Method and system for securing a transaction
First Claim
1. A system for authenticating a transaction, the system comprising:
- a card reader unit configured to receive a card from a user and an input from the user to verify whether the user is authorized based on a verification of the input with corresponding information in the card, wherein, upon authorization of the user, the card reader is configured to generate a signal to be sent to a server or another party for the purposes of verification of the transaction;
a device configured to perform the transaction coupled directly to the device, communications between the card reader and the device being secured, wherein the card reader unit is operationally independent from the device;
wherein the device is further configured to initiate a transaction request with a server or another party;
wherein the card reader is further configured to authenticate a user of the device exclusively in the card reader unit, wherein the card reader is not involved to encrypt a transaction between the device and the server, but provides optical or multi-tone acoustical signals from the card reader unit to the transaction between the device and the server or another party, and the optical or multi-tone acoustical signals include authenticated information about the user of the device, and are received in the server or another party via the device.
0 Assignments
0 Petitions
Accused Products
Abstract
An autonomous and portable smartcard reader device incorporates a high level of embedded security countermeasures. Data transfers are encrypted with specific input devices, namely a light sensor/DTMF/infrared and PIN or other keyboard entry, and at the output through the use of a dual-tone encoder-decoder. The unit may be used alone or as a plug-in to another device such as a PDA, cell phone, or remote control. The reader may further be coupled to various biometric or plug-in devices to achieve at least five levels of authentication, namely, (1) the smartcard itself; (2) the smartcard reader; (2) the PIN; (3) private-key cryptography (PKI); and (5) the (optional) biometric device. These five levels account for an extremely strong authentication applicable to public networking on public/private computers, and even on TV (satellite, cable, DVD, CD AUDIO, software applications. Transactions including payments may be carried out without any risk of communication tampering, authentication misconduct or identity theft. In essence, the device is a closed box with communication ports. The emulation of the device is therefore extremely complex due to the fact that it involves PKI, hardware serialization for communication and software implementation, in conjunction with a specific hardware embodiment and service usage infrastructure component that returns a response necessary for each unique transaction link to an atomic time synchronization.
58 Citations
19 Claims
-
1. A system for authenticating a transaction, the system comprising:
-
a card reader unit configured to receive a card from a user and an input from the user to verify whether the user is authorized based on a verification of the input with corresponding information in the card, wherein, upon authorization of the user, the card reader is configured to generate a signal to be sent to a server or another party for the purposes of verification of the transaction; a device configured to perform the transaction coupled directly to the device, communications between the card reader and the device being secured, wherein the card reader unit is operationally independent from the device; wherein the device is further configured to initiate a transaction request with a server or another party; wherein the card reader is further configured to authenticate a user of the device exclusively in the card reader unit, wherein the card reader is not involved to encrypt a transaction between the device and the server, but provides optical or multi-tone acoustical signals from the card reader unit to the transaction between the device and the server or another party, and the optical or multi-tone acoustical signals include authenticated information about the user of the device, and are received in the server or another party via the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of authenticating a transaction, the method comprising:
-
initiating a transaction between a device and a server or another party; requesting authentication of a user associated with the device when the server or another party demands that the transaction must be authenticated; providing a card reader unit to authenticate the transaction by; acquiring personal data of the user into the card reader unit to verify whether the user is authorized based on a verification of the input with corresponding information in the card; authenticating a user of the device exclusively in the card reader; encrypting the personal data only after the user is authenticated; and encoding the encrypted personal data into an optical or multi-tone acoustical signal; and causing the optical or multi-tone acoustical signal to be sent to the server or the another party via the device to verify the transaction between the device and the server or another party, wherein the card reader unit is not involved in encrypting the transaction between the device and the server. - View Dependent Claims (19)
-
Specification