Secure handling of stored-value data objects

US 20030093667A1
Filed: 11/13/2001
Published: 05/15/2003
Est. Priority Date: 11/13/2001
Status: Active Grant

First Claim

Patent Images

1. A system to securely manage stored-value data objects, the system comprising:

an issuing system to issue a stored-value data object to a user device, wherein the issuing system signs the stored-value data object and encrypts the stored-value data object using a first public key associated with the user device;

a security element comprising a portion of the user device to decrypt and securely store the stored-value data object received at the user device from the issuing system; and

a redeeming system to redeem the stored-value data object by receiving the stored-value data object from the user device;

wherein the security element encrypts the stored-value data object with a second public key associated with the redeeming system;

and wherein the redeeming system decrypts the stored-value data object and verifies that the stored-value data object was signed by the issuing system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user'"'"'s personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption. Techniques further provide temporary and rapid verification data objects useful where rapid ticket verification is essential, such as mass transit systems.

124 Citations

98 Claims

1. A system to securely manage stored-value data objects, the system comprising:
- an issuing system to issue a stored-value data object to a user device, wherein the issuing system signs the stored-value data object and encrypts the stored-value data object using a first public key associated with the user device;
  
  a security element comprising a portion of the user device to decrypt and securely store the stored-value data object received at the user device from the issuing system; and
  
  a redeeming system to redeem the stored-value data object by receiving the stored-value data object from the user device;
  
  wherein the security element encrypts the stored-value data object with a second public key associated with the redeeming system;
  
  and wherein the redeeming system decrypts the stored-value data object and verifies that the stored-value data object was signed by the issuing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15, 16, 17, 18, 19, 20, 21)
- - 2. The system of claim 1, wherein the security element comprises at least one processor and associated memory.
  - 3. The system of claim 2, wherein the security element further comprises a tamper-resistant element for housing the at least one processor and associated memory.
  - 4. The system of claim 2, wherein the associated memory comprises a memory device providing non-volatile storage for a first private key corresponding to the first public key used by the issuing system to encrypt the stored-value data object.
  - 5. The system of claim 2, wherein the security element comprises an integrated module forming part of the user device.
  - 6. The system of claim 2, wherein the security element comprises a removably connected module.
  - 7. The system of claim 6, wherein the removably connected module comprises a smart card.
  - 8. The system of claim 1, wherein the user device comprises a computing device having wireless communication capabilities, such that the user device wirelessly communicates with the issuing and redeeming systems in receiving and redeeming stored-value data objects.
  - 15. The system of claim 1, wherein the issuing system comprises an Internet-accessible issuing system.
  - 16. The system of claim 15, wherein the user device comprises at least a first wireless communication interface to communicate with a wireless communication network having Internet access.
  - 17. The system of claim 16, wherein the user device comprises a WAP-enabled access terminal, and further wherein the Internet-accessible issuing system comprises a WAP-enabled server.
  - 18. The system of claim 1, wherein the issuing system comprises:
    - a communication interface to receive stored-value data object requests and issue stored-value data objects;
      
      a processing system to sign and encrypt stored-value data objects; and
      
      memory to store an issuing system private key used in signing stored-value data objects.
  - 19. The system of claim 1, wherein the redeeming system comprises:
    - a communication interface to receive redemption requests and stored-value data objects from user devices;
      
      a processing system to decrypt and verify stored-value data objects received from user devices; and
      
      memory to store a redeeming system private key used in decrypting the received stored-value data objects.
  - 20. The system of claim 1 further comprising a second redeeming system to verify a multi-use stored-value data object returned to the user device from the first redeeming system responsive to the user device redeeming the stored-value data object received from the ticket issuing system.
  - 21. The system of claim 1 further comprising a rapid verification system to redeem a rapid verification token (RVT) generated by the security element in the user device, and wherein the redeeming system returns a seed value to the user device responsive to the user device redeeming the stored-value data object at the redeeming system, the said seed value determining at least one pseudo-random element of the said RVT.

