Patent Grant
10504101
The present invention relates to a method, device and secure element for conducting a secured transaction on a device, in particular a secured financial transaction.
This section is intended to introduce the reader to various aspects of art that may be related to various aspects of the present disclosure, which are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present invention. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art.
Merchants often use payment terminals to conduct secured financial transactions with customers. Such customers usually hold payment cards issued by a financial institution or a payment card institution. In some instances, the payment cards include a magnetic strip and/or a smart card chip allowing a transaction to be initiated by swiping the card in a magnetic strip reader of a payment terminal or by introducing the payment card in a smart card reader of a payment terminal. In other instances, the payment card may also be contactless transaction enabled to allow a transaction to occur by presenting the payment card proximate to a payment terminal. In order to ensure security during the financial transactions, security standards such as the Europay, MasterCard, and Visa (EMV) transaction standard have been developed and used to certify both the payment terminals and the payment cards. However, due to various factors, including the technical complexity required to meet the security standards, payment terminals that are used to conduct secured financial transactions are usually devices that are solely dedicated to the conduct of financial transactions.
There is therefore a need in the art for a method, device and secure element for conducting secured transactions, from any devices, in particular from devices that offer other functionalities than the mere conduct of financial transactions.
It is an object of the present invention to provide a method of conducting a secured financial transaction on a device used as a payment terminal, the device comprising a central processing unit and a secure element. The method comprises acquiring a purchase amount to be debited from a financial account, acquiring data relating to the financial account through the device, and obtaining a transaction authorization from a financial institution related to the financial account. The authorization is based, at least partially, on data processed solely by the secure element independently of data processed by the central processing unit. The data processed solely by the secure element include at least a portion of the acquired data relating to the financial account.
It is another object of the present invention to provide a device used as a payment terminal for conducting a secured financial transaction. The device comprises a central processing unit, a communication interface configured to establish a communication between the device and a financial institution related to a financial account, an interface for acquiring data relating to the financial account, a secure element for processing at least a portion of the data relating to the financial account acquired by the interface, and control logic configured to acquire a purchase amount to be debited from the financial account and to obtain a transaction authorization from the financial institution related to the financial account. The transaction authorization is based, at least partially, on data processed solely by the secure element independently of data processed by the central processing unit. The data processed solely by the secure element include at least a portion of the acquired data relating to the financial account.
It is another object of the present invention to provide a secure element for installation in a device used as a payment terminal. The secure element comprises instructions to run an Europay, MasterCard, and Visa (EMV) transaction module that is configured to process data acquired by an interface of the device in accordance with a certification standard; and an operating system (OS) configured to process data provided by the EMV transaction module in accordance with the Level 1 of the EMVCo standard.
It is another object of the present invention to provide a computer program product for execution by a device used as a payment terminal, the device having a computer readable storage medium embedding computer program logic. The computer program logic, upon execution by the device, runs an Europay, MasterCard, and Visa (EMV) transaction module that is configured to process data acquired by an interface of the device in accordance with a certification standard; and an operating system (OS) configured to process data provided by the EMV transaction module in accordance with the Level 1 of the EMVCo standard.
It is another object of the present invention that a transaction module running on a secure element of a device used as a payment terminal executes a reception from a payment control application running on the device of a request to conduct a financial transaction, an acquisition via an interface of the device of data relating to a financial account from a payment apparatus, an establishment of a secured communication channel with a server of a financial institution related to the financial account through a communication interface of the device, a sending over the secured communication channel to the server of an authorization request to perform the financial transaction, the authorization request comprising at least a portion of the data related to the financial account, a reception over the secured communication channel from the server of a response to the authorization request, a processing of the response to the authorization request to generate a status of the financial transaction, and a sending to the payment control application of the status of the financial transaction.
The present invention will now be described in connection with the drawings appended hereto, in which:
In the drawings, embodiments of the invention are illustrated by way of example. It is to be expressly understood that the description and drawings are only for purposes of illustration and as an aid to understanding. They are not intended to be a definition of the limits of the invention.
The present invention will now be described in connection with one or more contemplated embodiments. The embodiments that are described are intended to be exemplary of the present invention and not limiting of the scope thereof. In other words, while attention is focused on specific embodiments of the present invention, those embodiments are not intended to limit the present invention. To the contrary, the examples provided below are intended to illustrate the broad scope of the present invention.
Terminology
Throughout the present disclosure, reference is made to secure transactions (for example, but without being limitative, contact and contactless transactions), secure elements (for example, but without being limitative, chipset, secured chipset, hardware embedding secured component, software embedding secured component, or firmware embedding secured component) and security standards. Examples of security standards include, without being limitative, certification standards from Europay, MasterCard, and Visa (EMV), EMVCo, MasterCard®, Visa®, American Express®, JCB®, Discover® and the PCI SSC (Payment Card Industry Security Standards Council (founded by MasterCard®, Visa®, American Express®, Discover® and JCB® and) dealing specifically with the definition of security standards for financial transactions). Reference to secure transactions, secure elements, and security standards is made for the purpose of illustration and is intended to be exemplary of the present invention and not limiting of the scope thereof.
Secure element: a processing entity characterized by specific hardware and/or software components subject to a certification ensuring a specific level of security according to specific security standards. From a hardware perspective, a secure element includes usual components found in a computing entity: at least one microcontroller (e.g. CPU), memory (e.g. RAM or FLASH memory), communication interfaces, etc. Specific hardware components may also be included to implement specific functionalities particular to a secure element. For instance, a cryptographic accelerator may be included. Also, a module providing RF and electrostatic insulation may be included, to protect the secure element 16 from eavesdropping. In the context of financial transactions, the certification of the secure element ensures that various financial entities are willing to use the secure element to store and process critical financial data, and to perform secured financial transactions using the critical financial data.
Information/data: the terms “information” and “data” are used interchangeably, and have a similar meaning for the purpose of the present disclosure.
Security standards may comprise multiple security levels, such as, but without being limitative, Level 1, Level 2, or Level 3. As an example, but without being limitative, Level 1 may correspond to a higher level of security than Level 2 which, in turn, may correspond to a higher level of security than Level 3. For example, but without being limitative, the EMCo standard may provide examples of security levels and approval and certification standards such as terminal type approval process, security evaluation process, card type approval process, or mobile type approval process.
