Patent Grant
11521194
Embodiments of the present disclosure generally relate to financial transactions and more particularly to secure financial transactions initiated from an electronic device.
“Contactless technology” refers to short distance communications between two devices that are not physically connected. A wide variety of “contactless technology” exists today. Near Field Communication (NFC) is a specific type of “contactless technology” that is of high importance to Mobile Network Operators (MNOs) and to Service Providers (SP), for example, banks. NFC is a short-range high frequency wireless communication technology that enables the exchange of data between devices typically over about a 10 centimeter (or about 4 inch) distance, thus providing a fast, simple and secure way for a user to experience a range of contactless services with a mobile device.
Wireless mobile devices that include an NFC device and a smart card, which may use an RFID for identification purposes, allow a person to make financial transactions, such as purchasing a retail item. Typically, a consumer waves or taps the wireless mobile NFC device on a reader to effect a monetary transfer, and a price of the item is deducted from a total amount that is available and stored on the smart card of the wireless mobile device. Optionally, the amount of the item may be forwarded to a server that can identify the identification code of the particular device and subsequently charge the person for the purchase of the retail item. Such NFC-based point of sale (POS) transactions provide advantages such as eliminating the need to carry cash and enabling a faster financial transaction.
In addition to NFC based POS payments, there are several prevalent models of payments in the mobile industry including Short Message Service (SMS), a communications protocol that allows the interchange of short text messages between mobile devices, and Mobile Internet-based payments, by which customers search for and purchase products and services through electronic communications with online merchants over electronic networks such as the Internet. In this regard, individual customers may frequently engage in transactions with a variety of merchants through, for example, various merchant websites. A credit card may be used for making payments over the Internet. A disadvantage of credit card usage is that online merchants may be exposed to high fraud costs and “chargeback fees,” bearing liability because there is no credit card signature with an online sale.
Using mobile devices, for example personal electronic devices, to make financial transactions involving a transfer of funds from an SP to a vendor via an MNO network using SMS, NFC at the POS and Mobile Internet-based transactions create security issues or problems. For example, such methods involve credit card/financial instrument information, a user name and a password flowing through the network. In addition, a user may, at different times, use several different payment applications for different Service Providers. To the extent that each payment application has its own, separate security registration and verification procedures, the user experience may be cumbersome in that a user must separately load and run separate dedicated applications, each of which must be separately registered and verified for making secure financial transactions. Moreover, the security of each of these applications may be compromised by viruses, Trojans, key loggers and the like since the applications and their security information may be resident on the same data storage element. Moreover, unique biometric identifying information, for example a thumb or finger-print read from a biometric reader on the device, may be captured by any of the several applications loaded on the device. Additional security measures may be desirable to enable more secure Service Provider/Vendor financial transactions over a network or networks.
Mobile payment services using SMS communication may be insecure or use cumbersome security measures. For example, one method involves using an interactive voice response (IVR) call to call back for a PIN. This approach, used for example in PayPal Mobile 1.x, may result in a less-than-optimal user experience for users who may not want to be burdened with entering the PIN. Other approaches involve key management in the software and/or downloading client applications (e.g. interfaces available from kryptext.co.uk and Fortress SMS).
According to one embodiment, a client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.
These and other features and advantages of the present invention will be more readily apparent from the detailed description of the embodiments set forth below taken in conjunction with the accompanying drawings.
Exemplary embodiments and their advantages are best understood by referring to the detailed description that follows. It should be appreciated that like reference numerals are used to identify like elements illustrated in one or more of the figures, wherein showings therein are for purposes of illustrating exemplary embodiments and not for purposes of limiting the same.
Embodiments of the present disclosure relate to systems and methods for making secure financial transactions over a network. A user may use a client device, for example a personal electronic device, to make a payment from a Service Provider to a merchant/vendor or other payee. The device may include at least two separate secure elements (SEs), one dedicated to running various Service Provider applications (App SE) and another dedicated to providing security for the applications and financial transactions (Crypto SE). The device may include a biometric sensor for providing biometric information to the Crypto SE to provide transactional security for transactions conducted from the device. The device may provide other means of authentication for non-repudiation of a transaction, including a secure payment mode, in which security information or personal identifier number (PIN) may be securely tunneled directly to the Crypto SE, without otherwise being stored or captured on the device or elsewhere. A trusted service manager (TSM) may enable secure SMS communication between and among the user device, the MNO and the Service Providers. The device may be capable of near field communication (NFC) and may be capable of making secure financial transactions at an NFC point of sale (POS).
Customer—the customer subscribes to a Mobile Network Operator (MNO) and a service provider and is a customer of a merchant/vendor. The customer may be an individual or a company.
Mobile Network Operator (MNO)—the MNO provides a full range of mobile services to the Customer. Also, the MNO may provide UICC and NFC terminals plus Over the Air (OTA) transport mechanisms. Examples of MNOs include Sprint, Verizon, and ATT.
Service Provider (SP)—the SP provides contactless services to the Customer. Examples of SPs include banks, credit card issuers as well as public transport companies, loyalty programs owners, etc.
Retailer/Merchant—the retailer/merchant may operate an NFC capable point of sales terminal with an NFC reader.
Trusted Service Manager (TSM)—the TSM securely distributes and manages NFC applications and may have, for example, a direct relation or a relation via clearing houses to SPs.
Handset, NFC Chipset and UICC Manufacturer—the manufacturers produce mobile NFC/communication devices and the associated UICC hardware.
Reader Manufacturer—the reader manufacturer makes NFC reader devices.
Application Developer—the application developer designs and develops mobile NFC applications.
Standardization bodies and industry fora—develop a global standard for NFC, enabling interoperability, backward compatibility and future development of NFC applications and services.
NFC-based financial transactions may require cooperation among the various players of the ecosystem. Each player may have its own expectations, for example, the Customer expects convenient, friendly and secure services within a trusted environment; the SPs want their applications to be housed and used in as many mobile devices as possible; and the MNOs want to provide new mobile contactless services that are secure, high quality and consistent with the existing services experienced by the Customer. But although each player may have its own culture and expectations, they all have the same basic requirement—the need for security and confidentiality.
The Trusted Service Manager (TSM), in particular, may help bring trust and convenience to the complex, multi-player NFC ecosystem. The TSM role includes providing a single point of contact for the SPs, e.g., banks, to access their customer base through the MNOs, and to provide secure download and lifecycle management for mobile NFC applications on behalf of the SPs. The TSM may not disrupt the SP's business model as the TSM may not participate in the transaction stage of the service.
Client device 400 may be implemented using any appropriate combination of hardware and/or software configured for wired and/or wireless communication over a network. For example, in one embodiment, client device 400 may be implemented as a personal computer of a user 220 (also referred to as a “customer” or “consumer”) in communication with the Internet or another network. In other embodiments, client device 400 may be implemented as a wireless telephone, personal digital assistant (PDA), notebook computer and/or other types of electronic computing and/or communications devices. Furthermore, client device 400 may be enabled for NFC, Bluetooth, online, infrared communications and/or other types of communications.
Client device 400 may include various applications as may be desired in particular embodiments to provide desired features to client device 400. For example, in various embodiments, applications may include security applications for implementing client-side security features, programmatic client applications for interfacing with appropriate application programming interfaces (APIs) over a network, or other types of applications.
Client device 400 may further include one or more user identifiers that may be implemented, for example, as operating system registry entries, cookies associated with a browser application, identifiers associated with hardware of client device 400, or other appropriate identifiers. Identifiers associated with hardware of the client device 400 may be, for example, the International Mobile Equipment Identity number (IMEI #) or the Secure Element ID number. In one embodiment, a user identifier may be used by a payment service provider or TSM 240 to associate client device 400 or user 220 with a particular account maintained by payment service provider 240 as further described herein.
Merchant server 210 may be maintained, for example, by a retailer or by an online merchant offering various products and/or services in exchange for payment to be received over a network such as the Internet. Merchant server 210 may be configured to accept payment information from user 220 via, for example, client device 400 and/or from a TSM 240 over a network. It should be appreciated that although a user-merchant transaction is illustrated in this embodiment, the system may also be applicable to user-user, merchant-merchant and/or merchant-user transactions.
Merchant server 210 may use a secure gateway 212 to connect to an acquirer 215. Alternatively, merchant server 210 may connect directly with acquirer 215 or processor 220. Once verified, acquirer 215, which has a relation or subscription with payment service provider 240, processes the transaction through processor 220 or TSM 240. Brands 225, for example, payment card issuers, which also have a relation or subscription with the TSM 240, are then involved in the payment transaction which will enable user 120 to finalize the purchase.
