Method and system for securing a transaction

US 7,591,425 B1
Filed: 07/29/2006
Issued: 09/22/2009
Est. Priority Date: 08/09/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A system for authenticating a transaction, the system comprising:

a card reader unit configured to receive a card from a user and an input from the user to verify whether the user is authorized based on a verification of the input with corresponding information in the card, wherein, upon authorization of the user, the card reader is configured to generate a signal to be sent to a server or another party for the purposes of verification of the transaction;

a device configured to perform the transaction coupled directly to the device, communications between the card reader and the device being secured, wherein the card reader unit is operationally independent from the device;

wherein the device is further configured to initiate a transaction request with a server or another party;

wherein the card reader is further configured to authenticate a user of the device exclusively in the card reader unit, wherein the card reader is not involved to encrypt a transaction between the device and the server, but provides optical or multi-tone acoustical signals from the card reader unit to the transaction between the device and the server or another party, and the optical or multi-tone acoustical signals include authenticated information about the user of the device, and are received in the server or another party via the device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An autonomous and portable smartcard reader device incorporates a high level of embedded security countermeasures. Data transfers are encrypted with specific input devices, namely a light sensor/DTMF/infrared and PIN or other keyboard entry, and at the output through the use of a dual-tone encoder-decoder. The unit may be used alone or as a plug-in to another device such as a PDA, cell phone, or remote control. The reader may further be coupled to various biometric or plug-in devices to achieve at least five levels of authentication, namely, (1) the smartcard itself; (2) the smartcard reader; (2) the PIN; (3) private-key cryptography (PKI); and (5) the (optional) biometric device. These five levels account for an extremely strong authentication applicable to public networking on public/private computers, and even on TV (satellite, cable, DVD, CD AUDIO, software applications. Transactions including payments may be carried out without any risk of communication tampering, authentication misconduct or identity theft. In essence, the device is a closed box with communication ports. The emulation of the device is therefore extremely complex due to the fact that it involves PKI, hardware serialization for communication and software implementation, in conjunction with a specific hardware embodiment and service usage infrastructure component that returns a response necessary for each unique transaction link to an atomic time synchronization.

58 Citations

View as Search Results

19 Claims

1. A system for authenticating a transaction, the system comprising:
- a card reader unit configured to receive a card from a user and an input from the user to verify whether the user is authorized based on a verification of the input with corresponding information in the card, wherein, upon authorization of the user, the card reader is configured to generate a signal to be sent to a server or another party for the purposes of verification of the transaction;
  
  a device configured to perform the transaction coupled directly to the device, communications between the card reader and the device being secured, wherein the card reader unit is operationally independent from the device;
  
  wherein the device is further configured to initiate a transaction request with a server or another party;
  
  wherein the card reader is further configured to authenticate a user of the device exclusively in the card reader unit, wherein the card reader is not involved to encrypt a transaction between the device and the server, but provides optical or multi-tone acoustical signals from the card reader unit to the transaction between the device and the server or another party, and the optical or multi-tone acoustical signals include authenticated information about the user of the device, and are received in the server or another party via the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein the authenticating of the user of the device exclusively in the card reader unit comprising:
    - acquiring personal data of the user into the card reader unit;
      
      encrypting the personal data only after the user is authenticated; and
      
      encoding the encrypted personal data into the optical or multi-tone acoustical signal.
  - 3. The system of claim 1, wherein the card reader converts data in the transaction into optical or multi-tone acoustical signals to be transmitted between the device and the server or another party.
  - 4. The system of claim 1, wherein the optical signal received at the card reader unit to authenticate the transaction is a high-contrast optical signal.
  - 5. The system of claim 1, wherein the optical signal received at the card reader unit to authenticate the transaction is from one of:
    - a computer display, a liquid-crystal display, and a light-emitting diode.
  - 6. The system of claim 1, wherein the multi-tone acoustical signal is a dual tone, multi-format (DTMF) signal.
  - 7. The system of claim 1, wherein communication between the device and the server or another party involves the use of the multi-tone acoustic signal.
  - 8. The system of claim 1, wherein the multi-tone acoustic signal is an audio frequency shift keying (AFSK) signal.
  - 9. The system of claim 8, wherein the multi-tone acoustic signal is a private line (PL) signal.
  - 10. The system of claim 1, further including terminating operation of the card reader unit if a PIN entry is attempted more than a predetermined number of times.
  - 11. The system of claim 1, wherein the card reader unit further includes a biometric input;
    - and the initiating of the transaction in the device with the server or another party includes receiving biometric data through a biometric input.
  - 12. The system of claim 1, wherein information exchange subsequent to the transaction request are encrypted using one of public-key cryptography, and identity-based encryption (IBE) cryptography.
  - 13. The system of claim 1, wherein the device is one of a personal digital assistant (PDA), a hand-held remote control and a cellular telephone.
  - 14. The system of claim 1, further including storing one or more of an encrypted dynamic credit report, encrypted pre-approved payment and banking authorization numbers.
  - 15. The system of claim 14, further including sending the encrypted credit report to the server or another party credit report company with an approval of the user.
  - 16. The system of claim 1, further including providing an authentication through a remote service without allowing non-secure access.
  - 17. The system of claim 1, wherein the card reader unit is further operative to function as one of a payment device or an infrared universal remote control.

18. A method of authenticating a transaction, the method comprising:
- initiating a transaction between a device and a server or another party;
  
  requesting authentication of a user associated with the device when the server or another party demands that the transaction must be authenticated;
  
  providing a card reader unit to authenticate the transaction by;
  
  acquiring personal data of the user into the card reader unit to verify whether the user is authorized based on a verification of the input with corresponding information in the card;
  
  authenticating a user of the device exclusively in the card reader;
  
  encrypting the personal data only after the user is authenticated; and
  
  encoding the encrypted personal data into an optical or multi-tone acoustical signal; and
  
  causing the optical or multi-tone acoustical signal to be sent to the server or the another party via the device to verify the transaction between the device and the server or another party, wherein the card reader unit is not involved in encrypting the transaction between the device and the server.
- View Dependent Claims (19)
- - 19. The method of claim 18, wherein the card reader unit operates on an atomic time, and wherein the encrypting of the personal data comprises:
    - recovering the atomic time;
      
      generating a session key in accordance with the atomic time; and
      
      encrypting the personal data with the session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Brite Smart Corporation
Original Assignee
Brite Smart Corporation
Inventors
Atlan, Serge, Zuili, Patrick
Primary Examiner(s)
Lee; Seung H

Application Number

US11/460,975
Time in Patent Office

1,151 Days
Field of Search

235/383, 235/382, 235/454, 235/462.45, 235/462.46, 235/472.01, 235/472.02, 235/492
US Class Current

235/383
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G07F 7/0886   the card reader being porta...

G07F 7/1008   Active credit-cards provide...

Method and system for securing a transaction

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing a transaction

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links