For example, the terminal type approval process may be a mechanism to test compliance with Europay, MasterCard, and Visa (EMV) specifications. The terminal type approval may provide a level of confidence that interoperability and consistent behavior between compliant applications may be achieved. In an example, the terminal type approval testing may be divided into two levels, Level 1 and Level 2. The Level 1 type approval process may test compliance with the electromechanical characteristics, logical interface, and transmission protocol requirements defined in the EMV specifications. The Level 2 type approval may test compliance with the debit/credit application requirements as defined in the EMV specifications. Additionally, the terminal type approval testing may include a Level 3 approval, which guarantees secure communications between an application executed on the terminal and a financial institution.
For example, the security evaluation process may be intended to provide EMVCo members' issuers with information relating to the general security performance characteristics and the suitability of use for smart card related products and integrated circuits (IC) chip-based tokens. The EMVCo security evaluation process may be designed to ensure a robust security foundation for these products at the product family and component level. Alternatively, the security evaluation process may be intended to provide PCI SSC members' issuers with information relating to the general security performance characteristics and the suitability of use for smart card related products and integrated circuits (IC) chip-based tokens. In the case of PCI SSC, the software layers are also covered by the security standards and requirements.
For example, the card type approval process may create a mechanism to test compliance with the EMV and common payment application (CPA) specifications. The card type approval process may provide a level of confidence that interoperability and consistent behavior between compliant applications may be achieved. Separate card type approval processes may be defined for cards implementing the common core definitions (CCD) specifications, or cards implementing the CPA specifications.
For example, the mobile type approval process may comprise a contactless mobile payment (CMP) product type approval process to create a mechanism to test compliance with the EMV specifications. The CMP product type approval process may provide a level of confidence that interoperability and consistent behavior between compliant mobile products may be achieved.
Contactless interface: a contactless interface is an interface between two entities (e.g. a mobile phone and a credit card in the context of the present disclosure), which allows an exchange of data between the two entities without physical contacts. Although Near Field Communication (NFC) interfaces are mentioned in the present disclosure, any technology and communication protocols allowing a contactless exchange of data between two entities is relevant to the present disclosure.
System and Method for Conducting a Secured Financial Transaction on a Device
A merchant 2 is in a contractual relationship with a financial institution 10 holding a merchant's financial account. The financial institution 10 may be a bank that maintains the merchant's checking account or credit card account. The financial institution 10 allows the merchant 2 to conduct financial transactions, through a gateway 11, with customers, for example with the customer 4. Although the gateway 11 is shown in
Reference is now concurrently made to
For illustration purposes, the interface 18 of the device 12 is a NFC interface capable of reading data on a contactless enabled payment card. The method 111 may begin at step 100 by the merchant 2 entering a purchase amount in the device 12. Then, at step 102, the customer 4 presents her/his payment card, for example the Visa Paywave® contactless enabled credit card 13 proximate the NFC interface 18 of the device 12 to establish a communication between the Visa Paywave® contactless enabled credit card 13 and the secure element 16 of the device 12. Once the secure element 16 completes the reading of the data from the Visa Paywave® contactless enabled credit card 13, the device 12 may prompt, at step 104, the customer 4 to enter a personal identification number (PIN), a signature, a passcode, biometrics data or any data allowing confirmation of the customer's identity. Once the required information is entered by the customer 4, the financial transaction authorization is requested, at step 106, by the device 12 to the financial institution 6 of the customer 4 and/or to the payment card company 8. In turn, the financial institution 6 of the customer 4 and/or the payment card company 8 authorize or refuse (as the case may be) the financial transaction and communicate with the device 12, at step 108, to notify the authorization status. Once, the financial transaction status is received by the device 12, the customer 4 is notified, at step 110, that the financial transaction has been accepted or declined by the financial institution 6 of the customer 4 and/or the payment card company 8. The financial transaction status may be provided to the customer 4 in the form of a transaction receipt. The transaction receipt may be an electronic receipt displayed on the device 12 or sent to the customer via electronic means (e.g. via an email, a multimedia message service (MMS), and/or a short message service (SMS)). The transaction receipt may also be a physical receipt (e.g. paper receipt) generated by a printer in communication with the device 12.
In another embodiment of the present invention, the device 12 may securely read data from a loyalty card, a gift card, a prepaid card, a coupon card, a rewards card, a points card, an advantage card, a club card, etc; and perform a secure transaction with an institution related to the card (the institution identifies the card holder as a member of a loyalty program). The communications between the device 12 and the card may be a contactless transaction, using for example the NFC interface 18 of the device 12. The secure transaction with the institution related to card may consist in validating the availability of sufficient loyalty points on the account of a customer.
Device for Conducting a Secured Financial Transaction
Additional details of the device 12 may be better understood through reference to
In one embodiment of the present invention, the device 12 is controlled by the CPU 42 and the control circuit 40 to provide the processing capability required to execute the OS of the device 12. The CPU 42 may include a single processor or a plurality of processors. For example, the CPU 42 may include “general purpose” microprocessors, a combination of general and special purpose microprocessors, instruction set processors, graphic processors, or special purpose processors. The control circuit 40 may include one or more data buses for transferring data and instructions between components of the device 12. The control circuit 40 may also include on board memory for caching purposes.
In certain embodiments of the present invention, information used by the CPU 42 may be located in the memory 54. The memory 54 may be a non-volatile memory such as read only memory, flash memory, a hard drive, or any other suitable optical, magnetic, or solid-state computer readable media, as well as a combination thereof. The memory 54 may be used for storing data required for the operation of the CPU 42 as well as other data required for the device 12. For example, the memory 54 may store the firmware of the device 12. The firmware may include the OS, as well as other programs that enable various functions of the electronic device 12, graphical user interface (GUI) functions, or processor functions. The memory 54 may store components for a GUI, such as graphical elements, screens, and templates. The memory 54 may also include data files such as connection information (e.g. information used to establish a communication), or data allowing the device 12 to run a payment control application. The payment control application is one of the software components (executed by the CPU 42 of the device 12) of the point of sale application 112. The data stored in the memory 54 allowing the device 12 to run the payment control application includes data to generate a GUI on the display 46 used to conduct a secured financial transaction and the required processing capabilities to complete a secured financial transaction. In addition, the memory 54 may store data to control the activation/deactivation of the NFC interface 19 and, when activated, control the operation mode of the NFC interface 19 (e.g. passive or active). For example, the NFC interface 19 may operate in passive mode unless the point of sale application 112 is running.
