WO2001027779A1 - Apparatus and method for online transaction using smart card - Google Patents

Apparatus and method for online transaction using smart card Download PDF

Info

Publication number
WO2001027779A1
WO2001027779A1 PCT/KR2000/001107 KR0001107W WO0127779A1 WO 2001027779 A1 WO2001027779 A1 WO 2001027779A1 KR 0001107 W KR0001107 W KR 0001107W WO 0127779 A1 WO0127779 A1 WO 0127779A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
smart card
encryption algorithm
client
transmitted
Prior art date
Application number
PCT/KR2000/001107
Other languages
French (fr)
Inventor
Hyun-Jun Cho
Original Assignee
Hana Bank
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hana Bank filed Critical Hana Bank
Priority to AU76908/00A priority Critical patent/AU7690800A/en
Publication of WO2001027779A1 publication Critical patent/WO2001027779A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/229Hierarchy of users of accounts
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data

Definitions

  • the present invention relates to an apparatus and a method for online transaction using a smart card, and more particularly, to an apparatus and a method for online transaction using a smart card that stores a predetermined encryption algorithm, in which transmission and reception of information or payment between a bank to a client or another bank is achieved using the smart card.
  • the non-contact type IC card includes an RF-ID card for just reading serial numbers, an RF-IC card capable of reading and writing data with basic operations, and a combination card which has the advantages of both the RF-ID card and the RF-IC card.
  • the contact type IC card which receives power and a predetermined signal from a terminal by physical contact with the terminal, is classified as a smart card if it has a microprocessor, and a memory card if it does not have a microprocessor.
  • a plastic contact type smart card a predetermined information is stored by a signal from a terminal, and information stored in the smart card is read as the smart card is passed through a card reader.
  • a bunch of plastic cards with MSRW are encrypted with the same algorithm, and banking facilities periodically distribute a bunch of the plastic cards through their branches, so the distribution cost is high.
  • the encryption algorithm of only one of the distributed plastic cards is exposed to a third party, all the plastic cards must be collected and replaced by new plastic cards.
  • a security problem may occur because the predetermined encryption algorithm for a particular banking facility is exposed to the other banking facilities.
  • an online transaction apparatus using a pair of smart cards storing a predetermined encryption algorithm comprising: a communications unit connected to a predetermined network established between a client and a bank or a banking facility, in a wired or wireless manner, the communications unit for exchanging information between the client and the bank or the banking facility; a controlling unit for encrypting information to be transmitted from the communications unit through the network using the predetermined encryption algorithm stored in one of the smart cards, or decrypting the encrypted information received through the network from the communications unit using the predetermined encryption algorithm stored in the other smart card; and an input and output unit for outputting information received by or to be transmitted from the communications unit, or inputting characters or numerals to edit the information.
  • an online transaction method using a pair of smart cards in which information is exchanged between a bank or a banking facility, and a client or another banking facility, each of the bank or banking facility and the client or another banking facility serving as a transmitter or a receiver, through a predetermined network, the method comprising the steps of: (a) providing the pair of smart cards storing the same encryption algorithm and smart card readers for reading the encryption algorithm stored in the smart cards to the transmitter and the receiver; and (b) encrypting information to be transmitted according to the encryption algorithm stored in the transmitter's smart card, and decrypting the encrypted information according to the encryption algorithm stored in the receiver's smart card.
