WO2002050743A1 - Method and system for using optical data cards as portable secure unified platforms for performing a variety of secure on-line transactions - Google Patents

Method and system for using optical data cards as portable secure unified platforms for performing a variety of secure on-line transactions Download PDF

Info

Publication number
WO2002050743A1
WO2002050743A1 PCT/US2001/003764 US0103764W WO0250743A1 WO 2002050743 A1 WO2002050743 A1 WO 2002050743A1 US 0103764 W US0103764 W US 0103764W WO 0250743 A1 WO0250743 A1 WO 0250743A1
Authority
WO
WIPO (PCT)
Prior art keywords
optical data
line
secure
pki
users
Prior art date
Application number
PCT/US2001/003764
Other languages
French (fr)
Inventor
Jakob Peled
Bezalel Livne
Ayelet Eshel
Original Assignee
Cd Card Ltd.
Friedman, Mark, M.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cd Card Ltd., Friedman, Mark, M. filed Critical Cd Card Ltd.
Priority to AU2001238037A priority Critical patent/AU2001238037A1/en
Publication of WO2002050743A1 publication Critical patent/WO2002050743A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/04Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the shape
    • G06K19/041Constructional details
    • G06K19/042Constructional details the record carrier having a form factor of a credit card and including a small sized disc, e.g. a CD or DVD
    • G06K19/044Constructional details the record carrier having a form factor of a credit card and including a small sized disc, e.g. a CD or DVD comprising galvanic contacts for contacting an integrated circuit chip thereon
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/346Cards serving only as information carrier of service
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Abstract

A method and system for using optical data cards (12) as portable secure unified platforms or as portable secure authentication platforms for performing a variety of secure on-line transactions. Optical data cards (12) are formatted, prepared, issued, and used, with at least one of PKI, challenge response, Kerberos, symmetric key, usr name password, one-time-password, and peripheral device, types of one-line user/transaction authentication protocols, and, preferably, with at least one of SSL ,3DSSL, SET, 3DSET, EMV, PAN, virtual credit or debit card, electronic wallet, prepaid micropayment, home or corporate banking, stocks, bonds, and commidities trading, insurance, heath related, corporate networking, and peripheral device (34), types of secure on-line transaction protocols, for performing the variety of secure on-line transactions. The secure on-line transactions are performed in the area of electronic commerce including payment, banking, stocks, bond, and commodity trading, insurance, and health related applications, in the area of PC security including PC log-on and PC data encryption applications, and, in the area of roaming accessibility including local or remote network log-on applicartions such as accessing an e-mail server, a file server, or a database.