The communication interface 38 may provide additional connectivity channels for receiving and transmitting information. For example, the communication interface 38 may provide connectivity functions to allow the device 12 to communicate with the entity processing credit card information 8 through the gateway 11 and a bank server of the financial institution 10. The communication interface 38 may represent, for example, one or more network interface cards (NIC) or a network controller as well as associated communication protocols. The communication interface 38 may include several types of interfaces, including but not limited to, a wireless local area network (WLAN) interface, a local area network (LAN) interface, a wide area network (WAN) interface, a multimedia message service (MMS), and a short message service (SMS) interface.
In certain embodiments, the device 12 may use a device identification networking protocol to establish a connection with an external device through a network interface. For example, both the device 12 and the external device may broadcast identification information using internet protocol (IP). The devices may then use the identification information to establish a network connection, such as a LAN connection, between the devices.
The NFC interface 19 may allow for close range communication at various data rates complying, for example, with standards such as ISO 14443, ISO 15693, ISO 18092 or ISO 21481. The NFC interface 19 may be implemented through a NFC device embedded in a chipset that is part of the device 12. Alternatively the NFC interface 19 may be implemented through a NFC device that is a separate component and that communicates through the communication interface 38 with the device 12, or through an additional port of the device 12 (not represented in
The NFC interface 19 may control the near field communication mode of the device 12. For example, the NFC interface 19 may be configured to switch the device 12 between a reader/writer mode for reading NFC tags, a peer-to-peer mode for exchanging data with another NFC enabled device, and a card emulation mode for allowing another NFC enabled device to read data. The NFC interface 19 also may be configured to switch the device 12 between an active mode where the device 12 generates its own RF field and a passive mode where the device 12 uses load modulation to transfer data to another device generating a RF field. Operation in passive mode may prolong the battery life of the device 12. In certain embodiments, the modes of the NFC interface 19 may be controlled based on user or manufacturer preferences.
In an embodiment, the NFC communication may occur within a range of approximately 2 to 4 cm. The close range communication with the NFC interface 19 may take place via magnetic field induction, allowing the NFC interface 19 to communicate with other NFC devices or to retrieve data from tags having RFID circuitry. As discussed above with reference to
The secure element 16 is configured to enable the point of sale application 112 to run on the device while providing sufficient level of security to meet the security standards established for EMV transactions. In an embodiment, the secure element 16 is embodied in a chipset connected to the control circuit 40 that cooperates with the NFC interface 19 to provide the contactless payment functionality. In another embodiment, the secure element 16 is embodied in a chipset connected to the control circuit 40 that cooperates with the smart card reader 55 to provide the payment functionality. In still another embodiment, the secure element 16 is embodied in a chipset connected to the control circuit 40 that cooperates with the magnetic strip reader 52 to provide the payment functionality. For example, but without being limitative, the chipset on which the secure element 16 is embodied may be a model of the ST32® or ST33® chipset family, or a derivative thereof, available from STMicroelectronics Inc. The secure element 16 will be described in more details below with reference to
The SIM card slot 36 allows a SIM card to be introduced within the device 12. The SIM card introduced within the SIM card slot 36 contains an International Mobile Subscriber Identity (IMSI) and the related key used to identify and authenticate the user of the device 12.
The I/O Controller 44 may provide the infrastructure for exchanging data between the control circuit 40, the CPU 42, and the input/output devices. The I/O controller 44 may contain one or more integrated circuits and may be integrated within the control circuit 40 or exist as a separate component. The I/O controller 44 may provide the infrastructure for communicating with the display 46, the keypad 48, the printer (not represented in
The I/O controller 44 may also provide the infrastructure for communicating with external devices and may be used for connecting the device 12 to an external computer, bar code scanner, audio headphones, or the like.
In an embodiment of the invention, the device 12 is a mobile device which portability makes it particularly well suited to perform mobile sales transactions. For example, the mobile device may be, but is not limited to, a mobile phone (for example a model of an iPhone®, or a derivative thereof, available from Apple Inc.; a model of a Blackberry®, or a derivative thereof, available from RIM Inc.; a model of a Galaxy®, or a derivative thereof, available from Samsung Inc.), a tablet computer (for example a model of an iPad®, or a derivative thereof, available from Apple Inc.; a model of a Galaxy Tab®, or a derivative thereof, available from Samsung Inc.; a model of a PlayBook®, or a derivative thereof, available from RIM Inc.), and a laptop computer. To facilitate transport and ease of motion, the device 12 may include an integrated power source for powering the device 12. The power source may include one or more batteries, such as a Li-ion battery, which may be user-removable or secured to the device 12.
Due to the portability of the device 12, the sales transaction may be conducted within a wide variety of environments. For example, the sales transaction may occur in a taxi car, or upon delivery of an article at the door of a customer's house. In addition, the present invention provides a merchant with the ability to conduct a financial transaction through a device other than a dedicated payment terminal, for example through a mobile phone embedding the secure element 16, the NFC interface 19, the smart card reader 55, the magnetic strip reader 52, or various combinations thereof.
In an alternative embodiment of the invention, the secure element 16, the NFC interface 19, the smart card reader 55, the magnetic strip reader 52, or a combination thereof may be embedded on non-mobile devices to run the point of sale application 112, for example, in a printer, a personal computer, a cash register, a payment terminal, an automatic telling machine (ATM), a vending machine, a TV, a video game system, a setup box to access the Internet, or an Apple TV® from Apple Inc. Due to the wide variety of devices that may embody the secure element 16 and the interface 18, a wide variety of secured transactions may be conducted. For example, a customer may order a movie from her/his TV and conduct a secured transaction directly on her/his TV embedding the secure element 16 and the interface 18.
Point of Sale Application for Conducting a Secured Financial Transaction on a Device
The software component stored in the memory 54 run by the CPU 42 upon activation of the point of sale application 112 includes a payment control application 208. It is also contemplated that the payment control application 208 may be stored elsewhere than in the memory 54. In an embodiment of the invention, the payment control application 208 is run by the OS running on the CPU 42. The payment control application 208 includes instructions to control the secure element 16 so as to initiate and complete a financial transaction compliant with the EMV transaction standards (e.g. MasterCard®, Visa®, American Express®, Interac®), in particular contactless transactions compliant with the EMV contactless transaction standards (Visa Paywave®, MasterCard PayPass®, American Express ExpressPay®, Interac Flash®, Discover Zip®). The payment control application 208 manages the communications between the customer 4 and at least one of the merchant 2, the financial institution 10, the financial institution 6, and the payment card company 8. The payment control application 208 manages directly or indirectly the display of a transaction in progress on the display 46, through the I/O Controller 44. The payment control application 208 may also manage, through the secure element 16, the processing of data read by the NFC interface 19 from payment cards or from RFID-enabled devices. The payment control application 208 may also manage, through the secure element 16, the processing of data read by the smart card reader 55 from payment cards. The payment control application 208 may also manage, through the secure element 16, the processing of data read by the magnetic strip reader 52 from payment cards. In addition, payment control application 208 may also manage, through the secure element 16, the processing of data such as, for example, personal identification number (PIN), user signature, a passcode, user biometrics data or any data allowing a secure identification of a user. The payment control application 208 is designed so as to be Level 3 certified for secured payment card data processing in accordance with standards from major payment brands such as for example, but without being limitative, MasterCard®, Visa®, American Express®, JCB®, and Discover®.
The components of the secure element 12 implementing the point of sale application 112 will be further detailed later in the description, when addressing the description of the secure element.
Now referring to
Secure Element for Conducting a Secured Financial Transaction on a Device
Referring again to
The third module EMV contact/contactless transaction module 204 runs on top of the second module 202 and is designed to be Level 2 certified (optionally also Level 3 certified) in accordance with standards from major payment brands such as for example, but without being limitative, MasterCard®, Visa®, American Express®, JCB®, and Discover®. The third module EMV contact/contactless transaction module 204 comprises instructions to process the data read by the NFC interface 19 from payment cards and/or from RFID-enabled devices or by the smart card reader 55 from payment cards. In an embodiment of the present invention, the data read by the NFC interface 19, the smart card reader 55, or the magnetic strip reader 52 may be directly transmitted to the secure element 16 without passing through the control circuit 40. In an alternative embodiment of the present invention, the data read by the NFC interface 19 or the smart card reader 55 passes through the control circuit 40 before being transmitted to the secure element 16. The third module EMV contact/contactless transaction module 204 allows a secure processing of the data read in compliance with the EMV transaction standards. The data processed by the third module EMV contact/contactless transaction module 204 comprises data read from the NFC interface 19 or the smart card reader 55 but may also include information such as, for example, personal identification number (PIN), user signature, a passcode, user biometrics data or any data allowing a secure identification of the customer. Such information might be provided, through the I/O Controller 44, by the customer entering information from the keypad 48, the display 46 (e.g. through a touchscreen display), or any other interface allowing the customer to interact with the device 12. Although a third module EMV contact/contactless transaction module 204 embedding both contact transaction and contactless transaction capabilities is shown, it should be understood that the contact transaction and contactless transaction capabilities may be embedded in two different EMV modules without departing from the scope of the present invention. It should also be understood that the third module EMV contact/contactless transaction module 204 may embed additional capabilities such as, for example but without being limitative, processing of data read from a magnetic strip reader 52.
Alternatively, the secure element 16 may include, in addition to, or in replacement of, the third module EMV contact/contactless 203, a third module magnetic (MAG) 206. The third module MAG 206 runs on the OS provided by the second module 202 and is designed to be Level 2 certified (optionally also Level 3 certified) in accordance with standards from major payment brands such as for example, but without being limitative, MasterCard®, Visa®, American Express®, JCB®, and Discover®. The third module MAG 206 comprises instructions to process the data read by the magnetic strip reader 52 from payment cards. The third module MAG 206 allows a secure processing of the data read in compliance with the EMV transaction standards. The data processed by the third module MAG 206 comprises data read from the magnetic strip reader 52 but may also include information such as, for example, personal identification number (PIN), user signature, a passcode, user biometrics data or any data allowing a secure identification of a user. Such information might be provided, through the I/O Controller, by the user entering information from the keypad 48, the display 46 (e.g. through a touchscreen display), or any other interface allowing the customer to interact with the device 12.
The third module EMV contact/contactless transaction module 204 and the third module MAG 206 being embedded on the chipset implementing the secure element 16, this architecture allows fast processing of the data while enabling secured transactions to be conducted on the device 12 in compliance with the EMV transaction standards. In addition, in one embodiment of the present invention, this architecture allows the device 12 to have data solely processed by the secure element 16 independently of data processed by the CPU 42. In other words, the secure element 16 may process data that may not be accessed by the CPU 42 or the control circuit 40. In one embodiment of the present invention, this architecture allows the device 12 to obtain a transaction authorization from a financial institution based, at least partially, on data processed solely by the secure element 16 independently of data processed by the CPU 42 or the control circuit 40.
In still another embodiment of the present invention, only the secure element 16 accesses data read by the NFC interface 19 from payment cards or from RFID-enabled devices, data read by the smart card reader 55, and data read by the magnetic strip reader 52 from payment cards. As such, the payment control application 208 manages the transaction by interacting with the secure element 16 without having to access at least some of the sensitive data (e.g. keys, certificates, and payment card numbers) that remains solely processed by and stored within a memory of the secure element 16. The secure element 16 being designed to be Level 2 certified (optionally also Level 3 certified) for secured payment card data processing in accordance with EMVCo standards and standards from major payment brands such as for example, but without being limitative, MasterCard®, Visa®, American Express®, JCB®, and Discover®, this provides a higher level of security by avoiding any applications running on the CPU 42 or on the control circuit 40 (for instance the payment control application 208) to access the data processed by and stored within the memory of the secure element 16. In addition, the secure element 16 is designed and preloaded on a separate chipset, so that the secure element 16 may be EMV transaction certified independently of the device 12. As such, in an embodiment of the present invention, the integration of the secure element 16 on a control circuit 40 allows the device 12 to be EMV transaction certified without having the other components of the device 12 to go through the EMV transaction certification process. In an alternative embodiment, the integration of the secure element 16 on a control circuit 40 still requires the device 12 to go through, at least partially, the EMV certification process to be EMV transaction certified. The secure element 16 may also be designed to be Level 3 certified for secured payment card data processing in accordance with standards from major payment brands such as for example, but without being limitative, MasterCard®, Visa®, American Express®, JCB®, and Discover®. Being Level 3 certified ensures secure data exchanges between software executed on the secure element 16 and a financial institution.
Reference is now made concurrently to
Reference is now made to
Execution of a Secured Financial Transaction by the Secure Element on the Device
Reference is now concurrently made to
In the embodiment illustrated in
Also, in the embodiment illustrated in
A user initiates a financial transaction via the payment control application 208, and an amount corresponding to the financial transaction is specified. The payment control application 208 sends a start payment applet message to the secure element 16 via the NFC interface 19. The secured element 16 is activated and the payment applet 810 is started on the secure element 16. The secure element 16 may acknowledge the launch of the payment applet 810 (not represented in
The secure element 16 sends a request to the NFC interface 19 to enable the reader mode of the NFC interface 19. The radio frequency (RF) and contactless functionalities of the NFC interface 19 are activated. The PICC 920 is advertising its presence and the NFC interface 19 detects the presence of the PICC 920. The NFC interface 19 notifies the presence of the PICC 920 to the secure element 16.
The secure element 16 starts a payment transaction with the detected PICC 920. A first step consists in sending (via the NFC interface 19) a Select Proximity Payment System Environment (PPSE) request to the PICC 920. The PICC 920 answers (via the NFC interface 19) to this request with a response indicating the payment applications supported by the PICC 920. The secure element 16 selects one of the payment applications among those available, and sends (via the NFC interface 19) a select Application Identifier (select AID) request to the PICC 920. The PICC 920 answers (via the NFC interface 19) to this request with a response indicating the status of the selection of the payment application (ok/nok), and configuration options related to the selected payment application.
A second step consists in reading payment credentials (e.g. key(s), certificate(s), payment card number) for the selected payment application from the PICC 920. A protocol exchange occurs between the secure element 16 and the PICC 920, via the NFC interface 19, to read the payment credentials. This protocol exchange is EMV compliant, in order to ensure a secure reading of the payment credentials. After this second step, the secure element 16 does not need to communicate with the PICC 920. Thus, the secure element 16 sends a request to the NFC interface 19 to deactivate the RF and contactless functionalities of the NFC interface 19.
An optional step consists in an exchange between the secure element 16 and the payment control application 208 (via the NFC interface 19) to validate the payment credentials. For example, the payment control application 208 may retrieve a PIN number associated to the PICC 920 (via an interaction of the owner of the PICC 920 with the display 46 and the keypad 48 of the device 12). The PIN number is transferred to the secure element 16 and used to validate the payment credentials.
A third step consists in initiating a communication with the financial server 910. The secure element 16 sends a request (via the NFC interface 19) to the payment control application 208 to establish a communication channel with the financial server 910. The payment control application 208 uses the networking resources of the device 12 to establish the communication channel between the secure element 16 and the financial server 910, via the communication interface 38 of the device. Then, the secure element 16 and the financial server 910 establish a secured communication over the communication channel; via for example the exchange of certificates, encryption keys, etc.
A fourth step consists in requesting an authorization from the financial institution. The secure element 16 sends a request to authorize the transaction to the financial server 910 over the secured communication channel. The authorization request includes several parameters used to authorize the transaction; for instance the amount, the payment credentials, a merchant ID (the merchant ID may be stored in the secure element 16 to identify the merchant using the point of sale application implemented by the device 12). The financial server 910 processes the authorization request, determines whether the financial transaction shall be authorized or nor, and sends a response to the authorization request over the secured communication channel. At this point, the secured communication channel is closed, since no more communication is needed between the secure element 16 and the financial server 910.
In a fifth step, the secure element 16 processes the response of the financial institution and determines the status of the financial transaction: accepted or refused. The secure element 16 further processes parameters that may have been transmitted by the financial server 910 along with the status of the transaction. For instance, the secure element 16 may generate a payment pictogram. Then, the secure element 16 transmits (via the NFC interface 19) a notification of the transaction status to the payment control application 208, along with parameters if any (for instance, the payment pictogram).
In a sixth step, the payment control application 208 notifies the user of the transaction status. And the payment control application 208 sends (via the NFC interface 19) a stop payment applet message to the secure element 16. The payment applet 810 is stopped on the secure element 16 and the secured element 16 is deactivated.
Reference is now made to
Secure Download, Configuration and Upgrade of the Payment Software on the Secure Element
Reference is now made to
The Trusted Service Manager (TSM) is a third-party managing a Security Domain (ISD or SSD) for a client in a secure element (e.g SIM card, embedded secure element, MicroSD card). The TSM has a proper infrastructure to securely store and use the encryption keys to access the Security Domains, to store the software and data, and to remotely access the secure elements. The TSM enables a trusted and remote deployment of software and data on the secure element 16 without having physical access to the device 12. Instead of the TSM, a financial institution server or a third party server may be used, to manage the secure storage and the secure deployment of the software and data to be loaded in the secure element 16. In particular, a third party server is essentially similar to a TSM in terms of functionalities, but may not have all the security restrictions and liabilities associated with a full-blown TSM. In a first step, a communication channel is opened between the payment control application 208 executed on the device 12, and the TSM/financial institution server/third party server. In a second step, the TSM/financial institution server/third party server opens a secure communication channel with the secure element 16 on the device 12, interfaces with the appropriate Security Domain on the secure element 16, and securely loads the software and data on the secure element 16.