  • the present invention provides an online transaction method using smart cards, in which information is exchanged between at least two clients including first and second clients, via at least two banking facilities including first and second banking facilities, each of the clients and banking facilities serving as a transmitter or a receiver, the first client, the first banking facility, the second client and the second banking facility being connected in succession through predetermined networks, the method comprising: providing a pair of smart cards storing the same encryption algorithm and smart card readers to a corresponding transmitter and receiver pair; once information to be transmitted to the second client is prepared by the first client, encrypting the information to be transmitted according to the encryption algorithm stored in the first client's smart card; at least one of the banking facilities editing information being transmitted by decrypting and encrypting the transmitted information according to a predetermined encryption algorithm stored in its smart card; and once the edited information is received by the second client, decrypting the received information according to the encryption algorithm stored in the second client's smart card to read the received information.
  • FIG. 1 is a block diagram of an embodiment of an online transaction apparatus using a smart card according to the present invention
  • FIG. 2 is a flowchart illustrating an embodiment of an online transaction method using a smart card according to the present invention. Best mode for carrying out the Invention
  • an embodiment of an online transaction apparatus using a smart card includes a communications unit 12, a controlling unit 14, a smart card read unit 16 and an input and output unit 18.
  • the communications unit 12 is connected to a predetermined network 10 to communicate with banking facilities, such as a bank.
  • the communications unit 12 may include a modem, and an antenna for wireless communications.
  • the controlling unit 14 When information is transmitted from the communications unit 12 through the network 10, the controlling unit 14 encrypts information to be transmitted according to a predetermined encryption algorithm stored in the smart card. When information is received by the communications unit 12 through the network 10, the controlling unit 14 decrypts the received information using the predetermined encryption algorithm stored in the smart card.
  • the controlling unit 14 may be implemented as a microprocessor or an electronic circuit having a microprocessor.
  • the input and output unit 18 includes a liquid crystal display (LCD) or a monitor for displaying information received or to be transmitted by the communications unit 12, and a keyboard for inputting or editing information.
  • the keyboard may have keys for characters or numerals.
  • the smart card read unit 16 may include a smart card reader.
  • the smart card reader can read a predetermined encryption algorithm stored in an integrated circuit (IC) or a memory embedded in a smart card (not shown) as the smart card is passed through the slit of the smart card reader.
  • IC integrated circuit
  • a memory embedded in a smart card not shown
  • FIG. 2 An embodiment of an online transaction method by the online transaction apparatus, which has the configuration as described above with reference to FIG. 1 , will be described with reference to FIG. 2.
  • each of the bank or banking facility and the client or another banking facility serve as a transmitter or a receiver.
  • an exporter and an importer who desire to exchange information via an export bank and an import bank.
  • For communications and transactions among them there are established a first network between the export and the export bank which has opened an account to the exporter, a second network between the importer and the import bank which has opened an account to the importer, and a third network between the export and import banks.
  • a pair of smart cards in which the same encryption algorithm is stored, and a smart card read unit 16 are provided to each of the transmitter and the receiver who are connected each other through the first, second or third network (step 20).
  • the encryption algorithm stored in the transmitter's smart card is read (step 21 ), and information to be transmitted is encrypted according to the read encryption algorithm and transmitted by the transmitter (step 22).
  • the transmitted information is received by the receiver (step 23).
  • the encryption algorithm stored in the receiver's smart card is read, and the information from the transmitter is decrypted according to the read encryption algorithm (step 25). Following this, transactions between the transmitter and the receiver are achieved according to the decrypted information.