TSM 240 may have data connections 255, 256, 257 and 258 with subscriber client device 400, subscriber acquirer 215, subscriber processor 220, and/or subscriber brand 225, respectively, to communicate and exchange data. Such data connections 255, 256, 257 and 258 may take place, for example, via SMS or a Wireless Application Protocol (WAP) over a network. In addition, according to one or more embodiments, payment service provider 240 may have a data connection or connections (not shown) with subscriber Internet companies, Internet mortgage companies, Internet brokers or other Internet companies (not shown).
In an example embodiment, a Trusted Service Manager (TSM) 325 may provide a single point of contact for Service Provider 315, or providers, to access their customers 305 through any of various MNOs 320. The TSM 325 may manage the secure download and life-cycle management of the mobile payment applications 450 (
A central issue with mobile NFC or other wireless technology is the need for cooperation among the many involved parties to meet the needs of the customer via secure over-the-air (OTA) link. The payment provider system may act as the TSM 325 to provide a single point of contact for the service provider to access their customer base through the MNOs 320. More specifically, with the ever changing electronic communications environment including the emergence of NFC, service providers 315 may not be ready or willing to change their working methods or the functions they provide, but they may still want to participate in the new mode of service operation by enhancing the services they offer while maintaining existing core processes. This conflict is solved by the TSM 325 who may help service providers securely distribute and manage contactless services for their customers using the MNOs 320. In this regard, the TSM may manage the secure download and life-cycle management of the mobile NFC applications on behalf of the service providers.
In an example embodiment, the duties or roles of one or more involved parties may be combined and preformed by a single entity. For example, service providers 315, banks, or other financial institutions are those entities that typically issue credit and provide authorization for conducting financial transactions between the customer and the merchant. TSM 325 may act as a payment provider system (PP), such as PayPal, and may provide payment processing for online transactions on behalf of the customer so that the customer does not expose payment information directly to the merchant. Instead, the customer may pre-register his account with the payment provider system, map the account to an email address, and then use the payment provider system to make purchases when redirected to the payment provider system from the merchant's site. After the financial transaction is authorized, the TSM 325 or payment provider system completes the transaction.
In online and/or contactless financial transactions, the role of the TSM 325 or payment provider system may be expanded to include or share duties generally associated with the service provider 315 such that customers may use the payment provider system as a credit issuer, and for services such as electronic bank transfers from one account to another account, and/or provide access to other related financial activities through electronic communications over electronic networks operated by the MNO 320, such as the Internet. The payment provider system may provide an infra-structure, software, and services that enable customers and merchants to make and receive payments.
In an example embodiment, the communication chip 405 may support one or more modes of communication, including, for example, Near Field Communication (NFC), Bluetooth, infrared, GSM, UMTS and CDMA cellular phone protocols, SMS and Internet access via a mobile network or local network, for example WAP and/or other wireless or contactless technologies. Near Field Communication is a short-range, high frequency, wireless communication technology which enables the exchange of data between devices over about a very short distance, for example around four inches. NFC may be an extension of the ISO 14443proximity-card standard, for example contactless card or RFID, and may combine the interface of a smart card and a reader into a single device. An NFC device may communicate with both existing ISO 14443 smart cards and readers, as well as with other NFC devices, and may be compatible with existing contactless infrastructure already in use for public transportation and payment. For example, the device 400 may be compatible with Near Field Communication Point of Sale devices (NFC POS) located at the point of sale at a vendor's place of business.
In an example embodiment, the keypad 430 may include any form of manual key press or touch sensor or other means of inputting information to the device, for example a telephone touch-pad, qwerty or qwertz full or partial keyboard or any other arrangement of input buttons, physical or displayed on a touch screen device, which may be pressed or selected in sequence to input characters, numbers or letters indicative of a PIN. The keypad may include a “Payment Mode” button 439 for placing the device 400 into a payment mode, for example a secure payment mode, for making NFC POS transactions. The “Payment Mode” button may be on the keyboard 430 or anywhere else on the device, or may be on a remote control device coupled with the device for input to the device. In an example embodiment, the secure payment mode may be used even though the telephone communication mode is turned off, for example in an airplane or other location where cell phones are required or requested to be silenced or turned off. In an example embodiment, tunneling circuitry 435 may provide for input directly, without otherwise being stored or captured on the device or elsewhere, to the Crypto or Payment SE 420 (discussed below) when in the secure payment mode, in order to provide secure entry of passwords or PINs during a financial transaction.
In an example embodiment, the biometric sensor 440 may be any sensor that provides data representative of a unique, biological user attribute that may be used to identify a user, for example a finger/thumb-print sensor, retina scan or voice identifier. In this description, the term biometric “sensor” 440 is used to refer not just to the physical sensor that receives the raw biometric data, but to the arrangement of sensor, logic, algorithms and the like that collectively sense, measure, evaluate and generate a data signal or signals representative of the user's biometric signature. The biometric signature data from the biometric sensor 440 may be tunneled through a biometric tunneling circuit 441, directly to the Crypto SE 420 (discussed below), without being captured by any application on a separate App SE 410 (discussed below). The biometric signature may be stored as authentication data 446 on the Crypto SE 420.
In an example embodiment, the device 400 may include at least two Secure Elements (SEs) 410, 420. An SE may be, for example, a smart card, for example a Universal Integrated Circuit Card (UICC) or smart-card like chip embedded inside device 400, for example inside of a cell phone. A smart card is a small, relatively tamper-proof computer. The smart card itself may contain a CPU and some non-volatile storage. In most cards, some of the storage may be tamper-proof while the rest may be accessible to any application that can talk to the card. This capability makes it possible for the card to keep some secrets, such as the private keys associated with any certificates it holds. The card itself may perform its own cryptographic operations.
SE 410, 420 may include data storage and may be pre-loaded with applications and/or may be capable of downloading various applications, for example applications for facilitating financial transactions over a network, key pairs, payment instruments and/or a Certifying Authority (CA) certificate.
In an example embodiment, each SE 410, 420 may have logical, end-to-end security. For example, there may be an authenticated and encrypted channel for communication with the SE. In an example embodiment, an SE may have physical security. For example, an SE may adhere to certain security standards, for example, FIPS 140-2 Level 3 (tamper proof and copy protection) and Common Criteria ISO 15408 EAL 430 , or other standard as required or desired.
In an example embodiment, SE 410, 420 may be global. In other words, an SE may be compatible with a variety of communications protocols or systems. For example, a device may be compatible with GSM, UMTS and/or CDMA cellular phone protocols.
In an example embodiment, SE 410, 420 may be portable, in that it may be easily transferred from one device 400 to another. This may be achieved, for example, by porting the SE 410, 420 or by having Trusted Service Manager (TSM) 325 (
In an example embodiment, SE 410, 420 may be compatible with Over-The-Air (OTA) loading or dynamic remote management. For example, applications resident in the App SE may be compatible with OTA management for life cycle management of the applications. For example, resident applications may be managed, updated, altered, and/or fixed to avoid newly discovered vulnerabilities in the applications or update the application to add or change features.
In an example embodiment, SE 410, 420 may be standardized. For example, they may be compatible with standards set out by a known standards or protocols, for example those established by GlobalPlatform.org and/or Bearer Independent Protocol.
In an example embodiment, an SE may work even when the device is turned off. For example, an NFC communication mode may permit a device to make NFC POS transactions or purchases even when a phone's other cellular and/or wireless communication modes are turned off or disabled. This may be particularly desirable and/or convenient in situations where the device is turned off or when the device must be turned off, for example when on an airplane or other location where electronic devices may be required to be turned off. In an example embodiment, secure payment mode button 439 may be used to switch on or prepare the NFC payment components for making an NFC payment without powering up other communications modes. The lower-power, short range of NFC communications may be permissible even where higher power/longer range communications modes are undesirable.
In an example embodiment, the device may have more than one SE, for example two SEs 410, 420. One SE may be referred to as an Application SE (App SE) 410 and a separate SE may be referred to as a payment, credential, wallet or crypto SE 420 (Crypto SE) (throughout this description, the term “Crypto SE” is used to refer to any one of payment, credential, wallet or crypto SE, unless otherwise specified). Splitting the App SE 410 from the Crypto SE 420 may enable certifying a particular device 400 for use just once, through the Crypto SE, while permitting changes to be made to the App SE, changes that may not require additional certification or re-certification since the security and certification information is kept securely on a separate Crypto SE 420.
