Method for carrying out a transaction between a portable data carrier and a terminal

US 10,074,087 B2
Filed: 01/13/2011
Issued: 09/11/2018
Est. Priority Date: 01/20/2010
Status: Active Grant

First Claim

Patent Images

1. A method for carrying out a wireless electronic transaction between a portable data carrier associated with a mobile device and a terminal such that the portable data carrier prevents unauthorized acquisition of transaction data stored on the portable data carrier, the method comprising:

within a wireless electronic transaction communication between the portable data carrier and the terminal, receiving from the terminal, by the portable data carrier, an information item about the terminal, wherein the information item comprising comprises a terminal identification;

the portable data carrier including an embedded controller and memory unit that are separate from processors and memory of the associated mobile device;

depositing, by a central server, a list that contains as entries a plurality of terminal identifications with one or several locational positions associated with the respective terminal identification, in the memory of portable data carrier;

determining, by the embedded controller of the portable data carrier, a locational position of the terminal based on the information item, by comparing the transferred terminal identification with the terminal identifications of the list;

determining, by the embedded controller of the portable data carrier, a locational position of the portable data carrier, such that both the locational position of the terminal and the locational position of the portable data carrier are determined directly by the portable data carrier without transferring data to other computing systems;

comparing, by the portable data carrier, the locational position of the terminal with the locational position of the portable data carrier to determine a deviation therebetween;

when the deviation does not exceed a predetermined threshold, causing, by the portable data carrier, automatic transmission of the transaction data to the terminal; and

when the deviation exceeds the predetermined threshold, preventing, by the portable data carrier, automatic transmission of the transaction data to the terminal so as to prevent unauthorized acquisition of the transaction data stored on the portable data carrier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for carrying out a transaction between a portable data carrier, such as a chip card, and a terminal is described. An information item (TID) about the terminal is transferred to the portable data carrier upon the transmission of transaction data by a communication between the portable data carrier and the terminal. As a result, the portable data carrier obtains from the information item a locational position (ZID, WID, GID) of the terminal. Further, there is ascertained a locational position (OP) of the portable data carrier to which the portable data carrier has access. Finally, the portable data carrier compares the locational position (ZID, WID, GID) of the terminal with its locational position (OP), and initiates a measure for protecting the transaction in case a deviation between the two locational positions (ZID, WID, GID; OP) exceeds a predetermined threshold.

16 Citations

17 Claims

1. A method for carrying out a wireless electronic transaction between a portable data carrier associated with a mobile device and a terminal such that the portable data carrier prevents unauthorized acquisition of transaction data stored on the portable data carrier, the method comprising:
- within a wireless electronic transaction communication between the portable data carrier and the terminal, receiving from the terminal, by the portable data carrier, an information item about the terminal, wherein the information item comprising comprises a terminal identification;
  
  the portable data carrier including an embedded controller and memory unit that are separate from processors and memory of the associated mobile device;
  
  depositing, by a central server, a list that contains as entries a plurality of terminal identifications with one or several locational positions associated with the respective terminal identification, in the memory of portable data carrier;
  
  determining, by the embedded controller of the portable data carrier, a locational position of the terminal based on the information item, by comparing the transferred terminal identification with the terminal identifications of the list;
  
  determining, by the embedded controller of the portable data carrier, a locational position of the portable data carrier, such that both the locational position of the terminal and the locational position of the portable data carrier are determined directly by the portable data carrier without transferring data to other computing systems;
  
  comparing, by the portable data carrier, the locational position of the terminal with the locational position of the portable data carrier to determine a deviation therebetween;
  
  when the deviation does not exceed a predetermined threshold, causing, by the portable data carrier, automatic transmission of the transaction data to the terminal; and
  
  when the deviation exceeds the predetermined threshold, preventing, by the portable data carrier, automatic transmission of the transaction data to the terminal so as to prevent unauthorized acquisition of the transaction data stored on the portable data carrier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12)
- - 2. The method according to claim 1, wherein the communication between the portable data carrier and the terminal comprises an NFC communication.
  - 3. The method according to claim 1 wherein, in the list there are deposited for a respective terminal identification several locational positions based on different localization methods, and/or GPS coordinates and/or location coordinates, derived from a local radio network, of the terminal with the respective terminal identification.
  - 4. The method according to claim 1, wherein, in the list, there is deposited for a respective terminal identification an additional information item about the terminal with the respective terminal identification.
  - 5. The method according to claim 1, wherein the list is transmitted to the portable data carrier, and/or updated in the portable data carrier, by a central place.
  - 6. The method according to claim 1,wherein the portable data carrier is positioned in or on a mobile device, andwherein the method further comprises, when the deviation exceeds the predetermined threshold:
    - outputting a request, by the portable data carrier, for a user to manually confirm the transaction through the mobile device;
      
      obtaining, by the portable data carrier through the mobile device, manual user confirmation for the transaction; and
      
      upon obtaining manual user confirmation, causing, by the portable data carrier, transmission of the payment transaction data to the terminal.
  - 7. The method according to claim 6, wherein, in the list, there is deposited for a respective terminal identification an additional information item about the terminal with the respective terminal identification, wherein the request comprises the additional information item about the terminal to be used in obtaining manual user confirmation.
  - 8. The method according to claim 1, wherein the portable data carrier is a subscriber identification module (SIM), positioned in a mobile device and the terminal is a remote station, separate from the mobile device.
  - 9. The method according to claim 1,wherein the portable data carrier is positioned in or on a mobile device, andwherein determining the locational position of the portable data carrier comprises:
    - ascertaining a locational position by the mobile device, and/or by a GPS-enabled device which determines a GPS position, and/or by a radio device which determines a position in a local radio network; and
      
      obtaining from the mobile device, by the portable data carrier, the locational position.
  - 10. A portable data carrier configured to perform the method for carrying out a transaction according to claim 1.
  - 12. The method of claim 1, wherein the wireless electronic transaction between the portable data carrier and the terminal is a payment operation.

11. A system configured to wirelessly communicate with a terminal, the system comprising:
- a mobile device; and
  
  a portable data carrier positioned in or on the mobile device,wherein the mobile device includes a communication interface via which a wireless electronic communication is producible between the portable data carrier and the terminal, to receive from the terminal an information item about the terminal and to transmit to the terminal, transaction data stored on the portable data carrier, the portable data carrier including an embedded controller and secure memory unit that are separate from processors and memory of the mobile device, andwherein the portable data carrier is configured to perform a method for carrying out a wireless electronic transaction between the portable data carrier and the terminal, the method comprising;
  
  receiving an information item about the terminal over the wireless communication interface, the information item including a terminal identification;
  
  determining, by the embedded controller of the portable data carrier, a locational position of the terminal based on the information item, by obtaining a locational position associated with the received terminal identification from a list of terminal identifications and associated locational positions, the list being stored on the portable data carrier;
  
  determining, by the embedded controller of the portable data carrier, a locational position of the portable data carrier, such that both the locational position of the terminal and the locational position of the portable data carrier are determined directly by the portable data carrier without transferring data to other computing systems;
  
  determining a deviation between the locational position of the terminal and the locational position of the portable data carrier;
  
  when the deviation does not exceed the predetermined threshold, causing automatic transmission of the transaction data to the terminal over the communication interface; and
  
  when the deviation exceeds the predetermined threshold, preventing automatic transmission of the transaction data to the terminal so as to prevent unauthorized acquisition of the transaction data stored on the portable data carrier.
- View Dependent Claims (13, 14)
- - 13. The system of claim 11, further comprising means for ascertaining a locational position, and wherein the portable data carrier is configured to determine the locational position of the portable data carrier by obtaining the locational position from the means for ascertaining the locational position.
  - 14. The system of claim 13, wherein the means for ascertaining the locational position comprises one or more of:
    - a device within the mobile device,a GPS-enabled device which determines a GPS position, anda radio device which determines a position in a local radio network.

15. A method for authenticating wireless electronic payment transactions from a portable data carrier to a remote terminal and selectively transferring payment transaction data from the portable data carrier to the remote terminal based thereon, the portable data carrier being positioned on or in a mobile device, the portable data carrier having stored thereon payment transaction data as well as a list containing as entries a plurality of terminal identifications each having one or more locational positions associated therewith, the portable data carrier including an embedded controller and secure memory unit that are separate from processors and memory of the mobile device, the method being performed by the portable data carrier and comprising:
- wirelessly receiving from the remote terminal, via the mobile device, an identification of the remote terminal;
  
  obtaining from the list stored on the portable data carrier a locational position corresponding to the remote terminal identification;
  
  determining, by the embedded controller of the portable data carrier, a locational position of the portable data carrier,determining, by the embedded controller of the portable data carrier, a locational position of the terminal based on the received identification of the remote terminal, such that both the locational position of the terminal and the locational position of the portable data carrier are determined directly by the portable data carrier without transferring data to other computing systems;
  
  comparing the locational position of the remote terminal with the locational position of the portable data carrier to determine a deviation therebetween; and
  
  automatically wirelessly transferring the payment transaction data to the remote terminal only when the deviation is less than or equal to a predetermined threshold so as to prevent unauthorized acquisition of payment transaction data stored on the portable data carrier, the wireless transfer being performed through the mobile device.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, further comprising:
    - requesting manual confirmation from a user, via the mobile device, when the deviation is greater than the predetermined threshold; and
      
      wirelessly transferring the payment transaction data to the remote terminal after manual confirmation is obtained from the user, the wireless transfer being performed through the mobile device.
  - 17. The method of claim 15, wherein determining the locational position of the portable data carrier comprises:
    - obtaining a locational position from one or more of;
      
      the mobile device, a GPS-enabled device which determines a GPS position, and a radio device which determines a position in a local radio network; and
      
      using the obtained locational position as the locational position of the portable data carrier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Giesecke + Devrient Mobile Security GmBH (Giesecke & Devrient GmbH)
Original Assignee
Giesecke + Devrient Mobile Security GmBH (Giesecke & Devrient GmbH)
Inventors
Finkenzeller, Klaus, Rankl, Wolfgang
Primary Examiner(s)
Vyas, Abhishek

Application Number

US13/522,630
Publication Number

US 20120290481A1
Time in Patent Office

2,798 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/3224   Transactions dependent on l...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/40   Authorisation, e.g. identif...

Method for carrying out a transaction between a portable data carrier and a terminal

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method for carrying out a transaction between a portable data carrier and a terminal

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links