Method and system for making card-based payments using mobile devices
First Claim
1. A system for making payments via a mobile device, the system comprising:
- a. a Virtual PIN pad integrated with the mobile device, the Virtual PIN pad providing an interface for entering a Personal Identification Number (PIN), the PIN being entered by a customer in order to authorize a payment transaction; and
b. a transaction backend module connecting the Virtual PIN pad to a payment institution through a secure channel, the transaction backend module enabling the payment transaction by securely transferring the entered PIN from the Virtual PIN pad to the payment institution, and a payment authorization code or a payment refusal intimation from the payment institution to the Virtual PIN pad.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system, a method and a computer program product for provisioning Virtual PIN pads on mobile devices, and for enabling customers to make payments using the provisioned Virtual PIN pads for the purchased goods and services. The system comprises a Virtual PIN pad and a transaction backend module. The Virtual PIN pad is a software emulation of a PIN Entry Device (PED) and is provisioned on the mobile device securely with all requisite keys and certificates, while conforming to all security standards of the payment domain. The transaction backend connects the Virtual PIN pad to a payment institution. The customer can make a payment by entering an account identifier card'"'"'s PIN into the Virtual PIN pad. The Virtual PIN pad encrypts the entered PIN using certified security mechanisms, and transmits it over a secure channel to the payment institution for verification and payment authorization, via the transaction backend. The backend ensures the integrity of transaction in the mobile data environment.
236 Citations
26 Claims
-
1. A system for making payments via a mobile device, the system comprising:
-
a. a Virtual PIN pad integrated with the mobile device, the Virtual PIN pad providing an interface for entering a Personal Identification Number (PIN), the PIN being entered by a customer in order to authorize a payment transaction; and
b. a transaction backend module connecting the Virtual PIN pad to a payment institution through a secure channel, the transaction backend module enabling the payment transaction by securely transferring the entered PIN from the Virtual PIN pad to the payment institution, and a payment authorization code or a payment refusal intimation from the payment institution to the Virtual PIN pad. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for provisioning a Virtual PIN pad system on a mobile device for making payments to one or more merchants through the mobile device, the mobile device having access to a transaction backend through an electronic network, the method comprising the steps of:
-
a. generating a PIN pad ID for the Virtual PIN pad that needs to be provisioned on the mobile device;
b. registering the generated PIN pad ID;
c. generating and attaching a master key for the Virtual PIN pad after registration, the master key being generated and attached to the Virtual PIN pad by the transaction backend;
d. downloading the Virtual PIN pad onto the mobile device, the download being done through the electronic network onto the mobile device;
e. generating a decrypting key corresponding to the PIN pad ID of the virtual PIN pad that is downloaded on the mobile device, the decrypting key being generated by the transaction backend;
f. sending the decrypting key to the downloaded Virtual PIN pad, the decrypting key being sent by the transaction backend to the downloaded Virtual PIN pad through an electronic network; and
g. decrypting the master key with the decrypting key sent to the downloaded Virtual PIN pad for activating the downloaded Virtual PIN pad. - View Dependent Claims (8)
-
-
9. A method of making payments using at least one mobile device, the mobile device being used by a customer and comprising an embedded Virtual PIN pad, the payment being made by the customer to a merchant'"'"'s online portal, the method comprising the steps of:
-
a. selecting an item for purchase from the merchant'"'"'s online portal, the selection being made by the customer;
b. capturing a customer ID for identifying the customer;
c. sending a pay order from the merchant'"'"'s online portal to a transaction backend;
d. sending the received pay order from the transaction backend to the mobile device being used by the customer;
e. entering a Personal Identification number (PIN) into the Virtual PIN pad integrated with the mobile device being used by the customer, the PIN being entered by the customer to authorize the payment;
f. encrypting the PIN entered by the customer;
g. sending the encrypted PIN from the Virtual PIN pad integrated with the mobile device being used by the customer to the transaction backend over a first secure channel;
h. sending the encrypted PIN from the transaction backend to a payment institution over a second secure channel to authorize payment to the merchant'"'"'s online portal;
i. verifying the encrypted PIN for authorizing the payment, the verification being done by the payment institution;
if the transaction is authorized by the payment institution, j. sending a payment authorization code to the merchant'"'"'s online portal, the payment authorization code being sent by the payment institution through the transaction backend;
else k. sending a payment refusal intimation to the merchant'"'"'s online portal, the payment refusal intimation being sent by the payment institution through the transaction backend. - View Dependent Claims (10, 11, 12)
-
-
13. A method of making payments using at least one mobile device, the mobile device being used by a customer and comprising an embedded Virtual PIN pad, the payment being made by the customer to a merchant, the customer'"'"'s mobile device having access to a network that connects it to a transaction backend, the method comprising the steps of:
-
a. entering a pay order comprising a payment amount into a transfer device, the transfer device being used by the merchant and the pay order being entered by the merchant into the transfer device;
b. sending the pay order from the transfer device to a transaction backend;
c. sending the pay order from the transaction backend to the Virtual PIN pad integrated with the mobile device being used by the customer;
d. entering a Personal Identification number (PIN) into the Virtual PIN pad integrated with the mobile device being used by the customer, the PIN being entered by the customer to authorize payment to the merchant;