9. The system of claim 9, wherein the computing device comprises at least a first wireless interface to communicate with the issuing and redeeming systems.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the at least one wireless interface comprises first and second wireless interfaces to communicate with the issuing and redeeming systems, respectively.
  - 11. The system of claim 10, wherein the first wireless communication interface is a cellular communication interface enabling the computing device to communicate with a wireless communication network.
  - 12. The system of claim 11, wherein the computing device comprises an access terminal.
  - 13. The system of claim 10, wherein the second wireless interface comprises a Bluetooth wireless interface.
  - 14. The system of claim 10, wherein the second wireless interface comprises an infrared wireless interface.

22. A user device serving as a secure agent for stored-value data object issuing and redeeming systems, the user device comprising:
- at least one wireless interface to communicate with the issuing and redeeming systems; and
  
  a security element comprising at least one processor and associated memory to;
  
  securely store a first private key associated with the security element;
  
  decrypt a stored-value data object received from the issuing system using the first private key, and securely store the decrypted stored-value data object;
  
  encrypt the stored-value data object and a generated value using a public key associated with the redeeming system, wherein the public key and the generated value are received from the redeeming system;
  
  transfer the encrypted stored-value data object and generated value to the redeeming system; and
  
  erase the stored-value data object from the associated memory in the security element responsive to transfer of stored-value data object to the redeeming system.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 23. The user device of claim 22, wherein the at least one wireless interface comprises first and second wireless interfaces.
  - 24. The user device of claim 23, wherein the first wireless interface comprises a wireless communication network interface to communicate with a cellular wireless communication network, and wherein the issuing system is accessible to the user device via the cellular wireless communication network.
  - 25. The user device of claim 24, wherein the user device comprises a WAP-enabled access terminal, and further wherein the issuing system operates as a WAP-enabled issuing system.
  - 26. The user device of claim 23, wherein the second wireless interface is a local wireless interface, and further wherein the redeeming system is local with respect to the user device, such that the security element and the redeeming system communicate via the second wireless interface.
  - 27. The user device of claim 23, wherein the second wireless interface is a Bluetooth radio interface.
  - 28. The user device of claim 23, wherein the second wireless interface is an infrared interface.
  - 29. The user device of claim 23, wherein the security element receives a modified stored-value data object from the redeeming system responsive to redeeming the stored-value data object, if the stored-value data object was a multi-use stored-value data object.
  - 30. The user device of claim 22, wherein the security element further comprises a sequence/pattern generator to generate at least one pseudorandom element as part of rapid verification activities subsequent to redeeming the stored-value data object at the redeeming system.
  - 31. The user device of claim 30, wherein the user device further comprises a display screen to display a verification image dependent upon the at least one pseudorandom element generated by the sequence/pattern generator of the security element.

32. A method of securely managing the issuance and redemption of stored-value data objects, the method comprising:
- issuing a stored-value data object from an issuing system to a user device, wherein the issuing system encrypts the stored-value data object using a first public key associated with the user device and the user device decrypts the stored-value data object using a private key known to the user device;
  
  transferring a generated value and a second public key from a redeeming system to the user device responsive to a redemption request;
  
  receiving the generated value and stored-value data object from the user device at the redeeming system, wherein the stored-value data object and the generated value are encrypted by the user device using the second public key; and
  
  validating the stored-value data object and generated value at the redeeming system after decrypting the stored-value data object and generated value using a private key known to the redeeming system.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 33. The method of claim 32 further comprising decrypting and storing the stored-value data object received from the issuing system at the user device in a security element comprising a portion of the user device.
  - 34. The method of claim 33 further comprising using the security element to encrypt the generated value received from the redeeming system and the stored-value data object held by the security element with the second public key received from the redeeming system.
  - 35. The method of claim 34 further comprising operating the security element according to pre-defined input and output functions such that the security element functions as a trusted agent of the issuing and redeeming systems.
  - 36. The method of claim 33 further comprising erasing the stored-value data object from the security element responsive to the user device sending the stored-value data object to the redeeming system.
  - 37. The method of claim 32, wherein validating the generated value and the stored-value data object returned from the user device to the redeeming system comprises verifying that the generated value returned from the user device matches the generated value sent from the redeeming system to the user device.
  - 38. The method of claim 32, wherein validating the generated value and the stored-value data object returned from the user device to the redeeming system comprises verifying that the stored-value data object is signed by the issuing system.
  - 39. The method of claim 38, wherein verifying that the stored-valued data object is signed by the issuing system comprises validating a digital signature using a second private key at the redeeming system, and wherein the second private key is associated with the issuing system.
  - 40. The method of claim 38, wherein verifying that the stored-valued data object is signed by the issuing system comprises validating a digital signature using a second private key at the redeeming system, and wherein the second private key is associated with another redeeming system.
  - 41. The method of claim 32 further comprising generating the generated value as a nonce.
  - 42. The method of claim 32 further comprising configuring the issuing system as a WAP-enabled server, which is also capable of generating and responding to special ticketing MIME types, allowing the user device to request and receive the stored-value data object in accordance with WAP procedures complemented with the said MIME types.
  - 43. The method of claim 32, wherein the issuing system is remote from the user device, and further comprising communication between the user device and the issuing system via a wireless communication network.
  - 44. The method of claim 32, wherein the redeeming system is local with respect to the user device, and further comprising communicating between the user device and redeeming system via local wireless signaling.
  - 45. The method of claim 32 further comprising returning a modified stored-value data object from the redeeming system to the user device if the stored-value data object being redeemed by the user device is a multi-use stored-value data object.
  - 46. The method of claim 45 further comprising modifying the multi-use stored-value data object received at the redeeming system from the user device by signing the multi-use stored-value data object using a redeeming system private key.
  - 47. The method of claim 45 further comprising modifying the multi-use stored-value data object received at the redeeming system from the user device by setting a redemption counter value in the multi-use stored-value data object, wherein the redemption counter value comprises a portion of the data comprising the stored-value data object.
  - 48. The method of claim 32 further comprising returning a seed value to the user device if the generated value and stored-value data object received from the user device are validated.
  - 49. The method of claim 48 further comprising:
    - receiving a verification sequence including a first pseudorandom element at a rapid verification system;
      
      validating the verification sequence by determining whether the first pseudorandom element matches a second pseudorandom element generated by the verification system using the same seed value; and
      
      wherein the user device generates the first pseudorandom element using the seed value received from the redeeming system.
  - 50. The method of claim 48 further comprising verifying by a human operator at a rapid verification point a verification image generated by the user device, wherein the verification image is dependent on the seed value returned to the user device by the redeeming system.
  - 51. The method of claim 50, wherein verifying the verification image by a human operator comprises the human operator comparing the verification image displayed by the user device with a reference image displayed by a rapid verification system.
  - 52. The method of claim 32, wherein the stored-value data object comprises an electronic ticket.

53. A method of securely managing stored-value data objects, the method comprising:
- receiving an issuance request for a stored-value data object at an issuing system, wherein the issuing system has access to a first public key associated with a user device originating the issuance request;
  
  encrypting the stored-value data object at the issuing system using the first public key;
  
  transmitting the encrypted stored-value data object from the issuing system for receipt at the user device, wherein the user device comprises a security element adapted to decrypt the stored-value data object using a first private key corresponding to the first public key, and then to securely store the stored-value data object;
  
  receiving a redemption request from the user device at a redeeming system;
  
  sending a second public key from the redeeming system to the user device responsive to the redemption request;
  
  receiving the stored-value data object encrypted using the second public key from the user device at the redeeming system;
  
  decrypting the stored-value data object at the redeeming system using a second private key corresponding to the second public key; and
  
