location can send it to the server. The server checks whether the secure key can be found in the transaction table. If the result of such a check is not positive, the server can send a message to the second electronic device and the user can re-enter the password on his electronic device and try again.
    Because the electronic device does not receive identity information from the first electronic device at a second location, the security level of a system according to the present invention is very high. Even if an unknown person intercepts communication between the first electronic device and the second electronic device, the identity of said user and / or the first electronic device is unknown.
    In a further embodiment in accordance with the present invention, said first electronic device may display identification data, for example: the user name and / or telephone number and / or international identity equipment for mobile stations (IMEI) and / or Media Access Control (MAC) address and / or international identity mobile subscriber (IMSI). The second electronic device may further be the
    Send BE2014 / 0815 identity information together with the random key and / or the secure key to the server. Furthermore, the server can identify the user via said data and inform him / her directly on his / her electronic device if the random and / or secure key is not found in the transaction table. This attribute will help said user to always be informed about requests for approval sent on his / her user account.
    Because the random key and / or the secure key are shown as an electronically readable image, no additional electronic devices would be required at the service provider. If the random key and / or the secure key are shown as a barcode, only a one-dimensional (1D) barcode scanner is required, a device that is usually found in most if not all service provider locations.
    In a further embodiment in accordance with the present invention, the second electronic device is a POS system that includes reading said electronically readable image. By implementing a method in accordance with the present invention, the secure key is never decrypted or decrypted. For this reason, the password is not used by any device or is displayed with its initials. The POS system is able to read the electronically readable image and send it to the server for further checks.
    BE2014 / 0815
    Even if an unauthorized person intercepted the secure key, he / she would not be able to obtain the password without possessing the cryptographic method and / or the encryption algorithm. Because of the cryptographic methods and / or encryption algorithms used, he / she will not be able to determine the length of the password. Because he is unable to obtain the password, the person intercepting the secure key would not be able to apply the method according to the present invention for a new transaction that the owner is not aware of.
    In another embodiment in accordance with the present invention, if the user believes that the password or cryptographic method and / or encryption algorithm has been intercepted, the user may choose to change one or all of them. Furthermore, the user can request the server to create another random key.
    In another embodiment in accordance with the present invention, if it receives a transaction request that does not meet all requirements, the server may ask the user to change the password and / or said cryptographic method or encryption algorithm during the next transaction request.
    In a preferred embodiment in accordance with the present invention, said POS system is recognized by the server due to an identity of an electronic device. As a POS system for the
    BE2014 / 0815 first time access to the server, a fixed or mobile electronic device is also used in the service provider's premises. Said fixed or mobile electronic device further comprises means for sending GPS coordinates to the server. The server will further generate an identity code and then check whether said code is unique within the server database. If the result of the check is negative, the server will generate a different identity code and a further check will be performed. If the result of the check is positive, the server will store the identity code for said POS system and then send the identity code to the fixed or mobile second electronic device.
    The fixed or mobile second electronic device will use said code as a machine-readable
    show image . Further includes the POS system resources for it reading electronically readable Pictures and hit it further named identity code permanently on in his memory.In a further embodiment agreement with the current invention validates the
    server the identity of the first electronic
    device on base of the username and the modifier code • In a Others embodiment in agreement with the present invention can it
    password are not unique. This feature will not limit a user's ability to define his protection and will not further limit it
    BE2014 / 0815 provide guidance for a password of another existing account, so that privacy and security requirements are maintained. However, the server will check whether the user name is unique in relation to registered user names.
    In another embodiment in accordance with the present invention, the user may have more than one first electronic device. In addition, the user can send a transaction request from more than one first electronic device.
    For more security, the server may store one of said cryptographic methods or encryption algorithms for each of the first electronic devices. Furthermore, the server can store the modifier code and user name for each of the first electronic devices. For that reason, the same user requesting the approval of a transaction can use different electronic devices and will have different generated secure keys depending on which device he uses. This feature makes the method in accordance with the present invention safe to use at multiple locations. Moreover, the user is not limited by carrying the same electronic device.
    In addition, the user can have multiple set up accounts on the same first electronic device. Said accounts may further have different usernames, and / or different restrictions, and / or different / same passwords, and / or
    BE2014 / 0815 different / same cryptographic method or coding method, or a combination of these.
    In a further embodiment in accordance with the present invention, the electronic device can communicate with the server via a wired or wireless internet network, or via Bluetooth, or via Near Field Communication (NFC), or via radio frequency (RF) or via infrared (IR) and can send information about the geographic position of the electronic device by, for example, sending GPS coordinates.