Description

METHOD AND SYSTEM FOR USING OPTICAL DATA CARDS AS PORTABLE SECURE UNIFIED PLATFORMS FOR PERFORMING A VARIETY OF SECURE ON-LINE TRANSACTIONS
FIELD AND BACKGROUND OF THE INVENTION
The present invention relates to the general field of performing on-line transactions and, more particularly, to a method and system for using optical data cards as portable secure unified platfonns for performing a variety of secure on-line transactions. In a preferred embodiment, each optical data card is formatted, prepared, and used, with at least one of a plurality of different types of on-line user/transaction authentication protocols, and, with at least one of a plurality of different types of secure on-line transaction protocols, for performing the variety of secure on-line transactions. Hereinafter, the term 'on-line' generally refers to the type or kind of transactions which are performed in a wired and/or wireless computerized electronic environment including variable amounts or combinations of necessary wired and/or wireless computerized electronic hardware, software, systems, networks, devices, equipment, mechanisms, components, and elements, and, 'human' users and operators. On-line particularly refers to the type or kind of transactions which are performed in a wired and/or wireless computerized electronic interactive communication environment such as an intranet and/or an extranet wired and/or wireless computerized electronic interactive communication environment, where the intranet and/or extranet is of a private or public entity or body of variable size featuring variable numbers of users and operators. The standard example of the extranet is the Internet. Hereinafter, the term 'transaction' generally refers to something transacted, done, carried out, performed, managed, or conducted, typically, but not exclusively, relating to a piece of business. Furthermore, things or items transacted can also be an action or an activity, for example, a transaction of a user, locally or remotely, logging onto a computer, or, accessing an e-mail server, a file server, or a database. Hereinafter, the phrase 'user/transaction' refers to 'user and/or transaction'. In particular, an 'on-line user/transaction authentication protocol' refers to an on-line authentication protocol which is used for on-line authenticating only a user, or, for on-line authenticating only a transaction, or, for on-line authenticating both a user and a transaction. Hereinafter, the term 'protocol' refers, in general, to digitized data and information in the form of computer software for representing and/or for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, associated with performing secure on-line transactions. In particular, a protocol refers to digitized data and information in the form of computer software for representing and/or for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, associated with on-line authenticating at least one user and/or on-line authenticating at least one on-line transaction, and/or, refers to digitized data and information, in the form of computer software, associated with performing at least one on-line transaction. More specifically, a protocol is at least one set, group, sequence, and/or series, of digitized data and information in the form of computer software for representing and/or for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, such as in the form of at least one data file, at least one text file, at least one program file, and/or, at least one combination file featuring some combination of data, text, and/or, a program, associated with on-line authenticating users and/or transactions, and/or associated with performing on-line transactions.
The current situation regarding the general field of performing on-line transactions is as follows. For most users and service providers, current techniques, methods, and equipment (software and hardware) used for perfonning on-line transactions in the areas of electronic commerce (E-commerce), PC security, and electronic roaming accessibility, are risky, feature varying levels of security, and are confusing or frustrating at best. Users who use their credit cards and other sensitive information to perform on-line transactions by way of the Internet, without taking appropriate precautions, may find it convenient in the short run, but too often find themselves as victims of malicious theft and other criminal activities. Typically, user counterparts to online transactions, such as virtual vendors and credit card issuers, in the short term, save expenses that security systems implementation entail, but, in the long term, usually experience greater losses due to fraudulent transactions and possibly irreparable, image and public relations damages. In contrast, users and their counterparts, desiring to employ the necessary safety measures to avoid exposure to risk, may find a wealth of solutions, thinking they have found sufficient security measures for performing on-line transactions, but, in actuality, end up in the midst of a confused and unfocused on-line marketplace. It appears that without the guidance of a clear and widely accepted generalized and standardized method and system for performing secure on-line transactions, each force is pulling in a different direction. Even major participants involved in performing secure on-line transactions, especially in the area of E-commerce, such as leading international credit card companies, are deeply divided on the issue of which way to turn. For example, one leading international credit card company may be a great advocate of the 3DSSL (Three Domain Secure Sockets Layer) secure on-line payment protocol, while another leading international credit card company may favor the new and improved version of the once failing SET (Secure Electronic Transaction) secure on-line payment protocol, 3DSET (Tliree Domain Secure Electronic Transaction) secure on-line payment protocol. As a result, the Internet, what should be a unified, borderless, and convenient interactive communication platform, is turning into a platform for a mixed myriad of non-intercommunicative languages and methods for perfonning a variety of on-line transactions. The on-line marketplace was, and still is, witnessing a growing number of companies providing solutions emerging each day, where most such solutions become a temporary 'buzzword' or fad, only to be quickly replaced, pushed aside or entirely out of the picture, by the next 'buzzword' or fad solution. This phenomenon is evident in every aspect in the general field of performing secure on-line transactions. Each link in the on-line transactions chain is still the subject of newly emerging teclmologies and tecliniques, be it relating to on-line user/transaction authentication protocols, or, to secure on-line transaction protocols.
The core problem is inherently rooted in the nature of the communication between remote and unknown parties. One of the most difficult problems that the Internet and other communication networks curcently face is the necessity to identify the communicating parties and to authenticate their identities. In the physical world, this is achieved by presentation of an ID card, comparison of signatures, use of notarized and certified media of exchange, and a variety of other prior art tools. In the cyber world, other, electronic based, secure on-line authentication techniques and protocols must be employed in order to verify the true identities of the communicating parties. Prior art includes teachings of on-line user/transaction authentication techniques and protocols which are capable of providing relatively high levels of security and reliability. An example of such an on-line authentication technique is the use of a computer chip in a device commonly known as the 'smart card', that without doubt is one of the most secure on-line authentication devices currently available. A significant limitation of implementing this on-line authentication technique is the need for using chip or smart card readers to enable such a technique. Currently, most deployed computers lack this piece of hardware, and as experienced by at least one leading international credit card company, even when such hardware is distributed for free, it is virtually impossible to achieve the necessary widespread deployment. Other on-line authentication techniques featuring the use of computerized personalized devices, such as biometric sensors and voice recognizers, are experiencing similar public non-acceptance at this stage, either because of their high costs or simply because most users performing on-line transactions are reluctant to install new hardware, and at times are even intimidated by such on-line authentication techniques.
There are claims that barriers and problems posed by hardware based on-line authentication and transaction techniques are non-existent with currently used software based on-line authentication and transaction techniques or protocols. However, currently employed software based on-line authentication and transaction techniques or protocols inherently feature other types of limitations and problems. Primarily among them is that software based on-line authentication and transaction techniques or protocols do not provide the same level of security since they tend to rely on a password protocol only, and lack the additional layer of evidence or authentication provided by the presence of a hardware based on-line authentication device, such as a smart card, at the time of communicating and performing on-line authentications and/or transactions.
Furthermore, there exist significant limitations with respect to features of central storage and unified operation of different types of user/transaction on-line authentication protocols, and, a variety of secure on-line transaction protocols. Similar to hardware based on-line authentication and transaction techniques, software based on-line authentication and transaction techniques require either local on-line or off-line communication with service providers and installation of protocol software at each workstation of a user, and hence lack portability. Specifically, a user is currently limited to downloading on-line authentication and transaction software protocols to each workstation, where downloading is repetitively performed using that same workstation for each different type of authentication or transaction protocol. This procedure must be repeated by the user at each separate workstation the user desires to perform secure on-line transactions. Currently, in order for a user to centrally store and operate in a unified way different types of user/transaction on-line authentication protocols, and, a variety of secure on-line transaction protocols, the user needs to 'successfully' repetitively either communicate on-line or install software from a pre-distributed storage medium, typically, with a variety of service providers, and download, on a per-protocol basis, the different types of on-line user/transaction authentication protocol software and secure on-line transaction protocol software, to the same user's computerized workstation. Even when such a repetitive procedure is successfully performed, there is the issue of portability, since all the downloaded protocol software resides on a single user's computerized workstation, unless the user repeats the lengthy and complex procedure for a multiple of computerized workstations .
An excellent example of the above described inherent limitations in currently employed software based on-line authentication techniques or protocols relates to implementation of PKI (Public Key Infrastructure) systems. Most PKI systems today are built in such a way that users connect to, by way of the Internet or other computerized interactive communication networks, and request a digital certificate (featuring a combination of a PKI public key, a unique user identification (UID) number or code, a user name, optional extensions, and a certificate authority (CA) digital signature on these items) from a service provider having a certificate authority (CA) system deployed. Following connection to the CA enabled service provider, the process then requires a lengthy procedure in which each user needs to provide some means of identification, usually a user identification (UID) and a password, and then personalized or private PKI keys are generated. After the personalized or private PKI keys are generated, each user needs to send the user's public key to the server of the CA enabled service provider, which usually involves a complex manual, sometimes automated, process. After sending the public PKI key, a reply, usually by way of an e-mail letter, is sent from the server of the CA service provider, either attaching a digital certificate or requesting the user to wait until notified to reconnect to the CA enabled service provider. In either case, each user eventually receives the e-mail with the attached digital certificate file. Then, each user needs to save the digital certificate file to hard drive, followed by opening a browser, or a different software application, and go through a menu in order to upload the digital certificate to the proper location in the computer of the user. Assuming the above lengthy process is successful, which, in fact, may require several attempts, each user can then perform secure on-line transactions. This can be quite cumbersome for users who either need or desire to perform secure on-line transactions from more than one computerized workstation, or alternatively, wish to accelerate the on-line transaction process.
In addition to complexities involved in performing repetitive on-line installation and downloading of vast amounts of software, the average user performing on-line transactions still faces cumbersome tasks when attempting to communicate with a plurality of different parties on a network, be it an internal or external communication network, especially an external communication network such as the Internet. A realistic scenario is, for example, when a user needs to use a PAN (Pseudo Account Number) secure on-line transaction protocol in order to purchase goods at store 'A, and needs a 3DSET secure on-line transaction protocol in order to shop at store 'B', and, in order to transfer funds from one bank account to another bank account, the user needs a home banking type of secure on-line transaction protocol serviced by yet another service provider.
Users are not the only ones adversely affected by the necessity of employing a plurality of methods and a plurality of service provider on-line authentication and transaction protocols for performing a variety of secure on-line transactions. Also, third parties involved in performing secure on-line transactions are either compelled to heavily invest in numerous protocol and application infrastructures in order to make their Internet sites widely compatible and acceptable to a large number of users, or, are forced to gamble, due to limited funds, on which on-line techniques may be prevalent and most acceptable for attracting the most visitors to their Internet sites and services, or simply, which is mostly the case, exhibit stagnation with respect to investing in the implementation of any particular secure on-line protocol.
Currently, it appears that service providers have the upper hand, since they are usually the ones making essentially all the important decisions by which particular secure on-line transaction protocols survive or die. Unfortunately, making a multitude of dissimilar decisions leading to a plethora of incompatible techniques for performing a large variety of secure on-line transactions, translates not only to battles over users' workstation memory capacity and downloading preferences, but also requires that those same users need to manage a workstation environment whereby each updated version of a particular on-line authentication and/or transaction protocol competes with and attempts to ovenide the previous version of the downloaded on-line authentication and/or transaction protocol.
There is thus a need for, and it would be useful to have a method and system for using optical data cards as portable secure unified platfonns for performing a variety of secure on-line transactions. Moreover, there is a need for such a method and system where the optical data cards are formatted, prepared, and used, with different types of on-line user/transaction authentication protocols and with different types of secure on-line transaction protocols, for performing the variety of secure on-line transactions.
SUMMARY OF THE INVENTION
The present invention relates to a method and system for using optical data cards as portable secure unified platforms for perfonning a variety of secure on-line transactions. In a preferced embodiment, the optical data cards are fonnatted, prepared, issued, and used, as portable secure 'unified' platforms including at least one of a plurality of different types of on-line user/transaction authentication protocols, such as (i) PKI (Public Key Infrastructure), (ii) challenge response, (iii) Kerberos, (iv) symmetric key, (v) user name password, (vi) one-time-password, and (vii) additional device, types of on-line user/transaction authentication protocols, and, with at least one of a plurality of different types of secure on-line transaction protocols, such as (i) SSL (Secure Sockets Layer), (ii) 3DSSL (Three Domain Secure Sockets Layer, also known as 3DSecure), (iii) SET (Secure Electronic Transaction, also known as SET Wallet), (iv) 3DSET (Three Domain Secure Electronic Transaction), (v) EMV (Europay MasterCard Visa), (vi) PAN (Pseudo Account Number, also known as Surrogate Number), (vii) virtual credit or debit card, (viii) electronic wallet, (ix) prepaid, (x) micropayment, (xi) home and corporate banking, (xii) stocks, bonds, and commodities trading, (xiii) insurance, (xiv) health related (medical, dental, pharmaceutical), (xv) corporate networking, and (xvi) peripheral device, types of secure on-line transaction protocols, for performing the variety of secure on-line transactions.
In an alternative prefened embodiment, the optical data cards are formatted, prepared, issued, and used, as portable secure 'authentication' platforms including at least one of the above listed plurality of different types of on-line user/transaction authentication protocols, without including any on-line transaction protocol, for performing the variety of secure on-line transactions.
The secure on-line transactions are perfonned in a variety of areas featuring particular secure on-line applications, such as in the area of (1) electronic commerce, for example, featuring secure on-line payment applications, secure on-line banking applications, secure on-line stock, bond, and commodity trading applications, secure on-line insurance applications, and secure on-line health related (medical, dental, pharmaceutical) applications, in the area of (2) PC security, for example, featuring secure on-line PC log-on applications, and secure on-line PC data encryption applications, and, in the area of (3) roaming accessibility, for example, featuring secure on-line local or remote network log-on applications such as accessing an e-mail server, a file server, or a database.
Thus, according to the present invention, there is provided a method for using optical data cards as portable secure unified platforms for performing a variety of secure on-line transactions, comprising the steps of: (a) providing a plurality of formatted optical data cards each formatted for digitally recording and storing optically readable data; (b) preparing the plurality of formatted optical data cards for forming a plurality of prepared optical data cards as the portable secure unified platforms, whereby each prepared optical data card has a set of digitally recorded optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols and at least one of a plurality of different types of secure on-line transaction protocols; and (c) performing at least one of the variety of secure on-line transactions by a plurality of users using the plurality of the prepared optical data cards.
According to another aspect of the present invention, there is provided a method for using optical data cards as portable secure authentication platforms for performing a variety of secure on-line transactions, comprising the steps of: (a) providing a plurality of formatted optical data cards each formatted for digitally recording and storing optically readable data; (b) preparing the plurality of formatted optical data cards for forming a plurality of prepared optical data cards as the portable secure unifiedjplatforms, whereby each prepared optical data card has a set of digitally recorded optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols; and (c) performing at least one of the variety of secure on-line transactions by a plurality of users using the plurality of the prepared optical data cards.
According to another aspect of the present invention, there is provided a system for using optical data cards as portable secure unified platforms for performing a variety of secure on-line transactions, comprising: (a) a plurality of formatted and prepared optical data cards each formatted for digitally recording and storing optically readable data and prepared as the portable secure unified platform having a set of the digitally recorded optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols and including at least one of a plurality of different types of secure on-line transaction protocols; (b) a plurality of computerized processing devices for optically reading data from and/or optically writing data onto the plurality of prepared optical data cards and for interactively communicating on-line; (c) a plurality of users performing the variety of secure on-line transactions by using the plurality of prepared optical data cards and the plurality of computerized processing devices; (d) a plurality of third parties directly involved with the plurality of users performing the variety of secure on-line transactions by interactively communicating on-line with the plurality of users using the plurality of prepared optical data cards with the plurality of computerized processing devices; (e) at least one service provider for preparing and issuing the plurality of fonnatted and prepared optical data cards for the plurality of users and on-line authenticating the plurality of users performing the variety of secure on-line transactions by interactively communicating on-line with the plurality of users using the plurality of prepared optical data cards with the plurality of computerized processing devices; and (f) at least one on-line interactive communication network for the plurality of users using the plurality of prepared optical data cards with the plurality of computerized processing devices to interactively communicate on-line with the plurality of third parties and to interactively communicate on-line with the at least one service provider, whereby the plurality of users perform the variety of secure on-line transactions using the plurality of prepared optical data cards. According to another aspect of the present invention, there is provided a system for using optical data cards as portable secure authentication platforms for performing a variety of secure on-line transactions, comprising: (a) a plurality of formatted and prepared optical data cards each formatted for digitally recording and storing optically readable data and prepared as the portable secure authentication platform having a set of the digitally recorded optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols; (b) a plurality of computerized processing devices for optically reading data from and/or optically writing data onto the plurality of prepared optical data cards and for interactively communicating on-line; (c) a plurality of users performing the variety of secure on-line transactions by using the plurality of prepared optical data cards and the plurality of computerized processing devices; (d) a plurality of third parties directly involved with the plurality of users performing the variety of secure on-line transactions by interactively communicating on-line with the plurality of users using the plurality of prepared optical data cards with the plurality of computerized processing devices; (e) at least one service provider for preparing and issuing the plurality of formatted and prepared optical data cards for the plurality of users and on-line authenticating the plurality of users performing the variety of secure on-line transactions by interactively communicating on-line with the plurality of users using the plurality of prepared optical data cards with the plurality of computerized processing devices; and (f) at least one on-line interactive communication network for the plurality of users using the plurality of prepared optical data cards with the plurality of computerized processing devices to interactively communicate on-line with the plurality of third parties and to interactively communicate on-line with the at least one service provider, whereby the plurality of users perform the variety of secure on-line transactions using the plurality of prepared optical data cards.
The present invention features the following commercially applicable benefits and advantages over prior art techniques for performing secure on-line transactions. These are listed with respect to a user, an issuer or service provider, and a third party or merchant, of the method and system of the present invention.
With respect to a user: (i) Consumer Behavior Compliant - both credit cards and CD drives have long become an integral and widespread part of consumerism. The present invention clearly serves as an extension of and conforms to prevalent consumer behavior, providing added value while satisfying a widespread important commercial need, (ii) User-friendly - in a prefened embodiment of the present invention, the optical data cards are prepared and used as portable secure unified platforms with all necessary on-line authentication protocol and on-line transaction data and information software preloaded, thereby eliminating user on-line software and hardware installations and simplifying the process of a user performing secure on-line purchasing or other on-line transactions, (iii) Increased Confidence - the present invention, by way of automating, simplifying, unifying, and most of all, securing, the overall process of performing on-line transactions, helps users regain their confidence in credit cards in particular, and in performing on-line transactions in the area of E-commerce and in other areas featuring applications of secure on-line transactions, (iv) Solid Product Platform - the portable secure platforms in the form of optical data cards are operated on any standard CD-ROM drive, DVD drive, or audio CD player that has a spindle or a tray. Such platfonns are fully compatible with industry standard operating systems and platforms, which allows the user easy accessibility from different locations by means of platform portability and self-sufficiency.
With respect to an issuer or service provider: (i) Rapid and Easy Implementation - optical data card issuers or service providers can achieve swift and full method and system implementation since all steps of the method and components of the system for performing the variety of secure on-line transactions can conform to existing transaction clearing mechanisms, existing infrastructures, and prevalent consumer behavior. There is also the benefit of short 'time to market' attributed to the fact that ordinarily no user hardware or software on-line installations are required, hence consumer acceptance can be easily achieved. (ii) Wide compatibility - Implementation of the present invention offers flexible solutions that are compatible with both existing, or conversely, the lack of infrastructure of third parties such as merchants, which in turn allows issuers or service providers to become indifferent to reluctance of third parties or merchants to invest in new secure on-line transaction infrastructure, but yet achieve the required security, (iii) Scalability - The present invention allows a service provider to adjust its services to comply with shifting trends in the on-line data security and on-line transaction industries, (iv) Revenue Increase - implementation of the present invention results in dramatically reducing lack of confidence exhibited by many users of on-line transactions, thereby intrinsically increasing the number of active users performing secure on-line transactions and simultaneously increasing volumes of secure on-line transactions. Subsequently, revenues of a service provider are increased as well, (v) Loss Reduction - it is a known fact that a high percentage of the loss incurred by credit card companies derives from Internet related credit card frauds and repudiations, whereas generated income from these on-line transactions is proportionally smaller. Implementation of the present invention brings this loss to a minimum, (vi) Branding and Image Enhancement - optical data cards of the present invention function as a portable, secure, and unified, platforms for performing a variety of secure on-line transactions, and is analogous to the usage of standard conventional credit cards, thereby allowing issuers or service providers to continue their branding activities and enhance their images without the need to compete with other service providers for workstation memory and screen spaces of large numbers of users performing on-line transactions, (vii) Controlled Deployment - Unlike with software based solutions, each optical data card of the present invention is ordinarily extraneous to a user's workstation, and therefore is unaffected by other solutions and their attempts to ovenide and incapacitate previous versions of downloaded plug-in protocol software, which can ultimately deem a service provider's initial deployment efforts fruitless, (viii) Messaging and marketing platform - The available digital storage space of each optical data card can also be utilized as a messaging and marketing platform, which allows a service provider to implement its CRM (customer relationship management) tools to communicate its messages to users according to user specific profiling approaches. Furthermore, the available digital storage space can be utilized by a service provider to generate additional income by selling or renting it to sponsors and advertisers, and at the same time benefit a large number of users through promotions and discounts, (ix) Direct Hyperlinks - the wealth of Internet web sites is a growing concern for many companies struggling to attract online audience and potential user attention. With the optical data card including direct web site hyperlinks, the web site of an issuer or service provider is only a click away from each user.
