Two-Way, Token-Based Validation for NFC-Enabled Transactions

US 20140279558A1
Filed: 03/14/2013
Published: 09/18/2014
Est. Priority Date: 03/14/2013
Status: Abandoned Application

First Claim

Patent Images

1. A system for facilitating the two-way, token-based validation of a near field communications (NFC)-enabled transaction, the system comprising:

at least one web server capable of providing a graphical user interface, via a communications network, to a plurality of NFC-enabled mobile devices, and communicatively coupled, via said communications network, to a plurality of validator devices; and

at least one application server, coupled to said at least one web server, said at least one application server comprising;

a time slot database comprising a plurality of time slots for a plurality of days;

a time slot key generator service capable of generating a plurality of time slot keys, each corresponding to one of said plurality of time slots;

a time slot keys database comprising said plurality of time slot keys generated by said time slot key generator service;

a registration service capable of generating a plurality of unique identification numbers, each corresponding to one of said plurality of NFC-enabled mobile devices;

an identification database comprising said plurality of unique identification numbers generated by said registration service; and

a token generation module capable of generating a plurality of time-based tokens, each is generated using one of said plurality of time slot keys and one of said plurality of unique identification numbers;

wherein said at least one application server facilitates a transaction when one of said plurality of NFC-enabled mobile devices is presented to one of said plurality of validator devices, wherein said transaction is secured by a two-way authentication based upon one of said plurality of time-based tokens.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and computer program products that facilitate the token-based validation of contactless payment and other transactions involving NFC-enabled mobile devices are disclosed. In an aspect, the system includes a server and field-located validator devices to which consumers can present their NFC-enabled mobile devices in order to validate their purchases/payments. In one aspect, a consumer can purchase an admission ticket to a public transport system using their mobile device which communicates directly with the server to receive a token. The user can later present their mobile device to the validator device to actuate a turnstile. Advantageously, the validator devices do not have to be in real-time communication with the server, and limit the duration between the mobile device'"'"'s request for a token and the time by which the token expires. Increased security is provided through two-way, token-based validation between the mobile and validator devices.

Citations

24 Claims

1. A system for facilitating the two-way, token-based validation of a near field communications (NFC)-enabled transaction, the system comprising:
- at least one web server capable of providing a graphical user interface, via a communications network, to a plurality of NFC-enabled mobile devices, and communicatively coupled, via said communications network, to a plurality of validator devices; and
  
  at least one application server, coupled to said at least one web server, said at least one application server comprising;
  
  a time slot database comprising a plurality of time slots for a plurality of days;
  
  a time slot key generator service capable of generating a plurality of time slot keys, each corresponding to one of said plurality of time slots;
  
  a time slot keys database comprising said plurality of time slot keys generated by said time slot key generator service;
  
  a registration service capable of generating a plurality of unique identification numbers, each corresponding to one of said plurality of NFC-enabled mobile devices;
  
  an identification database comprising said plurality of unique identification numbers generated by said registration service; and
  
  a token generation module capable of generating a plurality of time-based tokens, each is generated using one of said plurality of time slot keys and one of said plurality of unique identification numbers;
  
  wherein said at least one application server facilitates a transaction when one of said plurality of NFC-enabled mobile devices is presented to one of said plurality of validator devices, wherein said transaction is secured by a two-way authentication based upon one of said plurality of time-based tokens.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein said communications network is the global, public Internet;
    - and said at least one web server communicates with said plurality of NFC-enabled mobile devices and said plurality of validator devices via the Hypertext Transfer Protocol Secured (HTTPS) protocol.
  - 3. The system of claim 2, wherein at least one of said plurality of NFC-enabled mobile devices is a smartphone.
  - 4. The system of claim 1, further comprising:
    - a day key generator service capable of generating a plurality of day keys, each corresponding to one of said plurality of days; and
      
      a day keys database comprising said plurality of day keys generated by said day key generator service;
      