In an example embodiment, the App SE 410 may be designated for and arranged for storing various, resident financial transaction or payment applications 450, each of which may facilitate financial transactions for a different financial Service Provider. Applications 450 may include, for example, a PayPal application or other payment applications provided by alternate service providers and which facilitate financial transactions over a network.
The App SE 410 may be, for example, a SIM card. A SIM card may securely store a service-subscriber key (IMSI) used to identify a subscriber. The SIM card allows users to change phones by simply removing the SIM card from one mobile phone and inserting it into another mobile phone or broadband telephony device. The App SE may not include any payment instruments, certificates, keys, certificates or credentials, all of which may be stored in the separate Crypto SE 420. The App SE 410 may be a dynamic SE, on which applications may be dynamically managed and changed, for example through OTA management. All applications 450 may be signed by a common Trusted Service Manager (TSM) public key. The App SE applications may have virtual environments (like MFC smart cards).
In an example embodiment, applications 450 may include instructions for periodically checking whether an update to the application is available. If the update is available and customer is registered, apps are downloaded and signature is verified. Once the signature is matched, the new application is activated.
In an example embodiment, the applications 450, for example mobile financial services applications, may be managed over the air (OTA). The OTA management may be securely provided by the TSM for multiple service providers. An App SE may be shared by more than one such application 450 for various SPs. The SPs may desire that the services that they provide via their applications 450 be Secure, Isolated, under their control, have a Life Cycle that they dictate for their respective applications, and be certified. In an example embodiment, OTA updates, upgrades or other changes for the Apps 450 may require a signature by the TSM public key.
In an example embodiment, the Crypto SE 420 may be designated for and arranged for loading and storing authentication data 446 (for example a PIN or biometric signature), payment instruments 447, certificates 424, crypto keys 421 and other security-related information, including, for example, unique biometric authentication information related to a specific user. The Crypto SE may be primarily static, although certain credentials or other sensitive data may be dynamic. The Crypto SE 420 may provide verification and authentication for multiple applications stored in the App SE 410.
Splitting the App SE from the Crypto SE may enable a single Trusted Service Manager to verify and authenticate the identity of a user for each of a number of various Service Providers. Splitting the Crypto SE 420 from the App SE 410 may improve user experience by reducing the necessity of registering and verifying various applications 450 separately for each Service Provider and/or re-certification after any changes to any of the applications 450. Splitting the Crypto SE from the App SE 410 may also reduce the likelihood of security information on the Crypto SE 420 being compromised by viruses, Trojans, key loggers and the like that may find their way onto the App SE 410.
An authentication application 442, for example a biometric authentication application, may reside on the Crypto SE 420 and may evaluate the biometric data and compare the data to data from a registered user, or may register the data where the data is being collected as part of a registration or certification procedure.
The Crypto SE 420 may also have a communication application 443, a counter 444 and a clock 445. The communication application 443 may enable or control communication by the SE. A counter 444 and a clock 445 may be used to identify and/or timestamp particular communications to prevent against replays.
In an example embodiment, the Crypto SE 420 may be certified, for example by a credit processing company such as MasterCard or VISA. The Crypto SE may be certified, for example, using the biometric sensor 440 and biometric authentication application 442. Once the Crypto SE portion is certified, the device 400 is certified for use. Additional financial applications 450 may be added or updated on the App SE without any additional certification or recertification requirement. As a result, the user experience may be enhanced by minimizing the number of times that a user must register or certify his device 400 and/or new or updated applications 450 on his device 400. This is because the App SE is split or separated from the Crypto SE.
In an example embodiment, Crypto SE 420 may include one or several key-pairs, for example an X509 key-pair 421a, EMV (Europay, MasterCard, VISA) key-pair 421b or ECC key-pair 421c. The key-pair or pairs may be pre-loaded on the Crypto SE 420. A Trusted Service Manager credential 424 or certificate, for example a Root Certificate of Authority (CA) may also be pre-loaded on the Crypto SE 420.
In cryptography, a public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process which, depending on the level of assurance the binding has, may be carried out by software at the CA. A Registration Authority (RA) assures this binding. For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA. In an example embodiment, a Trusted Service Manager (TSM) may act as the CA and may work with the device and/or chip manufacturers to preload the Root Certificate of Authority (CA) 424 on a client device 400, for example on the Crypto SE 420 of the device.
In an example embodiment, a user may unlock a payment credential 424 (
In an example, when a customer invokes pre-loaded app 450 (
In an example embodiment, payment account numbers may be deployed OTA. For example, a payment account number may be randomly generated by the Service Provider along with CVV (card verification value). In an example embodiment, a payment account number, CVV and counter/timestamp (to prevent replay attacks) may be encrypted using the Public key of the mobile phone and signed using the TSM's private key.
In an example embodiment, the counter may be checked and payment account number and CVV may be stored in the Crypto SE. The number may be obtained from the Service Provider separately, such as from a representative, either by phone, e-mail, or other method of inquiry.
In an example embodiment, a customer may manually enter a known account number using a keypad on the device. This may be done only after activating the biometric credential and registering the device. The App may then load the Crypto SE with a payment instrument 447, identified by its account number.
In an exemplary embodiment, preparing the device for payment may prompt a payment application resident on the App SE 410 of the device 400 to check 604 the biometric sensor for biometric input. A user may then input 606 their biometric identifying data (ID) or signature by placing or swiping a thumb or finger on biometric sensor 440. The input biometric ID may be directly sent or tunnelled 608 to Crypto SE 420 via provided tunnel circuitry 441. In an example embodiment, the tunnel circuitry 441 may be FIPS 140-2 level 3 compliant and may be arranged so that biometric ID is input directly into the Crypto SE for authentication/unlocking.
In an example embodiment, the application resident on the App SE 410 may send a message 610 to Crypto SE 420 for approval/disapproval of the payment and payment information in the event of approval. The Crypto SE may contain an Access Control System that may authenticate Applications in App SE for the types of requests Applications on the App SE 410 are entitled to perform. Once a user's biometric identity is authenticated properly, the Crypto SE 420 may send 612 an approval/disapproval message and payment or other information to the App SE. The App SE 410 may then send the payment information 614 to the communication chip 405 for further transmission or transport to a reader or other communication reception device located at the POS, for example a POS NFC reader located at a merchant/vendor's place of business.
In other example embodiments, the Crypto SE 420 may establish a direct, secure transmission between the Crypto SE 410 and the POS. The secure transmission may be established, for example, using technologies like Secure Socket Layer (SSL), Internet Protocol Security (IPSec) or regular symmetric/asymmetric encryption, if supported by the POS. In such embodiments, the payment instruments may also never be shown in clear in the App SE. If SSL or IPSec is used, a known Root CA may be stored in Crypto SE. The POS certificate may be issued using this Root CA. During the SSL or IPSec handshake, the certificate chain containing POS's certificate and Root CA is sent by POS to crypto SE directly. The Crypto SE may then work as an SSL/IPSec/Crypto Client. The Crypto SE may verify the POS's certificate against the Root CA that it already has. If the certificate matches, it may give payment information using an SSL/IPSec/secure channel.
The device 400 may transmit the information, for example by NFC technology, when the customer waves or taps the device on or near the POS reader 650. The Payment information may include payment information, such as amount and account number, and may include a CVV. In other embodiments, the payment information may be transmitted by alternate methods of communication as desired or necessary in a particular embodiment or circumstance, for example by SMS, discussed below.
When a payment is made at a merchant POS 650 using Visa/MC/AmEx, the last four digits of the payment instrument may be sent to the TSM (using, for example, an application provided on the App SE by the TSM). This information may be correlated with signature information, collated and offered to financial institutions like Banks, Visa/MC, as well as Charles Schwab, eTrade, Amazon as service by ensuring the privacy information is not leaked. The only information collected by the TSM may be the last four digits of the financial instrument and signature information. The TSM may collect and analyze such data and offer information developed through that analysis as a fraud engine. Signature information is used to identify the client device and its user.
In an example embodiment, customer 220 may need to enter a PIN to complete a payment, for example where a debit card is used. Using a PIN may provide an additional level of security. In other embodiments, a PIN or other alpha-numeric code may be required and may be entered securely, in conjunction with biometric authentication or alone. A POS PIN may be entered directly onto keyboard 430 on device 400, instead of entering the PIN on a POS keypad or making a signature at a POS electronic signature screen.