With respect to a third party or merchant: (i) Easy Implementation - while designing implementation of the present invention, merchants' cunent infrastructures and product adaptation inclination were taken into serious consideration. The present invention ensures third parties' full participation in, and compatibility to, secure on-line transactions, whether they elect to invest in new infrastructure or not. Moreover, third parties benefit from the secure features and independence of the present invention from implementations of third parties, (ii) Increased Sales Volume - due to increased sense of security by users of the present invention, sales volumes of third parties are likely to increase, (iii) Loss Reduction - implementation of the present invention results in either eliminating, or, at least reducing, credit card frauds and repudiations associated with secure online E-commerce transactions. Merchants, who are currently writing off sizable portions of their income as losses due to their accountability, can now benefit from the reduction or prevention of these occurrences by implementing the present invention, (iv) Server Attack Minimization - implementation of most on-line authentication and transaction protocols of the present invention for performing secure on-line transactions in the area of E-commerce inhibits accumulation of credit card numbers on merchant servers. In this respect, third party or merchant servers will cease to act as an attractive target for cyber attackers. BRIEF DESCRIPTION OF THE DRAWING
The invention is herein described, by way of example only, with reference to the accompanying drawing, wherein: FIG. 1 is a schematic diagram illustrating an exemplary prefened embodiment of the system for using optical data cards as portable secure unified platforms, and, alternatively, as portable secure authentication platforms, for perfonning a variety of secure on-line transactions, in accordance with the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present invention relates to a method and system for using optical data cards as portable secure unified platfonns for performing a variety of secure on-line transactions.
As previously indicated above, the term 'on-line' generally refers to the type or kind of transactions which are performed in a wired and/or wireless computerized electronic environment including variable amounts or combinations of necessary wired and/or wireless computerized electronic hardware, software, systems, networks, devices, equipment, mechanisms, components, and elements, and, 'human' users and operators. On-line particularly refers to the type or kind of transactions which are performed in a wired and/or wireless computerized electronic interactive communication environment such as an intranet and/or an extranet wired and/or wireless computerized electronic interactive communication environment, where the intranet and/or extranet is of a private or public entity or body of variable size featuring variable numbers of users and operators. The standard example of the extranet is the Internet.
The term 'transaction' generally refers to something transacted, done, carried out, performed, managed, or conducted, typically, but not exclusively, relating to a piece of business. Furthermore, a transaction can also be an action or an activity, for example, a transaction of a user, locally or remotely, logging onto a computer, or, accessing an e-mail server, a file server, or a database. The phrase 'user/transaction' refers to 'user and/or transaction'. In particular, an 'on-line user/transaction authentication protocol' refers to an on-line authentication protocol which is used for on-line authenticating only a user, or, for on-line authenticating only a transaction, or, for on-line authenticating both a user and a transaction. The term 'protocol' refers, in general, to digitized data and information in the form of computer software for representing and/or for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, associated with performing secure on-line transactions. In particular, a protocol refers to digitized data and information in the form of computer software for representing and/or for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, associated with on-line authenticating at least one user and/or on-line authenticating at least one on-line transaction, and/or, refers to digitized data and information, in the form of computer software, associated with performing at least one on-line transaction. More specifically, a protocol is at least one set, group, sequence, or series, of digitized data and information in the form of computer software for representing and/or for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, such as in the form of at least one data file, at least one text file, at least one program file, and/or, at least one combination file featuring some combination of data, text, and/or a program, associated with on-line authenticating users and/or transactions, and/or associated with performing on-line transactions.
In a prefened embodiment, the optical data cards are formatted, prepared, and used, as portable secure 'unified' platforms including at least one of a plurality of different types of on-line user/transaction authentication protocols, such as (i) PKI (Public Key Infrastructure), (ii) challenge response, (iii) Kerberos, (iv) symmetric key, (v) user name password, (vi) one-time-password, and (vii) peripheral device, types of on-line user/transaction authentication protocols, and, including at least one of a plurality of different types of secure on-line transaction protocols, such as (i) SSL (Secure Sockets Layer), (ii) 3DSSL (Three Domain Secure Sockets Layer, also known as 3DSecure), (iii) SET (Secure Electronic Transaction), (iv) 3DSET (Three Domain Secure Electronic Transaction), (v) EMV (Europay MasterCard Visa), (vi) PAN (Pseudo Account Number, also known as Sunogate Number), (vii) virtual credit or debit card, (viii) electronic wallet, (ix) prepaid, (x) micropayment, (xi) home and corporate banking, (xii) stocks, bonds, and commodities trading, (xiii) insurance, (xiv) health related (medical, dental, phannaceutical), (xv) corporate networking, and (xvi) peripheral device, types of secure on-line transaction protocols, for performing the variety of secure on-line transactions. In an alternative prefened embodiment, the optical data cards are formatted, prepared, and used, as portable secure 'authentication' platforms including at least one of the above listed plurality of different types of on-line user/transaction authentication protocols, without including any on-line transaction protocol, for performing the variety of secure on-line transactions.
The secure on-line transactions are performed in a variety of areas featuring particular secure on-line applications, such as in the area of (1) electronic commerce, for example, featuring secure on-line payment applications, secure on-line banking applications, secure on-line stock, bond, and commodity trading applications, secure on-line insurance applications, and secure on-line health related (medical, dental, pharmaceutical) applications, in the area of (2) PC security, for example, featuring secure on-line PC log-on applications, and secure on-line PC data encryption applications, and, in the area of (3) roaming accessibility, for example, featuring secure on-line local or remote network log-on applications such as accessing an e-mail server, a file server, or a database. The main general aspect of novelty of the present invention is efficiently enabling a plurality of users to use optical data cards as portable secure unified or authentication platforms for performing a variety of secure on-line transactions.
A first particular aspect of novelty of the present invention is where the optical data cards as either portable secure unified platforms, or, as portable secure authentication platforms, are formatted, prepared, and used, preferably, with a plurality of different types of on-line user/transaction authentication protocols, particularly including PKI types of on-line user/transaction authentication protocols. This aspect results in relatively simple centralized creation, and, convenient and efficient large scale distribution, of digitally recorded personal or private PKI keys, digital signatures, and digital certificates, to a large number of users for performing a variety of secure on-line transactions, thereby eliminating current limitations and problems associated with off-line and/or on-line creation and distribution of personal or private PKI keys, digital signatures, and digital certificates, as exemplified in the above description of the prior art. A user simply inserts the prepared optical data card, including personal or private PKI keys, digital signatures, and digital certificates, into an optical data card reading device, such as a standard CD drive, and when prompted, is identified and authenticated by entering a password or similar identification means. Second and third particular aspects of novelty of the present invention are where the optical data cards as portable secure unified platforms, are formatted, prepared, and used, with at least one of a plurality of different types of on-line user/transaction authentication protocols, additionally featuring centralized and portable storage of various plug-ins associated with each of a variety of secure on-line transaction protocols. Centralized and portable storage of the plug-ins result in providing each user with centralized and portable control of the relevant processes needed for performing each of the variety of secure on-line transactions. The invention is implemented by users using standard PCs or laptops featuring a standard optical data card or CD reader, or any other computerized processing device equipped with a CD reader and communication capabilities, without the need for additional hardware by the users, and either eliminating, or at least minimizing, the need for users to install off-line and/or on-line additional software for performing the variety of secure on-line transactions.
A fourth particular aspect of novelty of the present invention is where the optical data cards as either portable secure unified platforms, or, as portable secure authentication platforms, are formatted, prepared, and used, preferably, with a plurality of different types of on-line user/transaction authentication protocols, particularly including PKI types of on-line user/transaction authentication protocols, and, preferably, with a plurality of different types of secure on-line transaction protocols. This aspect results in a plurality of users performing any number of the variety of secure on-line transactions according to a single generalized method and system for secure on-line authentication, thereby providing a relatively simple and efficient generalized migration path to performing future secure on-line transactions with minimal need for making changes to service provider authentication methods and systems.
It is to be understood that the invention is not limited in its application to the details of construction, arrangement, composition, and quantities, of the components, and order or sequence of steps of operation or implementation, set forth in the following description, drawing, or examples. The invention is capable of other embodiments or of being practiced or carried out in various ways. In particular, it is to be clearly understood from the following description of the method and system, that the present invention is applicable to a single user using one or more of identical and/or individualized or personalized formatted and prepared optical data cards, or, to a large number of identical and/or different users using a conespondingly large number of identical and/or individualized or personalized formatted and prepared optical data cards. Furthermore, it is to be clearly understood from the following description of the method and system, that the present invention is implemented in a wired and/or wireless computerized electronic interactive communication environment such as a wired and/or wireless intranet and/or extranet computerized electronic interactive communication environment. Also, it is to be understood that phraseology and terminology employed herein are for the purpose of description and should not be regarded as limiting.
Steps, components, operation, and implementation of a method and system for using optical data cards as portable secure unified platforms for performing a variety of secure on-line transactions, according to the present invention are better understood with reference to the following description and accompanying drawing.
Refening now to the drawing, FIG. 1 is a schematic diagram illustrating an exemplary prefened embodiment of the system, hereinafter, refened to as system 10, for using optical data cards as portable secure unified platforms, or, alternatively, as portable secure authentication platforms, for performing a variety of secure on-line transactions, in accordance with the present invention. System 10 features the following primary components:
(a) a plurality of optical data cards, represented in FIG. 1 as a single optical data card, for example, optical data card 12A, optical data card 12B, or, optical data card 12C, hereinafter, generally refened to as optical data card 12, or, as optical data cards 12, each formatted for digitally recording and storing optically readable data and prepared as a portable secure unified platform, having a set of digitally recorded optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols, and, including at least one of a plurality of different types of secure on-line transaction protocols, or, alternatively, prepared as a portable secure authentication platform, having a set of digitally recorded optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols,
(b) a plurality of computerized processing devices, represented in FIG. 1 as a single computerized processing device 14, for optically reading data from and/or optically writing data onto the plurality of prepared optical data cards 12, and, for interactively communicating on-line, (c) a plurality of users, represented in FIG. 1 as a single user 16, hereinafter, generally refened to as user 16, or, as users 16, performing the variety of secure on-line transactions by using the plurality of prepared optical data cards 12 and the plurality of computerized processing devices 14,
(d) a plurality of third parties 18, represented in FIG. 1 as a single third party 18, hereinafter, generally refened to as third party 18, or, as third parties 18, directly involved with the plurality of users 16 performing the variety of secure on-line transactions, by interactively communicating on-line with the plurality of users 16 using the plurality of prepared optical data cards 12 with the plurality of computerized processing devices 14,
(e) at least one service provider 20 for preparing and issuing the plurality of formatted optical data cards 12 for the plurality of users 16, and, usually, on-line authenticating the plurality of users 16 performing the variety of secure on-line transactions, by interactively communicating on-line with the plurality of users 16 using the plurality of prepared optical data cards 12 with the plurality of computerized processing devices 14, and
(f) at least one on-line interactive communication network 22 for the plurality of users 16 using the plurality of prepared optical data cards 12 with the plurality of computerized processing devices 14 to interactively communicate on-line with the plurality of third parties 18, and, usually, to interactively communicate on-line with the at least one service provider 20, whereby the plurality of users 16 perform the variety of secure on-line transactions.
Optical data cards 12 are fully described in detail below in Step (a), and in the other steps, of the method of the present invention. An optical data card 12 is prepared by service provider 20 as either a 'generalized' optical data card 12, or, is prepared as an 'individualized' or 'personalized' optical data card 12, as further described in Step (b) and in alternative Step (b) below, for preparing the plurality of formatted optical data cards 12. A generalized optical data card 12 is typically used by a non-specific generalized user 16 and an individualized or personalized optical data card 12 is typically used by a specific individualized or personalized user 16, as further described in Step (c) below, for performing the variety of secure on-line transactions.
The other primary, and additional, components of system 10 are further described herein, and throughout the description of the steps of the disclosed method.
Computerized processing devices 14 are preferably personal computers (PCs) or laptop computers each including a compact disc (CD) drive and reader, but, in general, are computerized processing devices which optically read data from and/or optically write data onto formatted and prepared optical data cards 12, and, for plurality of users 16 to interactively communicate on-line by way of on-line interactive communication network 22. Computerized processing devices 14 either include or are associated with variable amounts or combinations of necessary wired and/or wireless computerized electronic hardware, software, systems, networks, devices, equipment, mechanisms, components, and elements, for operating on-line in a wired and/or wireless computerized electronic interactive communication environment, such as on-line interactive communication network 22.
Users 16 are clients, consumers, or customers, issued and using optical data cards 12, and involved with the plurality of third parties 18, and usually, on-line authenticated by the at least one service provider 20, for performing the variety of secure on-line transactions in the above described exemplary areas featuring particular secure on-line applications, that is, in the areas of electronic commerce, PC security, and, roaming accessibility. Each user 16 is either a 'generalized' user 16 or an 'individualized' user 16, where a generalized user 16 uses a prepared generalized optical data card 12 and an individualized user 16 uses a prepared individualized or personalized optical data card 12, as further described in Step (b) and in alternative Step (b) below, for performing the variety of secure on-line transactions.
Third parties 18 are in general, private or public entities, bodies, or facilities, of variable sizes, directly involved with the plurality of users 16 performing the variety of secure on-line transactions, and sometimes, involved with the at least one service provider 20 on-line authenticating the plurality of users 16, by way of the plurality of prepared optical data cards 12. In particular, third parties 18 are selected from the group consisting of private businesses, vendors, merchants, institutions, organizations, and authorities, and, public businesses, vendors, merchants, institutions, organizations, and authorities, which are involved with the plurality of users 16, and sometimes, involved with the at least one service provider 20 on-line authenticating the plurality of users 16 by way of the plurality of prepared optical data cards 12, for performing the variety of secure on-line transactions by way of on-line interactive communication network 22 such as an intranet and/or an extranet such as the Internet.
A prefened category of third parties 18 includes Internet web sites of on-line retail and/or wholesale merchants selling products and/or services, such as household goods, furniture, electronic products, clothing, paper goods, books, hardware supplies, building supplies, auto supplies, medical supplies, pharmaceuticals, chemicals, and raw materials, to the plurality of users 16. Another prefened category of third parties 18 includes Internet web sites and/or extranets of on-line private or public entities, bodies, or facilities, such as corporations, companies, institutions, organizations, and authorities, hosting one or more on-line private and/or public databases of information, for example, corporate financial information, sales and/or marketing information, personal financial information, personal insurance information, personal health related (medical, dental, pharmaceutical) information, academic information, utilities billing information, to be securely on-line accessed by the plurality of users 16.
Service provider 20 is, in general, a private or public entity, body, or facility, of variable size, which prepares and issues the plurality of formatted optical data cards 12 for the plurality of users 16, and, usually, on-line authenticates the plurality of users 16 performing the variety of secure on-line transactions with above described third parties 18, by interactively communicating on-line with the plurality of users 16, and, optionally, by interactively communicating on-line with third parties 18, by way of the plurality of prepared optical data cards 12.
Preferably, each service provider 20 has either a direct or indirect authorizing, authenticating, and/or billing relationship (shown in FIG. 1 by dashed line 24 connecting users 16 to service provider 20) with the plurality of users 16, for example, by way of an established secure database of the plurality of users 16, preferably, maintained by service provider 20. Each service provider 20 obtains and manages generalized or non-personalized, and, individualized or personalized, data and information about users 16 and about that service provider 20 which are required for preparing formatted optical data cards 12, and required by the plurality of users 16, and, optionally, required by third parties 18, for using prepared optical data cards 12 for performing the variety of secure on-line transactions. Each service provider 20 is associated, either directly or indirectly, with an optical data card preparing station 26 (further described in Step (b) below) that preferably does the actual hands-on preparing of the plurality of formatted optical data cards 12 as portable secure unified platforms and/or as portable secure authentication platforms.
Each service provider 20 issues and/or distributes, either directly or indirectly, prepared optical data cards 12 to generalized users 16 and/or to individualized users 16. Each service provider 20 either includes or is associated with variable amounts or combinations of necessary wired and/or wireless computerized electronic hardware, software, systems, networks, devices, equipment, mechanisms, components, and elements, for operating on-line in a wired and/or wireless computerized electronic interactive communication environment, such as on-line interactive communication network 22.
In particular, service provider 20 is selected from the group consisting of private businesses, vendors, merchants, institutions, organizations, and authorities, and, public businesses, vendors, merchants, institutions, organizations, and authorities, which are involved in authorizing, authenticating, and/or billing, the plurality of users 16, for example, by way of an established secure database of the plurality of users 16, preferably, maintained by service provider 20. Specific examples of a service provider 20 are an issuer of credit and/or debit notes or cards, a bank, an insurance company, a stock brokerage company, an Internet service provider, a utilities (electricity, gas) company, a telephone company, a cable company, a cellular or mobile phone operator company, a government post office, an academic institute, an on-line authentication certificate authority (CA), a chain of retail and/or wholesale stores, and a health related facility such as a medical or dental clinic, a hospital, or a pharmacy.
Service provider 20 is either separate from, or, part of, one or more of above described third parties 18 involved with the plurality of users 16 performing the variety of secure on-line transactions. Specifically, for the case where a service provider 20 is separate from above described third parties 18, then, that service provider 20 prepares and issues the plurality of formatted optical data cards 12 for the plurality of users 16, and, usually, on-line authenticates the plurality of users 16 performing the variety of secure on-line transactions by interactively communicating on-line with the plurality of users 16, and, optionally, by interactively communicating on-line with third parties 18, by way of the plurality of prepared optical data cards 12.
For the case where a service provider 20 is part of an above described third party 18, then, functions and operations of that service provider 20 are merged, combined, or added, to functions and operations of that third party 18. In this case, accordingly, that third party 18 is directly involved with the plurality of users 16 performing the variety of secure on-line transactions, in addition to preparing and issuing the plurality of formatted optical data cards 12 for the plurality of users 16, and, on-line authenticating the plurality of users 16, by way of the plurality of prepared optical data cards 12, for performing the variety of secure on-line transactions by way of on-line interactive communication network 22 such as an intranet and/or an extranet such as the Internet. Similarly, for the case where a third party 18 is part of an above described service provider 20, then, functions and operations of that third party 18 are merged, combined, or added, to functions and operations of that service provider 20. In this case, accordingly, that service provider 20 prepares and issues the plurality of formatted optical data cards 12 for the plurality of users 16, and, usually, on-line authenticates the plurality of users 16, in addition to being directly involved with the plurality of users 16 performing the variety of secure on-line transactions, by way of the plurality of prepared optical data cards 12, by way of on-line interactive communication network 22 such as an intranet and/or an extranet such as the Internet. On-line interactive communication network 22 is, in general, a wired and/or wireless computerized electronic interactive communication environment including variable amounts or combinations of necessary wired and/or wireless computerized electronic hardware, software, systems, networks, devices, equipment, mechanisms, components, and elements, and, 'human' users and operators, such as a wired and/or wireless intranet and/or extranet, where the intranet or extranet is of a private or public entity, body, or facility, of variable size featuring variable numbers of users and operators. In particular, on-line interactive communication network 22 is selected from the group consisting of wired and/or wireless closed communication networks, such as an intranet of a business, institution, or organization, and, wired and/or wireless open communication networks, such as an extranet, for example, the world wide web Internet.
The prefened embodiment of the general method for operating and implementing system 10 features the following primary steps: (a) providing a plurality of formatted optical data cards each formatted for digitally recording and storing optically readable data, (b) preparing the plurality of formatted optical data cards for forming a plurality of prepared optical data cards as the portable secure 'unified' platforms each having a set of digitally recorded optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols, and, including at least one of a plurality of different types of secure on-line transaction protocols, or, alternatively, (b) preparing the plurality of formatted optical data cards for forming a plurality of prepared optical data cards as the portable secure 'authentication' platforms each having a set of digitally recorded optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols, without including any on-line transaction protocol, and (c) performing at least one of the variety of secure on-line transactions by a plurality of users using the plurality of prepared optical data cards. Details and sub-steps of each primary step of the prefened embodiment of the general method of the present invention are described herein. In Step (a), there is providing a plurality of formatted optical data cards each formatted for digitally recording and storing optically readable data.
In the present invention, each of the plurality of optical data cards 12, for example, optical data card 12 A, or, optical data card 12B, or, optical data card 12C, shown in FIG. 1, refers, in general, to a physical card made from one type of material, or, from a variety of types of materials, having variable geometrical configuration and dimensions, featuring an optical data storage area or region Al designated for digitally recording and storing optically readable data, whereby optical data card 12 fits into and is operable by a device capable of optically reading data from and/or optically writing data onto optical data card 12. Optical data storage area or region Al of optical data card 12 is formatted according to at least one of a variety of different formats selected from the group consisting of a CD-ROM (Read Only Memory) format, a CD-R (Recordable) format, a CD-RW (Read Write) format, a hybrid format of a CD-ROM format and a CD-R format, a hybrid format of a CD-ROM format and a CD-RW format, and, a DVD format, for digitally recording and storing optically readable data, which is required for each optical data card 12 to function as the portable secure unified platform for performing the variety of secure on-line transactions. Preferably, in a non-limiting way, optical data storage area or region Al has a total capacity for storing at least on the order of twenty megabytes of optically readable data on optical data card 12.
Types of materials used for making optical data card 12 are selected from the group consisting of polymeric materials, metallic materials, and composite materials. A prefened polymeric material used for making optical data card 12 is a plastic selected from the group consisting of polyvinylchloride (PVC) plastics, polycarbonate plastics, and a combination of polyvinylchloride plastics and polycarbonate plastics. A prefened polymeric material used for making optical data storage area or region Al designated for digitally recording optically readable data is a polycarbonate plastic, in accordance with currently known standards for manufacturing compact discs.
Preferably, each optical data card 12 further features at least one non-optical data storage area or region A2 designated for printing human and/or machine readable graphics data and information, and/or, for the attachment of physical features or mechanisms such as a computer chip and/or a magnetic stripe. The at least one non-optical data storage area or region A2 designated for printing human and/or machine readable graphics data and information is located on the side of optical data card 12 opposite the side of optical data storage area or region Al, indicated by dashed arrows pointing from A2 in optical data card 12A, optical data card 12B, and optical data card 12C, and/or is located on the same side of optical data card 12 as optical data storage area or region Al, as indicated by solid anows pointing from A2 in optical data card 12 A, optical data card 12B, and optical data card 12C. Graphics data and information of each non-optical data storage area or region A2 are preferably human readable graphics data and information, but, in general, are selected from the group consisting of human readable data and information, machine readable data and information, and, a combination of human readable and machine readable data and information.