The load/update/configure processes are performed via a generally non-secured network 915 (e.g. a cellular data network), using one of the communication interfaces (e.g. wifi, bluetooth, or cellular data) of the mobile device 12. Thus, the load/update/configure processes need to be secured, as will be further illustrated in relation to
In an alternative embodiment (not represented in
Reference is now made to
In a first step, a user of the mobile device downloads a Payment Application for its Acquirer (e.g. the TSM, the financial institution server, or the third party server represented in
In a second step (once the credentials have been validated), the Payment Application opens a communication channel between the Acquirer and the secure element. The procedure to open this communication channel is similar to the one described with respect to
In a third step, the Acquirer loads a specific payment applet in the secure element, the specific payment applet being selected according to an appropriate configuration for the user of the (point of sale enabled) mobile device. Then, the Acquirer activates the payment applet.
In a fourth step, a mutual authentication is performed between the Acquirer and the payment applet; and a secured communication is established between them (over the secured communication channel already established between the Acquirer and the secure element). Then, the Acquirer loads cryptographic certificates and private keys in the payment applet. And the Acquirer loads configuration data specific to the user of the (point of sale enabled) mobile device in the payment applet. The configuration data may include the Acquirer's hostname, connection credentials, custom EMV tags, activated payment modules (e.g. PayPass, PayWave), country codes and currencies, etc. The payment applet is now ready to be used.
An update of the payment applet may be performed according to the previously described second, third, and fourth steps.
While the above-described embodiments of the present invention have been described and shown with reference to particular steps performed in a particular order, it will be understood that these steps may be combined, sub-divided, or re-ordered without departing from the teachings of the present invention. Accordingly, the order and grouping of the steps is not a limitation of the present invention.
Modifications and improvements to the above-described embodiments of the present invention may become apparent to those skilled in the art. The foregoing description is intended to be exemplary rather than limiting. The scope of the present invention is therefore intended to be limited solely by the scope of the appended claims.
The present application is a continuation application of U.S. patent application Ser. No. 15/861,963 filed on Jan. 4, 2018 which is a continuation application of U.S. patent application Ser. No. 14/371,828 filed on Aug. 20, 2014, now U.S. Pat. No. 9,892,403, which is a national stage entry of international patent application PCT/CA2013/000185 filed on Feb. 28, 2013 which claims priority from U.S. provisional patent application 61/604,613 filed on Feb. 29, 2012, the entirety of which is hereby incorporated by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5892900 | Ginter et al. | Apr 1999 | A |
| 5933812 | Meyer et al. | Aug 1999 | A |
| D505421 | Byers et al. | May 2005 | S |
| 7240830 | Möller et al. | Jul 2007 | B2 |
| 7844255 | Petrov et al. | Nov 2010 | B2 |
| 7941197 | Jain et al. | May 2011 | B2 |
| 7949572 | Perrochon et al. | May 2011 | B2 |
| 7971788 | Quesselaire | Jul 2011 | B2 |
| 8027918 | Nielsen et al. | Sep 2011 | B2 |
| 8055545 | Mages et al. | Nov 2011 | B2 |
| 8060012 | Sklovsky et al. | Nov 2011 | B2 |
| 8108306 | Yoo et al. | Jan 2012 | B2 |
| 8131645 | Lin et al. | Mar 2012 | B2 |
| D659138 | Hsu et al. | May 2012 | S |
| 8225997 | Bierbaum et al. | Jul 2012 | B1 |
| 8235287 | McKelvey | Aug 2012 | B2 |
| 8275364 | Hubinak et al. | Sep 2012 | B2 |
| 8281998 | Tang et al. | Oct 2012 | B2 |
| 8286875 | Tang et al. | Oct 2012 | B2 |
| 8302860 | McKelvey | Nov 2012 | B2 |
| 8332931 | Tran et al. | Dec 2012 | B1 |
| 8583493 | Florek et al. | Nov 2013 | B2 |
| 8606711 | Florek et al. | Dec 2013 | B2 |
| 8756161 | Hasson et al. | Jun 2014 | B2 |
| 8770478 | Priebatsch | Jul 2014 | B2 |
| 8788418 | Spodak | Jul 2014 | B2 |
| 8807440 | Von Behren et al. | Aug 2014 | B1 |
| 8831677 | Villa-Real | Sep 2014 | B2 |
| 9003496 | Lessiak et al. | Apr 2015 | B2 |
| 9087328 | Kim et al. | Jul 2015 | B2 |
| 9184801 | Li et al. | Nov 2015 | B2 |
| 9189783 | Chowdhury et al. | Nov 2015 | B2 |
| 9330383 | Vadera | May 2016 | B1 |
| 9390297 | Babu et al. | Jun 2016 | B2 |
| 9424568 | Khan et al. | Aug 2016 | B2 |
