APPARATUS AND METHOD FOR PREVENTING UNAUTHORIZED ACCESS TO PAYMENT APPLICATION INSTALLED IN CONTACTLESS PAYMENT DEVICE
First Claim
1. A mobile payment device, comprising:
- a processor;
a payment application installed in the mobile payment device;
a memory; and
a set of instructions stored in the memory, which when executed by the processor implement a method todetermine that a user is attempting to utilize the payment application installed in the mobile payment device;
in response to determining that the user is attempting to utilize the payment application, request the user to input user identification data;
receive the user identification data from a data input device that is part of the mobile payment device;
in response to receiving the user identification data, provide the user identification data and authentication data to the payment application, the authentication data being different from the user identification data;
verify the validity of the authentication data and the validity of the user identification data;
if both the authentication data and the user identification data are valid, then provide the user with access to the payment application; and
if either the authentication data associated or the user identification data are not valid, then prevent the user from accessing the payment application.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, apparatus, and method for preventing the unauthorized access to a payment application installed on a mobile payment device, or to transaction data stored in the device. The mobile payment device may be a mobile phone that includes a contactless element (such as a contactless smart chip) and that is capable of communication and data transfer using a wireless communications network and a near field communications capability. Unauthorized access to the payment application is prevented by requiring that access control data be received from a trusted source, such as a controller or application in charge of managing inputs from a phone keypad, in order to activate the payment application or to access stored data.
203 Citations
26 Claims
-
1. A mobile payment device, comprising:
-
a processor; a payment application installed in the mobile payment device; a memory; and a set of instructions stored in the memory, which when executed by the processor implement a method to determine that a user is attempting to utilize the payment application installed in the mobile payment device; in response to determining that the user is attempting to utilize the payment application, request the user to input user identification data; receive the user identification data from a data input device that is part of the mobile payment device; in response to receiving the user identification data, provide the user identification data and authentication data to the payment application, the authentication data being different from the user identification data; verify the validity of the authentication data and the validity of the user identification data; if both the authentication data and the user identification data are valid, then provide the user with access to the payment application; and if either the authentication data associated or the user identification data are not valid, then prevent the user from accessing the payment application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of preventing unauthorized access to a payment application installed on a mobile payment device, comprising:
-
determining that a user is attempting to utilize the payment application; in response to determining that the user is attempting to utilize the payment application, requesting the user to input user identification data; receiving the user identification data from a data input device that is part of the mobile payment device; in response to receiving the user identification data, providing the user identification data and authentication data to the payment application, the authentication data being different from the user identification data; verifying the validity of the authentication data and the validity of the user identification data; if both the authentication data and the user identification data are valid, then providing the user with access to the payment application; and if either the authentication data associated or the user identification data are not valid, then preventing the user from accessing the payment application. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A data storage element in which are stored a set of instructions executable by a processor contained in a mobile payment device, wherein when executed by the processor, the instructions implement a method to
determine that a user is attempting to utilize a payment application installed in the mobile payment device; -
in response to determining that the user is attempting to utilize the payment application, request the user to input user identification data; receive the user identification data from a data input device that is part of the mobile payment device; in response to receiving the user identification data, provide the user identification data and authentication data to the payment application, the authentication data being different from the user identification data; verify the validity of the authentication data and the validity of the user identification data; if both the authentication data and the user identification data are valid, then provide the user with access to the payment application; and if either the authentication data associated or the user identification data are not valid, then prevent the user from accessing the payment application. - View Dependent Claims (23, 24, 25, 26)
-
Specification