Secure Payments with Untrusted Devices
First Claim
1. A method of authenticating a user and a trusted transaction in a payment terminal, comprising the steps of:
- using a payment token at the payment terminal to initialize the trusted transaction, a corresponding payment request being placed and communicated to a financial entity;
issuing a verification data by the financial entity to a mobile device;
recovering the verification data from the mobile device;
communicating a response to the financial entity according to the verification data, such that the financial entity authenticates the user and the trusted transaction according to the response; and
wherein both the mobile device and the payment token are controlled by the user.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of the present invention relate to a point-of-sale (POS) system, and more particularly, to systems, devices and methods of making secure payments using a mobile device in addition to a POS terminal that may be an insecure payment device exposed to various tamper attempts under certain circumstances. The mobile device is involved in a trusted transaction between a central financial entity, e.g., a bank, and the payment terminal, such that the insecure payment terminal may be further authenticated based on rolling codes, two-way or three-way authentication, or an off-line mode enabled by incorporation of the mobile device. Although either of the mobile device and the payment terminal provides limited security, a POS system incorporating both of them demonstrates an enhanced level of security.
69 Citations
30 Claims
-
1. A method of authenticating a user and a trusted transaction in a payment terminal, comprising the steps of:
-
using a payment token at the payment terminal to initialize the trusted transaction, a corresponding payment request being placed and communicated to a financial entity; issuing a verification data by the financial entity to a mobile device; recovering the verification data from the mobile device; communicating a response to the financial entity according to the verification data, such that the financial entity authenticates the user and the trusted transaction according to the response; and wherein both the mobile device and the payment token are controlled by the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of three-way authentication of a user and a trusted transaction in a payment terminal, comprising the steps of:
-
coupling every two of a mobile device, a financial entity and the payment terminal via a respective communication link; exchanging a personalities between the mobile device and the payment terminal to unlock further functionality; using a payment token at the payment terminal to initialize the trusted transaction, a corresponding payment request being placed and communicated to the financial entity; communicating with the mobile device by the financial entity for confirmation; inputting a verification data at the payment terminal, such that the financial entity authenticates the user and the trusted transaction according to the verification data; and wherein both the mobile device and the payment token are controlled by the user. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of authenticating a user and a trusted transaction in a payment terminal at an offline mode, comprising the steps of:
-
coupling a mobile device and the payment terminal via a communication link; exchanging personalities between the mobile device and the payment terminal to unlock further functionality; using a payment token at the payment terminal to initialize the trusted transaction, a corresponding payment request being placed and communicated to the mobile device; prompting the user to approve the payment request; and wherein both the mobile device and the payment token are and controlled by the user. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification