APPARATUS AND METHOD FOR PREVENTING UNAUTHORIZED ACCESS TO PAYMENT APPLICATION INSTALLED IN CONTACTLESS PAYMENT DEVICE

US 20100217709A1
Filed: 09/21/2009
Published: 08/26/2010
Est. Priority Date: 09/22/2008
Status: Abandoned Application

First Claim

Patent Images

1. A mobile payment device, comprising:

a processor;

a payment application installed in the mobile payment device;

a memory; and

a set of instructions stored in the memory, which when executed by the processor implement a method todetermine that a user is attempting to utilize the payment application installed in the mobile payment device;

in response to determining that the user is attempting to utilize the payment application, request the user to input user identification data;

receive the user identification data from a data input device that is part of the mobile payment device;

in response to receiving the user identification data, provide the user identification data and authentication data to the payment application, the authentication data being different from the user identification data;

verify the validity of the authentication data and the validity of the user identification data;

if both the authentication data and the user identification data are valid, then provide the user with access to the payment application; and

if either the authentication data associated or the user identification data are not valid, then prevent the user from accessing the payment application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus, and method for preventing the unauthorized access to a payment application installed on a mobile payment device, or to transaction data stored in the device. The mobile payment device may be a mobile phone that includes a contactless element (such as a contactless smart chip) and that is capable of communication and data transfer using a wireless communications network and a near field communications capability. Unauthorized access to the payment application is prevented by requiring that access control data be received from a trusted source, such as a controller or application in charge of managing inputs from a phone keypad, in order to activate the payment application or to access stored data.

203 Citations

26 Claims

1. A mobile payment device, comprising:
- a processor;
  
  a payment application installed in the mobile payment device;
  
  a memory; and
  
  a set of instructions stored in the memory, which when executed by the processor implement a method todetermine that a user is attempting to utilize the payment application installed in the mobile payment device;
  
  in response to determining that the user is attempting to utilize the payment application, request the user to input user identification data;
  
  receive the user identification data from a data input device that is part of the mobile payment device;
  
  in response to receiving the user identification data, provide the user identification data and authentication data to the payment application, the authentication data being different from the user identification data;
  
  verify the validity of the authentication data and the validity of the user identification data;
  
  if both the authentication data and the user identification data are valid, then provide the user with access to the payment application; and
  
  if either the authentication data associated or the user identification data are not valid, then prevent the user from accessing the payment application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The mobile payment device of claim 1, wherein the device is one of a mobile phone, personal digital assistance, or a laptop computer.
  - 3. The mobile payment device of claim 1, wherein the device includes a contactless element.
  - 4. The mobile payment device of claim 3, wherein the contactless element includes a near field or short range communications capability.
  - 5. The mobile payment device of claim 1, wherein the user identification data is one of a passcode, a personal identification number, an alphanumeric data string, a fingerprint, or a voice input.
  - 6. The mobile payment device of claim 1, wherein the authentication data is a data string.
  - 7. The mobile payment device of claim 1, wherein the authentication data is generated for each attempt to utilize the payment application, after a predetermined number of attempts to utilize the payment application, or after a predetermined amount of time has elapsed since the previous generation of the authentication data.
  - 8. The mobile payment device of claim 1, wherein verifying the validity of the authentication data and the validity of the user identification data further comprises either verifying the validity of the authentication data before verifying the validity of the user identification data, or verifying the validity of the user identification data before verifying the validity of the authentication data.
  - 9. The mobile payment device of claim 1, wherein determining that a user is attempting to utilize the payment application further comprises detecting a device reader or point of sale terminal, or receiving a data input from a data input element of the payment device.
  - 10. The mobile payment device of claim 1, wherein the authentication data is stored in a data storage element of the mobile payment device.
  - 11. The mobile payment device of claim 1, wherein the authentication data is stored in a remote server, and is provided to the mobile payment device over a communications network.

12. A method of preventing unauthorized access to a payment application installed on a mobile payment device, comprising:
- determining that a user is attempting to utilize the payment application;
  
  in response to determining that the user is attempting to utilize the payment application, requesting the user to input user identification data;
  
  receiving the user identification data from a data input device that is part of the mobile payment device;
  
  in response to receiving the user identification data, providing the user identification data and authentication data to the payment application, the authentication data being different from the user identification data;
  
  verifying the validity of the authentication data and the validity of the user identification data;
  
  if both the authentication data and the user identification data are valid, then providing the user with access to the payment application; and
  
  if either the authentication data associated or the user identification data are not valid, then preventing the user from accessing the payment application.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The method of claim 12, wherein the user identification data is one of a passcode, a personal identification number, an alphanumeric data string, a fingerprint, or a voice input.
  - 14. The method of claim 12, wherein the authentication data is a data string.
  - 15. The method of claim 14, wherein the data string is an alphanumeric data string.
  - 16. The method of claim 12, wherein the mobile payment device is one of a mobile phone, personal digital assistance, or a laptop computer.
  - 17. The method of claim 12, further comprising generating the authentication data for each attempt to utilize the payment application, after a predetermined number of attempts to utilize the payment application, or after a predetermined amount of time has elapsed since the previous generation of the authentication data.
  - 18. The method of claim 12, wherein verifying the validity of the authentication data and the validity of the user identification data further comprises either verifying the validity of the authentication data before verifying the validity of the user identification data or verifying the validity of the user identification data before verifying the validity of the authentication data.
  - 19. The method of claim 12, wherein determining that a user is attempting to utilize the payment application further comprises detecting a device reader or point of sale terminal, or receiving a data input from a data input element of the payment device.
  - 20. The method of claim 12, wherein the authentication data is stored in a data storage element of the mobile payment device.
  - 21. The method of claim 12, wherein the authentication data is stored in a remote server, and is provided to the mobile payment device over a communications network.

22. A data storage element in which are stored a set of instructions executable by a processor contained in a mobile payment device, wherein when executed by the processor, the instructions implement a method todetermine that a user is attempting to utilize a payment application installed in the mobile payment device;
- in response to determining that the user is attempting to utilize the payment application, request the user to input user identification data;
  
  receive the user identification data from a data input device that is part of the mobile payment device;
  
  in response to receiving the user identification data, provide the user identification data and authentication data to the payment application, the authentication data being different from the user identification data;
  
  verify the validity of the authentication data and the validity of the user identification data;
  
  if both the authentication data and the user identification data are valid, then provide the user with access to the payment application; and
  
  if either the authentication data associated or the user identification data are not valid, then prevent the user from accessing the payment application.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The data storage element of claim 22, wherein the mobile payment device is one of a mobile phone, personal digital assistance, or a laptop computer.
  - 24. The data storage element of claim 22, wherein the user identification data is one of a passcode, a personal identification number, an alphanumeric data string, a fingerprint, or a voice input.
  - 25. The data storage element of claim 22, wherein the authentication data is stored in the mobile payment device.
  - 26. The data storage element of claim 22, wherein the authentication data is stored in a remote server, and is provided to the mobile payment device over a communications network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Aabye, Christian, Ngo, Hao, Wilson, David William

Application Number

US12/563,410
Publication Number

US 20100217709A1
Time in Patent Office

Days
Field of Search
US Class Current

705/44
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/204   comprising interface for re...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/326   Payment applications instal...

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

APPARATUS AND METHOD FOR PREVENTING UNAUTHORIZED ACCESS TO PAYMENT APPLICATION INSTALLED IN CONTACTLESS PAYMENT DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

203 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHOD FOR PREVENTING UNAUTHORIZED ACCESS TO PAYMENT APPLICATION INSTALLED IN CONTACTLESS PAYMENT DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

203 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links