One possible guess is:
x = credit card number
y = passcode
t = time (random number generator)
z = f(x,y,t)
z is then passed to the store
t is passed to AMEX (?would this be recorded by the store)
AMEX can calculate x from y, z, and t and then send the verification check to the store.
What does the store record in their database? Is it z and t? or only z? The next question would be: what is f(x,y,t)?
Slashdot Mirror
One possible guess is: x = credit card number y = passcode t = time (random number generator) z = f(x,y,t) z is then passed to the store t is passed to AMEX (?would this be recorded by the store) AMEX can calculate x from y, z, and t and then send the verification check to the store. What does the store record in their database? Is it z and t? or only z? The next question would be: what is f(x,y,t)?
This already exists--SecureID--and has been used for years.