e. encrypting the PIN entered by the customer;
f. sending the encrypted PIN from the Virtual PIN pad to the transaction backend over a first secure channel;
g. sending the encrypted PIN from the transaction backend to a payment institution over a second secure channel to authorize the payment to the merchant;
h. verifying the encrypted PIN for authorizing the payment, the verification being done by the payment institution;
if the transaction is authorized by the payment institution, i. sending a payment authorization code to the merchant and to the Virtual PIN pad integrated with the mobile device being used by the customer, the payment authorization code being sent by the payment institution through the transaction backend;
else j. sending a payment refusal intimation to the merchant and to the Virtual PIN pad integrated with the mobile device being used by the customer, the payment refusal intimation being sent by the payment institution through the transaction backend. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A method of making payments using a first mobile device being used by a merchant and a second mobile device being used by a customer, the second mobile device comprising a Virtual PIN pad integrated with the mobile device, the payment being made by the customer to the merchant, the second mobile device not having access to a network that can connect it to a transaction backend, the method comprising the steps of:
-
a. entering a pay order comprising a payment amount into the first mobile device;
b. sending the entered pay order from the first mobile device to the Virtual PIN pad integrated with the second mobile device;
c. entering a Personal Identification number (PIN) into the Virtual PIN pad integrated with the second mobile device, the PIN being entered by the customer to authorize the payment to the merchant;
d. encrypting the PIN entered by the customer;
e. sending the encrypted PIN from the second mobile device to the first mobile device;
f. sending the encrypted PIN from the first mobile device to the transaction backend over a first secure channel;
g. sending the encrypted PIN from the transaction backend to a payment institution over a second secure channel to authorize the payment to the merchant;
h. verifying the encrypted PIN for authorizing the payment, the verification being done by the payment institution;
if the transaction is authorized by the payment institution, i. sending a payment authorization code to the first mobile device and to the Virtual PIN pad integrated with the second mobile device, the payment authorization code being sent by the payment institution through the transaction backend;
else j. sending a payment refusal intimation to the first mobile device and to the Virtual PIN pad integrated with the second mobile device, the payment refusal intimation being sent by the payment institution through the transaction backend. - View Dependent Claims (19, 20, 21)
-
-
22. A method of making payments using a mobile device, the mobile device being used by a customer to place a voice-based order for a product or service with a merchant, the mobile device comprising a Virtual PIN pad integrated with the mobile device, the customer having a unique customer ID and the payment being made by the customer to the merchant, the mobile device having access to a network that connects it to a transaction backend, the method comprising the steps of:
-
a. contacting the merchant and placing a voice-based order, the contact being established by the customer using the mobile device;
b. providing the unique customer ID of the customer to the merchant, the unique customer ID being provided by the customer;
c. generating a pay order, the pay order being generated by the merchant for the customer;
d. sending the pay order to the Virtual PIN pad integrated with the mobile device, the pay order being sent by the merchant to the Virtual PIN pad through the transaction backend by using the unique customer ID;
e. entering a Personal Identification number (PIN) into the Virtual PIN pad integrated with the mobile device, the PIN being entered by the customer to authorize the payment to the merchant;
f. encrypting the PIN entered by the customer;
g. sending the encrypted PIN from the mobile device to the transaction backend over a first secure channel;
h. sending the encrypted PIN from the transaction backend to a payment institution over a second secure channel to authorize the payment to the merchant;
i. verifying the encrypted PIN for authorizing the payment, the verification being done by the payment institution;
if the transaction is authorized by the payment institution, j. sending a payment authorization code to the first mobile device and to the Virtual PIN pad integrated with the second mobile device, the payment authorization code being sent by the payment institution through the transaction backend;
else k. sending a payment refusal intimation to the first mobile device and to the Virtual PIN pad integrated with the second mobile device, the payment refusal intimation being sent by the payment institution through the transaction backend. - View Dependent Claims (23, 24, 25)
-
-
26. A computer program product comprising a computer usable medium having a computer readable program code embodied therein, for making payments using at least one mobile device being used by a customer, the mobile device comprising an embedded Virtual PIN pad, the payment being made by the customer to a merchant, the computer program product comprising:
-
a. program instruction means for prompting the customer to enter a Personal Identification Number (PIN) into the Virtual PIN pad integrated with the mobile device, the PIN being required for authorizing the payment;
b. program instruction means for encrypting the entered PIN;
c. program instruction means for sending the encrypted PIN to a transaction backend over a first secure channel;
d. program instruction means for enabling the transaction backend to send the encrypted PIN to a payment institution over a second secure channel for payment authorization;
e. program instruction means for enabling the payment institution to verify the encrypted PIN for authorizing the payment;
f. program instruction means for enabling the payment institution to send a payment authorization code to the merchant and to the Virtual PIN pad integrated with the mobile device, if the payment is authorized; and
g. program instruction means for enabling the payment institution to send a payment refusal intimation to the merchant and to the Virtual PIN pad integrated with the mobile device, if the payment is not authorized.
-
Specification