Method to Make Payment or Charge Safe Transactions Using Programmable Mobile Telephones

US 20110231319A1
Filed: 03/23/2011
Published: 09/22/2011
Est. Priority Date: 07/30/2004
Status: Active Grant

First Claim

Patent Images

1-3. -3. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and mobile application for conducting financial transactions wherein a mobile device operated by a user is operably coupled to a server over a mobile communication network. Both the server and the user'"'"'s mobile device store a user encryption key (UEK) and a user access key (UAK). A software application stored on the user'"'"'s mobile device and the server are configured to conduct a transaction wherein a session key (SK) specific to the transaction is exchanged in an encrypted form based upon the UEK. The software application is further configured to i) generate transaction data, ii) access the UAK stored on the mobile device, iii) encrypt the UAK and transaction data into an encrypted form based upon the SK, and iv) send the UAK and transaction data in encrypted form from the mobile device to the server over the mobile communication network in order to conduct the transaction.

32 Citations

View as Search Results

17 Claims

1-3. -3. (canceled)

4. A system for conducting financial transactions through a mobile communication network, comprising:
- a mobile device operated by a user, said mobile device including memory means;
  
  a server operably coupled to said mobile device over the mobile communication network, said server accessing a database which stores a phone number corresponding to the mobile device and personal information corresponding to the user of the mobile device, said personal information including a user encryption key and a user access key that are both uniquely assigned to the user; and
  
  a software application configured to conduct a transaction by communicating transaction data to said server over the mobile communication network, said software application together with said user encryption key and said user access key stored in said memory means of said mobile device;
  
  wherein said server and said software application are configured to exchange a session key specific to the transaction, the session key communicated between the server and the software application in an encrypted form based upon the user encryption key; and
  
  wherein said software application is configured to i) generate the transaction data for the transaction, ii) access said user access key from said memory means of said mobile device, iii) encrypt said user access key and said transaction data into an encrypted form based upon said session key, and iv) send said user access key and said transaction data in encrypted form from said mobile device to said server over the mobile communication network in order to conduct the transaction.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 5. A system according to claim 4, wherein:
    - said server generates said user access key and said user encryption key during a configuration process carried out prior to the transaction.
  - 6. A system according to claim 5, wherein:
    - said server communicates said user access key and said user encryption key to said mobile device during said configuration process.
  - 7. A system according to claim 4, wherein:
    - said server utilizes said session key to decrypt and recover said transaction data and said user access key from the encrypted form sent from said mobile device, and compares the recovered user access key with the user access key stored in said database to determine whether the recovered user access key matches the stored user access key.
  - 8. A system according to claim 7, wherein:
    - said personal information stored in said database includes personal identification data assigned to the user of the mobile device, said software application is configured to request user entry of the personal identification data into the mobile device during the transaction, and said transaction data sent in encrypted form from said mobile device to said sever includes the personal identification data entered by the user into said mobile device.
  - 9. A system according to claim 8, wherein:
    - said server utilizes said session key to decrypt and recover the personal information data entered by the user and sent from said mobile device to said server in encrypted form, and compares the recovered personal information data entered by the user with the personal information data stored in said database to determine whether the recovered personal information data matches the stored personal information data.
  - 10. A system according to claim 4, wherein:
    - said server generates said session key, encrypts said session key into an encrypted form based upon said user encryption key stored in said database, and sends said session key in encrypted form to said mobile device during said transaction.
  - 11. A system according to claim 10, wherein:
    - said software application utilizes said user encryption key stored in said memory means of said mobile phone to decrypt and recover said session key communicated in encrypted form from said server to said mobile device.
  - 12. A system according to claim 4, wherein:
    - said transaction is purchase, and said server initiates a purchase transaction that transfers money from an account of the user of the mobile device to a seller account.
  - 13. A system according to claim 4, wherein:
    - said transaction is a sale, and said server initiates a sale transaction that transfers money into the account of the user of the mobile device from a buyer account.

14. A method for conducting financial transactions on a mobile device of a user, the method comprising:
- providing a server operably coupled to the mobile device over a mobile communication network, the server accessing a database;
  
  storing in the database a phone number corresponding to the mobile device as well as a user encryption key and a user access key that are both uniquely assigned to the user;
  
  storing in memory means of the mobile device a software application along with the user encryption key and the user access key, the software application configured to conduct a transaction by exchanging transaction data with the server over the communication network;
  
  wherein, during the transaction,(i) the server and software application exchange a session key specific to the transaction, the session key communicated between the server and the software application in an encrypted form based upon the user encryption key,(ii) the software application generates the transaction data for the transaction,(iii) the software application accesses the user access key from the memory means of the mobile device,(iv) the software application encrypts the user access key and transaction data accessed from the memory means of the mobile device into an encrypted form based upon the session key, and(v) the software application sends said transaction data and said user access key in encrypted form from said mobile device to said server over the mobile communication network.
- View Dependent Claims (15, 16)
- - 15. A method according to claim 14, further comprising:
    - carrying out a configuration process in which the server generates the user access key and the user encryption key prior to conducting the transaction.
  - 16. A system according to claim 15, wherein:
    - the server communicates the user access key and the user encryption key to the mobile device during the configuration process.

17. In a system including a mobile device operated by a user and a server operably coupled to the mobile device over a mobile communication network, a software application downloadable onto the mobile device, the software application embodying a program of instructions executable on the mobile device to perform method steps for carrying out financial transactions on the mobile device, the method steps comprising:
- communicating with said server to exchange a user access key unique to a particular user;
  
  storing the user access key in memory means of the mobile device;
  
  generating transaction data specific to a transaction;
  
  communicating with the server to exchange a session key specific to the transaction, the session key communicated between the server and the software application in an encrypted form based upon a user encryption key stored by both the mobile device and the server;
  
  using the session key to encrypt the transaction data for the transaction together with the user access key stored in the memory means of the mobile device into an encrypted form; and
  
  sending the transaction data and user access key in encrypted form to the server over the mobile communication network in order to conduct the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fernando Bas Bayod, Francisco Bas Bayod, José Ignacio Bas Bayod
Original Assignee
Etrans Lc
Inventors
Bayod, Francisco Bas, Bayod, José Ignacio Bas, Bayod, Fernando Bas

Granted Patent

US 9,342,664 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06Q 20/10   specially adapted for elect...

G06Q 20/3223   Realising banking transacti...

G06Q 20/3227   using secure elements embed...

G06Q 20/325   using wireless networks

G06Q 20/3255   using mobile network messag...

G06Q 20/3265   characterised by personalis...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/425   using two different network...

G06Q 2220/00   Business processing using c...

Method to Make Payment or Charge Safe Transactions Using Programmable Mobile Telephones

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method to Make Payment or Charge Safe Transactions Using Programmable Mobile Telephones

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links