    In a further embodiment in accordance with the present invention, the method may include limitations based on, for example: geographic location (GPS position), day of the week, time of day, service provider, number of requests for approval of a transaction, limit amount for a transaction or limit amount within an hour, or limit amount within a day, or the like.
    Furthermore, a method in accordance with the present invention can approve a transaction based on the random key and said limitations. A user only needs to send a request to the server, the server will generate the random key and send it to the first electronic device. The first electronic device may further display the random key as an electronically readable image.
    Furthermore, the restrictions can be stored on the server and / or stored on the first electronic device. In addition, the limitations
    BE2014 / 0815 on every first electronic device of the user.
    If the customer sent an approval request using the random key that would not meet the stored restrictions, the server could block the account, or, better still, the server could ask the user to enter his password on the first electronic device to feed. If the password is entered on the electronic device, the first electronic device would generate the secure key in the same way as the server.
    Furthermore, the user can choose whether the restrictions will be applied to his / her first electronic device and he / she can further choose whether the restrictions can be overwritten or not by entering the password or the secure key.
    If the user should send a request for approval, the first electronic device is able to check whether the restrictions are being met. If all restrictions are met, the electronic device can display the random key as an electronically readable image to the second electronic device which then sends it to the server. If not all restrictions are met, and the user has decided that these restrictions can be overwritten by the password or the secure key, the user will be asked to enter the password and then the first electronic device would either use the random key. as an electronically readable image
    BE2014 / 0815 or further generate the secure key and display it as an electronically readable image that is then sent to the server. In addition, the server is able to determine whether the received key and / or code has been generated based on entering the password or not by checking said transaction table, and if necessary, the server may ask the user to enter the password. by sending a message to the second electronic device or directly to the first electronic device.
    If the electronically readable image is in the form of a QR (Quick Response) code, the limitations can be further saved and retrieved directly by reading the QR code.
    This feature would make the method according to the present invention for well-known transactions very quick to use, and can generate different security levels on different electronic devices or generate different security levels for different accounts connected to the same electronic device.
    If the user believes that his account is no longer secure, or in the event of the theft of the electronic device, the user can manually block the account, or the user can change the restrictions manually by accessing his / her electronic device from another electronic device. get her account.
    In a further embodiment in accordance with the present invention, it may
    BE2014 / 0815 transaction request are valid for at least 5 minutes, preferably for at least 3 minutes, or even better for at least 1 minute. If the server does not receive the correct data within this time interval, the transaction will be blocked, it is even more preferable for the transaction to expire and the server to mark it in a transaction table as marked, for example, to be deleted.
    In another embodiment in accordance with the present invention, the server validates the identity of the second electronic device based on the identity information of the device. This is an additional security step that the server performs before approving the transaction. Furthermore, the identity information of the device may be unique within the server database or unique within a particular geographic location. The identity information can be any combination of characters or symbols, and it is hereinafter further referred to as the ID code.
    In a further embodiment in accordance with the present invention, the second electronic device may request a unique ID code during registration with the network of the service provider, or the second electronic device may contain a chip with an already generated unique ID which is further the server will be recognized.
    If the ID code or the second electronic device is not recognized, but the random key or secure key received is found by the server in the transaction table, the server may request the user to enter his / her password
    BE2014 / 0815, and / or the transaction can be refused, and / or the user can be notified via text message, e-mail or additional contact information stored for his / her user account. If more than 10 attempts, preferably more than 5 attempts, more preferably more than 3 attempts from the same second electronic device or from unrecognized electronic devices are received at a second location, the server can block the account until the user can take appropriate steps undertake.
    In a further embodiment in accordance with the present invention, if the ID code of the second electronic device is not recognized by the server, the server may send a message to the second electronic device and notify him that initialization is required. The second electronic device can send a request for an ID code to the server by using an additional fixed or mobile electronic device, as explained above.
    Furthermore, the second electronic device can also send information about the service provider when initialization is requested, such as for example: location information and / or name and / or license. Upon receipt of the request, the server will check the identity of the service provider and assign a unique ID code for the second electronic device. After receipt of the ID code by the second electronic device, the approval of the transaction can be resent.
    BE2014 / 0815
    In another embodiment in accordance with the present invention, if the server receives identity information from an unknown second electronic device, the first electronic device may send the ID code of the second electronic device together with the user name and the secure key to the server after to have requested a transaction approval. The server can further store the ID code of the second electronic device, together with a reference to the service provider, and then generate the random key and send it to the first electronic device. The first electronic device can generate the secure key based on the received random key and modifier code and display it as an electronically readable image. The second electronic device can read the electronically readable image and then send it to the server along with the ID code. The server will check whether the ID code and the secure key can be found in the transaction table and further approve the transaction or request more information.