      wherein said token generation module is further capable of generating said plurality of time-based tokens using said plurality of day keys, said plurality of time slot keys, and said plurality of unique identification numbers.
  - 5. The system of claim 4, wherein said at least one application server is configured to periodically synchronize said time slot keys database and said day keys database to at least one of said plurality of validator devices over said communications network.
  - 6. The system of claim 5, wherein said token generation module is further capable of:
    - sending, via said communications network, one of said plurality of time-based tokens to one of said plurality of NFC-enabled mobile devices in response to a request by said one of said plurality of NFC-enabled mobile devices to conduct said transaction.
  - 7. The system of claim 6, wherein said token generation module is further capable of:
    - generating a plurality of identity tokens, each is formed by encrypting one of said plurality of day keys, one of said plurality of time slot keys, and one of said plurality of unique identification numbers; and
      
      sending, via said communications network, one of said plurality of identity tokens to said one of said plurality of NFC-enabled mobile devices in response to said request by said one of said plurality of NFC-enabled mobile devices to conduct said transaction.
  - 8. The system of claim 7, wherein said token generation module is further capable of:
    - encrypting a plurality of unique product information identification numbers; and
      
      sending, via said communications network, one of said plurality of unique product information identification numbers to said one of said plurality of NFC-enabled mobile devices in response to said request by said one of said plurality of NFC-enabled mobile devices to conduct said transaction.

9. A method for facilitating the two-way validation of electronic tickets in order to provide a person access to a system, good, service or location, the method comprising the steps of:
- generating, by a server, at least one cryptographic key;
  
  sending, by said server and via a communications network, said cryptographic key to a plurality of validator devices;
  
  generating, by said server and in response to receiving a request for a ticket from a mobile device, an electronic ticket based on said cryptographic key;
  
  sending, by said server, said electronic ticket to said mobile device;
  
  receiving, at one of said plurality of validator devices, authentication data from said mobile device as a result of said mobile device being brought within close proximity of said one of said plurality of validator devices by the person, wherein said authentication data is based on said cryptographic key;
  
  validating, by said one of said plurality of validator devices, said authentication data received from said mobile device based on said cryptographic key;
  
  sending, by said one of said plurality of validator devices in response to validating said authentication data, a request for said electronic ticket;
  
  receiving, by said one of said plurality of validator devices, an electronic transmission based upon said electronic ticket from said mobile device when said mobile device authenticates said request based on said cryptographic key;
  
  validating, by said one of said plurality of validator devices in response to said electronic transmission, said electronic ticket based on said cryptographic key; and
  
  providing the person access to the system, good, service or location in response to validating said electronic ticket.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein said communications network is the global, public Internet and said mobile device and said one of said plurality of validator devices communicate via near field communications (NFC) signals.
  - 11. The method of claim 10, wherein said mobile device is an NFC-enabled smartphone.
  - 12. The system of claim 11, wherein said server communicates with said mobile device and said plurality of validator devices via the Hypertext Transfer Protocol Secured (HTTPS) protocol.

13. A method for generating and validating electronic tokens, the method comprising the steps of:
- associating, by a server, each one of a plurality of cryptographic keys with one of a plurality of time periods;
  
  transmitting, by said server, said plurality of cryptographic keys to each of a plurality of disparately-located validator devices;
  
  generating, by said server in response to receiving a request from a mobile device during one of said plurality of time periods, a first electronic token, wherein said first electronic token is based upon one of said plurality of cryptographic keys associated with one of said plurality of time periods relevant to when said request was received;
  
  sending, by said server, said first electronic token to said mobile device;
  
  receiving, at one of said plurality of validator devices, a transmission of said first electronic token from said mobile device, wherein said transmission results from bringing said mobile device within close proximity to said one of said plurality of validator devices; and
  
  validating, by said one of said plurality of validator devices, said first electronic token based on said one of said plurality of cryptographic keys associated with said one of said plurality of time periods.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, further comprising the step of:
    - generating, by said server in further response to receiving said request from said mobile device, a second electronic token, wherein said second electronic token is based upon one of said plurality of cryptographic keys associated with one of said plurality of time periods relevant to when said request was received;
      
      sending, by said server, said second electronic token to said one of said plurality of validator devices;
      
      generating, also by said one of said plurality of validator devices, said second electronic token, wherein said second electronic token is based upon one of said plurality of cryptographic keys associated with one of said plurality of time periods relevant to when said request was received;
      
