Secure virtual point of service for 3G wireless networks

US 20060265339A1
Filed: 05/16/2006
Published: 11/23/2006
Est. Priority Date: 05/17/2005
Status: Active Grant

First Claim

Patent Images

1. An electronic payment method comprising the steps of:

a. initiating a request from a buyer for payment for a product or service to a merchant using a mobile electronic device;

b. determining a buyer encryption key;

c. determining a merchant encryption key;

d. generating an encrypted package including an identification information regarding said product or service, said package is encrypted using both said buyer and merchant encryption keys;

e. calculating a merchant hash of at least a portion of said package;

f. calculating a buyer hash of at least an identical portion of said package;

g. comparing said buyer hash with said merchant hash;

h. transmitting, based upon said comparison, said merchant encryption key to said buyer;

i. decrypting said package using said merchant encryption key and determining if said encrypted package is correct; and

j. releasing payment for said product or service based upon said determination.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Secure Virtual Point of Service (SVPOS) that coordinates the authentication, authorization, and identity, settlement, arbitration and non-repudiation for an electronic commercial transaction. For each commercial transaction, both the buyer and merchant authenticate itself to the SVPOS and create two unique transaction encryption keys, one for the buyer and one for the merchant. The merchant uses both encryption keys to encrypt a package that include at least product identification. The merchant and buyer calculate a hash of the package and transmit the calculated hash to the SVPOS for comparison to prevent repudiation. If the calculated hash is identical the buyer receives the merchants encryption key and decrypts the package. Payment is released by the SVPOS if the buyer is satisfied with the package via a Parlay system. If the buyer is not satisfied, said SVPOS performs arbitration between the buyer and merchant to determine if the package is correct.

Citations

34 Claims

1. An electronic payment method comprising the steps of:
- a. initiating a request from a buyer for payment for a product or service to a merchant using a mobile electronic device;
  
  b. determining a buyer encryption key;
  
  c. determining a merchant encryption key;
  
  d. generating an encrypted package including an identification information regarding said product or service, said package is encrypted using both said buyer and merchant encryption keys;
  
  e. calculating a merchant hash of at least a portion of said package;
  
  f. calculating a buyer hash of at least an identical portion of said package;
  
  g. comparing said buyer hash with said merchant hash;
  
  h. transmitting, based upon said comparison, said merchant encryption key to said buyer;
  
  i. decrypting said package using said merchant encryption key and determining if said encrypted package is correct; and
  
  j. releasing payment for said product or service based upon said determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 33, 34)
- - 2. The electronic payment method of claim 1, wherein the method further comprises the step of:
    - authenticating a buyer which is using said mobile electronic device and a merchant which is selling said product or service.
  - 3. The electronic payment method of claim 1 wherein the method further comprises the steps of:
    - authorizing payment via a secure virtual point of service (SVPOS); and
      
      transmitting said buyer encryption key to said merchant upon receipt of said authorization.
  - 4. The electronic payment method of claim 2, wherein the authenticating step includes the sub-steps of:
    - for the buyer;
      
      (i) requesting a first transaction identification from a bootstrapping server;
      
      (ii) obtaining authentication vectors for said buyer from a home subscriber server (HSS) (iii) issuing a challenge to said buyer;
      
      (iv) responding to said challenge, said response includes said buyer encryption key; and
      
      (v) transmitting said first transaction identification to said buyer and a secure virtual point of service (SVPOS), for the merchant;
      
      (vi) requesting a second transaction identification from a bootstrapping server;
      
      (vii) obtaining authentication vectors for said merchant from said home subscriber server (HSS);
      
      (viii) issuing a challenge to said merchant;
      
      (ix) responding to said challenge, said response includes said merchant encryption key; and
      
      (x) transmitting said second transaction identification to said merchant and SVPOS.
  - 5. The electronic payment method of claim 1, wherein said buyer and merchant encryption keys are generated based upon unique identification information in a subscriber identity module (SIM) Card in said mobile electronic device, and a SIM card located at said merchant, said buyer and merchant encryption keys are different for each transaction.
  - 6. The electronic payment method of claim 1, wherein said encrypted package further includes said product or service, product-ID and a receipt.
  - 7. The electronic payment method of claim 6, wherein if said product is not correct, said buyer transmits the encrypted package to a secure virtual point of service (SVPOS) for arbitration.
  - 8. The electronic payment method of claim 6, wherein if said product is determined to be correct, said buyer transmits the receipt to a secure virtual point of service (SVPOS) and payment is released.
  - 9. The electronic payment method of claim 7, wherein said arbitration includes the substeps of:
    - (i) determining if a correct product-ID was transmitted, said correct product-ID is determined based upon a comparison of product-IDs stored in a database with the sent product-ID;
      
      (ii) determining if a correct product was transmitted; and
      
      (iii) comparing the sent product-ID with the sent product.
  - 10. The electronic payment method of claim 1, wherein the method further includes the steps of:
    - a. sending said encrypted package to said buyer;
      
      b. decrypting said encrypted package using only said buyer encryption key;
      
      c. reviewing said identification information regarding said product or service included in said encrypted package;
      
      d. determining if said identification information matches said product or service requested; and
      
      e. calculating said buyer hash based upon said determination.
  - 11. The electronic payment method of claim 1, wherein said merchant hash is a keyed hash and is encrypted using a key obtained through a public key infrastructure.
  - 33. The electronic payment method according to claim 1, wherein said mobile electronic device is a mobile telephone.
  - 34. The electronic payment method according to claim 1, wherein said mobile electronic device is portable computer.

12. A method of purchasing a product or service comprising the steps of:
- a. initiating a request for a purchase and payment of said product or service to a merchant using a mobile electronic device;
  
  b. determining a buyer encryption key;
  
  c. receiving an encrypted package from said merchant, said encrypted package is encrypted using at least said buyer encryption key, said package includes at least identification information regarding said product or service;
  
  d. calculating a buyer hash of at least a portion of said encrypted package;
  
  e. decrypting said encrypted package using a merchant encryption key and determining if said encrypted package is correct; and
  
  f. releasing payment for said product or service based upon said determination.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. A method of purchasing a product or service according to claim 12, wherein said merchant encryption key is received only if said calculated buyer hash is correct, said calculated buyer hash is correct if said calculated buyer hash matches a calculated merchant hash.
  - 14. The method of purchasing a product or service according to claim 12, wherein the method further comprises the step of:
    - authenticating a buyer which is using said mobile electronic device and a merchant which is selling said product or service.
  - 15. The method of purchasing a product or service according to claim 14, wherein the authenticating step includes the sub-steps of:
    - for the buyer;
      
      (i) requesting a first transaction identification from the bootstrapping server;
      
      (ii) obtaining authentication vectors for said buyer from a home subscriber server (HSS);
      
      (iii) issuing a challenge to said buyer;
      
      (iv) responding to said challenge, said response includes said buyer encryption key; and
      
      (v) transmitting said first transaction identification to said buyer and a secure virtual point of service (SVPOS), for the merchant;
      
      (vi) requesting a second transaction identification from the bootstrapping server;
      
      (vii) obtaining authentication vectors for said merchant from said home subscriber server (HSS);
      
      (viii) issuing a challenge to said merchant;
      
      (ix) responding to said challenge, said response includes said merchant encryption key; and
      
      (x) transmitting said second transaction identification to said merchant and said (SVPOS).
  - 16. The method of purchasing a product or service according to claim 12, wherein said encrypted package further includes said product or service, product-ID and a receipt.
  - 17. The method of purchasing a product or service according to claim 16, wherein if said product is not correct, said buyer transmits the encrypted package to a secure virtual point of service (SVPOS) for arbitration.
  - 18. The method of purchasing a product or service according to claim 16, wherein if said product is determined to be correct, said buyer transmits the receipt to a secure virtual point of service (SVPOS) and payment is released.
  - 19. The method of purchasing a product or service according to claim 17, wherein said arbitration includes the sub-steps of:
    - (i) determining if a correct product-ID was transmitted, said correct product-ID is determined based upon a comparison of product-IDs stored in a database with the sent product-ID;
      
      (ii) determining if a correct product was transmitted; and
      
      (iii) comparing the sent product-ID with the sent product.

