Method for carrying out a secure electronic transaction using a portable data support

DC CAFC

US 8,205,249 B2
Filed: 10/23/2003
Issued: 06/19/2012
Est. Priority Date: 10/24/2002
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for effecting a secure electronic transaction on a terminal using a portable data carrier arranged to perform different quality user authentication methods, wherein the portable data carrier performs a user authentication using one of said different user authentication methods, the portable data carrier confirms the proof of authentication to the terminal, and the portable data carrier then performs a security-establishing operation within the electronic transaction, comprising the steps of creating authentication quality information by the portable data carrier about said user authentication method used and attaching said authentication quality information to the result of the security-establishing operation, wherein the difference in quality of said user authentication methods varies between an inherently relatively lower quality and an inherently relatively higher quality from a security perspective.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

3 Petitions

Accused Products

Abstract

A method for effecting a secure electronic transaction on a terminal using a portable data carrier is proposed. According to the method a user (30) first authenticates himself vis-à-vis the portable data carrier (20). The portable data carrier (20) at the same time produces quality information about how authentication was done. The authentication is confirmed to the terminal (14). Then the portable data carrier (20) performs a security-establishing operation within the transaction, for example the creation of a digital signature. It attaches the quality information to the result of the security-establishing operation.

67 Citations

View as Search Results

13 Claims

1. A method for effecting a secure electronic transaction on a terminal using a portable data carrier arranged to perform different quality user authentication methods, wherein the portable data carrier performs a user authentication using one of said different user authentication methods, the portable data carrier confirms the proof of authentication to the terminal, and the portable data carrier then performs a security-establishing operation within the electronic transaction, comprising the steps of creating authentication quality information by the portable data carrier about said user authentication method used and attaching said authentication quality information to the result of the security-establishing operation, wherein the difference in quality of said user authentication methods varies between an inherently relatively lower quality and an inherently relatively higher quality from a security perspective.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the security-establishing operation performed by the portable data carrier comprises creating a digital signature.
  - 3. The method according to claim 1, wherein the authentication of the user is performed by presentation of a biometric feature.
  - 4. The method according to claim 3, wherein the authentication of the user is performed by presentation of a physiological or behavior-based feature characteristic of a user.
  - 5. The method according to claim 1, wherein the authentication of the user is performed by proof of knowledge of a secret.
  - 6. The method according to claim 1, wherein at least two different authentication methods of different quality are offered for authentication of the user.
  - 7. The method according to claim 6, wherein the particular authentication methods not used are disabled.
  - 8. The method according to claim 6, wherein no quality information is produced for an authentication method.
  - 9. The method according to claim 1, wherein a user is asked to select an authentication method.

10. A portable data carrier for performing a security-establishing operation within a secure electronic transaction and arranged to perform different quality user authentication methods, wherein the difference in quality of said user authentication methods varies between an inherently relatively lower quality and an inherently relatively higher quality from a security perspective, comprising:
- the portable data carrier is arranged to perform a user authentication using one of said implemented user authentication methods and the portable data carrier is arranged to confirm the authentication to a terminal, and wherein the data carrier is arranged to create quality information about said user authentication method used and to attach such quality information to the result of the security establishing operation.
- View Dependent Claims (11, 12)
- - 11. The data carrier according to claim 10, wherein the portable data carrier is set up to create a digital signature.
  - 12. The data carrier according to claim 10, wherein the data carrier supports at least two qualitatively different authentication methods.

13. A terminal for use in connection with a portable data carrier, said terminal including a device arranged to cause a user to select one of at least two possible different quality authentication methods, wherein the portable data carrier is arranged to perform a user authentication using one of the at least two possible different quality authentication methods and to confirm the authentication to the terminal, and the data carrier is arranged to create quality information about the authentication method used and to attach such quality information to the result of a security establishing operation, the difference in quality of said authentication methods varies between an inherently relatively lower quality and an inherently relatively higher quality from a security perspective.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Nera Innovations Limited (Atlantic IP Services Limited)
Original Assignee
Giesecke & Devrient GmbH
Inventors
Meister, Gisela, Martin, Nigol
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
DOAN, TRANG T

Application Number

US10/531,259
Publication Number

US 20060242691A1
Time in Patent Office

3,162 Days
Field of Search

726/9, 726/20, 705/53, 713/166
US Class Current

726/9
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4014   Identity check for transact...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

Method for carrying out a secure electronic transaction using a portable data support

First Claim

5 Assignments

Litigations

3 Petitions

Accused Products

Abstract

67 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Method for carrying out a secure electronic transaction using a portable data support

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

3 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others