Secure smart card transactions
First Claim
1. A method of facilitating a transaction between a customer and a merchant using a smart card reader, the method comprising:
- storing, by the smart card reader, a reader cryptographic key and a message type tag list that identifies a plurality of tag values, each tag value corresponding to at least one type of non-sensitive message;
reading, by the smart card reader, a first message from a smart card, wherein the first message includes a first tag value;
identifying, by the smart card reader, that the first message is non-sensitive by comparing the first tag value in the first message to the plurality of tag values in the message type tag list and determining that the first tag value in the first message matches a tag value of the plurality of tag values in the message type tag list, wherein the first message identifies one or more supported application types that are supported by the smart card;
in response to identifying that the first message is non-sensitive, transmitting, by the smart card reader, the first message to a mobile device communicatively coupled to the smart card reader;
receiving, by the smart card reader from the mobile device, a response message that is responsive to the first message, the response message identifying a selected application type of the one or more supported application types identified in the first message;
transmitting, by the smart card reader to the smart card, the selected application type;
receiving, by the smart card reader and from the smart card, a second message including a second tag value;
identifying, by the smart card reader, that the second message includes a sensitive portion that includes transaction information associated with the selected application type by comparing the second tag value in the second message to the plurality of tag values in the message type tag list and determining that the second tag value in the second message does not match a tag value of the plurality of tag values in the message type tag list;
formatting, by the smart card reader, the second message to conform to level 1 requirements of a transaction protocol at least by encapsulating at least the sensitive portion of the second message with a non-sensitive header identifying the transaction;
encrypting, by the smart card reader, the sensitive portion of the second message using the reader cryptographic key;
sending, by the smart card reader, the second message through the mobile device to a payment transaction server in response to encrypting the sensitive portion of the second message and formatting the second message to conform to the level 1 requirements of the transaction protocol; and
receiving, by the smart card reader and from the payment transaction server through the mobile device, and in response to sending the second message to the payment transaction server, an indication that the payment transaction server has approved the transaction of the selected application type.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of securely conducting a financial transaction includes receiving, at a card reader, a first plurality of messages from a smart card; identifying, using the reader, one or more sensitive messages in the first plurality of messages, where the first plurality of messages conforms to a protocol of the financial transaction; encrypting, using the reader, the one or more sensitive messages using a cryptographic key of the reader to generate encrypted messages; formatting, using the reader, a second plurality of messages according to the protocol to send to a mobile device, where the second plurality of messages includes the encrypted messages and messages in the first plurality of messages that are not sensitive; determining, using a mobile device, action steps according to the protocol, where the action steps are determined from the second plurality of messages; and executing the action steps.
195 Citations
21 Claims
-
1. A method of facilitating a transaction between a customer and a merchant using a smart card reader, the method comprising:
-
storing, by the smart card reader, a reader cryptographic key and a message type tag list that identifies a plurality of tag values, each tag value corresponding to at least one type of non-sensitive message; reading, by the smart card reader, a first message from a smart card, wherein the first message includes a first tag value; identifying, by the smart card reader, that the first message is non-sensitive by comparing the first tag value in the first message to the plurality of tag values in the message type tag list and determining that the first tag value in the first message matches a tag value of the plurality of tag values in the message type tag list, wherein the first message identifies one or more supported application types that are supported by the smart card; in response to identifying that the first message is non-sensitive, transmitting, by the smart card reader, the first message to a mobile device communicatively coupled to the smart card reader; receiving, by the smart card reader from the mobile device, a response message that is responsive to the first message, the response message identifying a selected application type of the one or more supported application types identified in the first message; transmitting, by the smart card reader to the smart card, the selected application type; receiving, by the smart card reader and from the smart card, a second message including a second tag value; identifying, by the smart card reader, that the second message includes a sensitive portion that includes transaction information associated with the selected application type by comparing the second tag value in the second message to the plurality of tag values in the message type tag list and determining that the second tag value in the second message does not match a tag value of the plurality of tag values in the message type tag list; formatting, by the smart card reader, the second message to conform to level 1 requirements of a transaction protocol at least by encapsulating at least the sensitive portion of the second message with a non-sensitive header identifying the transaction; encrypting, by the smart card reader, the sensitive portion of the second message using the reader cryptographic key; sending, by the smart card reader, the second message through the mobile device to a payment transaction server in response to encrypting the sensitive portion of the second message and formatting the second message to conform to the level 1 requirements of the transaction protocol; and receiving, by the smart card reader and from the payment transaction server through the mobile device, and in response to sending the second message to the payment transaction server, an indication that the payment transaction server has approved the transaction of the selected application type. - View Dependent Claims (2, 3, 4, 5, 12)
-
-
6. A system for facilitating a transaction between a customer and a merchant, the system comprising:
