亞洲知識產權資訊網為知識產權業界提供一個一站式網上交易平台，協助業界發掘知識產權貿易商機，並與環球知識產權業界建立聯繫。無論你是知識產權擁有者正在出售您的知識產權，或是製造商需要購買技術以提高操作效能，又或是知識產權配套服務供應商，你將會從本網站發掘到有用的知識產權貿易資訊。

返回搜索結果

Transaction Verification On Rfid-Enabled Payment And Transaction Instruments

技術優勢

This solution takes a proactive approach (instead of reacting to fraudulent transactions after they occur) and doesn’t allow any transactions to go through without user’s approval of its details (e.g, the amount for a credit card transaction). It is also important that users verify transaction details at the time of the transaction in our solution (not few days later).

技術應用

RFID enabled payment instruments

詳細技術說明

RFID tags are commonly used as payment and transaction instruments (e.g., credit, debit, ATM and voting cards). In such settings, a malicious reader can easily mislead the tag into signing or authorizing a transaction different from the one that is communicated to, or intended by, the user. This is possible because there is no direct channel from a tag to its user (i.e., no secure user interface) on regular RFID tags and the only information a user gets (e.g., a receipt, or an amount displayed on the cash register) is under the control of a potentially malicious reader. Thus, it seems impossible for a user to verify (in real time) transaction details, e.g., the amount or the currency. This problem becomes especially important with current electronic credit cards. UCI researchers have developed an approach to transaction amount verification that is designed to work with any RFID-enabled payment instrument. Its primary goal is to provide simple, secure and usable transaction verification at a Point-of-Sale (PoS). The Protocol Display enabled RFID tag (DERT) receives transaction details from the reader (seller/merchant). DERT verifies that the details (e.g., issuing bank, account number, etc.) match their counterparts in the reader PKC. Protocol is aborted in case of a mismatch. DERT extracts and displays user-verifiable data, i.e, the amount and, optionally, the currency code. It then enters a countdown stage that lasts for a predetermined duration (e.g., 10 seconds). User observes transaction information and, if the transaction amount and other details are deemed correct, presses accept button on DERT before the timer runs out. At this point, DERT signs the time-stamped transaction statement and sends it to the reader. This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT.

附加資料

Patent Number: US20130179349A1
Application Number: US13782764A
Inventor: Tsudik, Gene | Uzun, Ersin
Priority Date: 9 Nov 2010
Priority Number: US20130179349A1
Application Date: 1 Mar 2013
Publication Date: 11 Jul 2013
IPC Current: G06Q002032
US Class: 705044
Assignee Applicant: The Regents of the University of California
Title: Transaction Verification on RFID Enabled Payment and Transaction Instruments
Usefulness: Transaction Verification on RFID Enabled Payment and Transaction Instruments
Summary: Method for securing communication of wireless interface-constrained device (claimed) with reader for banks, credit card companies and companies producing equipment for Radio-frequency identification (RFID) based voting systems.
Novelty: Method for securing communication of wireless interface-constrained device with reader for e.g. banks, involves completing transaction through reader if time-stamped transaction statement is authorized to be sent to reader