Software PIN entry

US 10,515,363 B2
Filed: 03/13/2013
Issued: 12/24/2019
Est. Priority Date: 06/12/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a card reader, from an application executing on a mobile device to which the card reader is communicatively coupled, batched information related to a transaction processed using the application on the mobile device, wherein the application on the mobile device generates the batched information following receipt of a passcode received by the application via a user interface presented on the mobile device, the batched information including the passcode and one or more information items comprising at least one of a transaction type, a transaction amount, a currency type, a date of the transaction, an identity of a payee, or a nonce previously generated by the card reader;

storing the batched information in the card reader;

receiving, by the card reader from the payment card, a plurality of requests, the plurality of requests including at least one request for at least some of the information items, and at least one request for the passcode;

providing, from the card reader to the payment card, from the stored batched information, in response to the requests, the at least some of the information items and the passcode, without the card reader separately requesting individual ones of the at least some of the information items from the application on the mobile device in response to the requests, to cause the payment card to determine whether the transaction can be authorized;

receiving, by the card reader from the payment card, a first transaction authorization request message in response to a determination by the payment card that the transaction can be authorized; and

sending, from the card reader to the mobile device, a second transaction authorization request message in response to the first transaction authorization request message, to cause the mobile device to send a third transaction authorization request message over a network to a computing device of a payment authorization entity.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions.

Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server.

A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

118 Citations

15 Claims

1. A method comprising:
- receiving, by a card reader, from an application executing on a mobile device to which the card reader is communicatively coupled, batched information related to a transaction processed using the application on the mobile device, wherein the application on the mobile device generates the batched information following receipt of a passcode received by the application via a user interface presented on the mobile device, the batched information including the passcode and one or more information items comprising at least one of a transaction type, a transaction amount, a currency type, a date of the transaction, an identity of a payee, or a nonce previously generated by the card reader;
  
  storing the batched information in the card reader;
  
  receiving, by the card reader from the payment card, a plurality of requests, the plurality of requests including at least one request for at least some of the information items, and at least one request for the passcode;
  
  providing, from the card reader to the payment card, from the stored batched information, in response to the requests, the at least some of the information items and the passcode, without the card reader separately requesting individual ones of the at least some of the information items from the application on the mobile device in response to the requests, to cause the payment card to determine whether the transaction can be authorized;
  
  receiving, by the card reader from the payment card, a first transaction authorization request message in response to a determination by the payment card that the transaction can be authorized; and
  
  sending, from the card reader to the mobile device, a second transaction authorization request message in response to the first transaction authorization request message, to cause the mobile device to send a third transaction authorization request message over a network to a computing device of a payment authorization entity.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, where receiving, by the card reader, the batched information, from the application executing on the mobile device, minimizes data transfers between the mobile device and the card reader to save battery on at least one of the card reader or the mobile device.
  - 3. The method of claim 1, where the batched information is received by the card reader from the mobile device after the payment card is inserted into the card reader.
  - 4. The method of claim 1, where the batched information is received by the card reader from the mobile device before the payment card is inserted into the card reader.
  - 5. The method of claim 1, where authorizing the transaction requires a plurality of security codes before the transaction is approved or denied, the method further comprising:
    - receiving the plurality of security codes from the payment card, the plurality of security codes having been generated by the payment card;
      
      transmitting the plurality of security codes to the mobile device, which sends the plurality of security codes to a card issuing entity associated with the payment card;
      
      receiving a response from the card issuing entity, where the response authorizes the plurality of security codes; and
      
      sending the response to the payment card.

6. A system comprising:
- a processor; and
  
  a computer-readable medium coupled to the processor and having instructions stored thereon, which, when executed by the processor, cause the processor to perform operations comprising;
  
  receiving, by a card reader, from an application executing on a mobile device to which the card reader is communicatively coupled, batched information related to a transaction processed using the application on the mobile device, wherein the application on the mobile device generates the batched information following receipt of a passcode received by the application via a user interface presented on the mobile device, the batched information including the passcode and one or more information items comprising at least one of a transaction type, a transaction amount, a currency type, a date of the transaction, an identity of a payee, or a nonce previously generated by the card reader;
  
  storing the batched information in the card reader;
  
  receiving, by the card reader from the payment card, a plurality of requests, the plurality of requests including at least one request for at least some of the information items, and at least one request for the passcode;
  