A basic example of optical data card 12 is the well known standard compact disc, also refened to as CD, such as optical data card 12A, being a card made substantially of a polycarbonate plastic and of other materials known in the art of manufacturing compact discs, having a disc configuration, substantially featuring optical data storage area or region Al designated for digitally recording and storing optically readable data, and, featuring one non-optical data storage area or region A2 on the side of optical data card 12A opposite the side of optical data storage area or region Al, designated for printing human and/or machine readable graphics data and information, whereby optical data card 12A fits into and is operable by any of a variety of standard compact disc operating devices such as a compact disc reader device, or, a compact disc reader/writer device. The standard compact disc operating device is typically included as an accessory device part of a personal computer, a laptop computer, and other types of computers and processing units operated by a user, a client, a consumer, or a customer, for example, user 16 of a service provider, for example, service provider 20.
Another example of optical data card 12 is a plastic card having a symmetrical or asymmetrical circular or polygonal configuration, such as optical data card 12B, or optical data card 12C, respectively, which includes in the configuration a smaller diameter version of the previously described basic example of the standard compact disc (CD), optical data card 12A, featuring an optical data storage area or region Al designated for digitally recording and storing optically readable data, and, featuring at least one non-optical data storage area or region A2 designated for printing human and/or machine readable graphics data and information, whereby optical data card 12 fits into and is operable by any of a variety of standard or customized compact disc operating devices such as a compact disc reader device, or, a compact disc reader/writer device.
For this type of optical data card operable by a standard compact disc operating device, optical data card 12 features a centering mechanism (not shown) preferably located on the underside of optical data card 12 for holding optical data card 12 in a standard CD drive tray centering piece approximately 80 mm in diameter, assuring that optical data card 12 is conectly centered and spins without wobbling, thereby enabling proper optical reading of optical data storage area or region Al of optical data card 12. Alternatively, optical data card 12 without featuring a centering mechanism as part of optical data card 12, is operable by a customized compact disc operating device, featuring, for example, a customized CD drive tray configured with a specially built-in slot or drive tray centering piece for properly holding optical data card 12 while spinning, thereby enabling proper optical reading of optical data storage area or region Al of optical data card 12.
Preferably, optical data card 12 of the present invention is a plastic rectangular card, such as optical data card 12C, which includes in the rectangular configuration a smaller diameter version of the previously described basic example of the standard compact disc (CD), optical data card 12A, featuring an optical data storage area or region Al designated for digitally recording and storing optically readable data, and, featuring at least one non-optical data storage area or region A2 designated for printing human and/or machine readable graphics data and information, whereby optical data card 12 fits into and is operable by any of a variety of standard or customized compact disc operating devices such as a compact disc reader device, or, a compact disc reader/writer device.
More preferably, optical data card 12 of the present invention is a plastic rectangular card, such as optical data card 12C, having dimensions similar to those of a standard credit or debit card, for example, approximately 80 - 90 mm in length, approximately 50 - 60 mm in width, and approximately 0.5 - 1.5 mm in thickness, which includes in the standard credit or debit card configuration and dimensions a smaller diameter version of the previously described basic example of the standard compact disc (CD), optical data card 12A, featuring an optical data storage area or region Al designated for digitally recording and storing optically readable data, and, featuring at least one non-optical data storage area or region A2 designated for printing human and/or machine readable graphics data and information, whereby optical data card 12 fits into and is operable by any of a variety of standard or customized compact disc operating devices such as a compact disc reader device, or, a compact disc reader/writer device.
Optical data card 12 of the present invention, such as optical data card 12C, featuring standard credit or debit card configuration and dimensions is prefened for the following reasons. First, with respect to acceptance by plurality of users 16, optical data card 12 is ultimately to be used by a large number of all types of users for performing the variety of secure on-line transactions in the areas of electronic commerce, PC security, and, roaming accessibility. The use of credit and debit cards currently accounts for more than about 90 percent of Internet on-line E-commerce financial transactions, and is the most prevalent traditional or non-Internet method used, other than using cash and checks, for paying for services rendered by a service provider. Accordingly, users are well accustomed to using credit and debit cards, and therefore, using optical data card 12 having a credit or debit card form for performing the variety of secure on-line transactions enhances user adaptability and acceptance with respect to successfully implementing the method and system of the present invention.
Second, using portable optical data card 12 having a credit or debit card configuration and dimensions enables device portability, by conveniently fitting into the wallet of user 16, and therefore, immediate accessibility to essentially any personal computer, laptop computer, or other type of computerized processing device 14, featuring a device capable of optically reading data from optical data card 12, operable by user 16 of service provider 20.
Third, portable optical data card 12 having a credit or debit card configuration and dimensions includes at least one non-optical data storage area or region A2 featuring human and/or machine readable graphics data and information external to, or surrounding, optical data storage area or region Al. This feature of optical data card 12 is useful and advantageous with respect to individualizing or personalizing plurality of optical data cards 12, and with respect to individualizing or personalizing the use of plurality of optical data cards 12 by plurality of users 16.
The most prefened form of optical data card 12 of the present invention is the immediately preceding described plastic rectangular card, such as optical data card 12C, having dimensions similar to those of a standard credit or debit card, approximately 80 - 90 mm in length, approximately 50 - 60 mm in width, and approximately 0.5 - 1.5 mm in thickness, which includes in the standard credit or debit card configuration and dimensions a smaller diameter version of the previously described basic example of the standard compact disc (CD), optical data card 12A, whereby optical data card 12 fits into and is operable by computerized processing device 14 including any of a variety of standard compact disc operating devices such as a compact disc reader device, or, a compact disc reader/writer device, and, where the material sunounding the inner compact disc (CD) section, is made of a plastic used for manufacturing standard credit or debit cards, for example, a polyvinylchloride plastic.
Three specific examples of a prefened optical data card 12 applicable for implementing Step (a) of the present invention are (1) the "Calling Card" disclosed in U.S. Patent No. 6,016,298, issued to Fischer, (2) the "Trading Card Optical Compact Disc" disclosed in U.S. Patent Nos. 6,078,557 and 5,982,736, both issued to Pierson, and (3) the "Digital Data Canier" disclosed in PCT International Publication No. WO 99/62029, by Otterstein et al., all three of which are incorporated by reference for all purposes as if fully set forth herein. In each disclosure, the optical data card is a plastic rectangular card having dimensions similar to a standard credit or debit card, which includes in the disclosed configuration and dimensions a smaller diameter version of the previously described basic example of the standard compact disc (CD), whereby the optical data card fits into and is operable by any of a variety of standard compact disc operating devices such as a compact disc reader device, or, a compact disc reader/writer device. Each disclosed optical data card includes a centering mechanism, located on the underside of the optical data card for holding the optical data card in a standard CD drive tray centering piece approximately 80 mm in diameter, assuring that the optical data card is conectly centered and spins without wobbling, thereby enabling proper optical reading of the optical disc region of the optical data card.
The centering mechanism of the calling card disclosed in U.S. Patent No. 6,016,298 is based on four pins each positioned in another corner of a virtual rectangle, located on the underside of the calling card for holding the calling card in the inner ring of the standard CD drive tray. The centering mechanism of the trading card optical compact disc disclosed in U.S. Patent Nos. 6,078,557 and 5,982,736 is based on a second layer shaped with two semi-circular wings molded into the underside of the trading card for holding the trading card in the standard CD drive tray. The centering mechanism of the digital data carrier disclosed in PCT International Publication No. WO 99/62029 is based on two oppositely positioned ring pieces located on the underside of the digital data canier for holding the digital data canier in the inner ring of the standard CD drive tray. Another example of optical data card 12 applicable for implementing Step (a) of the present invention is the "data storage card" disclosed in PCT International Publication No. WO 99/22340, by Weldon, wherein the data storage card is a plastic rectangular card having dimensions of a standard credit or debit card including on one side a standard credit card type of magnetic stripe for perfonning credit card type electronic transactions, and including on the other side of the disclosed configuration and dimensions a smaller diameter version of the previously described basic example of the standard compact disc (CD). In the disclosure of Weldon, the data storage card features none of the above described centering mechanisms, and is not configured for fitting into and spinning by a standard compact disc operating device such as a compact disc reader device, or, a compact disc reader/writer device. Accordingly, for optical data card 12 being that of the data storage card disclosed by Weldon, optical data card 12 is used with a customized compact disc operating device, featuring, for example, a customized CD drive tray configured with a specially built-in slot or drive tray centering piece for properly holding optical data card 12 while spinning, thereby enabling proper optical reading of optical disc area or region Al of optical data card 12. Optical data storage area or region Al of any of the above described examples of optical data card 12 for implementing the present invention is formatted according to at least one of a variety of different formats selected from the group consisting of a CD-ROM format, a CD-R format, a CD-RW format, a hybrid format of a CD-ROM format and a CD-R format, a hybrid format of a CD-ROM format and a CD-RW format, and, a DVD format, for digitally recording and storing optically readable data, which is required for each optical data card 12 to function as the portable secure unified platform for performing the variety of secure on-line transactions. In a non-limiting way, optical data storage area or region Al has a total capacity for storing at least on the order of twenty megabytes of optically readable data on optical data card 12, where, in case optical data storage area or region Al features more than one type of format, the total capacity can be selectively distributed or allotted among the different types of formats, according to specifications of service provider 20. For example, in the case where optical data card 12 features a hybrid format of a CD-ROM format and a CD-R format, optical data storage area or region Al is preferably distributed such that the CD-ROM format portion occupies a substantial majority of total optical storage area or region Al, for example, about twenty to thirty megabytes, and, the CD-R format portion occupies a minority of total optical storage area or region Al, for example, about two megabytes. The description of the present invention disclosed herein, includes, but is not limited to, a prefened embodiment, and, an alternative prefened embodiment, as indicated above. The prefened embodiment features preparing, according to below described Step (b), the plurality of formatted optical data cards 12 of Step (a), for forming the plurality of prepared optical data cards 12 as the portable secure 'unified' platforms each including at least one of a plurality of different types of on-line user/transaction authentication protocols, and, including at least one of a plurality of different types of secure on-line transaction protocols, whereby user 16 can perform, according to below described Step (c), the variety of secure on-line transactions. The alternative prefened embodiment features preparing, according to below described 'alternative' Step (b), the plurality of formatted optical data cards 12 of Step (a), for forming the plurality of prepared optical data cards 12 as the portable secure 'authentication' platforms each including at least one of a plurality of different types of on-line user/transaction authentication protocols, without including any on-line transaction protocol, whereby user 16 can perform, according to below described Step (c), the variety of secure on-line transactions. Step (b) of preparing the plurality of formatted optical data cards 12 as portable secure unified platforms, and alternative Step (b) of preparing the plurality of formatted optical data cards 12 as portable secure authentication platforms, are each performed by, preferably, including the use of an optical data card preparing station 26, and/or, by the process of manufacturing optical data cards 12, according to specifications of service provider 20. Typically, optical data card preparing station 26 features (i) at least one optically readable data writing device 28, for example, a CD writer, for writing optically readable data onto previously described optical data storage area or region Al of each formatted optical data card 12, (ii) at least one graphics printing device 30, for printing human and/or machine readable graphics data and information onto previously described at least one non-optical data storage area or region A2 of each optical data card 12, and (iii) a computerized processing unit (CPU) 32 for overseeing and managing the automated flow of work involved in preparing the plurality of formatted optical data cards 12 as the portable secure unified platforms, or, alternatively, as the portable secure authentication platforms. Optical data card preparing station 26 is physically located either on-site or off-site of the facility where Step (a) is performed for manufacturing and providing formatted optical data cards 12. Furthermore, optical data card preparing station 26 is associated, either directly or indirectly, with service provider 20 which prepares and issues the plurality of formatted optical data cards 12 for the plurality of users 16, and, which has either a direct or indirect authorizing, authenticating, and/or billing relationship, with the plurality of users 16.
Optical data card preparing station 26 operates according to established standards, procedures, and techniques, known in the art of writing optically readable data onto an optical data storage area, such as optical data storage area or region Al, of formatted optical data cards 12, and known in the art of printing human and/or machine readable graphics data and information onto a non-optical data storage area or region, such as non-optical data storage area or region A2, of optical data cards 12. Specifically, optical data card preparing station 26 performs procedures relating to heavy-duty CD burning of optically readable data onto optical data storage area or region Al of each of the plurality of formatted optical data cards 12, and procedures relating to overlay printing of human and/or machine readable graphics data and information onto non-optical data storage area or region A2 of each of the plurality of optical data cards 12.
Step (b) of the prefened embodiment of the present invention is described herein. Alternative Step (b) of the alternative prefened embodiment of the present invention is described thereafter.
In Step (b) of the prefened embodiment of the present invention, there is preparing the plurality of formatted optical data cards of Step (a), for forming a plurality of prepared optical data cards as the portable secure unified platforms each including at least one of a plurality of different types of on-line user/transaction authentication protocols, and, including at least one of a plurality of different types of secure on-line transaction protocols.
In Step (b), formatted optical data cards 12 are prepared as either generalized portable secure unified platforms, hereinafter, refened to as case (1), or, as individualized or personalized portable secure unified platforms, hereinafter, refened to as case (2), according to the particular type of format of each formatted optical data card 12, as formatted according to Step (a). In either case, each formatted optical data card 12 is prepared by including at least one of a plurality of different types of known on-line user/transaction authentication protocols, and, including at least one of a plurality of different types of known secure on-line transaction protocols, for users 16 to perform the variety of secure on-line transactions.
In Step (b), part of preparing the plurality of formatted optical data cards 12 as either generalized- portable secure unified platforms, above case (1), or, as individualized or personalized portable secure unified platforms, above case (2), includes digitally recording a pre-determined generalized set, and/or, a pre-determined individualized or personalized set, of optically readable data onto optical data storage area or region Al of each of the plurality of formatted optical data cards 12, preferably, by optically readable data writing device 28 of optical data card preparing station 26, and/or, by the process of manufacturing optical data cards 12, according to specifications of service provider 20.
Each pre-determined set of optically readable data includes at least one of a plurality of different types of on-line user/transaction authentication protocols. For example, and in a non-limiting way, the at least one of a plurality of different types of on-line user/transaction authentication protocols is selected from the group consisting of (i) PKI (Public Key Infrastructure), for example, IPSEC / IKE (Secure Internet Protocol / Internet Key Exchange ), (ii) challenge response, (iii) Kerberos, (iv) symmetric key, (v) user name password, for example, Radius (Remote Authentication Dial-In User Service), Tackas (similar to Radius), CHAP (Challenge-Handshake Authentication Protocol), and PAP (Password Authentication Protocol, also known as Packet Authentication Protocol), (vi) one-time-password, and (vii) peripheral device, types of on-line user/transaction authentication protocols. Each of these types of on-line user/transaction authentication protocols is well known to a person having ordinary skill in the arts of cryptography, encryption, electronic data and information security, in general, and having ordinary skill in the arts of designing and/or performing secure on-line transactions and on-line user/transaction authentication, in particular. Moreover, each of these types of on-line user/transaction authentication protocols is currently widely in use for performing secure on-line transactions, and for on-line authenticating users and transactions.
Accordingly, in Step (b), there is digitally recording, onto each of the plurality of formatted optical data cards 12, at least one of a plurality of different types of on-line user/transaction authentication protocols generally featuring digitized data and information in the form of computer software for representing and/or for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, associated with on-line authenticating at least one user and/or on-line authenticating at least one on-line transaction. More specifically, each of the plurality of different types of on-line user/transaction authentication protocols particularly features at least one set, group, sequence, or series, of digitized data and information, in the form of computer software for representing and/or for implementing at least part of a particular flow of infonnation, security procedures, sequences, and various interactions among different entities, such as in the form of at least one data file, at least one text file, at least one program file, and/or, at least one combination file featuring a combination of data, text, and/or, a program, associated with on-line authenticating users and/or transactions.
PKI (Public Key Infrastructure) types of on-line user/transaction authentication protocols are associated with the PKI (Public Key Infrastructure) network trust model based on public and private key cryptography that provides secure communications between known and unknown parties, for example, between users 16 and service providers 20, based on the issuance and management of digital certificates by a certificate authority (CA). Digital certificates, the electronic equivalent of an identity tag, are used for authenticating identities of the participants, for example, users 16 and service providers 20, in secure on-line transactions. Another important function of digital certificates is to enable the electronic or on-line signing of on-line transactions and/or documents. Certificate authorities are known as trusted third parties (TTPs) which have carried out identity checks on their digital certificate holders and are prepared to accept a degree of liability for any losses due to fraud. Accordingly, a digital certificate refers to a copy of a public key of a user 16, which has been digitally signed by a certificate authority. In addition to issuing and managing digital certificates, certificate authorities also provide their customers, in the present invention, typically, service providers 20, with public and private PKI keys.
PKI offers authentication or proof of identity, non-repudiation of the occurrence and details of on-line transactions, encryption of data and information associated with performing secure on-line transactions, and digital signatures for authorizing on-line transactions and electronically signing documents. Further details describing PKI and other on-line user/transaction authentication protocols, as well as secure on-line transaction protocols, are readily available in the prior art, for example, in "E-Payments Security - Challenges and Opportunities for Banks in the B2C Market", by R. Arnfield, Lafferty Publications Ltd., Dublin, Ireland, 2000. PKI types of on-line user/transaction authentication protocols which are digitally recorded onto optical data cards 12 are selected from the group consisting of PKI data files, PKI text files, PKI program files, and PKI combination files, where a PKI combination file is a combination of PKI files selected from the group consisting of PKI data files, PKI text files, and PKI program files. More specifically, PKI types of on-line user/transaction authentication protocols are selected from the group consisting of PKI private keys, PKI public keys, PKI symmetric keys, PKI serial authentication numbers, PKI digital signatures, PKI digital certificates, PKI encryption and decryption program files, and combinations of these, that are uniquely issued to individualized users 16 and service providers 20, and are used for on-line authenticating users and/or on-line transactions.
A well known example of a PKI type of on-line user/transaction authentication protocol is a PKI digital certificate featuring a combination of: (a) a PKI public key, (b) a unique user ID number or code, (c) a user name, (d) optional extensions, and (e) a certificate authority (CA) digital signature on items (a) - (c). PKI types of on-line user/transaction authentication protocols are digitally recorded onto optical data storage area or region Al of formatted optical data cards 12, by optically readable data writing device 28 of optical data card preparing station 26, using, for example, the x-509 format or any other industry standard format for digitally recording PKI keys onto media which can store optically readable data.
Challenge response types of on-line user/transaction authentication protocols are based on the general authentication method of challenging a response, whereby a first party, for example, service provider 20, challenges the response of a second party, for example, user 16, to a request sent by the first party, service provider 20, to the second party, user 16, for specific data and/or information.
Kerberos types of on-line user/transaction authentication protocols were developed at the Massachusetts Institute of Technology, Mass., USA, and are based on the general authentication method of using identification and issuing time limited session keys for allowing users, for example, users 16, to log-on securely to computers which belong to a network, such as interactive communication network 22, for example, wired and/or wireless closed communication networks, such as an intranet of a business, institution, or organization, and, wired and/or wireless open communication networks, such as an extranet, for example, the world wide web Internet. This protocol assumes a network of computers, with one trusted computer or several verifying the identity of users to the computers to which they wish to log-on, and supplying time limited session keys so that the communications between the user and that computer can be encrypted.
Symmetric key types of on-line user/transaction authentication protocols are based on the general authentication method of 'sharing a secret', whereby both a first party, for example, service provider 20, and a second party, for example, a user 16, share a secret, usually in the form of a secret or private key stored on both the server of the first party, service provider 20, and on the workstation of the second party, user 16. Upon request by the first party, service provider 20, the second party, user 16, sends either the private key, or, a conect version of the private key, and if the private key or the conect version of the private key matches that known to the first party, service provider 20, the second party, user 16, is authenticated. Symmetric key types of on-line user/transaction authentication protocols can be used as part of the PKI network trust model, in general, and as part of PKI types of on-line user/transaction authentication protocols, in particular.
User name password types of on-line user/transaction authentication protocols, for example, Radius (Remote Authentication Dial-In User Service), Tackas (similar to Radius), CHAP (Challenge-Handshake Authentication Protocol), and PAP (Password Authentication Protocol, also known as Packet Authentication Protocol), are based on the general authentication method of using a user name and password, whereby a first party, for example, service provider 20, authenticates a second party, for example, user 16, once the second party, user 16, sends to the first party, service provider 20, a user name and password previously issued by the first party, service provider 20, to the second party, user 16.
One-time-password types of on-line user/transaction authentication protocols are based on the general authentication method of using a calculating mechanism, whereby a first party, for example, service provider 20, authenticates a second party, for example, user 16, once the second party, user 16, sends to the first party, service provider 20, a conect specific number, password, or code, calculated by using the same calculating mechanism known by the first party, service provider 20, where the calculating mechanism was previously issued by the first party, service provider 20, to the second party, user 16.
Peripheral device types of on-line user/transaction authentication protocols are based on the general method of on-line authenticating users 16 and/or transactions by users 16 using in combination with, or, in addition to, the plurality of prepared optical data cards 12, at least one peripheral device, hereinafter, refened to as peripheral device 34 in FIG. 1. For example, where a user 16 is authenticated by operation of at least one peripheral device 34 such as a computer chip, a cellular or mobile telephone, and/or a biometric device featuring, for example, a user voice recognition mechanism and/or a user fingerprint recognition mechanism, either separate from, and/or, associated with computerized processing device 14 of user 16, according to specifications of a service provider 20.
In Step (b), additionally, each pre-determined set of optically readable data includes at least one of a plurality of different types of secure on-line transaction protocols according to specifications of service provider 20. For example, and in a non-limiting way, the at least one of a plurality of different types of secure on-line transaction protocols is selected from the group consisting of (i) SSL (Secure Sockets Layer), (ii) 3DSSL (Three Domain Secure Sockets Layer), (iii) SET (Secure Electronic Transaction, also known as SET Wallet), (iv) 3DSET (Three Domain Secure Electronic Transaction), (v) EMV (Europay MasterCard Visa), (vi) PAN (Pseudo Account Number, also known as Surrogate Number), (vii) virtual credit or debit card, (viii) electronic wallet, (ix) prepaid, (x) micropayment, (xi) home and corporate banking, (xii) stocks, bonds, and commodities trading, (xiii) insurance, (xiv) health related (medical, dental, pharmaceutical), (xv) corporate networking, and (xvi) peripheral device, types of secure on-line transaction protocols, for performing the variety of secure on-line transactions. Each of these types of secure on-line transaction protocols is well known to a person having ordinary skill in the arts of electronic data and information security, in general, and having ordinary skill in the arts of designing and/or performing secure on-line transactions and on-line user/transaction authentication, in particular. Moreover, each of these types of secure on-line transaction protocols is currently in use for performing secure on-line transactions.
