Abstract: There is disclosed a method and system for conducting secure credit and debit card transactions between a customer and a merchant. The customer is issued with a pseudorandom security string by a host computer, the security string being sent to the customer's mobile telephone. A cryptographic algorithm running in a SIM card of the mobile telephone performs a hash on the security string or the One Time Code extracted from the security string, a customer PIN and a transaction amount, these last two items being entered by way of a keypad of the mobile telephone. A three-digit response code is generated by the algorithm and then passed to the merchant. The merchant then transmits the response code, transaction amount and a customer account number (card number) to the host computer, where the pseudorandom security string and PIN are retrieved from memory.
Abstract: A method and system for secure identification of a person in an electronic communications environment, wherein a host computer is adapted to be able to communicate with a plurality of electronic devices operated by the user. The user is issued with a user code, known only to the user and stored in the host computer. When the user is required to identify themselves to the host computer, the host computer generates a pseudo-random security string and applies the user code to the pseudo-random security string to generate a transaction code. The host computer also transmits the pseudo-random security string to one of the electronic devices which is displayed by the electronic device to the user. The user applies their known user code to the displayed pseudo-random security string and determines the transaction code. The user enters the transaction code into an electronic device and the entered transaction code is then transmitted back to the host computer.