  redeeming the stored-value data object at the redeeming system if the stored-value data object is valid.
- View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72)
- - 54. The method of claim 53 further comprising receiving the first public key as part of the issuance request originated by the user device.
  - 55. The method of claim 54 further comprising receiving the first public key as part of a user certificate from the user device.
  - 56. The method of claim 55 further comprising retaining the private key associated with the first public key in the security element of the user device.
  - 57. The method of claim 53 further comprising configuring the issuing system as a Wireless Application Protocol (WAP) server, such that remote wireless communication devices may request stored-value data objects from the WAP server.
  - 58. The method of claim 57 further comprising receiving the issuance request and issuing the stored-value data object at the WAP server in accordance with Wireless Application Protocol Public Key Infrastructure (WPKI) definitions.
  - 59. The method of claim 53 further comprising communicating between the redeeming system and the user device using wireless signaling.
  - 60. The method of claim 53 further comprising sending a nonce from the redeeming system to the user device.
  - 61. The method of claim 60, wherein the security element in the user device uses both the nonce and the second public key to encrypt the stored-value data object transferred to the redeeming system, the method further comprising decrypting the stored-value data object received from the user device at the redeeming system in accordance with the second private key and the nonce.
  - 62. The method of claim 53 further comprising receiving the first public key at the redeeming system.
  - 63. The method of claim 62 further comprising returning a redeemed stored-value data object encrypted using the first public key to the user device from the redeeming system.
  - 64. The method of claim 63 further comprising exchanging the redeemed stored-value data object for a temporary stored-value data object that may be subsequently validated on a temporary basis.
  - 65. The method of claim 64 further comprising defining the temporary basis as a defined number of allowable validation attempts.
  - 66. The method of claim 65 further comprising defining the temporary basis as a defined time period during which subsequent validation is permitted.
  - 67. The method of claim 66 further comprising returning a seed value, encrypted using the first public key associated with the user device, from the redeeming system to the user device.
  - 68. The method of claim 67 further comprising verifying the temporary stored-value data object, based on the seed value, during a subsequent redemption attempt by the user device.
  - 69. The method of claim 68, wherein verifying the temporary stored-value data object, based on the seed value, during a subsequent redemption attempt by the user device comprises verifying a pseudorandom number sequence returned from the user device based on the seed value and a redemption-system time-of-day value.
  - 70. The method of claim 69, wherein the user device generates the pseudorandom sequence using the seed value and a user-device time-of-day value, the method further comprising synchronizing the redemption-system time-of-day value to a reference time associated with the user-device time-of-day value.
  - 71. The method of claim 69 further comprising verifying the pseudorandom sequence returned from the user device by comparing the returned pseudorandom sequence to possible sequences generated by a like pseudorandom sequence generator over a defined time window referenced to the redemption-system time-of-day value.
  - 72. The method of claim 64 further comprising verifying the temporary stored-value data object at a second redeeming system using a reduced-security redemption protocol as compared to the initial verification of the stored-value data object at the first redeeming system.

73. A method of redeeming stored-value data objects, the method comprising:
- verifying a stored-value data object presented by a user device to a first redeeming system in accordance with first verification procedures; and
  
  returning a rapid verification object adapted for more rapid subsequent verification using second verification procedures.
- View Dependent Claims (74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98)
- - 74. The method of claim 73 further comprising verifying in accordance with the second verification procedures a rapid verification token (RVT) generated by the user device from the rapid verification object, wherein the second verification procedures are faster than the first verification procedures.
  - 75. The method of claim 74, wherein the rapid verification object comprises at least a seed value used by the user device in generating a verification sequence having a first pseudorandom element as the RVT, and wherein verifying the RVT in accordance with the second verification procedures comprises:
    - receiving the verification sequence from the user device at a rapid verification system; and
      
      validating the RVT by comparing the first pseudorandom element to a second pseudorandom element generated by the rapid verification system using the same seed value used by the user device.
  - 76. The method of claim 75, wherein the first pseudorandom element depends on the seed value and a user device time-of-day value, and further comprising:
    - receiving the verification sequence including the first pseudorandom element and the user device time-of-day value at the rapid verification system;
      
      generating the second pseudorandom element at the rapid verification system in dependence on the seed value and the user device time-of-day value; and
      
      validating the RVT by comparing the first pseudorandom element to the second pseudorandom element, and by verifying that the user device time-of-day value is within a predefined range of a rapid verification system time-of-day value.
  - 77. The method of claim 75, wherein the first pseudorandom element depends on the seed value and a user device time-of-day value, and further comprising:
    - receiving the verification sequence including the first pseudorandom element at the rapid verification system;
      
      generating the second pseudorandom element at the rapid verification system in dependence on the seed value and a rapid verification system time-of-day value; and
      