Accordingly, in Step (b), there is digitally recording, onto each of the plurality of formatted optical data cards 12, at least one of a plurality of different types of secure on-line transaction protocols generally featuring digitized data and information, in the form of computer software, associated with performing the variety of secure on-line transactions. More specifically, each of the plurality of different types of secure on-line transaction protocols particularly features at least one set, group, sequence, or series, of digitized data and information, in the form of computer software, such as in the form of at least one data file, at least one text file, at least one program file, or, at least one combination file featuring a combination of data, text, and a program, associated with performing the variety of secure on-line transactions.
SSL (secure sockets layer) types of secure on-line transaction protocols are based on the general method for providing secure links over the standard public interactive communication network 22 of the Internet, between web browsers of users 16 and servers of an on-line communicated entity such as third party 18 or service provider 20. This protocol was developed by Netscape Communications, USA, and is embedded in the two most common web browsers of users 16, Microsoft's Internet Explorer and Netscape's Navigator. When an on-line communication takes place between an SSL compliant web browser of user 16 and an SSL compliant server of an on-line communicated entity such as third party 18 or service provider 20, the browser of user 16 traces the public key of the server of the communicated entity such as third party 18 or service provider 20 to create a unique-per-session secret key that is used by both the web browser of user 16 and the server of the communicated entity such as third party 18 or service provider 20, for encrypting and decrypting all communications between user 16 and the communicated entity such as third party 18 or service provider 20, throughout a secure on-line transaction session.
3DSSL (Three Domain Secure Sockets Layer) types of secure on-line transaction protocols are based on the general method of a three domain payment model using SSL types of secure on-line transaction protocols for providing secure links over the standard public interactive communication network 22 of the Internet, between web browsers of users 16 and servers of an on-line communicated entity such as third party 18 or service provider 20.
SET (Secure Electronic Transaction, also known as SET Wallet) types of secure on-line transaction protocols are based on the general 'open standard' method developed by Visa and MasterCard for facilitating secure on-line credit and debit card transactions over the standard public interactive communication network 22 of the Internet. 3DSET types of secure on-line transaction protocols are based on a revised model of the SET secure on-line transactions protocol model. Implementing 3DSET types of secure on-line transaction protocols requires activating a special plug-in previously downloaded onto computerized processing device 14 of user 16. The 3DSET model uses a SET Wallet Server (SWS) based solution rather then holding individual SET wallets on computerized processing device 14 of user 16, or, on prepared optical data card 12 of user 16. Each time user 16 wishes to perform a secure on-line transaction, a connection is established between computerized processing device 14 of user 16 and the SWS server of service provider 20 which creates a standard SET on-line transaction for passing to user 16 and then to a third party 18. Several companies like Trintech, Globest, IBM provide such secure on-line transaction protocol applications.
EMV (Europay MasterCard Visa) compliant types of secure on-line transaction protocols are similar to 3DSET types of secure on-line transaction protocols, and are based on the CEC (Chip Electronic Commerce) general 'open standard' method developed by Europay, Visa, and MasterCard, for facilitating smart card based secure on-line credit and debit card transactions over the standard public interactive communication network 22 of the Internet. EMV is a global standard, which aims to ensure the interoperability of chip-based payment cards and point-of-sale (POS) terminals regardless of location, manufacturer, and financial institution. The CEC model uses an EMV authentication technology in combination with SET encryption technology. Implementing EMV compliant types of secure on-line transaction protocols requires activating a special plug-in previously downloaded onto computerized processing device 14 of user 16. The model uses a SET Wallet Server (SWS) based solution rather then holding individual SET wallets on computerized processing devices 14 of users 16, or, on prepared optical data cards 12 of users 16. Each time a user 16 wishes to perform a secure on-line transaction with a third party 18, a connection is established between computerized processing device 14 of user 16 and the SWS server of service provider 20 which creates a standard SET on-line transaction for passing to user 16 and then to the third party 18.
PAN (Pseudo Account Number, also known as Surrogate Number) types of secure on-line transaction protocols are based on the general method for facilitating on-line credit and debit card transactions over the standard public interactive communication network 22 of the Internet. Implementing PAN types of secure on-line transaction protocols requires activating a special plug-in previously downloaded onto computerized processing device 14 of user 16. PAN types of secure on-line transaction protocols enable users 16 of credit and debit cards to make credit and debit card on-line transactions with third parties 18 over the Internet using a non-genuine unique-per-transaction credit card number for each secure on-line transaction. Each time user 16 wishes to perform a secure on-line transaction with a third party 18, a connection is established between computerized processing device 14 of user 16 and the PAN server of service provider 20 which creates the unique-per-transaction credit card number provided to user 16, for performing the secure on-line transaction with the third party 18. Several companies, such as Orbiscom of Ireland, and, Cyota and Aplettix of Israel developed such secure on-line transaction systems based on the PAN model.
Virtual credit or debit card types of secure on-line transaction protocols are based on a relatively simple credit card payment system allowing users 16 to access, by typing a password or identification number, their credit card payment information which is kept in a central secure server, for example, a secure server of a third party 18, or, a secure server of a service provider 20.
Electronic wallet types of secure on-line transaction protocols are based on the general method for users 16 storing a monetary value on prepared optical data cards 12. Using a special plug-in which is either loaded onto computerized processing devices 14 or onto prepared optical data cards 12 of users 16, users 16 connect to a centralized electronic wallet server, for example, of service provider 20, which manages their electronic wallets instead of users 16 locally managing their electronic wallets, for example, where users 16 hold their individual electronic wallets on computerized processing devices 14 or on prepared optical data cards 12 of users 16.
Prepaid types of secure on-line transaction protocols are based on the general method for allowing users 16 to charge on-line transactions to accounts that were paid in advance. Users 16 purchase, for example, directly from service provider 20 or from a vendor of prepared optical data cards 12, prepared optical data cards 12 each with an allocated account number representing a monetary value, and with every on-line transaction with a third party 18 a deduction is registered in a remote server, usually, a server of service provider 20, where account management takes place.
Micropayment types of secure on-line transaction protocols are based on the general method for enabling users 16 to make on-line payment transactions of low-value goods, usually software based goods such as digital music tracks, software sharing, etc.. Similar to prepaid types of secure on-line transaction protocols, purchase rights of users 16 are pre-determined in a server, usually, of service provider 20, according to a prepaid type of account management.
Home and corporate banking types of secure on-line transaction protocols are based on the general method for enabling users 16 to access their bank accounts on-line and to execute numerous secure on-line transactions in their bank accounts, for example, by way of a third party server such as a server of their corporate bank. For example, transfening funds from one bank account to another, and viewing their bank account information.
Stocks, bonds, and commodities trading types of secure on-line transaction protocols are based on the general method for enabling users 16 to access their stock, bond, and commodity trading accounts on-line and to execute numerous secure on-line transactions in their stock, bond, and commodity trading accounts, for example, by way of a third party server such as a server of their stock, bond, and commodity brokerage company service provider 20. For example, purchasing and/or selling stocks, bonds, and commodities, manipulating available trading funds, and viewing their stock, bond, and commodity trading account information.
Insurance types of secure on-line transaction protocols are based on the general method for enabling users 16 to access their insurance accounts on-line and to execute numerous secure on-line transactions in their insurance accounts, for example, by way of a third party server such as a server of their insurance company service provider 20. For example, increasing and/or decreasing levels of insurance coverage, changing insurance premiums, modifying beneficiary data and information, and viewing their insurance account information.
Health related (medical, dental, pharmaceutical) types of secure on-line transaction protocols are based on the general method for enabling users 16 to access their personal health related (medical, dental, pharmaceutical) accounts on-line and to execute numerous secure on-line transactions in their personal health related accounts, for example, by way of third party server such as a server of their health related (medical, dental, pharmaceutical) facility or company service provider 20. For example, approving medical or dental records or history releases, receiving results of medical or dental examinations, modifying personal health data and information used by their medical, dental, or pharmaceutical facility or company, and viewing their health related account information.
Corporate networking types of secure on-line transaction protocols are based on the general method for enabling users 16 to, remotely and/or locally, access their corporate, intranet and/or extranet, network, and to execute numerous secure on-line transactions, for example, by way of third party server such as a server of the corporate network. For example, receiving their e-mails and corporate documents, distributing their memos and other corporate communications, and modifying personal and/or shared work calendars. Peripheral device types of secure on-line transaction protocols are based on the general method for enabling users 16 to perform secure on-line transactions by users 16 using in combination with, or, in addition to, the plurality of prepared optical data cards 12, at least one peripheral device, hereinafter, refened to as peripheral device 34 in FIG. 1. For example, where a user 16 performs a secure on-line transaction by operation of at least one peripheral device 34 such as a computer chip, a cellular or mobile telephone, and/or a biometric device featuring, for example, a user voice recognition mechanism and/or a user fingerprint recognition mechanism, either separate from, and/or, associated with computerized processing device 14 of user 16, according to specifications of a service provider 20. Step (b) further includes digitally recording a user guidance software program onto recordable storage space of each of the plurality of formatted optical data cards, for guiding users 16 through the on-line user/transaction authentication procedures and through the secure on-line transaction procedures, for performing the variety of secure on-line transactions. Accordingly, there is digitally recording a user guidance program onto optical data storage area or region Al of each of the plurality of optical data cards 12, preferably, by optically readable data writing device 28 of optical data card preparing station 26, and/or, by the process of manufacturing optical data cards 12, according to specifications of service provider 20.
The user guidance program is a 'user-friendly' software program which is automatically prompted, preferably, by way of an auto-run mechanism, for opening of a software window displaying general guidance content such as instructions, assistance, and options, for using optical data card 12, following user 16 inserting optical data card 12 into the optical data card reader device, such as a compact disc reader device, of computerized processing device 14 of user 16. While optical data card 12 operates in the background, the user guidance program communicates with user 16, and guides user 16 through running of the digitally recorded on-line user/transaction authentication protocols and the secure on-line transaction protocols, step by step, parallel to and through completion of the sequence of each secure on-line transaction.
For example, if user 16 activates optical data card 12 prior to performing a particular secure on-line transaction, then the user guidance program guides user 16, if such guidance is requested by user 16, to optionally stored audio, video, multi-media, advertising, promotional, and/or web site hyperlink, data and information, according to specifications of service provider 20. Alternatively, if user 16 is part way through performing a secure on-line transaction and is ready for completing the secure on-line transaction, then the user guidance program automatically prompts a user/transaction authentication and transaction completion process. Step (b) further includes digitally recording an integration software program onto recordable storage space of each of the plurality of formatted optical data cards, for integrating the above described at least one of a plurality of different types of on-line user/transaction authentication protocols, and, at least one of a plurality of different types of secure on-line transaction protocols, included on optical data card 12. Accordingly, there is digitally recording an integration program onto optical data storage area or region Al of each of the plurality of optical data cards 12, preferably, by optically readable data writing device 28 of optical data card preparing station 26, and/or, by the process of manufacturing optical data cards 12, according to specifications of service provider 20.
The integration program integrates and enables automated co-existence and management of the above described at least one of a plurality of different types of on-line user/transaction authentication protocols, and, at least one of a plurality of different types of secure on-line transaction protocols, included on optical data card 12. The integration program automatically recognizes the particular protocol with which cornmunication is established between each user 16 and service provider 20, and in response automatically prompts, for example, by an auto-run mechanism, the relevant protocol to be used in that communication session for user 16 performing a secure on-line transaction.
For example, if user 16 using optical data card 12 communicates with a third party 18 which is compliant to a 3DSET secure on-line transaction protocol, the integration program of optical data card 12 automatically recognizes the 3D SET compliance, and commences a 3DSET secure on-line transaction with user 16 and other relevant parties, such as a service provider 20, required for perfonning the secure on-line transaction. Another example, is where a user 16 uses a prepared optical data card 12 including at least one peripheral device type of on-line user/transaction authentication protocol and at least one conesponding peripheral device type of secure on-line transaction protocol, for interactively communicating on-line in combination with at least one peripheral device, for example, peripheral device 34, such as a computer chip, a biometric device, or a cellular phone, associated with computerized processing device 14 of user 16, for performing secure on-line transactions. In this type of implementation, the integration program integrates and enables all necessary complementary operations between optical data card 12 with the at least one peripheral device such as a computer chip, a biometric device, or a cellular phone, associated with computerized processing device 14 of user 16, for performing secure on-line transactions. In Step (b), optionally, there is further including digitally recording audio, video, multi-media, promotional, advertising, and/or web site hyperlink, data and information onto recordable storage space of each of a pre-determined number of the plurality of formatted optical data cards. Accordingly, in Step (b), optionally, there is additionally digitally recording audio, video, multi-media, promotional, advertising, and/or web site hyperlink, data and information onto optical data storage area or region Al of each of a pre-determined number of the plurality of formatted optical data cards 12, preferably, by optically readable data writing device 28 of optical data card preparing station 26, and/or, by the process of manufacturing optical data cards 12, according to specifications of service provider 20.
In Step (b), optionally, there is further including digitally recording wireless communication software, such as at least one wireless communication protocol, for example, a cunently employed wireless application protocol (WAP), onto recordable storage space of each of a pre-determined number of the plurality of formatted optical data cards, for enabling use and operation of each of the pre-determined number of the plurality of formatted optical data cards in a wireless mode of above described on-line interactive communication network 22. Accordingly, in Step (b), optionally, there is additionally digitally recording at least one wireless communication protocol onto optical data storage area or region Al of each of a pre-determined number of the plurality of formatted optical data cards 12, preferably, by optically readable data writing device 28 of optical data card preparing station 26, and/or, by the process of manufacturing optical data cards 12, according to specifications of service provider 20.
In Step (b), as part of preparing formatted optical data cards 12 as either generalized portable secure unified platforms, above case (1), or, as individualized or personalized portable secure unified platforms, above case (2), optionally, there is further including printing a generalized, and/or, individualized or personalized set of human and/or machine readable graphics data and information onto each of a pre-determined number of the plurality of formatted optical data cards. Accordingly, in Step (b), optionally, there is printing a generalized, and/or, individualized or personalized set of human and/or machine readable graphics data and information onto non-optical data storage areas or regions A2 of each of a pre-determined number of the plurality of formatted optical data cards 12, preferably, by graphics printing device 30 of optical data card preparing station 26, and/or, by the process of manufacturing optical data cards 12, according to specifications of service provider 20. As described above in Step (a), at least one non-optical data storage area or region A2 designated for printing human and/or machine readable graphics data and information is located on the side of optical data card 12 opposite the side of optical data storage area or region Al of optical data card 12, and/or is located on the same side of optical data card 12 as optical data storage area or region Al of optical data card 12. A set of graphics data and information of each non-optical data storage area or region A2 of an optical data card 12 features graphics data and information selected from the group consisting of human readable data and information, machine readable data and information, and, a combination of human readable and machine readable data and information.
Graphics data and information printed onto each non-optical data storage area or region A2 relates to either a general user 16 or to an individualized user 16, and, to service provider 20 issuing either generalized, or, individualized or personalized, optical data cards 12 to a plurality of generalized users 16, or, to a plurality of individualized users 16, respectively. In particular, graphics data and information relating to a generalized user 16 and relating to service provider 20 are preferably general, non-personal, identification data and information, such as name(s), address(es), telephone number(s), fax number(s), e-mail address(es), colored logo(s), colored symbol(s), account number(s), and serial number(s), of service provider 20 only, with no reference or connection to any one individualized user 16. Graphics data and information relating to an individualized user 16 are preferably individual or personal identification data and information, such as name(s), address(es), telephone number(s), fax number(s), e-mail address(es), colored logo(s), colored symbol(s), account number(s), and serial number(s), of an individualized user 16. For example, service provider 20 as a credit card and/or debit card issuer may specify any combination of the above human and/or machine readable graphics data and information to be located on the side of optical data card 12 opposite the side of optical data storage area or region Al of optical data card 12, whereby each optical data card 12 appears and looks very similar to a standard credit and/or debit card. In Step (b), optionally, there is further including copy prevention of each of a pre-determined number of the plurality of formatted and/or prepared optical data cards. Accordingly, in Step (b), optionally, there is additionally including at least one copy prevention mechanism with each of a pre-determined number of the plurality of generalized optical data cards 12 and/or individualized or personalized optical data cards 12, according to specifications of service provider 20. The objective here is for providing an additional higher level of optical data card security by preventing unauthorized copying, especially by an unauthorized person using standard copy commands of a CD reader/writer device, of the pre-determined generalized set, and/or, the pre-determined individualized or personalized set, of optically readable data digitally recorded onto optical data storage areas or regions Al of formatted optical data cards 12, thereby preventing a cracking attack and/or password high jacking. More specifically, the objective is for preventing unauthorized copying of the individualized or personalized optically readable data digitally recorded on formatted optical data cards 12, especially, with respect to above described digitally recorded PKI types of on-line user/transaction authentication protocols, such as PKI data files, PKI text files, PKI program files, and PKI combination files. In particular, there is preventing unauthorized copying of digitally recorded PKI private keys, PKI public keys, PKI symmetric keys, PKI serial authentication numbers, PKI digital signatures, PKI digital certificates, and PKI encryption and decryption program files, that are uniquely issued to individualized users 16 and service providers 20, and are used for on-line authenticating users and/or on-line transactions. There are different alternative procedures for optionally including at least one copy prevention mechanism with each of a pre-determined number of the plurality of generalized optical data cards 12, and there is at least one different type of copy prevention mechanism associated with each alternative procedure. In a first procedure, at least one copy prevention mechanism is integrated into the manufacturing process of Step (a), thereby resulting in the manufacturing and providing a pre-determined number of the plurality of formatted optical data cards 12 each including at least one copy prevention mechanism. Alternatively, or, additionally, in a second procedure, at least one copy prevention mechanism is included in Step (b) of preparing the plurality of formatted optical data cards 12, thereby resulting in a pre-determined number of the plurality of prepared optical data cards 12 each including at least one copy prevention mechanism. Each of these procedures for including at least one copy prevention mechanism is applicable to optical data cards 12 featuring any of the previously described formats selected from the group consisting of a CD-ROM format, a CD-R format, a CD-RW format, a hybrid format of a CD-ROM format and a CD-R format, a hybrid format of a CD-ROM format and a CD-RW format, and, a DVD format.
In the first procedure, at least one copy prevention mechanism is integrated into the manufacturing process of Step (a), for example, by intentionally including a manufacturing defect in, or physically altering, at least one selected portion or zone of optical data storage area or region Al of optical data card 12. In the second procedure, at least one copy prevention mechanism is included in Step (b) of preparing the plurality of formatted optical data cards 12, for example, by digitally recording copy prevention optically readable data, in the form of copy prevention software, onto at least one selected portion or zone of optical data storage area or region Al of optical data card 12. There are various prior art teachings of procedures and techniques for including different types of copy prevention mechanisms with, or on, optical data storage media, such as optical data cards 12, featuring optical data storage areas or regions, such as optical data storage area or region Al, which are readily applicable to the present invention. For example, in the disclosure of PCT International Publication No. WO 99/22340, published May 6, 1999, entitled "Optical Disc Authentication And Data Storage", by Weldon, J., and copy protection related references cited therein, all of which are incorporated by reference for all purposes as if fully set forth herein. Another example of a copy protection technique is provided by Macrovision Corp., CA, USA, which features a combination of software based prevention mechanisms including digital signatures, encrypted wrapping, and anti-hacking software.
Step (b) of the preferred embodiment of the present invention is described above. Alternative Step (b) of the alternative prefened embodiment of the present invention is described as follows.
The alternative preferred embodiment of the present invention, features preparing, according to below described 'alternative' Step (b), the plurality of formatted optical data cards 12 of Step (a), for forming a plurality of prepared optical data cards 12 as portable secure authentication platforms each including at least one of the above described plurality of different types of on-line user/transaction authentication protocols, without including any on-line transaction protocol, whereby user 16 can perform, according to below described 'alternative' Step (c), the variety of secure on-line transactions.
In alternative Step (b), formatted optical data cards 12 are prepared as either generalized portable secure authentication platforms, hereinafter, refened to as alternative case (1), or, as individualized or personalized portable secure authentication platforms, hereinafter, refened to as alternative case (2), according to the particular type of format of each formatted optical data card 12, as formatted according to Step (a). In either alternative case, each fonnatted optical data card 12 is prepared by including at least one of the above described plurality of different types of known on-line user/transaction authentication protocols, for users 16 to perform the variety of secure on-line transactions.
In alternative Step (b), part of preparing the plurality of formatted optical data cards 12 as either generalized portable secure authentication platforms, above alternative case (1), or, as individualized or personalized portable secure authentication platforms, above alternative case (2), includes digitally recording a pre-determined generalized set, and/or, a pre-determined individualized or personalized set, of optically readable data onto optical data storage area or region Al of each of the plurality of formatted optical data cards 12, preferably, by optically readable data writing device 28 of optical data card preparing station 26, and/or, by the process of manufacturing optical data cards 12, according to specifications of service provider 20.
Each pre-detennined set of optically readable data includes at least one of the above described plurality of different types of on-line user/transaction authentication protocols. For example, and in a non-limiting way, the at least one of a plurality of different types of on-line user/transaction authentication protocols is selected from the group consisting of (i) PKI (Public Key Infrastructure), for example, IPSEC / IKE (Secure Internet Protocol / Internet Key Exchange ), (ii) challenge response, (iii) Kerberos, (iv) symmetric key, (v) user name password, for example, Radius (Remote Authentication Dial-In User Service), Tackas (similar to Radius), CHAP (Challenge-Handshake Authentication Protocol), and PAP (Password Authentication Protocol, also known as Packet Authentication Protocol), (vi) one-time-password, and (vii) peripheral device, types of on-line user/transaction authentication protocols.
Accordingly, in alternative Step (b), there is digitally recording, onto each of the plurality of formatted optical data cards 12, at least one of the above described plurality of different types of on-line user/transaction authentication protocols generally featuring digitized data and information in the form of computer software for representing and/or for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, associated with on-line authenticating at least one user and/or on-line authenticating at least one on-line transaction. More specifically, each of the plurality of different types of on-line user/transaction authentication protocols particularly features at least one set, group, sequence, and/or series, of digitized data and information, in the form of computer software for representing and/or for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, such as in the form of at least one data file, at least one text file, at least one program file, and/or, at least one combination file featuring a combination of data, text, and/or, a program, associated with on-line authenticating users and/or transactions. For example, and in a non-limiting way, in alternative Step (b), PKI types of on-line user/transaction authentication protocols which are digitally recorded onto optical data cards 12 are selected from the group consisting of PKI data files, PKI text files, PKI program files, and PKI combination files, where a PKI combination file is a combination of PKI files selected from the group consisting of PKI data files, PKI text files, and PKI program files. More specifically, PKI types of on-line user/transaction authentication protocols are selected from the group consisting of PKI private keys, PKI public keys, PKI symmetric keys, PKI serial authentication numbers, PKI digital signatures, PKI digital certificates, PKI encryption and decryption program files, and combinations of these, that are uniquely issued to individualized users 16 and service providers 20, and are used for on-line authenticating users and/or on-line transactions. PKI types of on-line user/transaction authentication protocols are digitally recorded onto optical data storage area or region Al of fonnatted optical data cards 12, preferably, by optically readable data writing device 28 of optical data card preparing station 26, and/or, by the process of manufacturing optical data cards 12, using, for example, the x-509 format or any other industry standard format for digitally recording PKI keys onto media which can store optically readable data.
Alternative Step (b) further includes digitally recording a user guidance software program onto recordable storage space of each of the plurality of formatted optical data cards, for guiding users 16 through the on-line user/transaction authentication procedures and through the secure on-line transaction procedures, for performing the variety of secure on-line transactions. Accordingly, there is digitally recording a user guidance program, similar to the previously described user guidance program, onto optical data storage area or region Al of each of the plurality of fonnatted optical data cards 12, preferably, by optically readable data writing device 28 of optical data card preparing station 26, and/or, by the process of manufacturing optical data cards 12, according to specifications of service provider 20.
In alternative Step (b), optionally, there is further including digitally recording an integration program, similar to the previously described integration program, onto recordable storage space of formatted optical data cards 12, for enabling automated co-existence and management of different types of on-line user/transaction authentication protocols, and, other optionally recorded software on optical data cards 12. Optionally, there is further including digitally recording of previously described audio, video, multi-media, promotional, advertising, and/or web site hyperlink, data and information, and/or optionally, digitally recording of previously described wireless communication software, such as at least one wireless communication protocol, onto recordable storage space of each of a pre-determined number of the plurality of formatted optical data cards 12. Also, in alternative Step (b), as part of preparing formatted optical data cards 12 as either generalized portable secure authentication platforms, alternative case (1), or, as individualized or personalized portable secure authentication platforms, alternative case (2), optionally, there is further including printing a generalized, and/or, individualized or personalized set of human and/or machine readable graphics data and information onto each of a pre-determined number of the plurality of formatted optical data cards 12. Additionally, in alternative Step (b), optionally, there is further including above described copy prevention with each of a pre-determined number of the plurality of formatted and/or prepared optical data cards 12.
As described above, in Step (b), formatted optical data cards 12 are prepared as either generalized portable secure unified platforms, case (1), and/or, as individualized or personalized portable secure unified platforms, case (2), and, in alternative Step (b), formatted optical data cards 12 are prepared as either generalized portable secure authentication platforms, alternative case (1), and/or, as individualized or personalized portable secure authentication platforms, alternative case (2), according to the particular type of format of each formatted optical data card 12, as formatted according to Step (a). Further details for preparing formatted optical data cards 12, according to case (1), alternative case (1), case (2), and alternative case (2), are provided herein. In case (1), or, in alternative case (1), where formatted optical data cards 12 are identically prepared as the same generalized portable secure unified platform, or, as the same generalized portable secure authentication platform, respectively, there is using optical data cards 12 formatted according to the CD-ROM format. In this case, first, a single pre-detennined generalized set of all necessary optically readable data, as described above, relating to both a generalized user 16, or equivalently, relating to a plurality of generalized users 16, and to service provider 20 issuing identically prepared optical data cards 12 to the plurality of generalized users 16, for performing the variety of secure on-line transactions, is integrated into the manufacturing process of Step (a), thereby resulting in the manufacturing and providing a plurality of semi-prepared identical generalized optical data cards 12. The plurality of semi-prepared generalized optical data cards 12 are produced by using a unified-per-batch replicating procedure according to techniques known in the art, for example, by using a glassmaster which is pre-recorded with a single pre-determined generalized set of optically readable data described above. Then, optionally, there is printing onto non-optical data storage area or region A2 of each of the plurality of semi-prepared generalized optical data cards 12, by graphics printing device 30 of optical data card preparing station 26, and/or, by the process of manufacturing optical data cards 12, a generalized set of all necessary human and/or machine readable graphics data and information, as described above, relating to both a generalized user 16 and to service provider 20, for producing a plurality of fully prepared generalized optical data cards 12 as the generalized portable secure unified platforms, or, as the generalized portable secure authentication platforms, respectively.
A particular example of preparing generalized optical data cards 12 according to above described case (1) is where the digitally recording is generalized, but the printing is personalized with respect to service provider 20 only, such as for preparing generalized optical data cards 12 featuring prepaid and/or micropayment types of secure on-line transaction protocols. Prepaid and micropayment types of optical data cards 12 are usually identical in content, since the users 16 are unknown at the time of manufacturing and preparing the formatted optical data cards 12. However an identifying number, such as a serial number, is printed onto each prepared optical data card 12 in order to allow specific recognition at a later stage following ownership by users 16. Each user 16 using a prepaid or micropayment type of optical data card 12, logs onto a server of a service provider 20 which identifies such an optical data card 12 by way of the user 16 providing the correct serial number in order to be connected to an account having a number that is issued on-line together with the name and a password of that user 16. In case (2), or, in alternative case (2), where formatted optical data cards 12 are prepared as individualized or personalized portable secure unified platforms, or, as individualized or personalized portable secure authentication platforms, respectively, there is using optical data cards 12 formatted according to the CD-R format, or, according to the CD-RW format. In this case, following the manufacturing of a unified-per-batch plurality of formatted optical data cards 12, formatted optical data cards 12 are positioned in optical data card preparing station 26 for digitally recording optically readable data onto optical data storage area or region Al, by optically readable data writing device 28 of optical data card preparing station 26, and, optionally, for printing human and/or machine readable graphics data and information onto non-optical data storage areas or regions A2, by graphics printing device 30 of optical data card preparing station 26, of each of the plurality of generalized optical data cards 12.
In case (2), or, in alternative case (2), first, a single pre-determined generalized set of optically readable data, and, human and/or machine readable graphics data and information, as described above, relating to both a generalized user 16 and to service provider 20 issuing an individualized or personalized optical data card 12 to each individualized user 16, for performing the variety of secure on-line transactions, are digitally recorded and printed, respectively, onto each formatted optical data card 12, by optical data card preparing station 26, for producing a plurality of semi-prepared generalized optical data cards 12. Then, each of the plurality of semi-prepared generalized optical data cards 12 is repositioned in optical data card preparing station 26, and a pre-determined individualized or personalized set of optically readable data, and, optionally, human and/or machine readable graphics data and information, as described above, relating to an individualized user 16, are digitally recorded and printed, respectively, onto each semi-prepared generalized optical data card 12, by optical data card preparing station 26, for each individualized user 16, according to individualized or personalized data, information, and requirements, of each individualized user 16, for producing a plurality of fully prepared individualized or personalized optical data cards 12 as the individualized or personalized portable secure unified platforms, or, as the individualized or personalized portable secure authentication platforms, respectively. In case (2), or, in alternative case (2), where formatted optical data cards 12 are prepared as individualized or personalized portable secure unified platforms, or, as the same individualized or personalized portable secure authentication platforms, respectively, there is alternatively using optical data cards 12 formatted according to either the hybrid format of a CD-ROM format and a CD-R format, or, according to the hybrid format of a CD-ROM and a CD-RW format. In case (2), or, in alternative case (2), first, there is producing a plurality of semi-prepared identical generalized optical data cards 12 according to above described procedure of case (1) or alternative case (1), by utilizing the CD-ROM section of each formatted optical data card 12, in the process, Step (a), of manufacturing and providing a plurality of semi-prepared identical generalized optical data cards 12. Then, each of the plurality of semi-prepared identical generalized optical data cards 12 is positioned in optical data card preparing station 26, and a pre-determined individualized or personalized set of optically readable data, and, optionally, human and/or machine readable graphics data and information, as described above, relating to an individualized user 16, are digitally recorded and printed, respectively, onto each semi-prepared generalized optical data card 12, where the digitally recording involves the CD-R section, or, the CD-RW section, of each formatted and semi-prepared identical generalized optical data card 12, by optical data card preparing station 26, for each individualized user 16, according to individualized or personalized data, information, and requirements, of each individualized user 16, for producing a plurality of fully prepared individualized or personalized optical data cards 12 as the individualized or personalized portable secure unified platforms, or, as the individualized or personalized portable secure authentication platforms, respectively. In Step (c), there is performing at least one of the variety of secure on-line transactions by a plurality of users using the plurality of prepared optical data cards.
The secure on-line transactions are performed in a variety of areas featuring particular secure on-line applications, such as in the area of (1) electronic commerce, for example, featuring secure on-line payment applications, secure on-line banking applications, secure on-line stock, bond, and commodity trading applications, secure on-line insurance applications, and secure on-line health related (medical, dental, pharmaceutical) applications, in the area of (2) PC security, for example, featuring secure on-line PC log-on applications, and secure on-line PC data encryption applications, and, in the area of (3) roaming accessibility, for example, featuring secure on-line local or remote network log-on applications such as accessing an e-mail server, a file server, or a database.
Step (c) is performed by non-specific generalized users 16 using generalized optical data cards 12 as generalized portable secure unified platfonns, or, by specific individualized or personalized users 16 using individualized or personalized optical data cards 12 as individualized or personalized portable secure unified platforms, where optical data cards 12 are prepared according to above Step (b), that is, according to the prefened embodiment of the present invention. Alternatively, Step (c) is performed by non-specific generalized users 16 using generalized optical data cards 12 as generalized portable secure authentication platforms, or, by specific individualized or personalized users 16 using individualized or personalized optical data cards 12 as individualized or personalized portable secure authentication platforms, where optical data cards 12 are prepared according to above alternative Step (b), that is, according to the alternative prefened embodiment of the present invention.
In sub-step (i) of Step (c), there is activating the prepared optical data card by each user.
Accordingly each user 16 activates optical data card 12 by inserting optical data card 12 into the optical data card reader device, such as a compact disc reader device, of computerized processing device 14 of user 16. Immediately following inserting optical data card 12 into computerized processing device 14, optical data card 12 is automatically prompted to run in the background of the computer operating system of computerized processing device 14 of user 16. According to specifications of service provider 20, and, preferably, by way of an auto-run mechanism, the digitally recorded user guidance program is prompted by user 16 inserting optical data card 12 into computerized processing device 14, with opening of a software window displaying general guidance content such as instructions, assistance, and options, for using optical data card 12. While optical data card 12 operates in the background, the user guidance program communicates with user 16, and guides user 16 through running of the digitally recorded on-line user/transaction authentication protocols, and if applicable, also through running of the digitally recorded secure on-line transaction protocols, step by step, parallel to and through completion of the sequence of each secure on-line transaction.
Each user 16 performing a secure on-line transaction, by way of on-line interactive communication network 22 such as an intranet and/or an extranet such as the Internet, selects to activate optical data card 12 on one of two occasions, that is, (i) before initiating communication, and therefore, before initiating the secure on-line transaction, with a third party 18 or with a service provider 20, or, (ii) after initiating communication, and therefore, part way through, such as in the middle of or towards completion of, performing the secure on-line transaction, with a third party 18 or with a service provider 20.
For user 16 activating optical data card 12 before initiating communication with third party 18 or with service provider 20, then user 16 is guided through the secure on-line transaction process from start to finish until the secure on-line transaction is completed, including accessing and communicating with third party 18 or with service provider 20, initiating the secure on-line transaction, participating in an on-line user/transaction authentication process, and completing the secure on-line transaction. Moreover, for user 16 activating optical data card 12 prior to performing a secure on-line transaction, then the user guidance program guides user 16, if such guidance is requested by user 16, to optionally stored audio, video, multi-media, advertising, promotional, and or web site hyperlink, data and information, according to specifications of service provider 20.
Alternatively, for user 16 activating optical data card 12 after initiating communication with third party 18 or with service provider 20, then the on-line user/transaction authentication of user 16 is immediately processed with minimal guidance required through the authentication and transaction completion processes. Moreover, for user 16 activating optical data card 12 part way through performing a secure on-line transaction and is ready for completing the secure on-line transaction, then the user guidance program automatically prompts user/transaction authentication and transaction completion processes. In sub-step (ii) of Step (c), there is authenticating each user by using the prepared optical data card.
Performing any of the variety of secure on-line transaction requires on-line authenticating each user 16, usually, by service provider 20. There are certain situations and conditions, subject to pre-determined specifications and authorization of service provider 20, where third party 18 authenticates user 16, such as in the following three particular cases: (1) where the particular type of secure on-line transaction performed by user 16 requires on-line authenticating user 16 by the third party 18 only, such as when user 16 sends to third party 18 a digital certificate issued by a certificate authority (CA) to user 16 for authenticating content of an e-mail sent by user 16 to third party 18, (2) where third party 18 has and implements appropriate on-line user/transaction authentication protocols which are compatible with the on-line user/transaction authentication protocols included on prepared optical data card 12 of user 16, separate from and without requiring service provider 20 authenticating user 16, and, (3) where third party 18 is part of service provider 20, as previously described above in the definitions of service provider 20 and third party 18, whereby authentication functions and operations of that service provider 20 are merged, combined, or added, to functions and operations of that third party 18. Accordingly, the following description of Step (c) for authenticating user 16 refers to the authenticating process usually performed by service provider 20, however, it is to be clearly understood that under the proper circumstances and conditions, third party 18 authenticates user 16 performing any of the variety of on-line transactions.
Authenticating each user 16 involves user 16 using prepared optical data card 12 with computerized processing device 14 for on-line interactively communicating, by way of on-line interactive communication network 22 such as an intranet and/or an extranet such as the Internet, with service provider 20. As described above in Step (b), and in alternative Step (b), service provider 20 encompasses components that enable the operation of user authentication, overall management, and logon to the variety of secure on-line transactions. In particular, service provider 20, authenticates each user 16 by implementing at least one of the above described different types of on-line user/transaction authentication protocols included on the prepared optical data card 12. For authenticating each user 16 service provider 20 performs basic tasks dedicated to securing and managing the on-line interactive communication with each user 16, including, for example, full PKI based authentication with private credentials, authorization, and encryption, as may be required using SSL2+3 or other secure on-line transaction protocols, and digital signatures, digitally recorded onto optical data cards 12 of users 16 as described above in Step (b) and in alternative Step (b).
When user 16 performs a secure on-line transaction based on a PKI type of on-line user/transaction authentication protocol, the following sequence of activities takes place. Only a pre-determined program or programs situated on a pre-determined remote location or locations on on-line interactive communication network 22 are authorized to approve the identity of user 16 following the authentication procedure and grant the owner, for example, user 16, of the account, access. The identification and authentication process involves two parts of activities conducted at two locations. The first part is locally conducted through a communication between the loaded software of prepared optical data card 12 and guided input of user 16, for example, password of user 16. The second part is remotely conducted through a communication between loaded software of prepared optical data card 12 and guided input of user 16 with a remote server, for example, password plus user identification (ID) of user 16. According to specifications of service provider 20, a digital certificate issued by a prefened certificate authority (CA) of service provider 20 which is included on prepared optical data card 12 is used for authenticating user 16. When user 16 performs one of the variety of secure on-line transactions, for example, purchasing a book from the web site of third party 18 such as an on-line merchant selling books, with a credit card, the relevant secure on-line transaction protocol plug-in included on prepared optical data card 12 and relating to the prefened method of payment, for example, PAN or 3DSET, initiates a connection attempt by on-line interactively communicating with the server of service provider 20. During this connection attempt, the server of service provider 20 prompts user 16 to authenticate by opening a password entry window. Alternatively, or, additionally, during the connection attempt, if properly supported, service provider 20 prompts an authentication mechanism requiring user 16 to present secret data and/or information involving an above described peripheral device type of on-line user/transaction authentication protocol. In such cases, accordingly, user 16 is authenticated by operation of at least one peripheral device 34 such as a computer chip, a cellular or mobile telephone, and/or a biometric device featuring, for example, a user voice recognition mechanism and/or a user fingerprint recognition mechanism, either separate from, and/or, associated with computerized processing device 14 of user 16, according to specifications of a service provider 20. Upon successful presentation of the correct password and/or conect peripheral device type of secret data and/or information of user 16, the encrypted key media on optical data card 12 which stores the private key of user 16, is unlocked and the authentication process takes place using, for example, a challenge response on-line user/transaction authentication protocol, or, some other similar type of on-line user/transaction authentication protocol. Even though the authentication process is partly canied out at the computerized processing device 14 of user 16, the authentication process is an integral part of the logon process to the server of service provider 20. Then, user 16 is granted access, sometimes without knowing that the authentication process takes place, to the relevant secure on-line transaction protocol in order to complete the secure on-line transaction. Extending the above example involving the PAN type of secure on-line transaction protocol, a one time unique-per-transaction credit card number is created by the server of service provider 20 and is resent to user 16 by way of the PAN secure on-line transaction protocol plug-in stored on optical data card 12 of user 16. Then, unique-per-transaction credit card number of user 16 is automatically or manually, depending upon the plug-in features, inserted by user 16 into the payment page of the web site of third party 18, in this example, an on-line merchant selling books. In some instances the particular type of secure on-line transaction protocol being implemented requires that the authentication approval be sent directly to third party 18 instead of being directed back to user 16.
In sub-step (iii) of Step (c), there is completing the secure on-line transaction of the user. Completing the secure on-line transaction of user 16 is performed by user 16 either using the prepared optical data card 12 prepared as the portable secure 'unified' platform, or, alternatively, is performed by user 16 without using the prepared optical data card 12 prepared as the portable secure 'authentication' platform.
For each user 16 using the prefened embodiment of prepared optical data card 12 as a portable secure unified platform including at least one of a plurality of different types of on-line user/transaction authentication protocols, and, including at least one of a plurality of different types of secure on-line transaction protocols, for performing the variety of secure on-line transactions, then, following successful completion of authentication according to above described sub-step (ii) of Step (c), the integration program included on optical data card 12 automatically prompts the relevant secure on-line transaction protocol, or, alternatively, guides each user 16 to indicate which secure on-line transaction protocol to use for interactively communicating with third parties 18, in order to complete each secure on-line transaction. According to specifications of service provider 20, the integration program of optical data card 12 automatically recognizes and prompts each appropriate secure on-line transaction protocol. Accordingly, each secure on-line transaction is brought to completion by sequential operation of each conesponding secure on-line transaction protocol, as previously described above in Step (b).
For each user 16 using the alternative prefened embodiment of prepared optical data cards 12 as a portable secure authentication platform including at least one of a plurality of different types of on-line user/transaction authentication protocols, without including any on-line transaction protocol, for performing the variety of secure on-line transactions, there are at least three different ways for performing and completing the secure on-line transaction of user 16. In a first way, service provider 20 initiates and completes the secure on-line transaction on behalf of user 16. For example, in scenarios where user 16 uses prepared optical data card 12 as a prepaid optical data card 12 for performing prepaid types of secure on-line transactions with a third party 18 by way of on-line interactive communication network 22 such as the Internet, service provider 20 authenticates user 16 and checks the balance of user 16 indicated by prepaid optical data card 12 against the previously established prepaid account of user 16 with service provider 20. Following verification by service provider 20 that sufficient balance of user 16 indicated by prepaid optical data card 12 is available for user 16 to perform the prepaid type of secure on-line transaction with third party 18, service provider 20 completes the prepaid type of secure on-line transaction on behalf of user 16 by directly on-line interactively communicating with third party 18.
In a second way, following successful completion of authentication of user 16 according to above described sub-step (ii) of Step (c), for example, involving a PKI type of on-line user/transaction authentication protocol included on prepared optical data card 12 of user 16, user 16, without further using the prepared optical data card 12, initiates and completes the secure on-line transaction by using computerized processing device 14, of user 16, having existing features and/or peripheral devices for performing secure on-line transactions with a third party 18 or with a service provider 20. For example, user 16 using the prepared optical data card 12 as the portable secure authentication platform is authenticated by a service provider 20, followed by user 16 running an e-mail software program hosted and executed by computerized processing device 14 of user 16 for sending an e-mail communication, such as an e-mail message with or without attached documents, associated with a digital certificate, for example, a PKI type of digital certificate, which was provided to user 16 as part of the previously successfully completed authentication process. In a third way, following successful completion of authentication of user 16 according to above described sub-step (ii) of Step (c), for example, involving a PKI type of on-line user/transaction authentication protocol included on prepared optical data card 12 of user 16, user 16, without further using the prepared optical data card 12, initiates and completes the secure on-line transaction entirely hosted and/or sponsored by third party 18 or service provider 20 having and implementing appropriate secure on-line transaction protocols which are compatible for using with the on-line user/transaction authentication protocols included on prepared optical data card 12 of user 16, separate from and without requiring inclusion and/or operation of any secure on-line transaction protocol on prepared optical data card 12 of user 16, for performing and completing the secure on-line transaction. This third way is especially applicable for user 16 performing secure on-line transactions in a variety of areas, such as in the area of PC security, for example, featuring secure on-line PC log-on applications, and, in the area of roaming accessibility, for example, featuring secure on-line local or remote network log-on applications such as on-line accessing, viewing, and/or interactively communicating with a file server or a database of a third party 18 or of a service provider 20.
While the invention has been described in conjunction with specific embodiments and examples thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, it is intended to embrace all such alternatives, modifications and variations that fall within the spirit and broad scope of the appended claims.

Claims

WHAT IS CLAIMED IS:
1. A method for using optical data cards as portable secure unified platforms for performing a variety of secure on-line transactions, comprising the steps of: (a) providing a plurality of fonnatted optical data cards each formatted for digitally recording and storing optically readable data;
(b) preparing said plurality of formatted optical data cards for forming a plurality of prepared optical data cards as the portable secure unified_platforms, whereby each said prepared optical data card has a set of digitally recorded said optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols and at least one of a plurality of different types of secure on-line transaction protocols; and
(c) perfonning at least one of the variety of secure on-line transactions by a plurality of users using said plurality of said prepared optical data cards.
2. The method of claim 1, whereby said formatted optical data cards are of variable geometrical configuration and dimensions, are made of a material selected from the group consisting of one type of material and a variety of types of materials, each said formatted optical data card features an optical data storage area or region designated for said digitally recording and storing said optically readable data, and each said formatted optical data card fits into and is operable by a device capable of optically reading data from and/or optically writing data onto each said formatted optical data card.
3. The method of claim 2, whereby said optical data storage area or region of each said formatted optical data card is formatted according to at least one of a variety of different formats selected from the group consisting of a CD-ROM format, a CD-R format, a CD-RW format, a hybrid format of said CD-ROM format and said CD-R format, a hybrid format of said CD-ROM format and said CD-RW format, and, a DVD format, for said digitally recording and storing said optically readable data onto each said formatted optical data card.
4. The method of claim 2, whereby said optical data storage area or region of each said optical data card has a total capacity for storing at least on the order of twenty megabytes of said optically readable data on each said formatted optical data card.
5. The method of claim 2, whereby said types of materials used for making said formatted optical data cards are selected from the group consisting of polymeric materials, metallic materials, and composite materials.
6. The method of claim 2, whereby said types of materials used for making said formatted optical data cards are selected from the group consisting of polyvinylchloride (PVC) plastics, polycarbonate plastics, and a combination of polyvinylchloride plastics and polycarbonate plastics.
7. The method of claim 2, whereby each said formatted optical data card further features at least one non-optical data storage area or region designated for printing human and/or machine readable graphics data and information onto each said formatted optical data card, said graphics data and infonnation are selected from the group consisting of human readable data and information, machine readable data and information, and, a combination of human readable and machine readable data and information.
8. The method of claim 2, whereby each said formatted optical data card further features at least one non-optical data storage area or region designated for the attachment of objects selected from the group consisting of physical features and mechanisms, onto each said formatted optical data card.
9. The method of claim 7, whereby said formatted optical data cards are plastic cards each having a configuration selected from the group consisting of a symmetrical configuration, an asymmetrical configuration, a circular configuration, and, a polygonal configuration, including in said configuration a smaller diameter version of a standard compact disc (CD) .
10. The method of claim 7, whereby said formatted optical data cards are plastic rectangular cards having dimensions similar to those of a standard credit or debit card approximately 80 - 90 mm in length, approximately 50 - 60 mm in width, and approximately 0.5 - 1.5 mm in thickness, including in said standard credit or debit card configuration and dimensions a smaller diameter version of a standard compact disc (CD).
11. The method of claim 7, whereby the step (b) of preparing said plurality of formatted optical data cards includes processing selected from the group consisting of processing said formatted optical data cards during manufacturing said formatted optical data cards, processing said formatted optical data cards by an optical data card preparing station, and, a combination of said processing during said manufacturing said formatted optical data cards with said processing by said optical data card preparing station, said optical data card preparing station includes (i) at least one optically readable data writing device for said digitally recording said optically readable data onto each said optical data storage area or region of each said formatted optical data card, (ii) at least one graphics printing device for said printing human and/or machine readable graphics data and information onto each said at least one non-optical data storage area or region of each said formatted optical data card, and (iii) a computerized processing unit (CPU) for overseeing and managing automated flow of work involved in said preparing said plurality of formatted optical data cards.
12. The method of claim 11, whereby the step (b) of preparing said plurality of formatted optical data cards includes preparing said formatted optical data cards as the portable secure unified platforms functioning as platforms selected from the group consisting of generalized portable secure unified platforms used by non-specific generalized said users performing the variety of secure on-line transactions and individualized or personalized portable secure unified platforms used by specific individualized said users performing the variety of secure on-line transaction.
13. The method of claim 1, whereby said set of said digitally recorded optically readable data on each said prepared optical data card includes said at least one of a plurality of different types of on-line user/transaction authentication protocols featuring digitized data and infonnation in the form of computer software for representing and for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, associated with on-line authenticating said plurality of said users of said plurality of said prepared optical data cards.
14. The method of claim 1, whereby said set of said digitally recorded optically readable data on each said prepared optical data card includes said at least one of a plurality of different types of on-line user/transaction authentication protocols selected from the group consisting of PKI (Public Key Infrastructure) types of authentication protocols, IPSEC / IKE (Secure Internet Protocol / Internet Key Exchange) types of authentication protocols, challenge response types of authentication protocols, Kerberos types of authentication protocols, symmetric key types of authentication protocols, user name password types of authentication protocols, Radius (Remote Authentication Dial-In User Service) types of authentication protocols, Tackas types of authentication protocols, CHAP (Challenge-Handshake Authentication Protocol) types of authentication protocols, PAP (Password Authentication Protocol) types of authentication protocols, one-time-password types of authentication protocols, and peripheral device types of authentication protocols.
15. The method of claim 1, whereby said at least one of a plurality of different types of on-line user/transaction authentication protocols of said set of said digitally recorded optically readable data on each said prepared optical data card includes at least one PKI (Public Key Infrastructure) type of said on-line user/transaction authentication protocols, said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI data file, at least one PKI text file, at least one PKI program file, and at least one PKI combination file, said PKI combination file is a combination of a plurality of said PKI files selected from the group consisting of said at least one PKI data file, said at least one PKI text file, and said at least one PKI program file.
16. The method of claim 1, whereby said at least one of a plurality of different types of on-line user/transaction authentication protocols of said set of said digitally recorded optically readable data on each said prepared optical data card includes at least one PKI (Public Key Infrastructure) type of said on-line user/transaction authentication protocols, said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI private key, at least one PKI public key, at least one PKI symmetric key, at least one PKI serial authentication number, at least one PKI digital signature, at least one PKI digital certificate, and, at least one PKI encryption and decryption program file, which are uniquely issued to said users selected from the group consisting of individualized users, personalized users, and, non-specific generalized users of said plurality of said users for said performing said at least one of the variety of secure on-line transactions by said using said plurality of said prepared optical data cards.
17. The method of claim 14, whereby said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI data file, at least one PKI text file, at least one PKI program file, and at least one PKI combination file, said PKI combination file is a combination of a plurality of said PKI files selected from the group consisting of said at least one PKI data file, said at least one PKI text file, and said at least one PKI program file.
18. The method of claim 14, whereby said at least one PKI (Public Key Infrastructure) type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI private key, at least one PKI public key, at least one PKI symmetric key, at least one PKI serial authentication number, at least one PKI digital signature, at least one PKI digital certificate, and, at least one PKI encryption and decryption program file, which are uniquely issued to said users selected from the group consisting of individualized users, personalized users, and, non-specific generalized users of said plurality of said users for said performing said at least one of the variety of secure on-line transactions by said using said plurality of said prepared optical data cards.
19. The method of claim 14, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes said at least one of a plurality of different types of secure on-line transaction protocols selected from the group consisting of SSL (Secure Sockets Layer) types of on-line transaction protocols, 3DSSL (Three Domain Secure Sockets Layer) types of on-line transaction protocols, SET (Secure Electronic Transaction) types of on-line transaction protocols, 3DSET (Three Domain Secure Electronic Transaction) types of on-line transaction protocols, EMV (Europay MasterCard Visa) types of on-line transaction protocols, PAN (Pseudo Account Number) types of on-line transaction protocols, virtual credit or debit card types of on-line transaction protocols, electronic wallet types of on-line transaction protocols, prepaid protocols, micropayment types of on-line transaction protocols, home and corporate banking types of on-line transaction protocols, stocks, bonds, and commodities trading types of on-line transaction protocols, insurance types of on-line transaction, health related (medical, dental, pharmaceutical) types of on-line transaction protocols, corporate networking types of on-line transaction protocols, and peripheral device types of on-line transaction protocols.
20. The method of claim 19, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes a user guidance program, said user guidance program opens a software window displaying general guidance content selected from the group consisting of instructions, assistance, and options, for said plurality of users using said plurality of said prepared optical data cards for said performing said at least one of the variety of secure on-line transactions.
21. The method of claim 19, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes an integration software program for automatically recognizing, integrating, managing co-existence, and prompting of said at least one of a plurality of different types of on-line user/transaction authentication protocols and said at least one of a plurality of different types of secure on-line transaction protocols included on said plurality of said prepared optical data cards while said plurality of said users perform said at least one of the variety of secure on-line transactions.
22. The method of claim 19, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes said optically readable data selected from the group consisting of audio, video, multi-media, promotional, advertising, and web site hyperlink, optically readable data.
23. The method of claim 19, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes wireless communication software, whereby said plurality of users use and operate said prepared optical data cards in a wireless mode of on-line interactive communication.
24. The method of claim 19, whereby the step (b) of preparing said plurality of formatted optical data cards further includes including at least one copy prevention mechanism with a pre-determined number of said plurality of formatted optical data cards for preventing unauthorized copying of said digitally recorded optically readable data included on said pre-determined number of said prepared optical data cards, said at least one copy prevention mechanism is selected from the group consisting of a manufacturing defect in each said prepared optical data card, a physical alteration in each said prepared optical data card, and digitally recorded copy prevention software on each said prepared optical data card.
25. The method of claim 1, whereby at least one service provider selected from the group consisting of an on-line private entity of variable size and an on-line public entity of variable size, prepares and issues said plurality of formatted optical data cards for said plurality of users and on-line authenticates said plurality of users performing said at least one of the variety of secure on-line transactions with at least one third party by interactively communicating on-line with said plurality of users by using said plurality of prepared optical data cards, each said service provider has a relationship selected from the group consisting of an authenticating and authorizing relationship, and, an authenticating and billing relationship, with said plurality of users.
26. The method of claim 25, whereby said at least one third party selected from the group consisting of an on-line private entity of variable size and an on-line public entity of variable size, is directly involved with said plurality of users performing said at least one of the variety of secure on-line transactions by way of said plurality of prepared optical data cards.
27. The method of claim 26, whereby said at least one third party is directly involved with said at least one service provider on-line authenticating said plurality of users by way of said plurality of prepared optical data cards.
28. The method of claim 1, whereby in step (c) said at least one of the variety of secure on-line transactions performed by said plurality of said users is in at least one area selected from the group consisting of electronic commerce, personal computer security, and roaming log-on accessibility, said area of electronic commerce features secure on-line applications selected from the group consisting of secure on-line payment applications, secure on-line banking applications, secure on-line stock, bond, and commodity trading applications, secure on-line insurance applications, and, secure on-line health related (medical, dental, pharmaceutical) applications, said area of personal computer security features secure on-line applications selected from the group consisting of secure on-line personal computer log-on applications and secure on-line personal computer data encryption applications, said area of roaming log-on accessibility features secure on-line applications selected from the group consisting of secure on-line local network log-on applications, remote network log-on applications, e-mail server accessing applications, file server accessing applications, and database accessing applications.
29. The method of claim 1, whereby step (c) of performing said at least one of the variety of secure on-line transactions by said plurality of users using said plurality of said prepared optical data cards comprises:
(i) activating said prepared optical data cards by said plurality of users; (ii) authenticating said plurality of users by using said prepared optical data cards; and
(iii) completing each said secure on-line transaction of each said user.
30. The method of claim 29, whereby step (i) includes prompting of a digitally recorded optically readable user guidance program on said prepared optical data card for communicating with each said user and guiding each said user through running said at least one of a plurality of different types of on-line user/transaction authentication protocols and through running said at least one of a plurality of different types of secure on-line transaction protocols, parallel to and through completion of each said secure on-line transaction.
31. The method of claim 29, whereby step (ii) includes authenticating each said user using a said prepared optical data card with a computerized processing device of said user for on-line interactively communicating by way of an on-line interactive communication network with a service provider, said service provider is selected from the group consisting of an on-line private entity of variable size and an on-line public entity of variable size, preparing and issuing said plurality of fonnatted optical data cards for said plurality of users and on-line authenticating said plurality of users performing said at least one of the variety of secure on-line transactions with at least one on-line third party by interactively communicating on-line with said plurality of users by using said plurality of prepared optical data cards, each said service provider has a relationship selected from the group consisting of an authenticating and authorizing relationship, and, an authenticating and billing relationship, with said plurality of users.
32. The method of claim 29, whereby step (iii) includes executing an integration software program digitally recorded onto each said prepared optical data card for recognizing and prompting said at least one of a plurality of different types of on-line user/transaction authentication protocols and each said secure on-line transaction protocol included on each said prepared optical data card, whereby, each said secure on-line transaction is brought to completion by sequential operation of a conesponding said secure on-line transaction protocol included on said prepared optical data card.
33. A method for using optical data cards as portable secure authentication platforms for performing a variety of secure on-line transactions, comprising the steps of:
(a) providing a plurality of formatted optical data cards each formatted for digitally recording and storing optically readable data;
(b) preparing said plurality of formatted optical data cards for forming a plurality of prepared optical data cards as the portable secure authentication platforms, whereby each said prepared optical data card has a set of digitally recorded said optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols; and (c) performing at least one of the variety of secure on-line transactions by a plurality of users using said plurality of said prepared optical data cards.
34. The method of claim 33, whereby said formatted optical data cards are of variable geometrical configuration and dimensions, are made of a material selected from the group consisting of one type of material and a variety of types of materials, each said formatted optical data card features an optical data storage area or region designated for said digitally recording and storing said optically readable data, and each said formatted optical data card fits into and is operable by a device capable of optically reading data from and/or optically writing data onto each said formatted optical data card.
35. The method of claim 34, whereby said optical data storage area or region of each said formatted optical data card is formatted according to at least one of a variety of different formats selected from the group consisting of a CD-ROM format, a CD-R format, a CD-RW format, a hybrid format of said CD-ROM format and said CD-R format, a hybrid format of said CD-ROM format and said CD-RW format, and, a DVD format, for said digitally recording and storing said optically readable data onto each said formatted optical data card.
36. The method of claim 34, whereby said optical data storage area or region of each said optical data card has a total capacity for storing at least on the order of twenty megabytes of said optically readable data on each said formatted optical data card.
37. The method of claim 34, whereby said types of materials used for making said formatted optical data cards are selected from the group consisting of polymeric materials, metallic materials, and composite materials.
38. The method of claim 34, whereby said types of materials used for making said formatted optical data cards are selected from the group consisting of polyvinylchloride (PVC) plastics, polycarbonate plastics, and a combination of polyvinylchloride plastics and polycarbonate plastics.
39. The method of claim 34, whereby each said formatted optical data card further features at least one non-optical data storage area or region designated for printing human and/or machine readable graphics data and information onto each said formatted optical data card, said graphics data and information are selected from the group consisting of human readable data and information, machine readable data and information, and, a combination of human readable and machine readable data and information.
40. The method of claim 34, whereby each said formatted optical data card further features at least one non-optical data storage area or region designated for the attachment of objects selected from the group consisting of physical features and mechanisms, onto each said formatted optical data card.
41. The method of claim 39, whereby said formatted optical data cards are plastic cards each having a configuration selected from the group consisting of a symmetrical configuration, an asymmetrical configuration, a circular configuration, and, a polygonal configuration, including in said configuration a smaller diameter version of a standard compact disc (CD).
42. The method of claim 39, whereby said fonnatted optical data cards are plastic rectangular cards having dimensions similar to those of a standard credit or debit card approximately 80 - 90 mm in length, approximately 50 - 60 mm in width, and approximately 0.5 - 1.5 mm in thickness, including in said standard credit or debit card configuration and dimensions a smaller diameter version of a standard compact disc (CD).
43. The method of claim 39, whereby the step (b) of preparing said plurality of formatted optical data cards includes processing selected from the group consisting of processing said formatted optical data cards during manufacturing said formatted optical data cards, processing said formatted optical data cards by an optical data card preparing station, and, a combination of said processing during said manufacturing said formatted optical data cards with said processing by said optical data card preparing station, said optical data card preparing station includes (i) at least one optically readable data writing device for said digitally recording said optically readable data onto each said optical data storage area or region of each said formatted optical data card, (ii) at least one graphics printing device for said printing human and/or machine readable graphics data and information onto each said at least one non-optical data storage area or region of each said formatted optical data card, and (iii) a computerized processing unit (CPU) for overseeing and managing automated flow of work involved in said preparing said plurality of formatted optical data cards.
44. The method of claim 43, whereby the step (b) of preparing said plurality of formatted optical data cards includes preparing said formatted optical data cards as the portable secure unified platforms functioning as platforms selected from the group consisting of generalized portable secure unified platforms used by non-specific generalized said users performing the variety of secure on-line transactions and individualized or personalized portable secure unified platforms used by specific individualized said users performing the variety of secure on-line transaction.
45. The method of claim 33, whereby said set of said digitally recorded optically readable data on each said prepared optical data card includes said at least one of a plurality of different types of on-line user/transaction authentication protocols featuring digitized data and information in the form of computer software for representing and for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, associated with on-line authenticating said plurality of said users of said plurality of said prepared optical data cards.
46. The method of claim 33, whereby said set of said digitally recorded optically readable data on each said prepared optical data card includes said at least one of a plurality of different types of on-line user/transaction authentication protocols selected from the group consisting of PKI (Public Key Infrastructure) types of authentication protocols, IPSEC / IKE (Secure Internet Protocol / Internet Key Exchange) types of authentication protocols, challenge response types of authentication protocols, Kerberos types of authentication protocols, symmetric key types of authentication protocols, user name password types of authentication protocols, Radius (Remote Authentication Dial-In User Service) types of authentication protocols, Tackas types of authentication protocols, CHAP (Challenge-Handshake Authentication Protocol) types of authentication protocols, PAP (Password Authentication Protocol) types of authentication protocols, one-time-password types of authentication protocols, and peripheral device types of authentication protocols.
47. The method of claim 33, whereby said at least one of a plurality of different types of on-line user/transaction authentication protocols of said set of said digitally recorded optically readable data on each said prepared optical data card includes at least one PKI (Public Key Infrastructure) type of said on-line user/transaction authentication protocols, said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI data file, at least one PKI text file, at least one PKI program file, and at least one PKI combination file, said PKI combination file is a combination of a plurality of said PKI files selected from the group consisting of said at least one PKI data file, said at least one PKI text file, and said at least one PKI program file.
48. The method of claim 33, whereby said at least one of a plurality of different types of on-line user/transaction authentication protocols of said set of said digitally recorded optically readable data on each said prepared optical data card includes at least one PKI (Public Key Infrastructure) type of said on-line user/transaction authentication protocols, said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI private key, at least one PKI public key, at least one PKI symmetric key, at least one PKI serial authentication number, at least one PKI digital signature, at least one PKI digital certificate, and, at least one PKI encryption and decryption program file, which are uniquely issued to said users selected from the group consisting of individualized users, personalized users, and, non-specific generalized users of said plurality of said users for said performing said at least one of the variety of secure on-line transactions by said using said plurality of said prepared optical data cards.
49. The method of claim 46, whereby said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI data file, at least one PKI text file, at least one PKI program file, and at least one PKI combination file, said PKI combination file is a combination of a plurality of said PKI files selected from the group consisting of said at least one PKI data file, said at least one PKI text file, and said at least one PKI program file.
50. The method of claim 46, whereby said at least one PKI (Public Key Infrastructure) type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI private key, at least one PKI public key, at least one PKI symmetric key, at least one PKI serial authentication number, at least one PKI digital signature, at least one PKI digital certificate, and, at least one PKI encryption and decryption program file, which are uniquely issued to said users selected from the group consisting of individualized users, personalized users, and, non-specific generalized users of said plurality of said users for said performing said at least one of the variety of secure on-line transactions by said using said plurality of said prepared optical data cards.
51. The method of claim 46, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes a user guidance program, said user guidance program opens a software window displaying general guidance content selected from the group consisting of instructions, assistance, and options, for said plurality of users using said plurality of said prepared optical data cards for said performing said at least one of the variety of secure on-line transactions.
52. The method of claim 46, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes an integration software program for automatically recognizing, integrating, managing co-existence, and prompting of said at least one of a plurality of different types of on-line user/transaction authentication protocols and additional software while said plurality of said users perform said at least one of the variety of secure on-line transactions.
53. The method of claim 46, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes said optically readable data selected from the group consisting of audio, video, multi-media, promotional, advertising, and web site hyperlink, optically readable data.
54. The method of claim 46, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes wireless communication software, whereby said plurality of users use and operate said prepared optical data cards in a wireless mode of on-line interactive communication.
55. The method of claim 46, whereby the step (b) of preparing said plurality of formatted optical data cards further includes including at least one copy prevention mechanism with a pre-determined number of said plurality of formatted optical data cards for preventing unauthorized copying of said digitally recorded optically readable data included on said pre-determined number of said prepared optical data cards, said at least one copy prevention mechanism is selected from the group consisting of a manufacturing defect in each said prepared optical data card, a physical alteration in each said prepared optical data card, and digitally recorded copy prevention software on each said prepared optical data card.
56. The method of claim 33, whereby at least one service provider selected from the group consisting of an on-line private entity of variable size and an on-line public entity of variable size, prepares and issues said plurality of formatted optical data cards for said plurality of users and on-line authenticates said plurality of users perfonning said at least one of the variety of secure on-line transactions with at least one third party by interactively communicating on-line with said plurality of users by using said plurality of prepared optical data cards, each said service provider has a relationship selected from the group consisting of an authenticating and authorizing relationship, and, an authenticating and billing relationship, with said plurality of users.
57. The method of claim 56, whereby said at least one third party selected from the group consisting of an on-line private entity of variable size and an on-line public entity of variable size, is directly involved with said plurality of users performing said at least one of the variety of secure on-line transactions by way of said plurality of prepared optical data cards.
58. The method of claim 57, whereby said at least one third party is directly involved with said at least one service provider on-line authenticating said plurality of users by way of said plurality of prepared optical data cards.
59. The method of claim 33, whereby in step (c) said at least one of the variety of secure on-line transactions performed by said plurality of said users is in at least one area selected from the group consisting of electronic commerce, personal computer security, and roaming log-on accessibility, said area of electronic commerce features secure on-line applications selected from the group consisting of secure on-line payment applications, secure on-line banking applications, secure on-line stock, bond, and commodity trading applications, secure on-line insurance applications, and, secure on-line health related (medical, dental, pharmaceutical) applications, said area of personal computer security features secure on-line applications selected from the group consisting of secure on-line personal computer log-on applications and secure on-line personal computer data encryption applications, said area of roaming log-on accessibility features secure on-line applications selected from the group consisting of secure on-line local network log-on applications, remote network log-on applications, e-mail server accessing applications, file server accessing applications, and database accessing applications.
60. The method of claim 33, whereby step (c) of performing said at least one of the variety of secure on-line transactions by said plurality of users using said plurality of said prepared optical data cards comprises:
(i) activating said prepared optical data cards by said plurality of users; (ii) authenticating said plurality of users by using said prepared optical data cards; and (iii) completing each said secure on-line transaction of each said user.
61. The method of claim 60, whereby step (i) includes prompting of a digitally recorded optically readable user guidance program on said prepared optical data card for communicating with each said user and guiding each said user through running said at least one of a plurality of different types of on-line user/transaction authentication protocols, parallel to and through completion of each said secure on-line transaction.
62. The method of claim 60, whereby step (ii) includes authenticating each said user using a said prepared optical data card with a computerized processing device of said user for on-line interactively communicating by way of an on-line interactive communication network with a service provider, said service provider is selected from the group consisting of an on-line private entity of variable size and an on-line public entity of variable size, preparing and issuing said plurality of fonnatted optical data cards for said plurality of users and on-line authenticating said plurality of users performing said at least one of the variety of secure on-line transactions with at least one on-line third party by interactively communicating on-line with said plurality of users by using said plurality of prepared optical data cards, each said service provider has a relationship selected from the group consisting of an authenticating and authorizing relationship, and, an authenticating and billing relationship, with said plurality of users.
63. The method of claim 62, whereby step (iii) includes said service provider initiating and completing each said secure on-line transaction on behalf of each said user.
64. The method of claim 62, whereby step (iii) includes each said user initiating and completing each said secure on-line transaction by using a computerized processing device having functions selected from the group consisting of existing features and peripheral devices for said performing said secure on-line transaction with an entity selected from the group consisting of said at least one on-line third party and said service provider.
65. The method of claim 62, whereby step (iii) includes user initiating and completing each said secure on-line transaction entirely hosted by an entity selected from the group consisting of said on-line third party and said service provider, said entity has and implements appropriate secure on-line transaction protocols compatible for using with said at least one of a plurality of different types of on-line user/transaction authentication protocols included on said prepared optical data card of each said user.
66. A system for using optical data cards as portable secure unified platforms for performing a variety of secure on-line transactions, comprising:
(a) a plurality of formatted and prepared optical data cards each formatted for digitally recording and storing optically readable data and prepared as the portable secure unified platform having a set of said digitally recorded optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols and including at least one of a plurality of different types of secure on-line transaction protocols; (b) a plurality of computerized processing devices for optically reading data from and/or optically writing data onto said plurality of prepared optical data cards and for interactively communicating on-line;
(c) a plurality of users performing the variety of secure on-line transactions by using said plurality of prepared optical data cards and said plurality of computerized processing devices;
(d) a plurality of third parties directly involved with said plurality of users performing the variety of secure on-line transactions by interactively communicating on-line with said plurality of users using said plurality of prepared optical data cards with said plurality of computerized processing devices;
(e) at least one service provider for preparing and issuing said plurality of formatted and prepared optical data cards for the plurality of users and on-line authenticating said plurality of users performing the variety of secure on-line transactions by interactively communicating on-line with said plurality of users using said plurality of prepared optical data cards with said plurality of computerized processing devices; and
(f) at least one on-line interactive communication network for said plurality of users using said plurality of prepared optical data cards with said plurality of computerized processing devices to interactively communicate on-line with said plurality of third parties and to interactively communicate on-line with said at least one service provider, whereby said plurality of users perform the variety of secure on-line transactions using said plurality of prepared optical data cards.
67. The system of claim 66, whereby said formatted optical data cards are of variable geometrical configuration and dimensions, are made of a material selected from the group consisting of one type of material and a variety of types of materials, each said formatted optical data card features an optical data storage area or region designated for said digitally recording and storing said optically readable data, and each said formatted optical data card fits into and is operable by a device capable of optically reading data from and/or optically writing data onto each said formatted optical data card.
68. The system of claim 67, whereby said optical data storage area or region of each said formatted optical data card is formatted according to at least one of a variety of different formats selected from the group consisting of a CD-ROM format, a CD-R format, a CD-RW format, a hybrid format of said CD-ROM format and said CD-R format, a hybrid format of said CD-ROM format and said CD-RW format, and, a DVD format, for said digitally recording and storing said optically readable data onto each said formatted optical data card.
69. The system of claim 67, whereby said optical data storage area or region of each said optical data card has a total capacity for storing at least on the order of twenty megabytes of said optically readable data on each said formatted optical data card.
70. The system of claim 67, whereby said types of materials used for making said formatted optical data cards are selected from the group consisting of polymeric materials, metallic materials, and composite materials.
71. The system of claim 67, whereby said types of materials used for making said formatted optical data cards are selected from the group consisting of polyvinylchloride (PVC) plastics, polycarbonate plastics, and a combination of polyvinylchloride plastics and polycarbonate plastics.
72. The system of claim 67, whereby each said formatted optical data card further features at least one non-optical data storage area or region designated for printing human and/or machine readable graphics data and information onto each said formatted optical data card, said graphics data and information are selected from the group consisting of human readable data and information, machine readable data and information, and, a combination of human readable and machine readable data and information.
73. The system of claim 67, whereby each said formatted optical data card furtlier features at least one non-optical data storage area or region designated for the attachment of objects selected from the group consisting of physical features and mechanisms, onto each said formatted optical data card.
74. The system of claim 72, whereby said formatted optical data cards are plastic cards each having a configuration selected from the group consisting of a symmetrical configuration, an asymmetrical configuration, a circular configuration, and, a polygonal configuration, including in said configuration a smaller diameter version of a standard compact disc (CD).
75. The system of claim 72, whereby said formatted optical data cards are plastic rectangular cards having dimensions similar to those of a standard credit or debit card approximately 80 - 90 mm in length, approximately 50 - 60 mm in width, and approximately 0.5 - 1.5 mm in thickness, including in said standard credit or debit card configuration and dimensions a smaller diameter version of a standard compact disc (CD).
76. The system of claim 72, whereby said preparing said plurality of formatted optical data cards includes processing selected from the group consisting of processing said formatted optical data cards during manufacturing said formatted optical data cards, processing said formatted optical data cards by an optical data card preparing station, and, a combination of said processing during said manufacturing said formatted optical data cards with said processing by said optical data card preparing station, said optical data card preparing station includes (i) at least one optically readable data writing device for said digitally recording said optically readable data onto each said optical data storage area or region of each said formatted optical data card, (ii) at least one graphics printing device for said printing human and/or machine readable graphics data and information onto each said at least one non-optical data storage area or region of each said formatted optical data card, and (iii) a computerized processing unit (CPU) for overseeing and managing automated flow of work involved in said preparing said plurality of formatted optical data cards.
77. The system of claim 76, whereby said preparing said plurality of formatted optical data cards includes preparing said formatted optical data cards as the portable secure unified platforms functioning as platforms selected from the group consisting of generalized portable secure unified platforms used by non-specific generalized said users performing the variety of secure on-line transactions and individualized or personalized portable secure unified platforms used by specific individualized said users performing the variety of secure on-line transaction.
78. The system of claim 67, whereby said set of said digitally recorded optically readable data on each said prepared optical data card includes said at least one of a plurality of different types of on-line user/transaction authentication protocols featuring digitized data and information in the form of computer software for representing and for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, associated with on-line authenticating said plurality of said users of said plurality of said prepared optical data cards.
79. The system of claim 67, whereby said set of said digitally recorded optically readable data on each said prepared optical data card includes said at least one of a plurality of different types of on-line user/transaction authentication protocols selected from the group consisting of PKI (Public Key Infrastructure) types of authentication protocols, IPSEC / IKE (Secure Internet Protocol / Internet Key Exchange ) types of authentication protocols, challenge response types of authentication protocols, Kerberos types of authentication protocols, symmetric key types of authentication protocols, user name password types of authentication protocols, Radius (Remote Authentication Dial-In User Service) types of authentication protocols, Tackas types of authentication protocols, CHAP (Challenge-Handshake Authentication Protocol) types of authentication protocols, PAP (Password Authentication Protocol) types of authentication protocols, one-time-password types of authentication protocols, and peripheral device types of authentication protocols.
80. The system of claim 67, whereby said at least one of a plurality of different types of on-line user/transaction authentication protocols of said set of said digitally recorded optically readable data on each said prepared optical data card includes at least one PKI (Public Key Infrastructure) type of said on-line user/transaction authentication protocols, said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI data file, at least one PKI text file, at least one PKI program file, and at least one PKI combination file, said PKI combination file is a combination of a plurality of said PKI files selected from the group consisting of said at least one PKI data file, said at least one PKI text file, and said at least one PKI program file.
81. The system of claim 67, whereby said at least one of a plurality of different types of on-line user/transaction authentication protocols of said set of said digitally recorded optically readable data on each said prepared optical data card includes at least one PKI (Public Key Infrastructure) type of said on-line user/transaction authentication protocols, said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI private key, at least one PKI public key, at least one PKI symmetric key, at least one PKI serial authentication number, at least one PKI digital signature, at least one PKI digital certificate, and, at least one PKI encryption and decryption program file, which are uniquely issued to said users selected from the group consisting of individualized users, personalized users, and, non-specific generalized users of said plurality of said users for said performing said at least one of the variety of secure on-line transactions by said using said plurality of said prepared optical data cards.
82. The system of claim 79, whereby said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI data file, at least one PKI text file, at least one PKI program file, and at least one PKI combination file, said PKI combination file is a combination of a plurality of said PKI files selected from the group consisting of said at least one PKI data file, said at least one PKI text file, and said at least one PKI program file.
83. The system of claim 79, whereby said at least one PKI (Public Key Infrastructure) type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI private key, at least one PKI public key, at least one PKI symmetric key, at least one PKI serial authentication number, at least one PKI digital signature, at least one PKI digital certificate, and, at least one PKI encryption and decryption program file, which are uniquely issued to said users selected from the group consisting of individualized users, personalized users, and, non-specific generalized users of said plurality of said users for said performing said at least one of the variety of secure on-line transactions by said using said plurality of said prepared optical data cards.
84. The system of claim 79, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes said at least one of a plurality of different types of secure on-line transaction protocols selected from the group consisting of SSL (Secure Sockets Layer) types of on-line transaction protocols, 3DSSL (Three Domain Secure Sockets Layer) types of on-line transaction protocols, SET (Secure Electronic Transaction) types of on-line transaction protocols, 3DSET (Three Domain Secure Electronic Transaction) types of on-line transaction protocols, EMV (Europay MasterCard Visa) types of on-line transaction protocols, PAN (Pseudo Account Number) types of on-line transaction protocols, virtual credit or debit card types of on-line transaction protocols, electronic wallet types of on-line transaction protocols, prepaid protocols, micropayment types of on-line transaction protocols, home and corporate banking types of on-line transaction protocols, stocks, bonds, and commodities trading types of on-line transaction protocols, insurance types of on-line transaction, health related (medical, dental, pharmaceutical) types of on-line transaction protocols, corporate networking types of on-line transaction protocols, and peripheral device types of on-line transaction protocols.
85. The system of claim 84, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes a user guidance program, said user guidance program opens a software window displaying general guidance content selected from the group consisting of instructions, assistance, and options, for said plurality of users using said plurality of said prepared optical data cards for said performing said at least one of the variety of secure on-line transactions.
86. The system of claim 84, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes an integration software program for automatically recognizing, integrating, managing co-existence, and prompting of said at least one of a plurality of different types of on-line user/transaction authentication protocols and said at least one of a plurality of different types of secure on-line transaction protocols included on said plurality of said prepared optical data cards while said plurality of said users perform said at least one of the variety of secure on-line transactions.
87. The system of claim 84, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes said optically readable data selected from the group consisting of audio, video, multi-media, promotional, advertising, and web site hyperlink, optically readable data.
88. The system of claim 84, whereby said set of said digitally recorded optically readable data on each said prepared optical data card further includes wireless communication software, whereby said plurality of users use and operate said prepared optical data cards in a wireless mode of on-line interactive communication.
89. The system of claim 84, whereby said preparing said plurality of formatted optical data cards further includes including at least one copy prevention mechanism with a pre-determined number of said plurality of formatted optical data cards for preventing unauthorized copying of said digitally recorded optically readable data included on said pre-determined number of said prepared optical data cards, said at least one copy prevention mechanism is selected from the group consisting of a manufacturing defect in each said prepared optical data card, a physical alteration in each said prepared optical data card, and digitally recorded copy prevention software on each said prepared optical data card.
90. A system for using optical data cards as portable secure authentication platforms for performing a variety of secure on-line transactions, comprising:
(a) a plurality of formatted and prepared optical data cards each formatted for digitally recording and storing optically readable data and prepared as the portable secure authentication platform having a set of said digitally recorded optically readable data including at least one of a plurality of different types of on-line user/transaction authentication protocols;
(b) a plurality of computerized processing devices for optically reading data from and/or optically writing data onto said plurality of prepared optical data cards and for interactively communicating on-line;
(c) a plurality of users performing the variety of secure on-line transactions by using said plurality of prepared optical data cards and said plurality of computerized processing devices;
(d) a plurality of third parties directly involved with said plurality of users performing the variety of secure on-line transactions by interactively communicating on-line with said plurality of users using said plurality of prepared optical data cards with said plurality of computerized processing devices;
(e) at least one service provider for preparing and issuing said plurality of formatted and prepared optical data cards for the plurality of users and on-line authenticating said plurality of users performing the variety of secure on-line transactions by interactively communicating on-line with said plurality of users using said plurality of prepared optical data cards with said plurality of computerized processing devices; and (f) at least one on-line interactive communication network for said plurality of users using said plurality of prepared optical data cards with said plurality of computerized processing devices to interactively communicate on-line with said plurality of third parties and to interactively communicate on-line with said at least one service provider, whereby said plurality of users perform the variety of secure on-line transactions using said plurality of prepared optical data cards.
91. The system of claim 90, whereby said preparing said plurality of formatted optical data cards includes preparing said formatted optical data cards as the portable secure authentication platforms functioning as platforms selected from the group consisting of generalized portable secure authentication platforms used by non-specific generalized said users performing the variety of secure on-line transactions and individualized or personalized portable secure authentication platforms used by specific individualized said users performing the variety of secure on-line transaction.
92. The system of claim 90, whereby said set of said digitally recorded optically readable data on each said prepared optical data card includes said at least one of a plurality of different types of on-line user/transaction authentication protocols featuring digitized data and information in the form of computer software for representing and for implementing at least part of a particular flow of information, security procedures, sequences, and various interactions among different entities, associated with on-line authenticating said plurality of said users of said plurality of said prepared optical data cards.
93. The system of claim 90, whereby said set of said digitally recorded optically readable data on each said prepared optical data card includes said at least one of a plurality of different types of on-line user/transaction authentication protocols selected from the group consisting of PKI (Public Key Infrastructure) types of authentication protocols, IPSEC / IKE (Secure Internet Protocol / Internet Key Exchange ) types of authentication protocols, challenge response types of authentication protocols, Kerberos types of authentication protocols, symmetric key types of authentication protocols, user name password types of authentication protocols, Radius (Remote Authentication Dial-In User Service) types of authentication protocols, Tackas types of authentication protocols, CHAP (Challenge-Handshake Authentication Protocol) types of authentication protocols, PAP (Password Authentication Protocol) types of authentication protocols, one-time-password types of authentication protocols, and peripheral device types of authentication protocols.
94. The system of claim 90, whereby said at least one of a plurality of different types of on-line user/transaction authentication protocols of said set of said digitally recorded optically readable data on each said prepared optical data card includes at least one PKI (Public Key Infrastructure) type of said on-line user/transaction authentication protocols, said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI data file, at least one PKI text file, at least one PKI program file, and at least one PKI combination file, said PKI combination file is a combination of a plurality of said PKI files selected from the group consisting of said at least one PKI data file, said at least one PKI text file, and said at least one PKI program file.
95. The system of claim 90, whereby said at least one of a plurality of different types of on-line user/transaction authentication protocols of said set of said digitally recorded optically readable data on each said prepared optical data card includes at least one PKI (Public Key hifrastructure) type of said on-line user/transaction authentication protocols, said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI private key, at least one PKI public key, at least one PKI symmetric key, at least one PKI serial authentication number, at least one PKI digital signature, at least one PKI digital certificate, and, at least one PKI encryption and decryption program file, which are uniquely issued to said users selected from the group consisting of individualized users, personalized users, and, non-specific generalized users of said plurality of said users for said performing said at least one of the variety of secure on-line transactions by said using said plurality of said prepared optical data cards.
96. The system of claim 93, whereby said at least one PKI type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI data file, at least one PKI text file, at least one PKI program file, and at least one PKI combination file, said PKI combination file is a combination of a plurality of said PKI files selected from the group consisting of said at least one PKI data file, said at least one PKI text file, and said at least one PKI program file.
97. The system of claim 93, whereby said at least one PKI (Public Key
Infrastructure) type of said on-line user/transaction authentication protocols includes said digitally recordable optically readable data selected from the group consisting of at least one PKI private key, at least one PKI public key, at least one PKI symmetric key, at least one PKI serial authentication number, at least one PKI digital signature, at least one PKI digital certificate, and, at least one PKI encryption and decryption program file, which are xmiquely issued to said users selected from the group consisting of individualized users, personalized users, and, non-specific generalized users of said plurality of said users for said performing said at least one of the variety of secure on-line transactions by said using said plurality of said prepared optical data cards.
PCT/US2001/003764 2000-12-20 2001-02-06 Method and system for using optical data cards as portable secure unified platforms for performing a variety of secure on-line transactions WO2002050743A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001238037A AU2001238037A1 (en) 2000-12-20 2001-02-06 Method and system for using optical data cards as portable secure unified platforms for performing a variety of secure on-line transactions

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US25656900P 2000-12-20 2000-12-20
US60/256,569 2000-12-20

Publications (1)

Publication Number Publication Date
WO2002050743A1 true WO2002050743A1 (en) 2002-06-27

Family

ID=22972731

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/003764 WO2002050743A1 (en) 2000-12-20 2001-02-06 Method and system for using optical data cards as portable secure unified platforms for performing a variety of secure on-line transactions

Country Status (2)

Country Link
AU (1) AU2001238037A1 (en)
WO (1) WO2002050743A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005041482A1 (en) 2003-10-29 2005-05-06 Hui Lin An authentication method for information storing application and a ic card authentication hardware
EP1684460A1 (en) * 2003-10-29 2006-07-26 Hui Lin A method of internet clearance security certification and ic card certification hardware
WO2011019978A1 (en) * 2009-08-14 2011-02-17 Sensis Corporation System and method for gnss in-band authenticated position determination
US8521650B2 (en) 2007-02-26 2013-08-27 Zepfrog Corp. Method and service for providing access to premium content and dispersing payment therefore
US20140129438A1 (en) * 2005-10-06 2014-05-08 C-Sam, Inc. Shareable widget interface to mobile wallet functions
US9070127B2 (en) 2001-01-19 2015-06-30 Mastercard Mobile Transactions Solutions, Inc. Administering a plurality of accounts for a client
US9886691B2 (en) 2005-10-06 2018-02-06 Mastercard Mobile Transactions Solutions, Inc. Deploying an issuer-specific widget to a secure wallet container on a client device
US10510055B2 (en) 2007-10-31 2019-12-17 Mastercard Mobile Transactions Solutions, Inc. Ensuring secure access by a service provider to one of a plurality of mobile electronic wallets
US20200160337A1 (en) * 2018-11-21 2020-05-21 Synchrony Bank Single entry combined functionality

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5729594A (en) * 1996-06-07 1998-03-17 Klingman; Edwin E. On-line secured financial transaction system through electronic media
US6052785A (en) * 1997-11-21 2000-04-18 International Business Machines Corporation Multiple remote data access security mechanism for multitiered internet computer networks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5729594A (en) * 1996-06-07 1998-03-17 Klingman; Edwin E. On-line secured financial transaction system through electronic media
US6052785A (en) * 1997-11-21 2000-04-18 International Business Machines Corporation Multiple remote data access security mechanism for multitiered internet computer networks

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9330388B2 (en) 2001-01-19 2016-05-03 Mastercard Mobile Transactions Solutions, Inc. Facilitating establishing trust for conducting direct secure electronic transactions between a user and airtime service providers
US9697512B2 (en) 2001-01-19 2017-07-04 Mastercard Mobile Transactions Solutions, Inc. Facilitating a secure transaction over a direct secure transaction portal
US9400980B2 (en) 2001-01-19 2016-07-26 Mastercard Mobile Transactions Solutions, Inc. Transferring account information or cash value between an electronic transaction device and a service provider based on establishing trust with a transaction service provider
US9330389B2 (en) 2001-01-19 2016-05-03 Mastercard Mobile Transactions Solutions, Inc. Facilitating establishing trust for conducting direct secure electronic transactions between users and service providers via a mobile wallet
US9070127B2 (en) 2001-01-19 2015-06-30 Mastercard Mobile Transactions Solutions, Inc. Administering a plurality of accounts for a client
US10217102B2 (en) 2001-01-19 2019-02-26 Mastercard Mobile Transactions Solutions, Inc. Issuing an account to an electronic transaction device
US9330390B2 (en) 2001-01-19 2016-05-03 Mastercard Mobile Transactions Solutions, Inc. Securing a driver license service electronic transaction via a three-dimensional electronic transaction authentication protocol
US9471914B2 (en) 2001-01-19 2016-10-18 Mastercard Mobile Transactions Solutions, Inc. Facilitating a secure transaction over a direct secure transaction channel
US9317849B2 (en) 2001-01-19 2016-04-19 Mastercard Mobile Transactions Solutions, Inc. Using confidential information to prepare a request and to suggest offers without revealing confidential information
US9811820B2 (en) 2001-01-19 2017-11-07 Mastercard Mobile Transactions Solutions, Inc. Data consolidation expert system for facilitating user control over information use
US9870559B2 (en) 2001-01-19 2018-01-16 Mastercard Mobile Transactions Solutions, Inc. Establishing direct, secure transaction channels between a device and a plurality of service providers via personalized tokens
EP1684460A4 (en) * 2003-10-29 2009-02-11 Hui Lin A method of internet clearance security certification and ic card certification hardware
WO2005041482A1 (en) 2003-10-29 2005-05-06 Hui Lin An authentication method for information storing application and a ic card authentication hardware
EP1684460A1 (en) * 2003-10-29 2006-07-26 Hui Lin A method of internet clearance security certification and ic card certification hardware
EP1689120A4 (en) * 2003-10-29 2009-01-28 Hui Lin An authentication method for information storing application and a ic card authentication hardware
EP1689120A1 (en) * 2003-10-29 2006-08-09 Hui Lin An authentication method for information storing application and a ic card authentication hardware
US10176476B2 (en) 2005-10-06 2019-01-08 Mastercard Mobile Transactions Solutions, Inc. Secure ecosystem infrastructure enabling multiple types of electronic wallets in an ecosystem of issuers, service providers, and acquires of instruments
US10269011B2 (en) 2005-10-06 2019-04-23 Mastercard Mobile Transactions Solutions, Inc. Configuring a plurality of security isolated wallet containers on a single mobile device
US9508073B2 (en) * 2005-10-06 2016-11-29 Mastercard Mobile Transactions Solutions, Inc. Shareable widget interface to mobile wallet functions
US9626675B2 (en) 2005-10-06 2017-04-18 Mastercard Mobile Transaction Solutions, Inc. Updating a widget that was deployed to a secure wallet container on a mobile device
US9454758B2 (en) 2005-10-06 2016-09-27 Mastercard Mobile Transactions Solutions, Inc. Configuring a plurality of security isolated wallet containers on a single mobile device
US10096025B2 (en) 2005-10-06 2018-10-09 Mastercard Mobile Transactions Solutions, Inc. Expert engine tier for adapting transaction-specific user requirements and transaction record handling
US20140129438A1 (en) * 2005-10-06 2014-05-08 C-Sam, Inc. Shareable widget interface to mobile wallet functions
US9886691B2 (en) 2005-10-06 2018-02-06 Mastercard Mobile Transactions Solutions, Inc. Deploying an issuer-specific widget to a secure wallet container on a client device
US10026079B2 (en) 2005-10-06 2018-07-17 Mastercard Mobile Transactions Solutions, Inc. Selecting ecosystem features for inclusion in operational tiers of a multi-domain ecosystem platform for secure personalized transactions
US10032160B2 (en) 2005-10-06 2018-07-24 Mastercard Mobile Transactions Solutions, Inc. Isolating distinct service provider widgets within a wallet container
US9076174B2 (en) 2007-02-26 2015-07-07 Zepfrog Corp. Method and service for providing access to premium content and dispersing payment therefore
US8521650B2 (en) 2007-02-26 2013-08-27 Zepfrog Corp. Method and service for providing access to premium content and dispersing payment therefore
US10510055B2 (en) 2007-10-31 2019-12-17 Mastercard Mobile Transactions Solutions, Inc. Ensuring secure access by a service provider to one of a plurality of mobile electronic wallets
US10546283B2 (en) 2007-10-31 2020-01-28 Mastercard Mobile Transactions Solutions, Inc. Mobile wallet as a consumer of services from a service provider
US10546284B2 (en) 2007-10-31 2020-01-28 Mastercard Mobile Transactions Solutions, Inc. Mobile wallet as provider of services consumed by service provider applications
US10558963B2 (en) 2007-10-31 2020-02-11 Mastercard Mobile Transactions Solutions, Inc. Shareable widget interface to mobile wallet functions
WO2011019978A1 (en) * 2009-08-14 2011-02-17 Sensis Corporation System and method for gnss in-band authenticated position determination
US9217792B2 (en) 2009-08-14 2015-12-22 Saab-Sensis Corporation System and method for GNSS in-band authenticated position determination
US20200160337A1 (en) * 2018-11-21 2020-05-21 Synchrony Bank Single entry combined functionality
US11449872B2 (en) * 2018-11-21 2022-09-20 Synchrony Bank Single entry combined functionality

Also Published As

Publication number Publication date
AU2001238037A1 (en) 2002-07-01

Similar Documents

Publication Publication Date Title
TWI391863B (en) Computer readable universal authorization card system and method for using same
US7680736B2 (en) Payment system
Hansmann et al. Smart card application development using Java
KR101015341B1 (en) Online payer authentication service
RU2645593C2 (en) Verification of portable consumer devices
US7386516B2 (en) System and method for providing secure services over public and private networks using a removable portable computer-readable storage
US7299980B2 (en) Computer readable universal authorization card system and method for using same
US8162208B2 (en) Systems and methods for user identification string generation for selection of a function
US20030154376A1 (en) Optical storage medium for storing, a public key infrastructure (pki)-based private key and certificate, a method and system for issuing the same and a method for using
US7979894B2 (en) Electronic verification service systems and methods
US20060190412A1 (en) Method and system for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites
US20060178994A1 (en) Method and system for private shipping to anonymous users of a computer network
US20080243702A1 (en) Tokens Usable in Value-Based Transactions
EP1687725B1 (en) Secure payment system
MX2008013116A (en) Authentication for a commercial transaction using a mobile module.
JP2002247029A (en) Certification device, certification system and its method, communication device, communication controller, communication system and its method, information recording method and its device, information restoring method and its device, and recording medium
JP2004531827A (en) System and method for secure refund
EP1246104A1 (en) Credit or debit copy-protected optical disc
AU2008200083B2 (en) Method and System for Identification Verification Between at Least a Pair of Entities
WO2002050743A1 (en) Method and system for using optical data cards as portable secure unified platforms for performing a variety of secure on-line transactions
JP2005512225A (en) Automated rights management and payment system for embedded content
WO2002014975A2 (en) System and method for autorizing e-commerce
JP2000339366A (en) System and method for authentication utilizing cd
JP2003507824A (en) Guarantee system for performing electronic commerce and method used therefor
KR20000030170A (en) Money exchange method for electronic settlement using tele-communication network and hybrid card

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTIFICATION UNDER RULE 69(1) EPC (F1205A) DATED 15.12.03

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP