IPOS TERMINALS VERSION 1
iPhone Point of Sale terminals |
iPOS Version 1
The need for protecting the digital identities of consumers & businesses is in constant demand, especially
during an age of financial uncertainty. Building trust and confidence is high on the agenda of both
consumers and businesses, providing the cost of doing so isn’t at the expense of the consumer. Businesses
need to focus and role out value added services that are robust and cost effective. SMS not only offers the
possibility for businesses to maintain relationships with their current client base but also an opportunity to
target new ones, with a minimum cost factor. Users of SMS have become entrenched in the use of txt
messaging, due to cost and ubiquity of SMS enabled devices. Teenagers to 30 something year olds, will
ensure the longevity of the txt messaging life cycle.
SMS Origin was designed to meet this market gap. A txt message based payment service that allows
customers to pay, send, and receive money?
First we'll start with some definitions. In an iPOS transaction, there are three important participants and
The 'card holder'
· the person who wants to buy some goods or transfer money
The 'card acceptor'
· the merchant who wants to take payment for goods
The 'card issuer'
· the company that issued the icard to the card holder (i.e. the cardholder's bank)
I.P.O.S. terminal (Iphone Point of Service)
· The iPOS is a remote point of service terminal that is attached to an Apple
Iphone3G. The iPOS contains a slot for an icard to be inserted. The process of
authenticating the icard and authorising the cardholder is achieved when a txt
message has been received from the card issuer. The txt message contains encoded
messages. These encoded txt messages are decoded by the rightful icard, and viewed
by the cardholder. The cardholder enters the decoded details into a reply txt message
which is sent to the card issuer for validation. If validation is approved, the
cardholder is able to complete a number of payment services to pay, send or receive
Apple Iphone3G &3GS mobile phone
· The advance txt messaging features of an Apple Iphone3G mobile phone is used as
the connecting device to the 3G network.
Icard credit debit card
· An icard is a cash card that contains security features to protect the identities of the
cardholder and card issuer. These security features are unique to every icard issued.
The value of each icard depends on the purchase price of the goods’ or services
sought by the cardholder.
Identity theft is a term used to refer to fraud that involves someone pretending to be someone else in
order to steal money or get other benefits. The term is relatively new and is actually a misnomer, since it
is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer
various consequences when he is held responsible for the perpetrator's actions.
Standard validation systems often use multiple inputs of samples for sufficient validation, such as
particular characteristics of the sample. This intends to enhance security as multiple different samples are
required such as security tags and codes and sample dimensions. These icards could be used for
government agencies seeking high security access online or offline, or may act as a remote backup in the
event traditional access to offline or online resources have been compromised. SMS Origin comprises of a
rolling code (or sometimes called a hopping code) used to prevent replay attacks, where an eavesdropper
records the transmission and replays it at a later time in an attempt to make false transactions.
Level 1 Security
Existing icard technology contains a unique 8 digit Card Identification Number (CIN) marked randomly
on the icard for determining sufficient funds held within the cardholder’s bank account. This number is
used in the initial txt message represents the identity of the cardholder in numerical form only. The name
of the account holder is never represented in alpha form for security reasons. This amount is never
declared visibly in plain text form, for security reasons.
Level 2 Security
Existing icard technology contains a balance amount mechanism for indicating to the cardholder that
sufficient funds is held in their bank account before authorising payment of goods or services or
authorising money transfers.
Level 3 Security
Existing icard technology contains an antiphishing mechanism, for establishing the authenticity of the
Level 4 Security
Existing icard technology contains an authorisation mechanism or Random Reference PIN (RRP) for
establishing the authority of the cardholder and authority to complete payment for goods or services or for
making money transfers.
Level 5 Security
Future icards contains a courier tracking mechanism marked on the card, to instantly assist the courier in
determining the authenticity of the icard, before exchanging it for the goods or services purchased by the
cardholder. The courier tracking mechanism is revealed, only, to the courier at the point of exchange for
goods or services.
Level 6 Security
Future icards may contain Radiofrequency identification (RFID) which is an automatic identification
method, relying on storing and remotely retrieving data using devices called RFID tags or transponders.
The technology requires some extent of cooperation of an RFID reader and an RFID tag. The costs to
introduce RFID into the matrix of the icards will depend largely on the cost.
Level 7 Security
Future icards has a unique anticounterfeiting mechanism. A 3 dimensional metric identifier or
fingerprints embed into the physical matrix of the actual card itself. This fingerprint acts as a watermark
which is used for analyses purposes by the card issuer to irrefutably resolve disputes arising from
counterfeit icards and issues of provenance.
Level 8 Security
Future icards may contain Geometric features used to identify the input sample when compared to a
digital template, used in cases to identify specific icards with certain characteristics.
· using one specific "token" such as a security tag or a card
· the use of a code or password.
This txt message is first, authenticated by inserting an icard into the slot of an iPOS to decode the
authenticity of a received txt message, and later redeem the icard in exchange for goods or services
Parties Involved: The cardholder and card acceptor/issuer.
1. Cardholder browses goods and services from an online or offline brochure
2. Cardholder selects goods or services or opts to make payments or transfer money.
§ Cardholder creates a new txt message using the Iphone3G and enters the 8
digit identification Number of the icard (CIN): eg 359624HL
§ Then enters the 6 digit product id
§ A reply txt message is sent to the recipients Iphone acknowledging sufficient
funds held in the cardholders account
§ The cardholder needs to respond with the correct RRP number by txt
message to authorise payment or transfer of money. This number is decoded
using the iPOS in conjunction with the icard. The cardholder sends the
decoded txt message that contains an unordered placement of their personal
pin which is incorporated into an random string of numeric. The string
amount of the random positions depends on the cardholder’s election to
submit short strings of data entry or forego the tedium of long data entries.
Typically the string minimum ranges from a 12 digit combined pin to 48.
The randomisation is necessary to avoid prying cryptanalysis. If the txt
message containing the RRP is correct, the cardholder receives an encrypted
PDF document, sent to the cardholder’s email containing a proof of purchase
receipt. An encoded matrix is placed within the PDF document which is
decoded by the icard. This data matrix is used to dispute unauthorised
transactions by the cardholder.
Offline/online shopping/money transfer;
First off, the merchant enters the 8digit Card Identification Number (CIN) of the icard into a txt message
followed by the amount charged to the cardholder’s account. The txt message is sent to the acquiring
bank’s short code over a 3G network.
The cardholders, icard is then inserted into the slot of an iPOS (aka a PINreader) connected to an Iphone
terminal to authenticate the response txt message. The reply txt message contains a cryptographic
credential to establish the validity of the acquiring bank’s identity. If the credential is 100% accurate the
acquiring bank is acknowledging sufficient funds held in the cardholders account, but requires the
cardholder to authorise payment by sending a reply txt message containing the correct Random Reference
A geometric system can provide the following two functions:
Authenticates its users in conjunction with an icard, dynamic pin & ID number. The geometric
template captured is compared with that stored against the registered user either on a smart
card or database for verification.
Authenticates its users from the geometric characteristic alone without the use of smart cards,
usernames or ID numbers. The biometric template is compared to all records within the
database and a closest match score is returned. The closest match within the allowed threshold
is deemed the individual and authenticated.
In an effort to make passports more secure, several countries have implemented RFID in passports.
However, the encryption on UK chips was broken in less than 48 hours. Since that incident, further efforts
have allowed researchers to clone passport data while the passport is being mailed to its owner. Where a
criminal used to need to secretly open and then reseal the envelope, now it can be done without detection,
adding some degree of insecurity to the passport system. This is a noticeable opportunity for the iPOS
system to take advantage of this market gap. However, the market will ultimately, in time, determine the
merits of the iPOS system and wither or not there is a place for egovernments to utilize the iPOS system.
Logistics & Transportation could be another major area for implementing the SMSOrigin technology. For
example, Yard Management, Shipping & Freight and Distribution Centers are some areas where secure
tracking technology is required. Transportation companies around the world may value security
technology due to its impact on the business value and efficiency.