A method of conducting secure electronic credit payments to a payment acquirer using a credit payment unit, including a smart card, a portable card reader device and a mobile phone, and a payment server. The method is based on using a unique reader key in the card reader device to encrypt all the sensitive smart card information communicated to the payment server, and thus being able to use an unsecure mobile phone to communicate with the payment server. The payment server then completes the transaction with the payment acquirer over a secure line.

A key is securely injected into a POS PIN pad processor in its usual operating environment. In response to entry of a personal identification number (PIN) into a PIN pad, the processor puts the PIN into a PIN block; puts additional random data into the PIN block; and encrypts the entire PIN block using asymmetric cryptography with a public key derived from the injected key residing in the PIN pad processor. The corresponding private key may be held securely and secretly by an acquirer processor for decrypting the PIN block to retrieve the PIN. The encrypted random data defends the PIN against dictionary attacks. Time stamp data and constant data encrypted with the PIN block enables a defense of the PIN against replay attacks and tampering. The method may also include accepting the PIN from a mobile phone in communication with the processor.

The present invention provides methods and apparatuses for verifying that a transaction is legitimate. The methods and apparatuses use protected memory space, such as kernel space of an operating system, or a separate memory space, such as is available on a SIM card of a cellular phone. The method of the invention proceeds by creating a transaction identification string (TID) and associating the TID with a transaction. The TID contains data relevant to or associated with the transaction and is typically readable by an end-user. The transaction is then interrupted until a user responds in the affirmative to allow completion of the transaction. Methods and devices used in the invention are particularly well suited to M-commerce, where transactions originating from a device are typically recognized by a merchant as coming from the owner of the device without further authentication.

A retail environment having retail terminals with data entry point devices selectively encrypts input received by the data entry point devices and passes the encrypted data to a security module. The selective encryption is based on whether or not sensitive or confidential information, such as a personal identification number (PIN) associated with a debit card, is being input. To prevent hacking of the software of the retail terminal, content destined for display on the retail terminal is authenticated prior to display. In this manner, the retail terminal may be assured that confidential information is input only when desired, and thus may be encrypted only as needed.

The invention relates to a method for reading at least one attribute stored in an ID token, wherein the ID token is assigned to a user, comprising the following steps: authenticating the user with respect to the ID token, authenticating a first computer system with respect to the ID token, after successful authentication of the user and the first computer system with respect to the ID token, read-access by the first computer system to the at least one attribute stored in the ID token for transfer of the at least one attribute to a second computer system.

A key is securely injected into a POS PIN pad processor in its usual operating environment. In response to entry of a personal identification number (PIN) into a PIN pad, the processor puts the PIN into a PIN block; puts additional random data into the PIN block; and encrypts the entire PIN block using asymmetric cryptography with a public key derived from the injected key residing in the PIN pad processor. The corresponding private key may be held securely and secretly by an acquirer processor for decrypting the PIN block to retrieve the PIN. The encrypted random data defends the PIN against dictionary attacks. Time stamp data and constant data encrypted with the PIN block enables a defense of the PIN against replay attacks and tampering. The method may also include accepting the PIN from a mobile phone in communication with the processor.

A retail environment having retail terminals with data entry point devices selectively encrypts input received by the data entry point devices and passes the encrypted data to a security module. The selective encryption is based on whether or not sensitive or confidential information, such as a personal identification number (PIN) associated with a debit card, is being input. To prevent hacking of the software of the retail terminal, content destined for display on the retail terminal is authenticated prior to display. In this manner, the retail terminal may be assured that confidential information is input only when desired, and thus may be encrypted only as needed.

A system and method for facilitating transactions utilizing phrase tokens are provided. Individual entities can be associated with unambiguous transaction phrase tokens, such as multiple word phrases. The transaction phrase tokens are associated with transaction accounts by a service provider such that the entities can complete a transaction without having to exchange transaction account information. In a transaction, a transaction phrase token is offered to an accepting party, which tenders the offered transaction phrase token to the service provider. The service provider processes the offered transaction phrase token according to configuration information specified for the transaction phrase token. The service provider can automatically process the transaction request or request additional information.

Example embodiments of systems, methods, and computer-accessible mediums for transaction authorization are provided. An exemplary system can comprise a card including an input device and a display device in data communication with a server. The server can generate an authorization passcode upon an initiation of a transaction session, and the card can receive an entered passcode through the input device, display the entered passcode on the display device, and transmit the entered passcode to the server for comparison to the authorization passcode. Upon a determination that the entered passcode is a match for the authorization passcode, the server can transmit a match notification indicating the transaction session is valid, and upon a determination that the entered passcode is a mismatch for the authorization passcode, the server can transmit a mismatch notification terminating the transaction session.

A system and method for facilitating transactions utilizing phrase tokens are provided. Individual entities can be associated with unambiguous transaction phrase tokens, such as multiple word phrases. The transaction phrase tokens are associated with transaction accounts by a service provider such that the entities can complete a transaction without having to exchange transaction account information. In a transaction, a transaction phrase token is offered to an accepting party, which tenders the offered transaction phrase token to the service provider. The service provider processes the offered transaction phrase token according to configuration information specified for the transaction phrase token. The service provider can automatically process the transaction request or request additional information.