a smart card reader comprising; a reader interface; a communication interface communicatively coupled to a mobile device; a memory that stores instructions, a reader cryptographic key, and a message type tag list that identifies a plurality of tag values, each tag value corresponding to at least one type of non-sensitive message; a controller coupled to the communication interface and the memory, wherein the instructions when executed by the controller cause the controller to perform operations including; reading, using the reader interface, a first message from a smart card, wherein the first message includes a first tag value; identifying that the first message is non-sensitive by comparing the first tag value in the first message to the plurality of tag values in the message type tag list and determining that the first tag value in the first message matches a tag value of the plurality of tag values in the message type tag list, wherein the first message identifies one or more supported application types that are supported by the smart card; in response to identifying that the first message is non-sensitive, transmitting, using the communication interface, the first message to the mobile device; receiving, using the communication interface, a response message that is responsive to the first message, the response message identifying a selected application type of the one or more supported application types identified in the first message; transmitting, using the reader interface, the selected application type to the smart card; receiving, from the smart card using the reader interface, a second message including a second tag value; identifying that the second message includes a sensitive portion that includes transaction information associated with the selected application type by comparing the second tag value in the second message to the plurality of tag values in the message type tag list and determining that the second tag value in the second message does not match a tag value of the plurality of tag values in the message type tag list; formatting the second message to conform to level 1 requirements of a transaction protocol at least by encapsulating at least the sensitive portion of the second message with a non-sensitive header identifying the transaction; encrypting the sensitive portion of the second message using the reader cryptographic key; sending, using the communication interface, the second message through the mobile device to a payment transaction server in response to encrypting the sensitive portion of the second message and formatting the second message to conform to the level 1 requirements of the transaction protocol; and in response to sending the second message to the payment transaction server, receiving using the communication interface, from the payment transaction server through the mobile device, an indication that the payment transaction server has approved the transaction of the selected application type. - View Dependent Claims (7, 8, 9, 10)
-
11. A method of facilitating a transaction between a customer and a merchant using a smart card reader, the method comprising:
-
storing by the smart card reader, a reader cryptographic key and a message type tag list that identifies a plurality of tag values, each tag value corresponding to at least one type of sensitive message; reading, by the smart card reader, a first message from a smart card, wherein the first message includes a first tag value; identifying, by the smart card reader, that the first message is non-sensitive by comparing the first tag value in the first message to the plurality of tag values in the message type tag list and determining that the first tag value in the first message does not match a tag value of the plurality of tag values in the message type tag list, wherein the first message identifies one or more supported application types; in response to identifying that the first message is non-sensitive, transmitting, by the smart card reader, the first message to a mobile device communicatively coupled to the smart card reader; receiving, by the smart card reader from the mobile device, a response message that is responsive to the first message, the response message identifying a selected application type of the one or more supported application types identified in the first message; transmitting, by the smart card reader to the smart card, the selected application type; receiving, by the smart card reader and from the smart card, a second message including a second tag value; identifying, by the smart card reader, that the second message includes a sensitive portion that includes transaction information associated with the selected application type by comparing the second tag value in the second message to the plurality of tag values in the message type tag list and determining that the second tag value in the second message matches a tag value of the plurality of tag values in the message type tag list; formatting, by the smart card reader, the second message to conform to level 1 requirements of a transaction protocol at least by encapsulating at least the sensitive portion of the second message with a non-sensitive header identifying a transaction; encrypting, by the smart card reader, the sensitive portion of the second message using the reader cryptographic key; sending, by the smart card reader, the second message through the mobile device to a payment transaction server in response to encrypting the sensitive portion of the second message and formatting the second message to conform to the level 1 requirements of the transaction protocol; and receiving, by the smart card reader and from the payment transaction server through the mobile device, and in response to sending the second message to the payment transaction server, an indication that the payment transaction server has approved the transaction of the selected application type. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A system for facilitating a transaction between a customer and a merchant, the system comprising:
a smart card reader comprising; a reader interface; a communication interface communicatively coupled to a mobile device; a memory that stores instructions, a reader cryptographic key, and a message type tag list that identifies a plurality of tag values, each tag value corresponding to at least one type of sensitive message; a controller coupled to the communication interface and the memory, wherein the instructions when executed by the controller cause the controller to perform operations including; reading, using the reader interface, a first message from a smart card, wherein the first message includes a first tag value; identifying that the first message is non-sensitive by comparing the first tag value in the first message to the plurality of tag values in the message type tag list and determining that the first tag value in the first message does not match a tag value of the plurality of tag values in the message type tag list, wherein the first message identifies one or more supported application types that are supported by the smart card; in response to identifying that the first message is non-sensitive, transmitting, using the communication interface, the first message to the mobile device; receiving, using the communication interface, a response message that is responsive to the first message, the response message identifying a selected application type of the one or more supported application types identified in the first message; transmitting, using the reader interface, the selected application type to the smart card; receiving, from the smart card using the reader interface, a second message including a second tag value; identifying that the second message includes a sensitive portion that includes transaction information associated with the selected application type by comparing the second tag value in the second message to the plurality of tag values in the message type tag list and determining that the second tag value in the second message matches a tag value of the plurality of tag values in the message type tag list; formatting the second message to conform to level 1 requirements of a transaction protocol at least by encapsulating at least the sensitive portion of the second message with a non-sensitive header identifying the transaction; encrypting the sensitive portion of the second message using the reader cryptographic key; sending, using the communication interface, the second message through the mobile device to a payment transaction server in response to encrypting the sensitive portion of the second message and formatting the second message to conform to the level 1 requirements of the transaction protocol; and in response to sending the second message to the payment transaction server, receiving using the communication interface, from the payment transaction server through the mobile device, an indication that the payment transaction server has approved the transaction of the selected application type. - View Dependent Claims (18, 19, 20, 21)
Specification