  • a pair of smart cards storing a predetermined encryption algorithm are provided to the importer and the exporter.
  • the predetermined encryption algorithm stored in the smart cards is the key that ensures secured transmission and reception of information for transactions.
  • the exporter when an exporter desires to transmit information for a contrast with an importer, the exporter as a transmitter passes the smart card that he or she has through the smart card read unit 16 to read the encryption algorithm stored in the smart card so as to send a predetermined information to the export bank concerned, which acts as a receiver in this communications (step 21 ). Then, the information to be transmitted to the export bank is encrypted by the controlling unit 14 shown in FIG. 1 according to the encryption algorithm read by the smart card read unit 16 (step 22).
  • the encrypted information is transmitted through the communications unit 12 and the network 10 to the export bank, and the transmitted information is received by a communication unit of an online transaction apparatus installed at the receiver's site, i.e., at the export bank (step 23).
  • the encryption algorithm stored in the receiver's smart card which is paired with the transmitter's smart card, is read by a smart card read unit of the receiver's online transaction apparatus (step 24).
  • the encrypted information from the exporter is decrypted by a controlling unit 14 of the receiver's online transaction apparatus according to the encryption algorithm read by the smart card read unit 16 of the receiver's online transaction apparatus (step 25).
  • the inventive online transaction can be achieved between an export bank as a transmitter and an import bank as a receiver, or between an import bank as a transmitter and an importer as a receiver.
  • information from the exporter is transmitted to the export bank concerned, the import bank, and the importer in succession.
  • both the export bank and the import bank are involved in the transactions between the exporter and the importer.
  • Information on the credit status or accounts of the exporter and the importer can be transmitted or received.
  • a predetermined encryption algorithm can be stored in a smart card by at least one of the banking facilities concerned that need encryption and decryption of information for transmission and reception, or by a smart card manufacturer associated with the banking facilities.
  • a pair of smart cards for a corresponding transmitter and receiver pair for example, for the exporter and the export bank connected through the first network, for the importer and the import bank connected through the second network, and for the export bank and the import bank connected through the third network, store the same encryption algorithm therein to allow the transmitter and receiver pair to do convenient encryption or decryption of information.
  • each of the pairs of smart cards for the first network, the second network and the third network must have different encryption algorithms. It will be appreciate that although information transmitted and received through the first, second and third networks are the same, the information can be encrypted in different ways.
  • information to be transmitted is encrypted at a transmitter's site and then decrypted at a receiver's site to read the transmitted information using smart cards storing a predetermined encryption algorithm, so that there is no concern about illegal alteration of communications telegraphs.
  • Banking facilities can conveniently one-to-one communicate with their clients or other banking facilities concerned using smart cards each storing a proper encryption algorithm.
  • the encryption algorithm varies for different networks, and thus information can be exchanged with many clients or other banking facilities through a plurality of networks with increased security.
  • the encryption algorithm of a smart cart is exposed to a third party, it is enough to replace a pair of smart cards storing the encryption algorithm, without need for replacing all the smart cards distributed. Thus, the restoration costs for security becomes low.
  • each banking facility can independently produce smart cards for transactions with its clients, and set a predetermined encryption algorithm for the smart cards. No conflict of interest between the competitive banking facilities in manufacturing smart cards occurs.

Abstract

Online transaction apparatus and method using a smart card storing a predetermined encryption algorithm, for use in a bank to transmit information to a client or other banking facilities, receive information from a client or other banking facilities, or to perform payment, through a predetermined network. The online transaction apparatus includes a communications unit connected to a predetermined network established between a client and a bank or a banking facility, in a wired or wireless manner, the communications unit for exchanging information between the client and the bank or the banking facility; a controlling unit for encrypting information to be transmitted from the communications unit through the network using the predetermined encryption algorithm stored in one of the smart cards, or decrypting the encrypted information received through the network from the communications unit using the predetermined encryption algorithm stored in the other smart card; and an input and output unit for outputting information received by or to be transmitted form the communications unit, or inputting characters or numerals to edit the information.

Description

APPARATUS AND METHOD FOR ONLINE TRANSACTION USING SMART CARD
Technical Field The present invention relates to an apparatus and a method for online transaction using a smart card, and more particularly, to an apparatus and a method for online transaction using a smart card that stores a predetermined encryption algorithm, in which transmission and reception of information or payment between a bank to a client or another bank is achieved using the smart card.
Background Art
IC cards are largely classified into contact type or non-contact type IC cards. The non-contact type IC card includes an RF-ID card for just reading serial numbers, an RF-IC card capable of reading and writing data with basic operations, and a combination card which has the advantages of both the RF-ID card and the RF-IC card. The contact type IC card, which receives power and a predetermined signal from a terminal by physical contact with the terminal, is classified as a smart card if it has a microprocessor, and a memory card if it does not have a microprocessor. As for a plastic contact type smart card, a predetermined information is stored by a signal from a terminal, and information stored in the smart card is read as the smart card is passed through a card reader.
On the other hand, in a conventional transaction technique applied between banks, if there is a request by a client, details for transaction are exchanged between banks concerned, the transaction is established between the banks based on the details, and a predetermined amount of money is paid to clients concerned. For example, assuming that there are an importer and an exporter who desire to pay for their import and export items through import and export banks, first the importer and the exporter establish their accounts in the corresponding banks. The exporter delivers exports items to the importer via rail loads, ships or airplanes, and the importer takes the delivery from the exporter. Once the importer receives the items, the importer deposits an amount of money equal to the value of the delivered items in the import bank. Then, the import bank sends a telegraph to the export bank to request that the exporter is allowed to withdraw the money.
As for such a conventional bank-to-bank transaction technique, security for telegraphs which are communicated between the import and export banks over a predetermined wired or wireless network are based on security software, and encryption algorithm written to the magnetic stripe of a plastic card, i.e., Magnetic Stripe Read Write (MSRW). Unfortunately, the communications between the banks can be hacked using another software, or the encryption algorithm is liable to be read by a card reader. Thus, there is a security problem in transactions between the banks.
A bunch of plastic cards with MSRW are encrypted with the same algorithm, and banking facilities periodically distribute a bunch of the plastic cards through their branches, so the distribution cost is high. In addition, although the encryption algorithm of only one of the distributed plastic cards is exposed to a third party, all the plastic cards must be collected and replaced by new plastic cards. When there is a need to provide a plastic card with a predetermined encryption algorithm to clients of other banking facilities, a security problem may occur because the predetermined encryption algorithm for a particular banking facility is exposed to the other banking facilities.
Disclosure of the Invention
It is an objective of the present invention to provide online transaction apparatus and method using a smart card storing a predetermined encryption algorithm, in which information to be transmitted is encrypted and then the transmitted information is decrypted to read the information according to the predetermined encryption algorithm stored in the smart card, so that security is ensured in transmission and reception of information.
It is another objective of the present invention to provide online transaction apparatus and method using a smart card storing a predetermined encryption algorithm, in which the predetermined encryption algorithm stored in the smart card is unique for each corresponding transmitter and receiver pair, i.e., between banking facilities, or between a banking facility and its client, so that although the encryption algorithm of a certain pair of smart cards is exposed, it is enough to replace the corresponding pair of the smart cards, without need to collect and discard all the smart cards distributed, thereby lowering the system restoration cost.
According to an aspect of the present invention, there is provided an online transaction apparatus using a pair of smart cards storing a predetermined encryption algorithm, comprising: a communications unit connected to a predetermined network established between a client and a bank or a banking facility, in a wired or wireless manner, the communications unit for exchanging information between the client and the bank or the banking facility; a controlling unit for encrypting information to be transmitted from the communications unit through the network using the predetermined encryption algorithm stored in one of the smart cards, or decrypting the encrypted information received through the network from the communications unit using the predetermined encryption algorithm stored in the other smart card; and an input and output unit for outputting information received by or to be transmitted from the communications unit, or inputting characters or numerals to edit the information.
According to another aspect of the present invention, there is provided an online transaction method using a pair of smart cards, in which information is exchanged between a bank or a banking facility, and a client or another banking facility, each of the bank or banking facility and the client or another banking facility serving as a transmitter or a receiver, through a predetermined network, the method comprising the steps of: (a) providing the pair of smart cards storing the same encryption algorithm and smart card readers for reading the encryption algorithm stored in the smart cards to the transmitter and the receiver; and (b) encrypting information to be transmitted according to the encryption algorithm stored in the transmitter's smart card, and decrypting the encrypted information according to the encryption algorithm stored in the receiver's smart card.
In another embodiment, the present invention provides an online transaction method using smart cards, in which information is exchanged between at least two clients including first and second clients, via at least two banking facilities including first and second banking facilities, each of the clients and banking facilities serving as a transmitter or a receiver, the first client, the first banking facility, the second client and the second banking facility being connected in succession through predetermined networks, the method comprising: providing a pair of smart cards storing the same encryption algorithm and smart card readers to a corresponding transmitter and receiver pair; once information to be transmitted to the second client is prepared by the first client, encrypting the information to be transmitted according to the encryption algorithm stored in the first client's smart card; at least one of the banking facilities editing information being transmitted by decrypting and encrypting the transmitted information according to a predetermined encryption algorithm stored in its smart card; and once the edited information is received by the second client, decrypting the received information according to the encryption algorithm stored in the second client's smart card to read the received information.
Brief Description of the Drawings
FIG. 1 is a block diagram of an embodiment of an online transaction apparatus using a smart card according to the present invention; and FIG. 2 is a flowchart illustrating an embodiment of an online transaction method using a smart card according to the present invention. Best mode for carrying out the Invention
As shown in FIG. 1 , an embodiment of an online transaction apparatus using a smart card according to the present invention includes a communications unit 12, a controlling unit 14, a smart card read unit 16 and an input and output unit 18. In particular, the communications unit 12 is connected to a predetermined network 10 to communicate with banking facilities, such as a bank. The communications unit 12 may include a modem, and an antenna for wireless communications.
When information is transmitted from the communications unit 12 through the network 10, the controlling unit 14 encrypts information to be transmitted according to a predetermined encryption algorithm stored in the smart card. When information is received by the communications unit 12 through the network 10, the controlling unit 14 decrypts the received information using the predetermined encryption algorithm stored in the smart card. The controlling unit 14 may be implemented as a microprocessor or an electronic circuit having a microprocessor.
The input and output unit 18 includes a liquid crystal display (LCD) or a monitor for displaying information received or to be transmitted by the communications unit 12, and a keyboard for inputting or editing information. The keyboard may have keys for characters or numerals.
The smart card read unit 16 may include a smart card reader. The smart card reader can read a predetermined encryption algorithm stored in an integrated circuit (IC) or a memory embedded in a smart card (not shown) as the smart card is passed through the slit of the smart card reader.
An embodiment of an online transaction method by the online transaction apparatus, which has the configuration as described above with reference to FIG. 1 , will be described with reference to FIG. 2. When a bank or a banking facility and a client or another banking facility desire to communicate with each other through a predetermined network, each of the bank or banking facility and the client or another banking facility serve as a transmitter or a receiver. For example, it is assumed that there are an exporter and an importer who desire to exchange information via an export bank and an import bank. For communications and transactions among them, there are established a first network between the export and the export bank which has opened an account to the exporter, a second network between the importer and the import bank which has opened an account to the importer, and a third network between the export and import banks. Information exchange through one of the first, second and third networks will be described below. A pair of smart cards in which the same encryption algorithm is stored, and a smart card read unit 16 are provided to each of the transmitter and the receiver who are connected each other through the first, second or third network (step 20). The encryption algorithm stored in the transmitter's smart card is read (step 21 ), and information to be transmitted is encrypted according to the read encryption algorithm and transmitted by the transmitter (step 22). When the encrypted information is transmitted, the transmitted information is received by the receiver (step 23). The encryption algorithm stored in the receiver's smart card is read, and the information from the transmitter is decrypted according to the read encryption algorithm (step 25). Following this, transactions between the transmitter and the receiver are achieved according to the decrypted information. In other words, when an import-and-export contrast is settled between the import and the exporter, a pair of smart cards storing a predetermined encryption algorithm are provided to the importer and the exporter. The predetermined encryption algorithm stored in the smart cards is the key that ensures secured transmission and reception of information for transactions. When the importer and the exporter communicates with the import and export banks concerned, information to be transmitted is encrypted with the predetermined encryption algorithm stored in the transmitter's smart card. Once the information is received, the received information is decrypted with the predetermined encryption algorithm stored in the receiver's smart card.
For example, when an exporter desires to transmit information for a contrast with an importer, the exporter as a transmitter passes the smart card that he or she has through the smart card read unit 16 to read the encryption algorithm stored in the smart card so as to send a predetermined information to the export bank concerned, which acts as a receiver in this communications (step 21 ). Then, the information to be transmitted to the export bank is encrypted by the controlling unit 14 shown in FIG. 1 according to the encryption algorithm read by the smart card read unit 16 (step 22).
The encrypted information is transmitted through the communications unit 12 and the network 10 to the export bank, and the transmitted information is received by a communication unit of an online transaction apparatus installed at the receiver's site, i.e., at the export bank (step 23). Once the transmitted information is received by the export bank, the encryption algorithm stored in the receiver's smart card, which is paired with the transmitter's smart card, is read by a smart card read unit of the receiver's online transaction apparatus (step 24). Then, the encrypted information from the exporter is decrypted by a controlling unit 14 of the receiver's online transaction apparatus according to the encryption algorithm read by the smart card read unit 16 of the receiver's online transaction apparatus (step 25).
Although the previous embodiment is described with reference to the exporter as a transmitter, and the export bank as a receiver, it will be appreciate that the inventive online transaction can be achieved between an export bank as a transmitter and an import bank as a receiver, or between an import bank as a transmitter and an importer as a receiver. In practice, information from the exporter is transmitted to the export bank concerned, the import bank, and the importer in succession. In this case, both the export bank and the import bank are involved in the transactions between the exporter and the importer. Information on the credit status or accounts of the exporter and the importer can be transmitted or received. A predetermined encryption algorithm can be stored in a smart card by at least one of the banking facilities concerned that need encryption and decryption of information for transmission and reception, or by a smart card manufacturer associated with the banking facilities.
There is no need to let a client who desires to send and receive information using a smart card, i.e., the exporter or the importer, know the encryption algorithm itself stored in his or her smart card. In other words, it is enough for the client to just pass his or her smart card through a smart card read unit 16. Then, information received or to be transmitted is decrypted or encrypted by a controlling unit 14 according to the encryption algorithm read by the smart card reader.
On the other hand, a pair of smart cards for a corresponding transmitter and receiver pair, for example, for the exporter and the export bank connected through the first network, for the importer and the import bank connected through the second network, and for the export bank and the import bank connected through the third network, store the same encryption algorithm therein to allow the transmitter and receiver pair to do convenient encryption or decryption of information. However, each of the pairs of smart cards for the first network, the second network and the third network must have different encryption algorithms. It will be appreciate that although information transmitted and received through the first, second and third networks are the same, the information can be encrypted in different ways. While this invention has been particularly shown and described with reference to preferred embodiments and drawings thereof, the preferred embodiments and the drawings are merely illustrative and are not intended to limit the scope of the invention. It will be understood by those skilled in the art that various changes in form and details may be made to the described embodiments without departing from the spirit and scope of the invention as defined by the appended claims. Industrial Applicability
As previously mentioned, information to be transmitted is encrypted at a transmitter's site and then decrypted at a receiver's site to read the transmitted information using smart cards storing a predetermined encryption algorithm, so that there is no concern about illegal alteration of communications telegraphs. Banking facilities can conveniently one-to-one communicate with their clients or other banking facilities concerned using smart cards each storing a proper encryption algorithm. The encryption algorithm varies for different networks, and thus information can be exchanged with many clients or other banking facilities through a plurality of networks with increased security. Although the encryption algorithm of a smart cart is exposed to a third party, it is enough to replace a pair of smart cards storing the encryption algorithm, without need for replacing all the smart cards distributed. Thus, the restoration costs for security becomes low. Furthermore, each banking facility can independently produce smart cards for transactions with its clients, and set a predetermined encryption algorithm for the smart cards. No conflict of interest between the competitive banking facilities in manufacturing smart cards occurs.

Claims

What is claimed is:
1. An online transaction apparatus using a pair of smart cards storing a predetermined encryption algorithm, comprising: a communications unit connected to a predetermined network established between a client and a bank or a banking facility, in a wired or wireless manner, the communications unit for exchanging information between the client and the bank or the banking facility; a controlling unit for encrypting information to be transmitted from the communications unit through the network using the predetermined encryption algorithm stored in one of the smart cards, or decrypting the encrypted information received through the network from the communications unit using the predetermined encryption algorithm stored in the other smart card; and an input and output unit for outputting information received by or to be transmitted from the communications unit, or inputting characters or numerals to edit the information.
2. The online transaction apparatus of claim 1 , further comprising a smart card reader for reading the determined encryption stored in the smart cards as one of the smart cards is inserted into the smart card reader.
3. An online transaction method using a pair of smart cards, in which information is exchanged between a bank or a banking facility, and a client or another banking facility, each of the bank or banking facility and the client or another banking facility serving as a transmitter or a receiver, through a predetermined network, the method comprising the steps of:
(a) providing the pair of smart cards storing the same encryption algorithm and smart card readers for reading the encryption algorithm stored in the smart cards to the transmitter and the receiver; and
(b) encrypting information to be transmitted according to the encryption algorithm stored in the transmitter's smart card, and decrypting the encrypted information according to the encryption algorithm stored in the receiver's smart card.
4. The online transaction method of claim 3, wherein step (b) comprises: once the information to be transmitted to the receiver is prepared by the transmitter, reading the encryption algorithm stored in the transmitter's smart card using the transmitter's smart card reader; encrypting the information to be transmitted according to the encryption algorithm read by the smart card reader; transmitting the encrypted information through the predetermined network to the receiver, and receiving the transmitted information; once the transmitted information is received by the receiver, reading the encryption algorithm stored in the receiver's smart card using the receiver's smart card reader; and decoding the received information according to the encryption algorithm read by the receiver's smart card reader.
5. An online transaction method using smart cards, in which information is exchanged between at least two clients including first and second clients, via at least two banking facilities including first and second banking facilities, each of the clients and banking facilities serving as a transmitter or a receiver, the first client, the first banking facility, the second client and the second banking facility being connected in succession through predetermined networks, the method comprising: providing a pair of smart cards storing the same encryption algorithm and smart card readers to a corresponding transmitter and receiver pair; once information to be transmitted to the second client is prepared by the first client, encrypting the information to be transmitted according to the encryption algorithm stored in the first client's smart card; at least one of the banking facilities editing information being transmitted by decrypting and encrypting the transmitted information according to a predetermined encryption algorithm stored in its smart card; and once the edited information is received by the second client, decrypting the received information according to the encryption algorithm stored in the second client's smart card to read the received information.
6. The online transaction method of claim 5, wherein a pair of smart cards for each of the predetermined networks, between the first client and the first banking facility, between the first and second banking facilities, and between the second banking facility and the second client, store different encryption algorithms.
PCT/KR2000/001107 1999-10-08 2000-10-04 Apparatus and method for online transaction using smart card WO2001027779A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU76908/00A AU7690800A (en) 1999-10-08 2000-10-04 Apparatus and method for online transaction using smart card

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1999/43512 1999-10-08
KR10-1999-0043512A KR100457994B1 (en) 1999-10-08 1999-10-08 Apparatus and method of on-line approve by smart card

Publications (1)

Publication Number Publication Date
WO2001027779A1 true WO2001027779A1 (en) 2001-04-19

Family

ID=19614547

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2000/001107 WO2001027779A1 (en) 1999-10-08 2000-10-04 Apparatus and method for online transaction using smart card

Country Status (4)

Country Link
KR (1) KR100457994B1 (en)
CN (1) CN1387647A (en)
AU (1) AU7690800A (en)
WO (1) WO2001027779A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100438409C (en) * 2006-06-22 2008-11-26 北京飞天诚信科技有限公司 Intelligent card with financial-transaction message processing ability and its method

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100408890B1 (en) * 2000-06-20 2003-12-11 케이비 테크놀러지 (주) Method for certificating an credit dealing using a multi-certificated path and system thereof
KR20020026505A (en) * 2002-03-04 2002-04-10 이성훈 ISPpayment service method for e-commerce using portable security device
KR20040006651A (en) * 2002-07-13 2004-01-24 한국아이씨카드연구조합 Security system and method in buying device based on the smart card
KR100719798B1 (en) * 2004-10-27 2007-05-18 이니텍(주) Banking Method and On-line Transaction Method Using Banking IC Card and Computer
CN101009555B (en) * 2006-12-29 2010-12-29 北京飞天诚信科技有限公司 An intelligent secret key device and the method for information interaction with the host
KR100893125B1 (en) * 2007-07-27 2009-04-10 (주)세나라플러스 Method and system for providing financial service using personal automatic teller machine performing process self encryption
CN101127954B (en) * 2007-09-21 2010-08-18 冯卫东 A method for transmitting data via mobile phone dialing communication or GRPS packet communication technology
CN102315940B (en) * 2011-09-08 2013-09-18 飞天诚信科技股份有限公司 Data transmission and processing system and method thereof
CN104715545A (en) * 2015-03-17 2015-06-17 萧东 Safe automatic transaction machine and method thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4736094A (en) * 1984-04-03 1988-04-05 Omron Tateisi Electronics Co. Financial transaction processing system using an integrated circuit card device
US5461217A (en) * 1994-02-08 1995-10-24 At&T Ipm Corp. Secure money transfer techniques using smart cards
US5793027A (en) * 1994-12-19 1998-08-11 Samsung Electronics Co., Ltd. IC card for credit transactions and credit transaction apparatus and method using the same
US5943423A (en) * 1995-12-15 1999-08-24 Entegrity Solutions Corporation Smart token system for secure electronic transactions and identification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4736094A (en) * 1984-04-03 1988-04-05 Omron Tateisi Electronics Co. Financial transaction processing system using an integrated circuit card device
US5461217A (en) * 1994-02-08 1995-10-24 At&T Ipm Corp. Secure money transfer techniques using smart cards
US5793027A (en) * 1994-12-19 1998-08-11 Samsung Electronics Co., Ltd. IC card for credit transactions and credit transaction apparatus and method using the same
US5943423A (en) * 1995-12-15 1999-08-24 Entegrity Solutions Corporation Smart token system for secure electronic transactions and identification

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100438409C (en) * 2006-06-22 2008-11-26 北京飞天诚信科技有限公司 Intelligent card with financial-transaction message processing ability and its method

Also Published As

Publication number Publication date
KR100457994B1 (en) 2004-11-18
KR20010036485A (en) 2001-05-07
AU7690800A (en) 2001-04-23
CN1387647A (en) 2002-12-25

Similar Documents

Publication Publication Date Title
JP3802074B2 (en) Transaction method with portable identification elements
US4536647A (en) Pocket banking terminal, method and system
US6185307B1 (en) Cryptography security for remote dispenser transactions
AU2008268326B2 (en) System and method for account identifier obfuscation
US6539364B2 (en) Electronic cash implementing method and equipment using user signature and recording medium recorded thereon a program for the method
US5832090A (en) Radio frequency transponder stored value system employing a secure encryption protocol
AU663739B2 (en) Value transfer system
EP3171540B1 (en) Key delivery system and method
EP2182461A1 (en) Information processing apparatus, method for switching cipher and program
WO2010135154A2 (en) Device including encrypted data for expiration date and verification value creation
US7222108B2 (en) Electronic cash implementing method and equipment using user signature and recording medium recorded thereon a program for the method
CN101138242A (en) An interactive television system
US6321213B1 (en) Electronic money processing method having a transaction fee collecting function and an electronic money storage apparatus for the same
CN101329786A (en) Method and system for acquiring bank card magnetic track information or payment application for mobile terminal
CN101330675B (en) Mobile payment terminal equipment
WO2001027779A1 (en) Apparatus and method for online transaction using smart card
CN101223729A (en) Updating a mobile payment device
JPH1020778A (en) Encoding device, decoding device and ic card
JPH05504643A (en) money transfer system
KR20030074853A (en) Method and apparatus for person confirmation of finance/identification card in commercial pay through mobile unit
JP3113063B2 (en) Information processing system
JP2000507380A (en) Safety module
AU8349998A (en) Secure transactions
KR100696077B1 (en) IC card issuing system using a SAM server and method thereof
JPH0447862B2 (en)

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 008152764

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 10110063

Country of ref document: US

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP