Method and device for identification and authentication
First Claim
1. A method of identification and authentication of a holder of a mobile electronic transaction device in an electronic transaction process between a transaction service provider and a transaction terminal in communication via a computer network, said mobile transaction device comprising transceiver means for transmitting information to and receiving information from said transaction terminal, data input means, data processing means, data storage means having information stored therein including an externally accessible device identity, a non-retrievable reference user identification, and including a non-retrievable secret key to be processed by said processing means and used in communication with the service provider by said transceiver means over said network via the transaction terminal for validating a transaction, and means supplying electric energy to the device, said method comprising the following steps:
- transmitting the device identity to the transaction terminal;
transmitting a challenge transaction identifier to the device;
said holder entering a user identification input using said input means;
said processing means determining an authenticity of said identification input by comparison with said reference user identification; and
only on said identification input being determined as authentic;
said processing means performing a cryptographic transformation of the transaction identifier using said secret key; and
transmitting a response result of said cryptographic transformation to the service provider via said transaction terminal for validating said transaction.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and a device of identification and authentication of a holder of a mobile electronic transaction device in an electronic transaction process between a transaction service provider and a transaction terminal in communication via a computer network. A transceiver is adapted for transmitting an identity of the device to the transaction terminal and receiving a challenge transaction identifier from the service provider via the transaction terminal. A data processing device is adapted for determining an authenticity of a user identification input by comparison with a reference user identification, and for performing a cryptographic transformation of the transaction identifier using a secret key only on the identification input being determined as authentic. The transceiver is also adapted for transmitting a response result of the cryptographic transformation to the service provider via the transaction terminal for validating the transaction.
-
Citations
8 Claims
-
1. A method of identification and authentication of a holder of a mobile electronic transaction device in an electronic transaction process between a transaction service provider and a transaction terminal in communication via a computer network, said mobile transaction device comprising transceiver means for transmitting information to and receiving information from said transaction terminal, data input means, data processing means, data storage means having information stored therein including an externally accessible device identity, a non-retrievable reference user identification, and including a non-retrievable secret key to be processed by said processing means and used in communication with the service provider by said transceiver means over said network via the transaction terminal for validating a transaction, and means supplying electric energy to the device, said method comprising the following steps:
-
transmitting the device identity to the transaction terminal;
transmitting a challenge transaction identifier to the device;
said holder entering a user identification input using said input means;
said processing means determining an authenticity of said identification input by comparison with said reference user identification; and
only on said identification input being determined as authentic;
said processing means performing a cryptographic transformation of the transaction identifier using said secret key; and
transmitting a response result of said cryptographic transformation to the service provider via said transaction terminal for validating said transaction. - View Dependent Claims (2, 3)
-
-
4. A mobile electronic transaction device for identification and authentication of a holder of the device in an electronic transaction process between a transaction service provider and a transaction terminal in communication via a computer network, said mobile transaction device having contained therein:
-
transceiver means for transmitting information to and receiving information from said transaction terminal, data input means, data processing means, data storage means for storing information including an externally accessible device identity, a non-retrievable reference user identification, and including a non-retrievable secret key to be processed by said processing means and used in communication with the service provider by said transceiver means over said network via the transaction terminal for validating a transaction, and means supplying electric energy to the device;
wherein said transceiver means being adapted for transmitting the device identity to the transaction terminal and receiving a challenge transaction identifier from the service provider via the transaction terminal;
said processing means being adapted for determining an authenticity of a user identification input by comparison with said reference user identification, and for performing a cryptographic transformation of the transaction identifier using said secret key only on said identification input being determined as authentic; and
said transceiver means also being adapted for transmitting a response result of said cryptographic transformation to the service provider via said transaction terminal for validating said transaction. - View Dependent Claims (5, 6, 7, 8)
-
Specification