  providing, from the card reader to the payment card, from the stored batched information, in response to the requests, the at least some of the information items and the passcode, without the card reader separately requesting individual ones of the at least some of the information items from the application on the mobile device in response to the requests, to cause the payment card to determine whether the transaction can be authorized;
  
  receiving, by the card reader from the payment card, a first transaction authorization request message in response to a determination by the payment card that the transaction can be authorized; and
  
  sending, from the card reader to the mobile device, a second transaction authorization request message in response to the first transaction authorization request message, to cause the mobile device to send a third transaction authorization request message over a network to a computing device of a payment authorization entity.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, where the operation of receiving, by the card reader, the batched information, from the application executing on the mobile device, minimizes data transfers between the mobile device and the card reader to save battery on at least one of the card reader or the mobile device.
  - 8. The system of claim 6, where the batched information is received by the card reader from the mobile device after the payment card is inserted into the card reader.
  - 9. The system of claim 6, where the batched information is received by the card reader from the mobile device before the payment card is inserted into the card reader.
  - 10. The system of claim 6, further comprising:
    - receiving, from the payment card, a plurality of security codes generated by the payment card;
      
      transmitting the plurality of security codes to the mobile device, which sends the plurality of security codes to a card issuing entity associated with the payment card;
      
      receiving a response from the card issuing entity, where the response authorizes the plurality of security codes; and
      
      sending the response to the payment card.

11. A non-transitory computer-readable medium having instructions stored thereon, which, when executed by a processor in a card reader, cause the processor to perform operations comprising:
- receiving, by the card reader, from an application executing on a mobile device to which the card reader is communicatively coupled, batched information related to a transaction processed using the application on the mobile device, wherein the application on the mobile device generates the batched information following receipt of a passcode received by the application via a user interface presented on the mobile device, the batched information including the passcode and one or more information items comprising at least one of a transaction type, a transaction amount, a currency type, a date of the transaction, an identity of a payee, or a nonce previously generated by the card reader;
  
  storing the batched information in the card reader;
  
  receiving, by the card reader from the payment card, a plurality of requests, the plurality of requests including at least one request for at least some of the information items, and at least one request for the passcode;
  
  providing, from the card reader to the payment card, from the stored batched information, in response to the requests, the at least some of the information items and the passcode, without the card reader separately requesting individual ones of the at least some of the information items from the application on the mobile device in response to the requests, to cause the payment card to determine whether the transaction can be authorized;
  
  receiving, by the card reader from the payment card, a first transaction authorization request message in response to a determination by the payment card that the transaction can be authorized; and
  
  sending, from the card reader to the mobile device, a second transaction authorization request message in response to the first transaction authorization request message, to cause the mobile device to send a third transaction authorization request message over a network to a computing device of a payment authorization entity.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer-readable medium of claim 11, where the operation of receiving, by the card reader, the batched information, from the application executing on the mobile device, minimizes data transfers between the mobile device and the card reader to save battery on at least one of the card reader or the mobile device.
  - 13. The non-transitory computer-readable medium of claim 11, where the batched information is received by the card reader from the mobile device after the payment card is inserted into the card reader.
  - 14. The non-transitory computer-readable medium of claim 11, where the batched information is received by the card reader from the mobile device before the payment card is inserted into the card reader.
  - 15. The non-transitory computer-readable medium of claim 11, further comprising:
    - receiving, from the payment card, a plurality of security codes generated by the payment card;
      
      transmitting the plurality of security codes to the mobile device, which sends the plurality of security codes to a card issuing entity associated with the payment card;
      
      receiving a response from the card issuing entity, where the response authorizes the plurality of security codes; and
      
      sending the response to the payment card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Block, Inc. (f/k/a Square, Inc.)
Original Assignee
Block, Inc. (f/k/a Square, Inc.)
Inventors
Quigley, Oliver S. C., McCauley, Nathan, Lee, Bob
Primary Examiner(s)
Sereboff, Neal

Application Number

US13/799,724
Publication Number

US 20130332360A1
Time in Patent Office

2,477 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/326   Payment applications instal...

G06Q 20/353   Payments by cards read by M...

G06Q 20/3674   involving authentication

G06Q 20/3829   involving key management

G06Q 20/4012   Verifying personal identifi...

G06Q 2220/00   Business processing using c...

G07F 19/211   Software architecture withi...

G07F 7/1041   PIN input keyboard gets new...

G07F 7/1091   Use of an encrypted form of...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Software PIN entry

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Software PIN entry

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links