      generating, by said one of said plurality of validator devices, a third electronic token based upon said second electronic token and a random data element; and
      
      sending, by said one of said plurality of validator devices, said third electronic token to said mobile device;
      
      thereby facilitating said mobile device validating said third electronic token using said second electronic token previously by said mobile device received from said server.
  - 15. The method of claim 14, further comprising the steps of:
    - receiving, by said one of said plurality of validator devices, a fourth electronic token generated by said mobile device using said second electronic token and said third electronic token; and
      
      validating, by said one of said plurality of validator devices, said fourth electronic token based on said second electronic token and said random data element.
  - 16. The method of claim 13, wherein said server receives said request from said mobile device after said server transmits said plurality of cryptographic keys to each of said plurality of validator devices.
  - 17. The method of claim 13, wherein each of said time periods occurs within a total duration of at most twenty-four hours.

18. One or more computer storage media having stored thereon multiple instructions that implement a two-way, token-based validation of contactless transaction component by, when executed by one or more processors of a computing device, causing the one or more processors to:
- provide a graphical user interface, via a communications network, to a plurality of NFC-enabled mobile devices;
  
  store a plurality of time slots for a plurality of days in a time slot database;
  
  generate a plurality of time slot keys, each corresponding to one of said plurality of time slots;
  
  store said plurality of time slot keys in a time slot keys database;
  
  generate a plurality of unique identification numbers, each corresponding to one of said plurality of NFC-enabled mobile devices;
  
  store said plurality of unique identification numbers in an identification database;
  
  generate a plurality of time-based tokens, each is generated using one of said plurality of time slot keys and one of said plurality of unique identification numbers; and
  
  facilitate a transaction when one of said plurality of NFC-enabled mobile devices is presented to one of said plurality of validator devices, wherein said transaction is secured by a two-way authentication based upon one of said plurality of time-based tokens.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. One or more computer storage media as recited in claim 18, wherein said communications network is the global, public Internet;
    - and said GUI is provided to said plurality of NFC-enabled mobile devices via the Hypertext Transfer Protocol Secured (HTTPS) protocol.
  - 20. One or more computer storage media as recited in claim 18, wherein at least one of said plurality of NFC-enabled mobile devices is a smartphone.
  - 21. One or more computer storage media as recited in claim 18, wherein the multiple instructions further cause the one or more processors to:
    - periodically synchronize said time slot keys database to at least one of said plurality of validator devices over said communications network.
  - 22. One or more computer storage media as recited in claim 21, wherein the multiple instructions further cause the one or more processors to:
    - send, via said communications network, one of said plurality of time-based tokens to one of said plurality of NFC-enabled mobile devices in response to a request by said one of said plurality of NFC-enabled mobile devices to conduct said transaction.
  - 23. One or more computer storage media as recited in claim 22, wherein the multiple instructions further cause the one or more processors to:
    - generate a plurality of identity tokens, each is formed by encrypting one of said plurality of time slot keys and one of said plurality of unique identification numbers; and
      
      send, via said communications network, one of said plurality of identity tokens to said one of said plurality of NFC-enabled mobile devices in response to said request by said one of said plurality of NFC-enabled mobile devices to conduct said transaction.
  - 24. One or more computer storage media as recited in claim 23, wherein the multiple instructions further cause the one or more processors to:
    - encrypt a plurality of unique product information identification numbers; and
      
      send, via said communications network, one of said plurality of unique product information identification numbers to said one of said plurality of NFC-enabled mobile devices in response to said request by said one of said plurality of NFC-enabled mobile devices to conduct said transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services Limited (Accenture PLC)
Inventors
Kadi, Viresh V., Singh, Rajpreet, Padiyar, Veena S.

Application Number

US13/830,797
Publication Number

US 20140279558A1
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06Q 20/0457   the tickets being sent elec...

G06Q 20/047   using payment protocols inv...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/326   Payment applications instal...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/3821   Electronic credentials

G06Q 20/3827   Use of message hashing

G06Q 20/388   using mutual authentication...

Two-Way, Token-Based Validation for NFC-Enabled Transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Two-Way, Token-Based Validation for NFC-Enabled Transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links