In an example embodiment, a user may first authenticate their phone 602-608 for secure keyboard PIN entry by using the biometric sensor and biometric authentication application on their device, as discussed above. Biometric authentication of the phone may open or create the secure tunnel circuitry, directly from the keyboard to the Crypto SE, for secure keyboard entry on the device 400. A payment application on the App SE may prompt a user to enter a PIN 616, the user may enter a PIN 618, and the PIN may be tunneled 620 directly to the Crypto SE 420 via tunneling circuitry 441. The Crypto SE 420 may behave as Chip and PIN Authentication and/or as ARQC-ARPC. The secure entry mode may be initiated by pressing a payment or secure payment key 439 on the device 400, by biometric authentication of the device and/or by the payment application when entry of a PIN is required.
In some POS payment systems, the customer's PIN may otherwise be entered on a keypad attached to a card scanner or NFC reader or a signature made on a pressure-sensitive surface at the POS that electronically records a signature as a record of the authentication of the transaction, for example a credit card, electronic check or debit card transaction. Since banking regulations do not permit entering a PIN on a non-encrypted PIN pad, a client device with a secure payment mode with secure keyboard tunneling circuitry and a separate, dedicated Crypto SE may provide an acceptable, convenient and desirable means for making a debit card, credit card, electronic check or other transaction in which use of a secure PIN entry is required or desired.
In an example embodiment, a user may first authenticate the device biometrically and then be prompted to enter a PIN. When fully authenticated by the PIN and/or the biometric signature, the Crypto SE 420 may send 612 the payment information to the App SE 410 for forwarding via NFC or other communication mode. The entire payment may be made with the device “off”, in other words when the cellular phone, WAP or other communications modes are disabled and only the NFC mode may be operational. In this way, a user may make a payment without turning a device completely on, which may be convenient on an airplane or other location where wireless telephone devices or other communications devices are required to be turned off or desired to be left off.
The payment information may be transmitted to the reader 650 at the POS, be forwarded further to and processed by merchant server 210, to acquirer/processor 215, 220, brands 225 and service provider (SP) 315, for example a card issuer or bank, to complete the payment transaction from an account of the user to the merchant/vendor in accordance with the payment information sent from the client device 400.
In an example embodiment, payments and financial transactions may be made using secure SMS communication. A TSM may generate a random key (AES-256 and SHA-512) and send the random key to a Crypto SE of a client device. The keys may be encrypted using the client device's public certificate and may be signed by the TSM. The keys may be sent over the SMS channel, for example through multiple SMSes. The client device may then verify the signature, decrypt the keys and store the keys in Crypto SE. The Crypto SE, in turn, may be able to generate, encrypt, and send encrypted SIMs to the TSM. The TSM may generate, or establish keys using the Diffie-Hellman (D-H) key exchange.
In an example embodiment, a user may desire to make payments using an SMS interface, where NFC is not available and where WAP is either unavailable or undesirable. Having a separate App SE and Crypto SE may enable secure SMS communication without those drawbacks. The TSM may preload a public key inside a Crypto SE, for example an SIM/SE. A client application on the App SE of a client device, with help of the Crypto SE, may generate a symmetric key and a MAC key. The application may then encrypt payload with the symmetric key and MAC key. The keys will be encrypted using the TSM's public key that can be then used to create a digital envelope. The size of an SMS is 160 characters total. If 1024 bits are used, then the binary value of data is 128 bytes. If the 128 bytes is Base 64 encoded, then the output is 171 bytes and there is no room to send the message itself. Hence Elliptic Curve Cryptography (ECC) may be used. ECC output is 24 bytes and Base 64 encoding this, the output is 32 bytes. The payload can be then less than 160−32=128 bytes. In an example embodiment, the client device may also be able to send secure SMS messages to one another as well.
Secure SMS may be implemented by a TSM in conjunction with various cell phone manufacturers, for example Nokia, with a SIM card and/or SE on mobile phones and ECC. The keys are dynamic and managed by hardware. In an example embodiment, when an SMS is sent, the data is encrypted using AES-256, and a counter is used for replay protection and SHA-512 HMAC is attached. SHA-512 HMAC is 64 bytes in binary. Truncation is used to bring the data to 32 bytes of BASE-64 encoding. The TSM may receive an SMS and determine to whom the message is to be sent or forwarded—and forward the message to the appropriate addressee, for example a Service Provider, to complete the payment transaction. The TSM may also have the keys registered for a recipient's device. The TSM may decrypt and re-encrypt the message using receiver phone's keys. Timestamps may be used to prevent replays. Keys may be rotated periodically using the SMS key establishment scheme.
In implementation of the various embodiments, the mobile device may comprise a personal computing device, such as a personal computer, laptop, PDA, cellular phone or other personal computing or communication devices. The payment provider system may comprise a network computing device, such as a server or a plurality of servers, computers, or processors, combined to define a computer system or network to provide the payment services provided by a payment provider system.
In this regard, a computer system may include a bus or other communication mechanism for communicating information, which interconnects subsystems and components, such as processing component (e.g., processor, micro-controller, digital signal processor (DSP), etc.), system memory component (e.g., RAM), static storage component (e.g., ROM), disk drive component (e.g., magnetic or optical), network interface component (e.g., modem or Ethernet card), display component (e.g., CRT or LCD), input component (e.g., keyboard or keypad), and/or cursor control component (e.g., mouse or trackball). In one embodiment, disk drive component may comprise a database having one or more disk drive components.
The computer system may perform specific operations by processor and executing one or more sequences of one or more instructions contained in a system memory component. Such instructions may be read into the system memory component from another computer readable medium, such as static storage component or disk drive component. In other embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention.
Logic may be encoded in a computer readable medium, which may refer to any medium that participates in providing instructions to the processor for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. In various implementations, non-volatile media includes optical or magnetic disks, such as disk drive component, volatile media includes dynamic memory, such as system memory component, and transmission media includes coaxial cables, copper wire, and fiber optics, including wires that comprise bus. In one example, transmission media may take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications.
Some common forms of computer readable media includes, for example, floppy disk, flexible disk, hard disk, magnetic tape, any other magnetic medium, CD-ROM, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, RAM, PROM, EPROM, FLASH-EPROM, any other memory chip or cartridge, carrier wave, or any other medium from which a computer is adapted.
In various embodiments, execution of instruction sequences for practicing the invention may be performed by a computer system. In various other embodiments, a plurality of computer systems coupled by communication link (e.g., LAN, WLAN, PTSN, or various other wired or wireless networks) may perform instruction sequences to practice the invention in coordination with one another.
Computer system may transmit and receive messages, data, information and instructions, including one or more programs (i.e., application code) through communication link and communication interface. Received program code may be executed by processor as received and/or stored in disk drive component or some other non-volatile storage component for execution.
Where applicable, various embodiments provided by the present disclosure may be implemented using hardware, software, or combinations of hardware and software. Also, where applicable, the various hardware components and/or software components set forth herein may be combined into composite components comprising software, hardware, and/or both without departing from the spirit of the present disclosure. Where applicable, the various hardware components and/or software components set forth herein may be separated into sub-components comprising software, hardware, or both without departing from the scope of the present disclosure. In addition, where applicable, it is contemplated that software components may be implemented as hardware components and vice-versa.
Software, in accordance with the present disclosure, such as program code and/or data, may be stored on one or more computer readable mediums. It is also contemplated that software identified herein may be implemented using one or more general purpose or specific purpose computers and/or computer systems, networked and/or otherwise. Where applicable, the ordering of various steps described herein may be changed, combined into composite steps, and/or separated into sub-steps to provide features described herein.
The foregoing disclosure is not intended to limit the present invention to the precise forms or particular fields of use disclosed. It is contemplated that various alternate embodiments and/or modifications to the present invention, whether explicitly described or implied herein, are possible in light of the disclosure. Having thus described various example embodiments of the disclosure, persons of ordinary skill in the art will recognize that changes may be made in form and detail without departing from the scope of the invention. Thus, the invention is limited only by the claims.