20. A method of selling a product or service comprising the steps of:
- a. receiving a request for a purchase and payment of said a product or service from a buyer, said request is made using a mobile electronic device;
  
  b. directing said buyer to a secure virtual point of service (SVPOS) for authentication and payment;
  
  c. determining a merchant encryption key;
  
  d. generating an encrypted package including an identification information regarding said product or service, said encrypted package is encrypted using both said merchant encryption key and a buyer encryption key, said encrypted package is transmitted to said buyer;
  
  e. calculating a merchant hash of at least a portion of said encrypted package, said calculated hash is transmitted to said SVPOS;
  
  f. comparing said merchant hash of at least a portion of said encrypted package with a calculated buyer hash;
  
  g. transmitting, based upon said comparison, said merchant encryption key to said buyer;
  
  h. settling said purchase and payment, based upon a determination of satisfaction by said buyer.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The method of selling a product or service according to claim 20, wherein said buyer encryption key is only transmitted from the SVPOS to said merchant after a successful authentication by said buyer.
  - 22. The method of selling a product or service according to claim 20, wherein said encrypted package further includes said product or service, product-ID and a receipt.
  - 23. The method of selling a product or service according to claim 22, wherein said determination of satisfaction includes determining if said product is correct, if said product is not correct, the step of settling said purchase and payment includes arbitration.
  - 24. The method of selling a product or service according to claim 22, wherein said determination of satisfaction includes determining if said product is correct, if said product is correct, the step of settling said purchase and payment includes the sub-steps of:
    - (i) receiving the receipt by said SVPOS; and
      
      (ii) receiving payment from said buyer via the SVPOS.
  - 25. The method of selling a product or service according to claim 20, wherein said calculated buyer hash is transmitted to said SVPOS by the buyer.
  - 26. The method of selling a product or service according to claim 25, wherein said merchant encryption key is transmitted to said buyer only if said calculated merchant hash and said calculated buyer hash are found to be substantially identical at step (g).

27. A secure virtual point of service (SVPOS) for using for electronic payment of a commercial transaction comprising:
- means for redirecting both a buyer and a merchant to a Bootstrapping Server function (BSF) for authentication;
  
  means for obtaining authorization for payment from said buyer;
  
  means for receiving a calculated merchant hash of at least a portion of a package and a calculated buyer hash of at least a portion of said package, said package includes at least a product identification;
  
  means for comparing said merchant hash with said buyer hash;
  
  means for transmitting a merchant encryption key to said buyer based upon said comparison; and
  
  means for settling payment for said commercial transaction based upon said buyer'"'"'s determination of satisfaction said package.
- View Dependent Claims (28, 29)
- - 28. The secure virtual point of service (SVPOS) of claim 27, further comprising:
    - a storage means for storing payment information for said commercial transaction, payment information includes a cost of said commercial transaction and a receipt thereof.
  - 29. The secure virtual point of service (SVPOS) of claim 27, wherein said means for settling payment include an arbitration means, said arbitration means determines whether said merchant included a correct product and product identification in said package.

30. A settlement system for commercial transactions comprising:
- a home subscriber server (HSS) for storing authentication vectors for a buyer and a merchant;
  
  a bootstrapping server (BSF) for authenticating both said buyer and said merchant by obtaining information from said buyer and said merchant and confirming said information using said authentication vectors stored in said HSS;
  
  a parley server for transferring payment from a buyer account to a merchant account and maintaining a record of the commercial transaction; and
  
  a secure virtual point of service (SVPOS) for managing operation of said settlement system, said SVPOS routes said buyer and said merchant to said BSF for authentication, after authentication said SVPOS obtains authorization for payment of said commercial transactions using said parley server as a mobile wallet and transmits a buyer encryption key to said merchant, said SVPOS includes a non-repudiation section which compares a buyer hash value of at least a portion of a package with a merchant hash value of at least a portion of said package, said SVPOS transmits a merchant encryption key to said buyer if said buyer hash and merchant hash values are identical, said SVPOS releases payment to said merchant using said parley server if said buyer does not return said package to said SVPOS.
- View Dependent Claims (31, 32)
- - 31. The settlement system of claim 30, wherein said SVPOS further includes an arbitration entity that determines whether said package includes a correct product and product identification if said buyer returns said package to said SVPOS.
  - 32. The settlement system of claim 30 further comprising an authentication proxy which acts as an intermediary between said buyer and merchant and said settlement system to provide anonymity for said buyer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nytell Software LLC (Intellectual Ventures LLC)
Original Assignee
TTI Inventions C LLC (Intellectual Ventures LLC)
Inventors
Di Crescenzo, Giovanni, Varma, Vijay K., Vakil, Faramak, Morera Sempere, Raquel

Granted Patent

US 8,645,282 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/76
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/12   specially adapted for elect...

G06Q 20/1235   with control of digital rig...

G06Q 20/3821   Electronic credentials

G06Q 20/3823   combining multiple encrypti...

G06Q 30/06   Buying, selling or leasing ...

H04L 2463/102   applying security measure f...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

Secure virtual point of service for 3G wireless networks

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Secure virtual point of service for 3G wireless networks

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links