      validating the RVT by comparing the first pseudorandom element to the second pseudorandom element.
  - 78. The method of claim 77, further comprising synchronizing the rapid verification system time-of-day value to a time reference associated with the user device time-of-day value.
  - 79. The method of claim 77, further comprising generating a plurality of second pseudorandom elements for comparison against the first pseudorandom element to account for time-of-day mismatch between the user device and the rapid verification system.
  - 80. The method of claim 73 further comprising providing the rapid verification object to a second redeeming system acting as a rapid verification system, such that the rapid verification system can validate the rapid verification object held by the user device.
  - 81. The method of claim 73 further comprising transferring at least a seed value from the first redeeming system to the user device as the rapid verification object.
  - 82. The method of claim 81, wherein the user device generates a verification image having at least one pseudorandom attribute dependent on the seed value, and further comprising verifying by a human operator the verification image.
  - 83. The method of claim 82, wherein the verification image is time varying.
  - 84. The method of claim 83, wherein the time variation of the verification image has a relatively slow-changing discrete component and a relatively fast-changing continuous component.
  - 85. The method of claim 83 further comprising transferring manipulation instructions governing one or more dynamic characteristics of the verification image generated by the user device from the first redeeming system to the user device as part of the rapid verification object.
  - 86. The method of claim 83 further comprising the human operator verifying at least one dynamic attribute of the verification image that depends at least on the seed value.
  - 87. The method of claim 83 further comprising transmitting image information from the first redeeming system to the user device as part of the rapid verification object, such that the verification image displayed by the user device comprises at least one dynamic image having at least one attribute dependent on both the image information and the seed value.
  - 88. The method of claim 87, wherein transmitting image information comprises transmitting data representing at least one image for display by the user device.
  - 89. The method of claim 88, wherein transmitting image information comprises transmitting a set of manipulation instructions used by the user device in generating at least one visual element comprising the verification image.
  - 90. The method of claim 82 further comprising transferring image information from the first redeeming system to the user device as part of the rapid verification object.
  - 91. The method of claim 82 further comprising transmitting a user-identifying image from the first redeeming system to the user device as part of the rapid verification object, such that the verification image displayed by the user device includes the user-identifying image.
  - 92. The method of claim 91 further comprising accessing a user image associated with the user device at the first redeeming system, and transferring the user image to the user device as the user-identifying image.
  - 93. The method of claim 92, wherein accessing the user image comprises accessing a server whose location address is contained in a certificate sent by the user device to the first redeeming system.
  - 94. The method of claim 82 further comprising transmitting first image data from the first redeeming system to the user device as part of the rapid verification object, such that the verification image displayed by the user device includes a visual image dependent on the first image data.
  - 95. The method of claim 73, wherein returning a rapid verification object comprises issuing a physical token to a user of the user device.
  - 96. The method of claim 73, wherein the user device generates a verification image dependent on the rapid verification object, and further comprising:
    - generating a reference image at a rapid verification system dependent on the rapid verification object; and
      
      verifying by a human operator that the verification image generated by the user device substantially matches the reference image generated by the rapid verification system.
  - 97. The method of claim 96 further comprising providing the rapid verification object to the rapid verification system for use in generating the reference image.
  - 98. The method of claim 96, wherein the user device generates the verification image further in dependence on a user device time-of-day value, the method further comprising generating the reference image in dependence on the rapid verification object and a rapid verification system time-of-day value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ericsson, Inc. (Telefonaktiebolaget LM Ericsson)
Original Assignee
Ericsson, Inc. (Telefonaktiebolaget LM Ericsson)
Inventors
Dutta, Santanu, Rydbeck, Nils

Granted Patent

US 7,315,944 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/161
CPC Class Codes

G06Q 20/045   using payment protocols inv...

G06Q 20/12   specially adapted for elect...

G06Q 20/327   Short range or proximity pa...

G06Q 20/363   with the personal data of a...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/3678   e-cash details, e.g. blinde...

G07B 15/00   Arrangements or apparatus f...

G07F 7/0866   by active credit-cards adap...

G07F 7/1016   Devices or methods for secu...

Secure handling of stored-value data objects

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

124 Citations

98 Claims

Specification

Solutions

Use Cases

Quick Links

Secure handling of stored-value data objects

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

98 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links