This application is a continuation of co-pending U.S. patent application Ser. No. 13/794,025 filed Mar. 11, 2013 (to issue as U.S. Pat. No. 9,852,418 on Dec. 26, 2017), which is a continuation of U.S. patent application Ser. No. 13/331,801 filed Dec. 20, 2011 (now U.S. Pat. No. 8,417,643 issued Apr. 9, 2013), which is a divisional of U.S. patent application Ser. No. 12/339,850 filed Dec. 19, 2008 (now U.S. Pat. No. 8,108,318 issued Jan. 31, 2013), which claims priority to and the benefit of U.S. Provisional Application No. 61/059,907 filed Jun. 9, 2008, and U.S. Provisional Application No. 61/059,395 filed Jun. 6, 2008, all of which are hereby incorporated by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4408306 | Kuo | Oct 1983 | A |
| 4527256 | Giebel | Jul 1985 | A |
| 4578777 | Fang et al. | Mar 1986 | A |
| 4638430 | Perra et al. | Jan 1987 | A |
| 4698750 | Wilkie et al. | Oct 1987 | A |
| 4718041 | Baglee et al. | Jan 1988 | A |
| 4763305 | Kuo | Aug 1988 | A |
| 4783766 | Samachisa et al. | Nov 1988 | A |
| 4811294 | Kobayashi et al. | Mar 1989 | A |
| 4891791 | Lijima | Jan 1990 | A |
| 4907202 | Kouzi | Mar 1990 | A |
| 4967393 | Yokoyama et al. | Oct 1990 | A |
| 4970692 | Ali et al. | Nov 1990 | A |
| 4999812 | Amin | Mar 1991 | A |
| 5043940 | Harari | Aug 1991 | A |
| 5053990 | Kreifels et al. | Oct 1991 | A |
| 5095344 | Harari | Mar 1992 | A |
| 5168465 | Harari | Dec 1992 | A |
| 5337280 | Tanagawa et al. | Aug 1994 | A |
| 5355413 | Ohno | Oct 1994 | A |
| 5386539 | Nishi | Jan 1995 | A |
| 5467310 | Yoshida et al. | Nov 1995 | A |
| 5523972 | Rashid et al. | Jun 1996 | A |
| 5594796 | Grube | Jan 1997 | A |
| 5602987 | Harari et al. | Feb 1997 | A |
| 5809143 | Hughes | Sep 1998 | A |
| 5864241 | Schreck | Jan 1999 | A |
| 5870723 | Pare, Jr. et al. | Feb 1999 | A |
| 5918158 | LaPorta | Jun 1999 | A |
| 5933498 | Schneck | Aug 1999 | A |
| 5956473 | Ma et al. | Sep 1999 | A |
| 5991517 | Harari et al. | Nov 1999 | A |
| 6026027 | Terrell, II et al. | Feb 2000 | A |
| 6067529 | Ray | May 2000 | A |
| 6105006 | Davis | Aug 2000 | A |
| 6138239 | Veil | Oct 2000 | A |
| 6173332 | Hickman | Jan 2001 | B1 |
| 6175922 | Wang | Jan 2001 | B1 |
| 6263437 | Liao et al. | Jul 2001 | B1 |
| 6269348 | Pare, Jr. | Jul 2001 | B1 |
| 6279069 | Robinson et al. | Aug 2001 | B1 |
| 6282656 | Wang | Aug 2001 | B1 |
| 6314408 | Salas | Nov 2001 | B1 |
| 6314425 | Serbinis | Nov 2001 | B1 |
| 6330546 | Gopinathan et al. | Dec 2001 | B1 |
| 6343323 | Kalpio | Jan 2002 | B1 |
| 6415156 | Stadelmann | Jul 2002 | B1 |
| 6516996 | Hippelainen | Feb 2003 | B1 |
| 6570790 | Harari | May 2003 | B1 |
| 6581042 | Pare, Jr. | Jun 2003 | B2 |
| 6594759 | Wang | Jul 2003 | B1 |
| 6681233 | Ichikawa | Jan 2004 | B1 |
| 6736313 | Dickson | May 2004 | B1 |
| 6804517 | Laurila | Oct 2004 | B1 |
| 6819219 | Bolle et al. | Nov 2004 | B1 |
| 6850916 | Wang | Feb 2005 | B1 |
| 6856975 | Inglis | Feb 2005 | B1 |
| 6898299 | Brooks | May 2005 | B1 |
| 6925568 | Heinonen | Aug 2005 | B1 |
| 6999824 | Glanzer et al. | Feb 2006 | B2 |
| 7016494 | Hopkins et al. | Mar 2006 | B2 |
| 7080039 | Marsh | Jul 2006 | B1 |
| 7103575 | Linehan | Sep 2006 | B1 |
| 7107246 | Wang | Sep 2006 | B2 |
| 7155679 | Bandaru | Dec 2006 | B2 |
| 7176060 | Yamada et al. | Feb 2007 | B2 |
| 7206847 | Alberth, Jr. | Apr 2007 | B1 |
| 7251624 | Lee et al. | Jul 2007 | B1 |
| 7251731 | Laniepce et al. | Jul 2007 | B2 |
| 7260555 | Rossmann | Aug 2007 | B2 |
| 7299498 | Lee | Nov 2007 | B2 |
| 7337976 | Kawamura et al. | Mar 2008 | B2 |
| 7350230 | Forrest | Mar 2008 | B2 |
| 7360691 | Takayama | Apr 2008 | B2 |
| 7392941 | Choi | Jul 2008 | B2 |
| 7428591 | Stebbings | Sep 2008 | B2 |
| 7454194 | Kuwajima | Nov 2008 | B2 |
| 7478248 | Ziv et al. | Jan 2009 | B2 |
| 7505941 | Bishop et al. | Mar 2009 | B2 |
| 7512567 | Bemmel | Mar 2009 | B2 |
| 7539861 | Trench | May 2009 | B2 |
| 7543156 | Campisi | Jun 2009 | B2 |
| 7543738 | Saunders et al. | Jun 2009 | B1 |
| 7613427 | Blight | Nov 2009 | B2 |
| 7635084 | Wang et al. | Dec 2009 | B2 |
| 7689497 | May | Mar 2010 | B2 |
| 7702898 | Tan | Apr 2010 | B2 |
| 7775442 | Saarisalo | Aug 2010 | B2 |
| 7788481 | Bik | Aug 2010 | B2 |
| 7827370 | Ahvenainen et al. | Nov 2010 | B2 |
| 7844082 | Baentsch | Nov 2010 | B2 |
| 7844255 | Petrov et al. | Nov 2010 | B2 |
| 7860755 | Warner | Dec 2010 | B2 |
| 7873837 | Lee et al. | Jan 2011 | B1 |
| 7877605 | Labrou | Jan 2011 | B2 |
| 7895311 | Juenger | Feb 2011 | B1 |
| 7917769 | Campisi | Mar 2011 | B2 |
| 7937588 | Picard | May 2011 | B2 |
| 7945924 | Li | May 2011 | B2 |
| 7958457 | Brandenberg et al. | Jun 2011 | B1 |
| 7967215 | Kumar et al. | Jun 2011 | B2 |
| 8016191 | Bonalle et al. | Sep 2011 | B2 |
| 8040883 | Keeler | Oct 2011 | B2 |
| 8099772 | Takada et al. | Jan 2012 | B2 |
| 8108318 | Mardikar | Jan 2012 | B2 |
| 8121945 | Rackley, III et al. | Feb 2012 | B2 |
| 8122488 | Hoch | Feb 2012 | B2 |
| 8149085 | Ould | Apr 2012 | B2 |
| 8150772 | Mardikar et al. | Apr 2012 | B2 |
| 8160959 | Rackley, III et al. | Apr 2012 | B2 |
| 8190087 | Fisher et al. | May 2012 | B2 |
| 8230149 | Long | Jul 2012 | B1 |
| 8286241 | Yeo | Oct 2012 | B1 |
| 8358596 | Byrne et al. | Jan 2013 | B2 |
| 8385553 | Jooste | Feb 2013 | B1 |
| 8417643 | Mardikar | Apr 2013 | B2 |
| 8423466 | Lanc | Apr 2013 | B2 |
| 8543091 | Mardikar | Sep 2013 | B2 |
| 8554689 | Mardikar | Oct 2013 | B2 |
| 8583039 | Kammer | Nov 2013 | B2 |
| 8583915 | Huang | Nov 2013 | B1 |
| 8646056 | Poplett | Feb 2014 | B2 |
| 8768854 | Neville | Jul 2014 | B2 |
| 8862767 | Taveau et al. | Oct 2014 | B2 |
| 8925106 | Steiner | Dec 2014 | B1 |
| 9037676 | Lundh | May 2015 | B1 |
| 9060271 | Mardikar | Jun 2015 | B2 |
| 9097544 | Dhanani | Aug 2015 | B2 |
