SECURE ACTIVATION BEFORE CONTACTLESS BANKING SMART CARD TRANSACTION

US 20120030121A1
Filed: 12/18/2009
Published: 02/02/2012
Est. Priority Date: 12/19/2008
Status: Abandoned Application

First Claim

Patent Images

1. A portable token equipped with non-volatile memory, the token comprising:

authentication means to authenticate a holder of the token,authorization means to define the rights of the holder, wherein the authorization means store the rights in non-volatile memory after the authentication means are invoked, andpayment means to trigger a payment transaction, wherein the payment means have the capacity to retrieve the rights from non-volatile memory, and to subject the execution of the payment transaction to the verification of the rights.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a portable token equipped with non-volatile memory, the token comprising authentication means to authenticate a holder of the token, authorization means to define the rights of the holder, and payment means to trigger a payment transaction. The authorization means are set to store the rights in non-volatile memory after the authentication means are invoked, and the payment means have the capacity to retrieve the rights from non-volatile memory, and to subject the execution of the payment transaction to the verification of the rights. The invention also relates to a related portable device, to a system comprising a portable token and a portable token, and to a method for carrying out a payment transaction with a portable token.

193 Citations

12 Claims

1. A portable token equipped with non-volatile memory, the token comprising:
- authentication means to authenticate a holder of the token,authorization means to define the rights of the holder, wherein the authorization means store the rights in non-volatile memory after the authentication means are invoked, andpayment means to trigger a payment transaction, wherein the payment means have the capacity to retrieve the rights from non-volatile memory, and to subject the execution of the payment transaction to the verification of the rights.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The portable token according to claim 1, comprising right update means to modify the rights, according to a right policy, each time the payment means are invoked.
  - 3. The portable token according to claim 2, wherein the right update means are set to disable the rights after they have been used.
  - 4. The portable token according to claim 2, whereinthe rights comprise a counter defining the number of payment transactions that can be carried out without re-authenticating the holder of the token,the authorization means are set to initialize the counter with a maximum value when the authentication means are successfully invoked, andthe right update means are set to decrement the counter, the rights being disabled when the counter reaches zero.
  - 5. The portable token according to any previous claim, wherein the payment means are set:
    - to assess the importance of the payment transaction requested, andto require the authentication means to be invoked when it is determined that the importance of the payment transaction exceeds a predefined threshold, irrespective of the contents of the rights stored in the non-volatile memory.
  - 6. The portable token according to any of claims 1 through 4, comprising a contact-less interface, wherein the payment means are set to carry out the payment transaction through the contact-less interface.

7. A System comprising:
- a portable token equipped with non-volatile memory, the token comprising;
  
  authentication means to authenticate a holder of the token,authorization means to define the rights of the holder, wherein the authorization means store the rights in non-volatile memory after the authentication means are invoked, andpayment means to trigger a payment transaction, wherein the payment means have the capacity to retrieve the rights from non-volatile memory, and to subject the execution of the payment transaction to the verification of the rights; and
  
  a portable device, wherein the portable device comprisesmeans to communicate with the portable token, anda user interface to enable the holder of the portable token to supply authentication information to the authentication means of the portable token, thereby authenticating the holder.

8. A portable device comprising:
- means to communicate with a portable token equipped with non-volatile memory, the token comprising;
  
  authentication means to authenticate a holder of the token,authorization means to define the rights of the holder, wherein the authorization means store the rights in non-volatile memory after the authentication means are invoked,payment means to trigger a payment transaction, wherein the payment means have the capacity to retrieve the rights from non-volatile memory, and to subject the execution of the payment transaction to the verification of the rightsright update means to modify the rights, according to a right policy, each time the payment means are invoked, anda user interface to enable the holder of the portable token to supply authentication information to the authentication means of the portable token, thereby authenticating the holder, the user interface being further set to enable the holder of the portable token to customize the rights policy.
- View Dependent Claims (9, 10, 11)
- - 9. The portable device according to claim 8, wherein customizing the rights policy comprises defining the maximum value of the counter of a portable token wherein:
    - the rights comprise a counter defining the number of payment transactions that can be carried out without re-authenticating the holder of the token,the authorization means are set to initialize the counter with a maximum value when the authentication means are successfully invoked, andthe right update means are set to decrement the counter, the rights being disabled when the counter reaches zero.
  - 10. The portable device according to claim 9, comprising a contact-less interface in order to communicate wherein the portable token comprises a contact-less interface, wherein the payment means are set to carry out the payment transaction through the contact-less interface.
  - 11. Portable device according to any of claims 8 to 10, wherein the portable device is a mobile phone.

12. A method for allowing a holder of a portable token to carry out a payment transaction, wherein the method comprises, in a first phase,authenticating the holder to the portable token,defining, in the portable token, the rights of the holder, andstoring the rights in a non-volatile memory of the portable token, and, in a subsequent phase,retrieving the rights from non-volatile memory, andsubjecting the execution of the payment transaction to the successful verification of the rights.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gemalto SA (Thales SA)
Original Assignee
Gemalto SA (Thales SA)
Inventors
Grellier, Stephane

Application Number

US13/139,477
Publication Number

US 20120030121A1
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06Q 20/3229   Use of the SIM of a M-devic...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/35765   Access rights to memory zones

G06Q 20/3674   involving authentication

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

SECURE ACTIVATION BEFORE CONTACTLESS BANKING SMART CARD TRANSACTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

193 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE ACTIVATION BEFORE CONTACTLESS BANKING SMART CARD TRANSACTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

193 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links