    In a further embodiment in accordance with the present invention, said transaction may be a financial transaction. The password can also be a pin code. This feature makes the method easier to use and combine with existing bank cards. In addition, for better financial control, the user can link different bank cards to different electronic devices.
    BE2014 / 0815
    In a further embodiment in accordance with the present invention, the method can be used for online payment applications without the risk of fraud, because no customer information is sent directly.
    In a further step of a method according to the present invention, after checking the validity of the first electronic device, the server will also check the validity of the second electronic device and check whether the secure key is the correct one. The server will then send information about the validity of the transaction to the second electronic device and the second electronic device will accept or reject the transaction.
    Further, to reduce the hardware requirements for storing the data, said transactions may be visible on the server for a predetermined period. Preferably, all transactions can have the same time interval in which they are stored, such as: a week, a month or three months. More preferably, the user can define the time interval in which the transactions are visible on the server. After the time interval, the transactions can be destroyed by the server or further stored on an additional database at a different location.
    If such a transaction is removed from the transaction table, the random key and / or the modifier code can be further used for new transactions.
    BE2014 / 0815
    In addition, even if the random key and / or modifier code is removed from the transaction table, the user can see the transactions further in the transaction trace database, as explained above.
    In the context of the present invention, FIG 2 shows a specific example of an embodiment in which:
    Step 1 the user enters his / her username and pin on the mobile device, and the mobile device then calculates the modifier code using said pin
    Step 2 the mobile device sends the user name and modifier code to the server
    Step 3 the server validates the identity of the mobile device and generates the random key and the secure key using the modifier code
    Step 4 the server sends the random key to the mobile device
    Step 5 the mobile device uses the modifier code to generate the secure key from the random key and displays the secure key as an electronically readable image
    Step 6 The electronically readable image is scanned and read to be used by the second electronic device at the service provider
    Step 7 the second electronic device at the service provider sends the ID code and the secure key to the server
    BE2014 / 0815
    Step 8 the server checks the validity of the ID code and the secure key
    Step 9 the server sends a positive or negative response to the second electronic device at the service provider
    Step 10 the second electronic device at the service provider confirms or rejects the transaction request
    The present invention is further directed to a system for approving a transaction comprising: means for entering a username and password corresponding to a user account, means for generating a random key, means for generating a secure key , characterized in that said means for generating a secure key further comprises means for combining the password and the random key.
    In another embodiment in accordance with the present invention, the system may further comprise means for further protecting the password, by applying any cryptographic or encryption method, such as, for example: symmetric key encryption (Data Encryption Standard (DES) and Advanced Encryption Standard (AES), triple-DES, cryptographic hash functions), public key encryption (Diffie-Hellman key exchange protocol, RSA algorithm, Cramer-Shoup cryptosystem, EIGamal encryption system, elliptic curve techniques).
    Preferably, a cyclic module coding method is used to change the password
    Protect BE2014 / 0815. Furthermore, the result of the cryptographic method or the encryption algorithm will be referred to as the modifier code.
    In another embodiment in accordance with the present invention, said modifier code is further used in combination with the random key to generate the secure key.
    By applying a transaction approval procedure as described above, in fact not only privacy and security requirements are met, but the risks of fraud or identity theft are also eliminated, since the password is not sent unprotected over the network.
    Furthermore, the modifier code is generated by a first electronic device and sent to a server via a network.
    In a further embodiment in accordance with the present invention, the system does not store the password on the first electronic device. This feature makes the system in accordance with the present invention even more secure. It will further provide privacy to user-related information since the password is not sent to a second location in its original form. In addition, due to the cryptographic or encryption method applied to the password, an unauthorized person intercepting the modifier code will not be able to obtain the password because he / she does not possess
    BE2014 / 0815 will be from the random key and / or the cryptographic or encryption method used.
    Moreover, because of the cryptographic or encryption method used, an unauthorized person intercepting the modifier code will not know the length of the password and will not be able to find out.
    For better data protection, the password must be understood as a combination of characters such as: a combination of letters, numbers, special symbols or a combination of these.
    Furthermore, the electrical device and / or server may include means for generating the secure key by using the same method.
    A system in accordance with the present invention can be implemented for approving financial transactions and / or accessing a physical location and / or accessing an electronic platform and / or accessing a virtual platform and so on.
    EXAMPLE for generating a modifier code from a password
    A user who wishes to use a method in accordance with the present invention gains access to a designated web page and creates an account by entering a username and password. The server then checks whether the username is unique. If the result of said check is not positive, the user will be asked to choose a different username.
    BE2014 / 0815
    If the result of said check is positive, the user will receive a message confirming the creation of said account. The user then downloads and installs an application with a method in accordance with the present invention on his / her mobile device.
    Furthermore, the user gains access to his / her account on the mobile device by entering his / her username and password.
    After installing an application in accordance with the present invention, the mobile device generates one or more random number sequences. Said series can also be further created at the request of the user.
    Furthermore, the random number sequences can be generated using a randomizing function as part of said application, or the sequences can be extracted from a file or medium installed on the application, or the sequences can be data used to at least determine an image in a gallery that the user chooses.
    The random number sequences are at least 10 random number sequences, and are generated to match the numbers 0 to 9. Because the password can be a combination of characters and symbols, more sequences can be created and assigned to additional characters and symbols that be used in the password.
    Furthermore, each character or symbol of the password will be linked to a numerical value. The
    BE2014 / 0815 numeric value can further be used to refer to the corresponding random number series.
    The mobile device uses a module encryption method to generate the modifier code based on the password. The input for the module encryption method consists of the linked random number series as defined above.
    In addition, the first and second sequences referred to in this manner can be further used as input for the modulo-n encryption method, and the result of such an operation can be used as subsequent input for the routine together with the third cited random number sequence. The result of the operation will be used as input together with the fourth cited series, and so on, until the password is fully processed.
    To the result from the modulo -n- encryption method is being referred as to the modifier code • It mobile device will continue the modifier code generate and] him together with the user name via a secure link about it internet to send the server. The server shall it mobile electronic device ON base from the
    combine modifier code with the account.
    The modifier code may further be used by the user to access his / her account from a specific first electronic device and may furthermore be used to access the
    BE2014 / 0815 secure key for approving a transaction.
    If the user wishes to access the account from another electronic device, he / she would repeat the steps explained above using the same username and password, and the server will generate a different modifier code that will be further linked to the other electronic device device.
    EXAMPLE of linking a mobile device with the account (FIG 6)
    The user downloads and installs an application in accordance with the present invention on his / her mobile device and creates an account via a secure connection, such as by using a secure browser via an internet connection.
    The user will have to enter a password and a unique username for verification.
    The first time the user accesses the account with his / her mobile device, the server will connect the mobile device to the account by using the username and modifier code.
    If the user wanted to register another electronic device for the account, he / she would only have to repeat the steps as defined above. If more than one electronic device is registered for an account, the user can use the same password or the user can use different passwords for each mobile device. This feature ensures that the account is in accordance with the present invention
    BE2014 / 0815 can be used by multiple users or by the same user who accesses the account from different locations or who owns different electronic devices.
    If the user should lose his / her mobile device, access to the account can be obtained from another electronic device and appropriate measures can be taken, such as: a change of username and / or password, a change of restrictions with regard to the mobile device, or blocking the account.
    EXAMPLE of a request for an online transaction
    In another embodiment in accordance with the present invention, said transaction may be a web-based transaction. In such a case, the user will log in by entering his / her username and password on his / her mobile device and opening a web page where a transaction approval is required to finalize either a specific step or a purchase. The user will further select the option for online payments from his / her mobile device. The website application will then communicate with the server and request permission to execute the transaction.
    The server will check if the account is valid and if the result is positive, the server can further check if the web page that the user uses is found in the transaction table, or if the web page is a registered web page in the server database, or if the page is a safe page. If the result
    BE2014 / 0815 of such a check is positive, the server can further generate a unique identity code such as for example a session ID, store this ID in the transaction table and send it further to the website application.
    In another embodiment in accordance with the present invention, the session ID can be automatically generated by the server and sent to the mobile device as soon as the user selects the option of online payment.
    Furthermore, the session ID is only valid for a certain period, such as: it can be valid for a certain number of minutes, or the session ID can be valid until the transaction is completed. Afterwards, the server will remove the session ID from the transaction table.
    Furthermore, the mobile device will send the secure key and user name to the server to approve the transaction and it can further send the session ID to the server, or the session ID can be sent to the server by the website. If the server finds the secure key and session ID in the transaction table, the transaction is approved. If the result of such a check is negative, the server can block the account or inform the user on the screen or via SMS or email, or the server can ask the user to try again.
    In a further embodiment in accordance with the present invention, the user may choose to approve an online transaction by only checking his / her mobile device.
    Use BE2014 / 0815 by opening the said web page in a browser on the mobile device.
    If the user will use his / her mobile device and an additional electronic device, such as a personal computer, to approve a transaction, the personal computer may further comprise means for scanning (e.g., by including a webcam capable of to scan the electronically readable image displayed by the mobile device) or means to obtain the secure key generated by the mobile device via NFC (Near Field Communication) and then send it to the server.
    EXAMPLE of a deferred payment
    A user logs in to the application on his / her mobile device (FIG 3) using his / her username and password. The server verifies that the username and password for the account has been saved and if the result of such a check is positive, the server then connects to the linked account. If the result of such a check is not positive, the server will ask the user to try again.
    The user can then create different levels of restriction and / or different restrictive rules for the account such as: different users or electronic devices linked to the account, or different values linked to the transaction in the case of a financial transaction, or permitted geographical radius
    BE2014 / 0815 for the mobile device, or different geographic locations for the service provider, or different service provider IDs, or different times of the day, or different days of the week, or different numbers of transaction requests per day, or different numbers of transaction requests linked to a specific limitation.
    Furthermore, the mobile device can send the restrictions to the server and the server and / or the mobile device can store the restrictions on a permanent memory.
    Furthermore, for more security, different restrictions may have different passwords. If the user requests approval of a transaction with one or more of the above limitations, the user will have to access the application on his / her mobile device and select the option for a deferred transaction.
    The user would then be able to create a new password for the transaction or use the account password. If the user uses the account password, the mobile device will generate the modifier code and the secure key. If the user decides to use a new password, the mobile device uses the new password to generate a new modifier code and send it to the server.
    The server also generates a random key and checks whether this random key is unique. If the result of the check is not positive, the server will generate a new key
    BE2014 / 0815 and repeat the check until a positive result is achieved.
    Furthermore, the server generates the secure key based on the random key and modifier code and checks in the transaction table whether the secure key is unique. If the result of the check is not positive, the server will generate a new random key and repeat the steps as described until the random key and the secure key in the transaction table are unique.
    Furthermore, the server will store the random key and secure key for the transaction and the server can send the random key and restrictions to the mobile device. For stricter security measures, the server can further start a time counter such as, for example, a time frame of 60 seconds in which the transaction can be approved. If the time frame is not met, the transaction can be marked for deletion.
    In addition, if the user chooses, the mobile device can stop the internet connection or any other means of communication with the server after the server has sent the random key to the mobile device. The mobile device will use the random key to generate the secure key and further display it as a machine-readable image at the POS of the service provider. This feature makes the system according to the present invention very simple and cost-effective to implement on any device, without additional requirements, and without the need for the mobile to connect to a device.
    BE2014 / 0815 communication network for the approval of a transaction.
    If the user wants to send a request for the approval of a transaction to the server, the mobile device will check if the transaction meets the restrictions. If the result of such a check is positive, the mobile device will send the random key stored for the transaction to the server. If the result of such a check is not positive, the server will ask the user to enter the account password, or the server will ask the user to enter the password associated with the restriction, or the server will ask the user to enter the secure key. The server may ask the user to enter the account password, or the associated restriction password, or the secure key on the mobile device, or at the service provider's POS.
    For more security, the user can select specific restrictions for which a request for a password can be accepted. For other specific limitations, if the result of the check is not positive, the server can mark the transaction as being marked for deletion.
    Furthermore, for more security, the user can set a limit on a maximum amount that can be approved with the transaction, even if the password is used.
    BE2014 / 0815
    EXAMPLE of a measured transaction (FIG 4)
    A user who is in the service area of a service provider uses an electronic device to access his account by entering his username and modifier code. Said server checks whether the account exists based on the username and modifier code. If said check has a positive result, the server generates the random key and sends it to the electronic device.
    The electronic device then generates a secure key based on the random key and the modifier code and displays it as an electronically readable image such as, for example, in a code-39 format. The service provider has a POS system in its premises that can read the code 39 format and obtain the secure key, which can be sent back to the server together with the POSID code. The server will check the identity of the POS in its database and check whether the secure key is the same as the key generated by the server.
    The server further comprises a database with registered POS ID codes and can further store details of the calculation if defined by the POS systems, such as, for example: rules for cost calculation according to: recorded time, geographical position, registered service, or the like ke.
    If the POS ID is not found in the server's database, the transaction is rejected and
    BE2014 / 0815 the user is informed on the screen or the printout of the POS system, or via sms or e-mail.
    If the secure key is not the same as the server-generated key, the server will send a message to the POS system and request a new code.
    If the secure key is the same as the server-generated key, the server will open a transaction on the account and open a timer. The server will regard the said transaction as open and ongoing.
    The server generates a second random key that will be used in combination with the user's modifier code to generate a second secure key.