| 9098844 | Davis et al. | Aug 2015 | B2 |
| 9143622 | Sprigg | Sep 2015 | B2 |
| 9165125 | Zarei | Oct 2015 | B2 |
| 9185234 | Horel | Nov 2015 | B2 |
| 9185538 | Oliver | Nov 2015 | B2 |
| 9232077 | Yu | Jan 2016 | B2 |
| 9450759 | Hauck et al. | Sep 2016 | B2 |
| 9537839 | Mardikar | Jan 2017 | B2 |
| 9558481 | Bauer et al. | Jan 2017 | B2 |
| 9836735 | Vilmos | Dec 2017 | B2 |
| 9852418 | Mardikar | Dec 2017 | B2 |
| 9858566 | Mardikar | Jan 2018 | B2 |
| 10083446 | Taveau et al. | Sep 2018 | B2 |
| 10242366 | Taveau et al. | Mar 2019 | B2 |
| 10382331 | Sivaramakrishnan | Aug 2019 | B1 |
| 10546298 | Quiroga | Jan 2020 | B2 |
| 20010018660 | Sehr | Aug 2001 | A1 |
| 20010049785 | Kawan | Dec 2001 | A1 |
| 20020007320 | Hogan | Jan 2002 | A1 |
| 20020023215 | Wang et al. | Feb 2002 | A1 |
| 20020032905 | Sherr | Mar 2002 | A1 |
| 20020059530 | Talvitie | May 2002 | A1 |
| 20020099649 | Lee et al. | Jul 2002 | A1 |
| 20020111918 | Hoshino | Aug 2002 | A1 |
| 20020133467 | Hobson | Sep 2002 | A1 |
| 20020152390 | Furuyama | Oct 2002 | A1 |
| 20020161723 | Asokan et al. | Oct 2002 | A1 |
| 20020164023 | Koelle | Nov 2002 | A1 |
| 20020165811 | Ishii | Nov 2002 | A1 |
| 20020194499 | Audebert | Dec 2002 | A1 |
| 20030028484 | Boylan et al. | Feb 2003 | A1 |
| 20030037264 | Ezaki et al. | Feb 2003 | A1 |
| 20030055792 | Kinoshita et al. | Mar 2003 | A1 |
| 20030076955 | Alve | Apr 2003 | A1 |
| 20030076962 | Roh et al. | Apr 2003 | A1 |
| 20030101071 | Salonen | May 2003 | A1 |
| 20030110131 | Alain | Jun 2003 | A1 |
| 20030120601 | Ouye | Jun 2003 | A1 |
| 20030123669 | Koukoulidis | Jul 2003 | A1 |
| 20030145205 | Sarcanin | Jul 2003 | A1 |
| 20030154405 | Harrison | Aug 2003 | A1 |
| 20030163710 | Ortiz et al. | Aug 2003 | A1 |
| 20030167207 | Berardi et al. | Sep 2003 | A1 |
| 20030171993 | Chappuis | Sep 2003 | A1 |
| 20030172090 | Asunmaa et al. | Sep 2003 | A1 |
| 20030187784 | Maritzen | Oct 2003 | A1 |
| 20030190908 | Craven | Oct 2003 | A1 |
| 20030191709 | Elston et al. | Oct 2003 | A1 |
| 20030233462 | Chien | Dec 2003 | A1 |
| 20030236981 | Marmigere | Dec 2003 | A1 |
| 20040002350 | Gopinath | Jan 2004 | A1 |
| 20040015445 | Heaven | Jan 2004 | A1 |
| 20040059921 | Bianchi | Mar 2004 | A1 |
| 20040059923 | ShamRao | Mar 2004 | A1 |
| 20040068649 | Haller | Apr 2004 | A1 |
| 20040073925 | Kinoshita | Apr 2004 | A1 |
| 20040107368 | Colvin | Jun 2004 | A1 |
| 20040117631 | Colvin | Jun 2004 | A1 |
| 20040117644 | Colvin | Jun 2004 | A1 |
| 20040117664 | Colvin | Jun 2004 | A1 |
| 20040124966 | Forrest | Jul 2004 | A1 |
| 20040133797 | Arnold | Jul 2004 | A1 |
| 20040157584 | Bensimon | Aug 2004 | A1 |
| 20040181463 | Goldthwaite | Sep 2004 | A1 |
| 20040182921 | Dickson et al. | Sep 2004 | A1 |
| 20040186993 | Risan | Sep 2004 | A1 |
| 20040194100 | Nakayama | Sep 2004 | A1 |
| 20040230536 | Fung et al. | Nov 2004 | A1 |
| 20040243634 | Levy | Dec 2004 | A1 |
| 20040268133 | Lee et al. | Dec 2004 | A1 |
| 20040268142 | Karjala et al. | Dec 2004 | A1 |
| 20050027999 | Pelly | Feb 2005 | A1 |
| 20050033688 | Peart et al. | Feb 2005 | A1 |
| 20050033988 | Chandrashekhar | Feb 2005 | A1 |
| 20050070248 | Gaur | Mar 2005 | A1 |
| 20050097059 | Shuster | May 2005 | A1 |
| 20050102381 | Jiang | May 2005 | A1 |
| 20050105734 | Buer et al. | May 2005 | A1 |
| 20050156708 | Puranik et al. | Jul 2005 | A1 |
| 20050171898 | Bishop | Aug 2005 | A1 |
| 20050182710 | Andersson | Aug 2005 | A1 |
| 20050187782 | Grear | Aug 2005 | A1 |
| 20050187883 | Bishop et al. | Aug 2005 | A1 |
| 20050190912 | Hopkins et al. | Sep 2005 | A1 |
| 20050222949 | Inotay | Oct 2005 | A1 |
| 20050240778 | Saito | Oct 2005 | A1 |
| 20050242177 | Roberge et al. | Nov 2005 | A1 |
| 20050246253 | Barthelemy | Nov 2005 | A1 |
| 20050251582 | Goel | Nov 2005 | A1 |
| 20050273399 | Soma et al. | Dec 2005 | A1 |
| 20050273609 | Eronen | Dec 2005 | A1 |
| 20050289078 | Wary et al. | Dec 2005 | A1 |
| 20060005033 | Wood | Jan 2006 | A1 |
| 20060010075 | Wolf | Jan 2006 | A1 |
| 20060015580 | Gabriel et al. | Jan 2006 | A1 |
| 20060023486 | Furusawa et al. | Feb 2006 | A1 |
| 20060079284 | Lu | Apr 2006 | A1 |
| 20060080259 | Wajs | Apr 2006 | A1 |
| 20060080548 | Okamura | Apr 2006 | A1 |
| 20060080549 | Okamura | Apr 2006 | A1 |
| 20060098678 | Tan | May 2006 | A1 |
| 20060115084 | Ryu | Jun 2006 | A1 |
| 20060122902 | Petrov et al. | Jun 2006 | A1 |
| 20060136332 | Ziegler | Jun 2006 | A1 |
| 20060136735 | Plotkin | Jun 2006 | A1 |
| 20060149727 | Viitaharju | Jul 2006 | A1 |
| 20060161635 | Lamkin | Jul 2006 | A1 |
| 20060170530 | Nwosu et al. | Aug 2006 | A1 |
| 20060183462 | Kolehmainen | Aug 2006 | A1 |
| 20060183489 | Modeo | Aug 2006 | A1 |
| 20060265743 | Kusunoki et al. | Nov 2006 | A1 |
| 20060272031 | Ache | Nov 2006 | A1 |
| 20060285659 | Suryanarayana et al. | Dec 2006 | A1 |
| 20060287004 | Fuqua | Dec 2006 | A1 |
| 20060294007 | Barthelemy | Dec 2006 | A1 |
| 20070011242 | McFarland | Jan 2007 | A1 |
| 20070011724 | Gonzalez et al. | Jan 2007 | A1 |
| 20070019622 | Alt | Jan 2007 | A1 |
| 20070022058 | Labrou et al. | Jan 2007 | A1 |
| 20070033149 | Kanngard | Feb 2007 | A1 |
| 20070033408 | Morten | Feb 2007 | A1 |
| 20070050871 | Mashhour | Mar 2007 | A1 |
| 20070052517 | Bishop et al. | Mar 2007 | A1 |
| 20070057038 | Gannon | Mar 2007 | A1 |
| 20070067535 | Liu | Mar 2007 | A1 |
| 20070078773 | Czerniak | Apr 2007 | A1 |
| 20070080784 | Kim et al. | Apr 2007 | A1 |
| 20070092112 | Awatsu et al. | Apr 2007 | A1 |
| 20070092114 | Ritter et al. | Apr 2007 | A1 |
| 20070106892 | Engberg | May 2007 | A1 |
| 20070106897 | Kulakowski | May 2007 | A1 |
| 20070112667 | Rucker | May 2007 | A1 |
| 20070136211 | Brown et al. | Jun 2007 | A1 |
