Software PIN entry
First Claim
1. A method comprising:
- receiving, by a card reader, from an application executing on a mobile device to which the card reader is communicatively coupled, batched information related to a transaction processed using the application on the mobile device, wherein the application on the mobile device generates the batched information following receipt of a passcode received by the application via a user interface presented on the mobile device, the batched information including the passcode and one or more information items comprising at least one of a transaction type, a transaction amount, a currency type, a date of the transaction, an identity of a payee, or a nonce previously generated by the card reader;
storing the batched information in the card reader;
receiving, by the card reader from the payment card, a plurality of requests, the plurality of requests including at least one request for at least some of the information items, and at least one request for the passcode;
providing, from the card reader to the payment card, from the stored batched information, in response to the requests, the at least some of the information items and the passcode, without the card reader separately requesting individual ones of the at least some of the information items from the application on the mobile device in response to the requests, to cause the payment card to determine whether the transaction can be authorized;
receiving, by the card reader from the payment card, a first transaction authorization request message in response to a determination by the payment card that the transaction can be authorized; and
sending, from the card reader to the mobile device, a second transaction authorization request message in response to the first transaction authorization request message, to cause the mobile device to send a third transaction authorization request message over a network to a computing device of a payment authorization entity.
3 Assignments
0 Petitions
Accused Products
Abstract
A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions.
Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server.
A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.
118 Citations
15 Claims
-
1. A method comprising:
-
receiving, by a card reader, from an application executing on a mobile device to which the card reader is communicatively coupled, batched information related to a transaction processed using the application on the mobile device, wherein the application on the mobile device generates the batched information following receipt of a passcode received by the application via a user interface presented on the mobile device, the batched information including the passcode and one or more information items comprising at least one of a transaction type, a transaction amount, a currency type, a date of the transaction, an identity of a payee, or a nonce previously generated by the card reader; storing the batched information in the card reader; receiving, by the card reader from the payment card, a plurality of requests, the plurality of requests including at least one request for at least some of the information items, and at least one request for the passcode; providing, from the card reader to the payment card, from the stored batched information, in response to the requests, the at least some of the information items and the passcode, without the card reader separately requesting individual ones of the at least some of the information items from the application on the mobile device in response to the requests, to cause the payment card to determine whether the transaction can be authorized; receiving, by the card reader from the payment card, a first transaction authorization request message in response to a determination by the payment card that the transaction can be authorized; and sending, from the card reader to the mobile device, a second transaction authorization request message in response to the first transaction authorization request message, to cause the mobile device to send a third transaction authorization request message over a network to a computing device of a payment authorization entity. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
a processor; and a computer-readable medium coupled to the processor and having instructions stored thereon, which, when executed by the processor, cause the processor to perform operations comprising; receiving, by a card reader, from an application executing on a mobile device to which the card reader is communicatively coupled, batched information related to a transaction processed using the application on the mobile device, wherein the application on the mobile device generates the batched information following receipt of a passcode received by the application via a user interface presented on the mobile device, the batched information including the passcode and one or more information items comprising at least one of a transaction type, a transaction amount, a currency type, a date of the transaction, an identity of a payee, or a nonce previously generated by the card reader; storing the batched information in the card reader; receiving, by the card reader from the payment card, a plurality of requests, the plurality of requests including at least one request for at least some of the information items, and at least one request for the passcode; providing, from the card reader to the payment card, from the stored batched information, in response to the requests, the at least some of the information items and the passcode, without the card reader separately requesting individual ones of the at least some of the information items from the application on the mobile device in response to the requests, to cause the payment card to determine whether the transaction can be authorized; receiving, by the card reader from the payment card, a first transaction authorization request message in response to a determination by the payment card that the transaction can be authorized; and sending, from the card reader to the mobile device, a second transaction authorization request message in response to the first transaction authorization request message, to cause the mobile device to send a third transaction authorization request message over a network to a computing device of a payment authorization entity. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium having instructions stored thereon, which, when executed by a processor in a card reader, cause the processor to perform operations comprising:
-
receiving, by the card reader, from an application executing on a mobile device to which the card reader is communicatively coupled, batched information related to a transaction processed using the application on the mobile device, wherein the application on the mobile device generates the batched information following receipt of a passcode received by the application via a user interface presented on the mobile device, the batched information including the passcode and one or more information items comprising at least one of a transaction type, a transaction amount, a currency type, a date of the transaction, an identity of a payee, or a nonce previously generated by the card reader; storing the batched information in the card reader; receiving, by the card reader from the payment card, a plurality of requests, the plurality of requests including at least one request for at least some of the information items, and at least one request for the passcode; providing, from the card reader to the payment card, from the stored batched information, in response to the requests, the at least some of the information items and the passcode, without the card reader separately requesting individual ones of the at least some of the information items from the application on the mobile device in response to the requests, to cause the payment card to determine whether the transaction can be authorized; receiving, by the card reader from the payment card, a first transaction authorization request message in response to a determination by the payment card that the transaction can be authorized; and sending, from the card reader to the mobile device, a second transaction authorization request message in response to the first transaction authorization request message, to cause the mobile device to send a third transaction authorization request message over a network to a computing device of a payment authorization entity. - View Dependent Claims (12, 13, 14, 15)
-
Specification