    The server will store the second random key, second modifier code and additional parameters for said open transaction and the server will further send the second random key to the user's electronic device. Furthermore, the server may remove the first secure key, first modifier code, and first random key from the transaction table, or further store them in a different location on the server.
    If necessary, the user will be able to further change his / her password even after the second random key has been sent to his / her electronic device.
    If the user wants to complete said transaction, he / she will log into the electronic device and select said open transaction from the transaction list that is visible on his / her account.
    BE2014 / 0815
    Preferably said transaction cannot be deleted from the list. The user will have to select and complete it.
    The second random key associated with the transaction will be obtained by the electronic device. The electronic device will further generate the second secure key using the second random key.
    The electronic device will display the second secure key as an electronically readable image at the POS of the service provider. The POS comprises means for reading the electronically readable image and obtaining the second secure key, which is then sent to the server together with the POS ID code. The server will then validate the POSID code and stop the transaction counter.
    In addition, the server calculates the value of the transaction based on recalled stored rules for the POS system and will check the account details of the user. If after checking the amount can be covered by the user's account, the value of the transaction on the account will be blocked and the server will send a message to the POS system that the transaction has been approved. If after checking the amount cannot be covered by the user's account, the server will send a message to the POS system that the transaction has been rejected.
    Depending on the service provider may be asked for a minimum amount on the account of the
    BE2014 / 0815 user. Furthermore, the user can block a certain amount in his / her account after creating the account to facilitate such transactions and restrictions. The server can further check whether the amount is in accordance with such limitations of the service provider and then send a message to the user and / or service provider. If such restrictions are not met by checking the blocked amount, the server can block the required amount from the user's account.
    FIG 4 is a specific example of the above embodiment in accordance with the present invention wherein:
    Displays all the step in which the user enters the user name and pin on his / her mobile device, and the mobile device further calculates the modifier code based on the pin
    A2 represents the step in which the mobile device sends the user name and modifier code to the server
    A3 represents the step in which the server validates the identity of the mobile device and generates the random key and the secure key based on the modifier code
    A4 represents the step in which the server sends the modifier code to the mobile device
    A5 represents the step in which it mobile device the modifier code used to the safe key with using the random key too
    BE2014 / 0815 and further displays the secure key as an electronically readable image
    A6 represents the step in which the electronically readable image is scanned and read to be used by the POS at the service provider
    A7 represents the step in which the POS at the service provider sends the ID code and the secure key to the server
    A8 represents the step in which the server validates the ID code and the secure key, creates a new transaction on the server and sends the transaction details to the mobile device
    A9 the step where the server a positive or negative reply to the POS Bee the service provider PhD student the step shows where the POS it
    confirms or rejects a transaction request
    Bi represents the step in which the user enters his / her username and pin on his / her mobile device and selects the transaction and the mobile device will further retrieve the random key stored for the transaction
    B2 represents the step in which the mobile device uses the modifier code to generate the secure key using the random key and further shows the generated secure key as an electronically readable image
    B3 represents the step in which the image is scanned and read to be used by the POS at the service provider
    BE2014 / 0815
    B4 represents the step in which the POS at the service provider sends the ID information and the secure key to the server
    B5 represents the step in which the server validates the POSID and the secure key, the amount based
    calculates time and account details from the user further checksB6 the step displays in which the server a positive or negative answer to the POS at the service providerB7 the step displays in which the POS at the service provider transaction request confirms or
    rejects
    EXAMPLE of a contractual transaction
    A user using a system in accordance with the present invention sets a set of restrictions on his mobile device such as, for example, a limit amount for one transaction.
    A service provider using a system in accordance with the present invention sets a set of rules for calculating a price for a service as a function of time.
    The user enters the service provider's premises and gains access to his account by entering his username and modifier code on his mobile phone and sending them to the server. The server then generates a random key and returns it to the mobile device which will then generate the secure key and display it as an electronically readable image to the service provider's POS system.
    BE2014 / 0815
    The POS comprises means for scanning / reading the secure key and sending the secure key, the POS ID code and the value of the transaction to the server.
    If the secure key is correct for the transaction and if the POS ID code is registered on the server, the server will further check whether the transaction amount meets the user-defined limitations for the account. If the result of the check is positive, the server will block the amount of the user's account, start a time counter and also calculate the amount needed for the service as a function of time. The calculated amount is further compared with the amount paid in the transaction. As soon as the amount paid has been reached, the service provider and the user are informed and they can send a further transaction request to the server. If the transaction is not paid within a certain period of time, said service will not be usable or the rest of the calculated amount will be blocked on the user's account until the further transaction is approved.
    For example, if such a transaction is used as access to a particular location or as a ticket, where the value will not be exceeded within the time limit, the transaction will remain valid and visible until the end of the stay or the user can, after completing send the transaction information to the server.
    BE2014 / 0815
    EXAMPLE of a secure access
    A person who wishes to gain access to a particular location with security restrictions on access, such as: a company building, a museum, a hospital or the like, enters the premises of said location and receives access to his account on a personal electronic device or on an electronic device in the premises of the location. If he / she does not have an account set up, he / she can create one, as explained in the current trading.
    The location may have different predetermined set restrictions such as: different locations within the business space that can be accessed (different rooms, different buildings, different floors, different rooms), different periods in which such access can be used, different days of the week, different restrictions for different users, and so on.
    Once the person requests access, he / she will use his / her username and password to communicate with the server and further send a secure key, as explained in the previous embodiments. After the user and location are authenticated, the server will start a transaction and a timer can start at the same time. The user will be able to use the secure key, which is represented as an electronically readable image, according to the time constraints (after the predetermined time interval, the secure key would no longer
    BE2014 / 0815) and / or location restrictions, if said restrictions are set.
    As soon as the person tries to leave the company premises from the location, they may be asked to complete the transaction for security purposes or the transaction will be completed automatically after the time interval has elapsed.
    EXAMPLE of validating an on-demand transaction at a server (FIG 5)
    A user using a system in accordance with the present invention enters the service room of a service provider and provides the random key or the secure key to the POS system of the service provider to validate a financial transaction.
    The POS system will read the random key or the secure key and send it along with the POS ID code and the amount of the financial transaction to the server via a secure internet connection that can for example use: Secure Sockets Layer (SSL ) protocols, Transport Layer Security (TLS) protocols.
    The server will check if the transaction exists in the transaction table and is able to determine whether the user has sent the random key or the secure key to approve the transaction. Furthermore, the server will check whether the amount of the transaction does not exceed the set limit amount for the account. If the restrictions are not met and the user has sent the random key, the server will all further
    BE2014 / 0815 block transactions on the user account and warn the user.
    Furthermore, the server will check whether the identity of the POS device already exists in its database and further whether the GPS coordinates are within the user-defined radius, in case such a limitation has been determined by the user.
    If other restrictions are set by the user, the server will check whether the transaction meets these restrictions. If the result of said check is not positive, the server will block all further transactions on said user account.
    If the result of said check is positive, the server will further check the balance of the user account. If the amount of the financial transaction can be covered, the server will block the amount and send a message of confirmation of the transaction to the POS system. If the amount of the financial transaction cannot be covered, the server will send a message of refusal of the transaction to the POS system.
    权利要求:
    Claims (13)
    [1]
    CONCLUSIONS
    1. - A method for approving a transaction comprising:
    - entering a user name and password that correspond to a user account
    - generating a random key
    - generating a secure key
    With the feature that the step for generating the secure key is based on the password and the random key.
    [2]
    A method for approving a transaction according to claim 1, further comprising generating a modifier code based on the password.
    [3]
    A method for approving a transaction according to claim 2 wherein the secure key is generated based on the modifier code and the random key.
    [4]
    A method for approving the transaction according to claim 2 or 3, wherein the modifier code is generated by a first electronic device and sent via a network to a server to identify the user account.
    [5]
    A method for approving a transaction according to claim 4, wherein the first electronic device and / or the server can generate the secure key.
    [6]
    A method for approving a transaction according to claim 5, wherein the server has the secure key that it is from the electronic device
    BE2014 / 0815 compares with a transaction table stored on the server.
    [7]
    A method for approving a transaction according to claims 4 to 6, wherein the first electronic device displays the secure key and / or the random key as an electronically readable image.
    [8]
    A method for approving a transaction as claimed in any one of the preceding claims comprising a second electronic device comprising:
    - Reading the displayed safe key and / or random key
    - Sending the secure key and / or the random key and the identity information from the electronic device to the server
    [9]
    A method for approving a transaction according to claims 4 to 8 wherein the server determines whether a received key has been generated based on the password.
    [10]
    A method for approving a transaction according to claim 8 or 9, wherein the second electronic device confirms or rejects the transaction.
    [11]
    11. - A system for approving a transaction comprising:
    - Means for entering a username and password that correspond to a user account
    - Means for generating a random key
    BE2014 / 0815
    - Means for generating a secure key
    Characterized in that the means for generating the secure key further comprises means for combining the password and the random one
    include the key.12.- One system for it approve of a transaction according to claim 11 That further means in front of generating a modifier code based on it password. 13.- One system for it approve of a follow transaction s conclusion 11 in which the safe key becomes generated O basis of the
    modifier code and the random key.