| 9503897 | Lessiak et al. | Nov 2016 | B2 |
| 9507972 | Babu et al. | Nov 2016 | B2 |
| 9540593 | Gonzales et al. | Jan 2017 | B2 |
| 9582795 | Dorsey et al. | Feb 2017 | B2 |
| 9584958 | Brands | Feb 2017 | B2 |
| 9652641 | Lamfalusi et al. | May 2017 | B2 |
| 9892403 | Fontaine | Feb 2018 | B2 |
| 20040236693 | Quesselaire | Nov 2004 | A1 |
| 20060032905 | Bear et al. | Feb 2006 | A1 |
| 20060089919 | Kidd et al. | Apr 2006 | A1 |
| 20060122902 | Petrov et al. | Jun 2006 | A1 |
| 20070106564 | Matotek et al. | May 2007 | A1 |
| 20080046734 | Kilian-Kehr | Feb 2008 | A1 |
| 20080051059 | Fisher | Feb 2008 | A1 |
| 20090198803 | Meckenstock et al. | Aug 2009 | A1 |
| 20090222383 | Tato et al. | Sep 2009 | A1 |
| 20090240626 | Hasson et al. | Sep 2009 | A1 |
| 20100078471 | Lin et al. | Apr 2010 | A1 |
| 20100078472 | Lin et al. | Apr 2010 | A1 |
| 20100082485 | Lin et al. | Apr 2010 | A1 |
| 20100082490 | Rosenblatt et al. | Apr 2010 | A1 |
| 20100148928 | Yeager et al. | Jun 2010 | A1 |
| 20100203870 | Hubinak et al. | Aug 2010 | A1 |
| 20100205432 | Corda et al. | Aug 2010 | A1 |
| 20100207742 | Buhot et al. | Aug 2010 | A1 |
| 20100258639 | Florek et al. | Oct 2010 | A1 |
| 20100262503 | Florek et al. | Oct 2010 | A1 |
| 20100274677 | Florek et al. | Oct 2010 | A1 |
| 20100274726 | Florek et al. | Oct 2010 | A1 |
| 20100318801 | Roberge et al. | Dec 2010 | A1 |
| 20100323617 | Hubinak et al. | Dec 2010 | A1 |
| 20110021175 | Florek et al. | Jan 2011 | A1 |
| 20110022482 | Florek et al. | Jan 2011 | A1 |
| 20110042456 | Masaryk et al. | Feb 2011 | A1 |
| 20110053556 | Masaryk et al. | Mar 2011 | A1 |
| 20110071949 | Petrov et al. | Mar 2011 | A1 |
| 20110078081 | Pirzadeh | Mar 2011 | A1 |
| 20110112968 | Florek et al. | May 2011 | A1 |
| 20110196796 | Florek et al. | Aug 2011 | A1 |
| 20110238518 | Florek | Sep 2011 | A1 |
| 20110290874 | Tang et al. | Dec 2011 | A1 |
| 20110302646 | Ronda et al. | Dec 2011 | A1 |
| 20120011572 | Chew et al. | Jan 2012 | A1 |
| 20120055989 | Tang et al. | Mar 2012 | A1 |
| 20120061467 | Tang et al. | Mar 2012 | A1 |
| 20120137310 | Teruyama | May 2012 | A1 |
| 20120298740 | Hsu et al. | Nov 2012 | A1 |
| 20120316951 | Fisher | Dec 2012 | A1 |
| 20130006782 | Schwarzkopf et al. | Jan 2013 | A1 |
| 20130040563 | Kim et al. | Feb 2013 | A1 |
| 20130085941 | Rosenblatt et al. | Apr 2013 | A1 |
| 20130095754 | Moreton et al. | Apr 2013 | A1 |
| 20130103590 | Johansson et al. | Apr 2013 | A1 |
| 20130262299 | Lacroix et al. | Oct 2013 | A1 |
| 20130264234 | Cohen | Oct 2013 | A1 |
| 20140019367 | Khan et al. | Jan 2014 | A1 |
| 20140108256 | Bircher-Nagy et al. | Apr 2014 | A1 |
| 20140162598 | Villa-Real | Jun 2014 | A1 |
| 20140298322 | Gargiulo et al. | Oct 2014 | A1 |
| 20140324698 | Dolcino et al. | Oct 2014 | A1 |
| 20140380452 | Suwald | Dec 2014 | A1 |
| 20150007399 | Gonzales et al. | Jan 2015 | A1 |
| 20150142644 | Vaid et al. | May 2015 | A1 |
| 20150287025 | Royston | Oct 2015 | A1 |
| 20150334568 | Thill et al. | Nov 2015 | A1 |
| 20160026990 | Rezayee et al. | Jan 2016 | A1 |
| 20160041606 | Andrews et al. | Feb 2016 | A1 |
| 20160104148 | Ganzera et al. | Apr 2016 | A1 |
| 20160132861 | Fontaine et al. | May 2016 | A1 |
| 20160155111 | Arnald et al. | Jun 2016 | A1 |
| 20160239817 | Chene | Aug 2016 | A1 |
| 20170004502 | Quentin et al. | Jan 2017 | A1 |
| 20170039401 | Naccache et al. | Feb 2017 | A1 |
| 20170116609 | Geraud et al. | Apr 2017 | A1 |
| 20170286938 | Brown et al. | Oct 2017 | A1 |
| 20180144334 | Fontaine et al. | May 2018 | A1 |
| Number | Date | Country |
|---|---|---|
| 101950453 | Jan 2011 | CN |
| 101976402 | Feb 2011 | CN |
| 201805475 | Apr 2011 | CN |
| 101923754 | Dec 2012 | CN |
| 102867255 | Jan 2013 | CN |
| 102930435 | Feb 2013 | CN |
| 1798867 | Jun 2007 | EP |
| 2048594 | Apr 2009 | EP |
| 2098985 | Sep 2009 | EP |
| 2206067 | Jul 2010 | EP |
| 2211481 | Jul 2010 | EP |
| 2363825 | Sep 2011 | EP |
| 2378453 | Oct 2011 | EP |
| 2206067 | Nov 2011 | EP |
| 2098985 | Jul 2012 | EP |
| 2098985 | Nov 2012 | EP |
| 2008026830 | Mar 2008 | KR |
| 20110115107 | Oct 2011 | KR |
| 2011004702 | Sep 2011 | MX |
| 2301449 | Jun 2007 | RU |
| 2436254 | Dec 2011 | RU |
| 186296 | Jan 2013 | SG |
| 201246822 | Nov 2012 | TW |
| 2003069922 | Aug 2003 | WO |
| 2003069922 | Aug 2003 | WO |
| 2005001670 | Jan 2005 | WO |
| 2007052116 | May 2007 | WO |
| 2007149937 | Dec 2007 | WO |
| 2008011628 | Jan 2008 | WO |
| 2009017292 | Feb 2009 | WO |
| 2009087539 | Jul 2009 | WO |
| 2009118681 | Oct 2009 | WO |
| 2009129749 | Oct 2009 | WO |
| 2010011670 | Jan 2010 | WO |
| 2010023574 | Mar 2010 | WO |
| 2010023574 | Mar 2010 | WO |
| 2010023574 | Mar 2010 | WO |
| 2010032214 | Mar 2010 | WO |
| 2010032215 | Mar 2010 | WO |
| 2010032215 | Mar 2010 | WO |
| 2010032216 | Mar 2010 | WO |
| 2010032216 | Mar 2010 | WO |
| 2010044041 | Apr 2010 | WO |
| 2010097777 | Sep 2010 | WO |
| 2010097777 | Sep 2010 | WO |
| 2010122520 | Oct 2010 | WO |
| 2010122520 | Oct 2010 | WO |
| 2010128442 | Nov 2010 | WO |
| 2010131226 | Nov 2010 | WO |
| 2010138611 | Dec 2010 | WO |
| 2011004339 | Jan 2011 | WO |
| 2011047028 | Apr 2011 | WO |
| 2011047028 | Apr 2011 | WO |
| 2011047030 | Apr 2011 | WO |
| 2011047030 | Apr 2011 | WO |
| 2011047034 | Apr 2011 | WO |
| 2011047038 | Apr 2011 | WO |
| 2011047038 | Apr 2011 | WO |
| 2011047042 | Apr 2011 | WO |
| 2011047042 | Apr 2011 | WO |
| 2011058455 | May 2011 | WO |
| 2011146784 | Nov 2011 | WO |
| 2012002852 | Jan 2012 | WO |
| 2012014185 | Feb 2012 | WO |
| 2012061467 | Mar 2012 | WO |
| 2012044885 | Apr 2012 | WO |
| 2012051067 | Apr 2012 | WO |
| 2012051069 | Apr 2012 | WO |
| 2012051070 | Apr 2012 | WO |
| 2012051070 | Apr 2012 | WO |
| 2012051073 | Apr 2012 | WO |
| 2012051073 | Apr 2012 | WO |
| 2012114260 | Aug 2012 | WO |
| 2012127099 | Sep 2012 | WO |
| 2012094301 | Dec 2012 | WO |
| 2012164036 | Dec 2012 | WO |
| 2013007630 | Jan 2013 | WO |
| 2013040684 | Mar 2013 | WO |
| 2013121053 | Aug 2013 | WO |
| Entry |
|---|
| Global Platform, “Mobile Task Force: Requirement for NFC Mobile: Management of Mulitple Secure Elements.” Version 1.0, Feb. 2010. |
| English abstract of KR20110115107 retrieved from Espacenet on Mar. 19, 2019. |
| English abstract of RU 2436254 retrieved from Espacenet on Mar. 19, 2019. |
| English abstract of RU 2301449 retrieved from Espacenet on Mar. 19, 2019. |
| Vincent Alimi, English Abstract of the thesis, Contribution au déploiement des services mobiles et à l'analyse de la sécurité des transactions, Dec. 18, 2012, Thèse présentée à l'Université de Caen Basse-Normandie, France, 216 pages. |
| U.S. Appl. No. 16/251,827, filed Jan. 18, 2019. |
| U.S. Appl. No. 16/251,885, filed Jan. 18, 2019. |
| U.S. Appl. No. 16/253,726, filed Jan. 22, 2019. |
| U.S. Appl. No. 16/253,771, filed Jan. 22, 2019. |
| U.S. Appl. No. 16/253,798, filed Jan. 22, 2019. |
| English abstract of CN201805475U retrieved from Espacenet on Apr. 24, 2014. |
| English abstract of MX2011004702A retrieved from Espacenet on Apr. 14, 2014. |
| Visa's Push a Sign that U.S. is Finally Ready for Chip Cards, American Banker Website, http://www.americanbanker.com/issues/176_154/visa-emv-chip-card-1041036-1.html, printed on Apr. 24, 2014. |
| English abstract of EP2363825 retrieved from Espacenet on Mar. 26, 2019. |
| English abstract of EP2378453 retrieved from Espacenet on Mar. 26, 2019. |
| English abstract of KR20080026830 retrieved from Espacenet on Feb. 28, 2019. |
| English abstract of TW201246822 retrieved from Espacenet on Mar. 26, 2019. |
| Card Wave, Card Business & Mobile Commerce Information Journal, Creating customers in an economic downturn, Apr. 2009, No. 261, Japanese Technical Journal 2009-00200-001, English translation. |
| Card Wave, Card Business & Mobile Commerce Information Journal, Creating customers in an economic downturn, Apr. 2009, No. 261, Japanese Technical Journal 2009-00200-001, Original Japanese. |
| Das et al. “A Security Frameworkfor Mobile to Mobile Payment Network”, Personal Wireless Communications 2005, Jan. 25, 2005. |
| EMVCo, A Guide to EMV, Version 1.0, May 2011, EMVCo, LLC., 35 pages. |
| English abstract of CN101923754 retrieved from Espacenet on Dec. 20, 2016. |
| English abstract of CN101976402 retrieved from Espacenet on Nov. 26, 2015. |
| English abstract of CN102867255 retrieved from Espacenet on Dec. 20, 2016. |
| English abstract of CN102930435 retrieved from Espacenet on Dec. 20, 2016. |
| English abstract of CN1101950453 retrieved from Espacenet on Nov. 26, 2015. |
| Kurokawa et al., NEC Technical Journal, ISSN 0285-4139, Issued Feb. 28, 2006, vol. 430, No. 1, vol. 59, English translation. |
| Kurokawa et al., NEC Technical Journal, Issn 0285-4139, Issued Feb. 28, 2006, vol. 430, No. 1, vol. 59, Original Japanese. |
| LGM Card, Low cost terminal for profitable micro payments at the smallest merchants, Logomotion, Sep. 2012, DS_No. 4 v001, www.lgmcard.com. |
| Search report from CN201380011751.7 dated Nov. 25, 2016. |
| SFR SA. “(U)SIM Java Card Platform Protection Profile Basic and SCWS Configurations”, PU-2009-RT-79, SFR SA., Jun. 17, 2010. |
| Number | Date | Country | |
|---|---|---|---|
| 20190156320 A1 | May 2019 | US |
| Number | Date | Country | |
|---|---|---|---|
| 61604613 | Feb 2012 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 15861963 | Jan 2018 | US |
| Child | 16251827 | US | |
| Parent | 14371828 | US | |
| Child | 15861963 | US |