| 20070143828 | Jeal | Jun 2007 | A1 |
| 20070175023 | Heitmann et al. | Aug 2007 | A1 |
| 20070197261 | Humbel | Aug 2007 | A1 |
| 20070198837 | Koodli | Aug 2007 | A1 |
| 20070203841 | Maes | Aug 2007 | A1 |
| 20070219926 | Korn | Sep 2007 | A1 |
| 20070220273 | Campisi | Sep 2007 | A1 |
| 20070221725 | Kawaguchi | Sep 2007 | A1 |
| 20070233875 | Raghav | Oct 2007 | A1 |
| 20070234034 | Leone | Oct 2007 | A1 |
| 20070234291 | Ronen | Oct 2007 | A1 |
| 20070235539 | Sevanto et al. | Oct 2007 | A1 |
| 20070239869 | Raghav | Oct 2007 | A1 |
| 20070245148 | Buer | Oct 2007 | A1 |
| 20070254712 | Chitti | Nov 2007 | A1 |
| 20070255652 | Tumminaro | Nov 2007 | A1 |
| 20070255662 | Tumminaro | Nov 2007 | A1 |
| 20070260558 | Look | Nov 2007 | A1 |
| 20070271596 | Boubion et al. | Nov 2007 | A1 |
| 20070286373 | Pailles | Dec 2007 | A1 |
| 20070293202 | Moshir et al. | Dec 2007 | A1 |
| 20070295803 | Levine et al. | Dec 2007 | A1 |
| 20080006685 | Rackley, III et al. | Jan 2008 | A1 |
| 20080010678 | Burdette et al. | Jan 2008 | A1 |
| 20080046366 | Bemmel et al. | Feb 2008 | A1 |
| 20080046915 | Haeuser | Feb 2008 | A1 |
| 20080046988 | Baharis | Feb 2008 | A1 |
| 20080052091 | Vawter | Feb 2008 | A1 |
| 20080064346 | Charrat | Mar 2008 | A1 |
| 20080065531 | Smith et al. | Mar 2008 | A1 |
| 20080065885 | Nagai et al. | Mar 2008 | A1 |
| 20080076572 | Nguyen et al. | Mar 2008 | A1 |
| 20080091614 | Bas Bayod | Apr 2008 | A1 |
| 20080091681 | Dwivedi | Apr 2008 | A1 |
| 20080119162 | Sivalingam | May 2008 | A1 |
| 20080121687 | Buhot | May 2008 | A1 |
| 20080129450 | Riegebauer | Jun 2008 | A1 |
| 20080130895 | Jueneman | Jun 2008 | A1 |
| 20080144650 | Boch et al. | Jun 2008 | A1 |
| 20080147508 | Liu et al. | Jun 2008 | A1 |
| 20080155268 | Jazayeri et al. | Jun 2008 | A1 |
| 20080167961 | Wentker et al. | Jul 2008 | A1 |
| 20080168273 | Chung et al. | Jul 2008 | A1 |
| 20080170691 | Chang et al. | Jul 2008 | A1 |
| 20080189212 | Kulakowski et al. | Aug 2008 | A1 |
| 20080201264 | Brown et al. | Aug 2008 | A1 |
| 20080207124 | Raisanen et al. | Aug 2008 | A1 |
| 20080222038 | Eden et al. | Sep 2008 | A1 |
| 20080230615 | Read et al. | Sep 2008 | A1 |
| 20080238610 | Rosenberg | Oct 2008 | A1 |
| 20080242267 | Soni | Oct 2008 | A1 |
| 20080268811 | Beenau et al. | Oct 2008 | A1 |
| 20080270302 | Beenau et al. | Oct 2008 | A1 |
| 20080270307 | Olson | Oct 2008 | A1 |
| 20080275748 | John | Nov 2008 | A1 |
| 20080279381 | Narendra et al. | Nov 2008 | A1 |
| 20080287162 | Gaillard | Nov 2008 | A1 |
| 20080288405 | John | Nov 2008 | A1 |
| 20080289006 | Hock | Nov 2008 | A1 |
| 20080289030 | Poplett | Nov 2008 | A1 |
| 20080297311 | Wu | Dec 2008 | A1 |
| 20080306828 | Chao | Dec 2008 | A1 |
| 20080319896 | Carlson et al. | Dec 2008 | A1 |
| 20090018934 | Peng et al. | Jan 2009 | A1 |
| 20090023474 | Luo et al. | Jan 2009 | A1 |
| 20090046069 | Griffin | Feb 2009 | A1 |
| 20090048916 | Nuzum et al. | Feb 2009 | A1 |
| 20090065571 | Jain | Mar 2009 | A1 |
| 20090070263 | Davis et al. | Mar 2009 | A1 |
| 20090099961 | Ogilvy | Apr 2009 | A1 |
| 20090143104 | Loh et al. | Jun 2009 | A1 |
| 20090144161 | Fisher | Jun 2009 | A1 |
| 20090164799 | Takagi | Jun 2009 | A1 |
| 20090165031 | Li | Jun 2009 | A1 |
| 20090171970 | Keefe | Jul 2009 | A1 |
| 20090182676 | Barbier | Jul 2009 | A1 |
| 20090191846 | Shi | Jul 2009 | A1 |
| 20090196465 | Menon | Aug 2009 | A1 |
| 20090222902 | Bender et al. | Sep 2009 | A1 |
| 20090233579 | Castell et al. | Sep 2009 | A1 |
| 20090261172 | Kumar et al. | Oct 2009 | A1 |
| 20090265552 | Moshir | Oct 2009 | A1 |
| 20090273435 | Ould | Nov 2009 | A1 |
| 20090286509 | Huber | Nov 2009 | A1 |
| 20090305673 | Mardikar | Dec 2009 | A1 |
| 20090307139 | Mardikar | Dec 2009 | A1 |
| 20090307142 | Mardikar | Dec 2009 | A1 |
| 20090323673 | Gabbay | Dec 2009 | A1 |
| 20090327131 | Beenau et al. | Dec 2009 | A1 |
| 20100029200 | Varriale | Feb 2010 | A1 |
| 20100029202 | Jolivet et al. | Feb 2010 | A1 |
| 20100050271 | Saarisalo | Feb 2010 | A1 |
| 20100088227 | Belamant | Apr 2010 | A1 |
| 20100117791 | Inoue et al. | May 2010 | A1 |
| 20100125737 | Kang | May 2010 | A1 |
| 20100138365 | Hirvela | Jun 2010 | A1 |
| 20100159962 | Cai | Jun 2010 | A1 |
| 20100199327 | Keum | Aug 2010 | A1 |
| 20100223472 | Alvarsson | Sep 2010 | A1 |
| 20100235277 | Van Rensburg | Sep 2010 | A1 |
| 20110078081 | Pirzadeh et al. | Mar 2011 | A1 |
| 20110087610 | Batada et al. | Apr 2011 | A1 |
| 20110112968 | Florek et al. | May 2011 | A1 |
| 20110117883 | Drabo | May 2011 | A1 |
| 20110138192 | Kocher | Jun 2011 | A1 |
| 20110179284 | Suzuki et al. | Jul 2011 | A1 |
| 20110197059 | Klein et al. | Aug 2011 | A1 |
| 20110208761 | Zybura | Aug 2011 | A1 |
| 20110213665 | Joa | Sep 2011 | A1 |
| 20110238578 | Hurry | Sep 2011 | A1 |
| 20110276638 | Errico et al. | Nov 2011 | A1 |
| 20120002810 | Imming et al. | Jan 2012 | A1 |
| 20120029990 | Fisher | Feb 2012 | A1 |
| 20120066346 | Virmani | Mar 2012 | A1 |
| 20120078735 | Bauer et al. | Mar 2012 | A1 |
| 20120089520 | Mardikar | Apr 2012 | A1 |
| 20120096535 | Popp et al. | Apr 2012 | A1 |
| 20120196529 | Huomo et al. | Aug 2012 | A1 |
| 20120209852 | Dasgupta | Aug 2012 | A1 |
| 20120215747 | Wang | Aug 2012 | A1 |
| 20120244805 | Haikonen | Sep 2012 | A1 |
| 20130046761 | Soderberg | Feb 2013 | A1 |
| 20130054459 | Granbery | Feb 2013 | A1 |
| 20130060661 | Block | Mar 2013 | A1 |
| 20130074046 | Sharma | Mar 2013 | A1 |
| 20130144968 | Berger | Jun 2013 | A1 |
| 20130198086 | Mardikar | Aug 2013 | A1 |
| 20140006486 | Bintliff | Jan 2014 | A1 |
| 20140025520 | Mardikar | Jan 2014 | A1 |
| 20140052532 | Tsai | Feb 2014 | A1 |
| 20140185806 | Mardikar | Jul 2014 | A1 |
| 20140208099 | Rajsic | Jul 2014 | A1 |
| 20140372323 | Balasubramanian | Dec 2014 | A1 |
| 20150026781 | Taveau et al. | Jan 2015 | A1 |
| 20150056957 | Mardikar et al. | Feb 2015 | A1 |
| 20150220932 | Mardikar et al. | Aug 2015 | A1 |
| 20150227932 | Huxham | Aug 2015 | A1 |
| 20150281191 | Mardikar | Oct 2015 | A1 |
| 20160026991 | Murdoch | Jan 2016 | A1 |
| 20160125415 | Mardikar | May 2016 | A1 |
| 20160224984 | Mardikar et al. | Aug 2016 | A1 |
| 20160253670 | Kim | Sep 2016 | A1 |
| 20170111797 | Mardikar | Apr 2017 | A1 |
| 20170237829 | Kirkeby | Aug 2017 | A1 |
| 20180054438 | Li | Feb 2018 | A1 |
| 20180101678 | Rosa | Apr 2018 | A1 |
| 20180130548 | Fisher | May 2018 | A1 |
| 20180211236 | Rutherford | Jul 2018 | A1 |
| 20190057115 | Liu | Feb 2019 | A1 |
| 20190097975 | Martz | Mar 2019 | A1 |
| 20200034830 | Ortiz | Jan 2020 | A1 |
| 20200279258 | Agrawal | Sep 2020 | A1 |
| 20210056524 | Isgar | Feb 2021 | A1 |
| 20210258395 | Saito | Aug 2021 | A1 |
| Number | Date | Country |
|---|---|---|
| 1479533 | Mar 2004 | CN |
| 1908981 | Feb 2007 | CN |
| 1737181 | Dec 2006 | EP |
| 2034428 | Mar 2009 | EP |
| 2396472 | Jun 2004 | GB |
| WO 200178493 | Oct 2001 | WO |
| WO 2006113834 | Oct 2006 | WO |
| WO 2008034937 | Mar 2008 | WO |
| WO-2009138848 | Nov 2009 | WO |
| Entry |
|---|
| Gianluigi Me (Security overview for m-payed virtual ticketing ) (Year: 2003). |
| Grillo et al (Transaction oriented text messaging with Trusted-SMS) (Year: 2008) (Year: 2008). |
| Chinese Version of Second Office Action in Chinese Application No. 200980121058.9. |
| English Translation of Second Chinese Office Action in Chinese Application No. 200980121058.9. |
| Abstract of CN1908981A, Fujitsu Ltd, Feb. 7, 2007, 51 pages. |
| Atmel., “Understanding the Requirements of ISO/IEC 14443 for Type B Proximity Contactless Identification Cards”, Retrieved from the internet: http://www.atmel.com/dyn/resources/prod.documents/doc2056.pdf, Nov. 2005, 28 pages. |
| Baddeley D., “ISO/IEC 14443-3 Identification Cards—Contactless Integrated Circuit(s) Cards—Proximity Cards—Part 3: Initialization and Anticollision”, Retrieved from Internet: http://www.waaza.org/download/fcd-14443-3.pdf, Jun. 11, 1999, 48 pages. |
| Chinese Appl. No. 200980121058.9, Chinese Version of Office Action dated Dec. 12, 2011, 5 pages. |
| Chinese Appl. No. 200980121058.9, English Translation of Chinese Office Action, dated Dec. 12, 2011, 8 pages. |
| Erfahrungen M., et al., “NFC = Simplicity”, Nokia, 2007, Retrieved from the Internet: http://www.hccomp.eu/files/NFC-4.pdf, 18 pages. |
| European Appl. No. 09773993.2, Extended European Search Report dated Oct. 7, 2013, 7 pages. |
| Gralla P., “How Wireless Works”, 2nd Edition, Que Corporation, Oct. 24, 2005, 56 pages. |
| Hassinen M., “Java based Public Key Infrastructure for SMS Messaging”, Department of Computer Science, 2006, 6 pages. |
| International Appl. No. PCT/US2009/046322, International Search Report and Written Opinion dated Nov. 10, 2009, 7 pages. |
| International Appl. No. PCT/US2009/046450, International Search Report and Written Opinion dated Jul. 28, 2009, 7 pages. |
| “ISO8583 Message Format Specification Version 3.0”, Trusted Security Solutions, Sep. 21, 2005, 11 Pages. |
| “Merriam-Webster's Collegiate Dictionary,” 10th Edition, 1993, 1 page. |
| “Mobile NFC Services Version 1.0”, GSMA, Feb. 2007, 24 Pages. |
| “Mobile NFC technical Guidelines Version 2.0”, GSMA, Nov. 2007, 24 Pages. |
| “NFC—The Technology| Mobile NFC”, Aug. 8, 2012, Retrieved from the Internet: http://www.gsma.com/mobilenfc/nfc-the-technology/, 2 pages. |
| “Pay-Buy Mobile Business Opportunity Analysis Public White Paper”, Version 1.0, GSMA, Nov. 2007, 36 pages. |
| “Reader Series 4000: S4100 Multi-Function Reader Module RF-MGR-MNMN ISO 14443 Library Reference Guide”, Texas Instrument, Oct. 2003, Retrieved from the Internet: http://www.ti.com/rfid/docs/manuals/refmanuals/RF-MGR-MNMN-14443-refGuide.pdf, 58 pages. |
| Reference Shelf., “Secure,” Webster's Dictionary: Full Text, Jun. 9, 2011, 2 pages. |
| Reference Shelf, “Separate,” Webster Dictionary: Full Text, Jun. 9, 2011, 2 pages. |
| Smartcardalliance., “Contactless Technology for Secure Physical Access: Technology and Standards Choices”, Smart Card Alliance Report, Oct. 2002, Retrieved from the Internet: https://www.securetechalliance.org/resources/lib/Contactless.sub-Technology.Report.pdf, 48 pages. |
| Strunk W., et al., “The Elements of Style Third Edition”, MacMillan Publishing Co Inc, 1979, 3 pages. |
| U.S. Appl. No. 60/974,424, filed Sep. 21, 2007, 15 pages. |
| “Webster's New World Dictionary, Third College Edition,” 1988, 1 page. |
| White R., “How Computers Work”, 9th Edition, Que Corporation, Nov. 14, 2007, 75 pages. |
| White R., “How Computers Work”, Illustrated by Timothy Edward Downs, Que Publishing, 7th Edition, Oct. 15, 2003, 23 pages. |
| White R., “How Software Works”, Illustrated by Pamela Drury Wattenmaker, 1993, 68 pages. |
| Wikipedia., “FIPS 140-2”, Federal Information Processing Standard (FIPS), May 25, 2001, Retrieved From the Internet: https://en.wikipedia.org/wiki/FIPS_140-2, 6 pages. |
| Wikipedia., “FIPS PUB 140-2”, National Institute of Standards and Technology (NIST), May 25, 2001, Retrieved from Internet URL: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf, 6 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20180218358 A1 | Aug 2018 | US |
| Number | Date | Country | |
|---|---|---|---|
| 61059907 | Jun 2008 | US | |
| 61059395 | Jun 2008 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 12339850 | Dec 2008 | US |
| Child | 13331801 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 13794025 | Mar 2013 | US |
| Child | 15853647 | US | |
| Parent | 13331801 | Dec 2011 | US |
| Child | 13794025 | US |