    [12]
    A system for approving the transaction according to claims 12 or 13 wherein the modifier code is generated by a first electronic device and sent to a server via a network.
    [13]
    A method for approving a transaction according to claim 14, wherein the first electronic device and / or the server further comprises means for generating the secure key.
    类似技术:
    公开号 | 公开日 | 专利标题
    BE1025817B1|2019-11-18|METHOD FOR APPROVING A TRANSACTION
    US9870453B2|2018-01-16|Direct authentication system and method via trusted authenticators
    CA2662033C|2016-05-03|Transaction authorisation system & method
    US20110142234A1|2011-06-16|Multi-Factor Authentication Using a Mobile Phone
    US10467624B2|2019-11-05|Mobile devices enabling customer identity validation via central depository
    US8407112B2|2013-03-26|Transaction authorisation system and method
    ES2566060T3|2016-04-08|Verification and authentication systems and methods
    US20140100973A1|2014-04-10|Smartphone virtual payment card
    JP2005521961A|2005-07-21|System and method for secure transaction of credit and debit cards
    US20180082283A1|2018-03-22|Shared card payment system and process
    WO2019147373A1|2019-08-01|Secure access to physical and digital assets using authentication key
    US11108558B2|2021-08-31|Authentication and fraud prevention architecture
    TW200409521A|2004-06-01|Authentication and identification system and transactions using such an authentication and identification system
    JP2006048390A|2006-02-16|Method and system for authenticating two-dimensional code user
    CA2390028A1|2001-05-31|Dual transaction authorization system and method
    US9256724B2|2016-02-09|Method and system for authorizing an action at a site
    US20140223520A1|2014-08-07|Guardian control over electronic actions
    US20200234254A1|2020-07-23|Method and Apparatus for Conducting Secure Financial and Informational Transactions via Portable Smart Devices
    US20180316687A1|2018-11-01|System and method for generating access credentials
    US20210224795A1|2021-07-22|Escrow non-face-to-face cryptocurrency transaction device and method using phone number
    US20200111082A1|2020-04-09|Digital property remittance via telephone numbers through telecom carriers
    US20160217464A1|2016-07-28|Mobile transaction devices enabling unique identifiers for facilitating credit checks
    Jacob et al.2016|QR based Card-less ATM Transactions
    US20170255939A1|2017-09-07|Method for detecting a risk of substitution of a terminal, corresponding device, program and recording medium
    KR20190126652A|2019-11-12|Electronic wallet system for electronic signature based on block chain
    同族专利:
    公开号 | 公开日
    EP2869254A1|2015-05-06|
    US20160267476A1|2016-09-15|
    EP3066626A1|2016-09-14|
    BE1025817A1|2019-07-16|
    WO2015063278A1|2015-05-07|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    WO2011032263A1|2009-09-17|2011-03-24|Meir Weis|Mobile payment system with two-point authentication|
    US20110191161A1|2010-02-02|2011-08-04|Xia Dai|Secured Mobile Transaction Device|
    GB2478712A|2010-03-15|2011-09-21|David Jackson|Authorisation system|
    WO2011128913A1|2010-04-13|2011-10-20|Pranamesh Das|Secure and shareable payment system using trusted personal device|
    US20130159195A1|2011-12-16|2013-06-20|Rawllin International Inc.|Authentication of devices|US10922693B2|2015-09-02|2021-02-16|Jpmorgan Chase Bank, N.A.|System and method for mobile device limits|
    US10372926B1|2015-12-21|2019-08-06|Amazon Technologies, Inc.|Passive distribution of encryption keys for distributed data stores|
    US10091177B1|2016-03-31|2018-10-02|EMC IP Holding Company LLC|Controlling access to a computerized resource of a mobile device based on whether the mobile device is within a vehicle that is currently moving|
    CA3045344A1|2016-12-01|2018-06-07|Royal Bank Of Canada|System and method for message recipient verification|
    US20180189781A1|2017-01-05|2018-07-05|The Toronto-Dominion Bank|Real-time approval and execution of data exchanges between computing systems|
    CN110691225B|2019-11-05|2021-04-06|杭州视洞科技有限公司|High-security encryption method for playing of AP direct connection/local area network camera|
    法律状态:
    2019-12-16| FG| Patent granted|Effective date: 20191118 |
    2021-07-15| MM| Lapsed because of non-payment of the annual fee|Effective date: 20201031 |
    优先权:
    申请号 | 申请日 | 专利标题
    EP20130191441|EP2869254A1|2013-11-04|2013-11-04|Method of approving a transaction|
    EP13191441.8|2013-11-04|
    [返回顶部]