MOBILE TERMINAL, TRANSACTION TERMINAL, AND METHOD FOR CARRYING OUT A TRANSACTION AT A TRANSACTION TERMINAL BY MEANS OF A MOBILE TERMINAL

US 20140316993A1
Filed: 09/26/2012
Published: 10/23/2014
Est. Priority Date: 10/20/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method for carrying out a transaction at a transaction terminal (40) by means of a mobile terminal (20), wherein the method comprises the following steps:

identifying a user by means of the transaction terminal (40); and

authenticating the identified user with respect to the transaction terminal (40) by checking whether a password, in particular a PIN, input by the identified user using an input device (22, 24) of the mobile terminal (20) matches a password stored for the identified user in the transaction terminal (40) or in a background system (80) connected to the transaction terminal,wherein a processor unit (33) is provided in the mobile terminal (20), in which processor unit a normal runtime environment (NZ) and a secure runtime environment (TZ) are implemented, wherein an input device driver (34) is implemented in the secure runtime environment (TZ) and is configured to securely forward inputs, via the input device (22, 24) of the mobile terminal (20), to the secure runtime environment (TZ) of the processor unit (33) of the mobile terminal (20) for further processing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method for carrying out a transaction at a transaction terminal (40) by means of a mobile terminal (20), to such a transaction terminal (40), and to such a mobile terminal (20). The method has the step of identifying a user by means of the transaction terminal (40) and the step of authenticating the user with respect to the transaction terminal (40). The method is characterized in that the user is authenticated by checking whether a password, in particular a PIN, which is entered by the user via an input device (22, 24) of the mobile terminal (20) matches a password which is stored for the user in the transaction terminal (40) or in a background system (80) that is connected to said transaction terminal. A processor unit (33) in which a normal runtime environment (NZ) and a secured runtime environment (TZ) are implemented is provided in the mobile terminal (20), wherein an input device driver (34) is implemented in the secured runtime environment (TZ), said driver being designed to transmit inputs via the input device (22, 24) of the mobile terminal (20) to the secured runtime environment (TZ) of the processor unit (33) of the mobile terminal (20) in a secured manner for further processing.

Citations

12 Claims

1. A method for carrying out a transaction at a transaction terminal (40) by means of a mobile terminal (20), wherein the method comprises the following steps:
- identifying a user by means of the transaction terminal (40); and
  
  authenticating the identified user with respect to the transaction terminal (40) by checking whether a password, in particular a PIN, input by the identified user using an input device (22, 24) of the mobile terminal (20) matches a password stored for the identified user in the transaction terminal (40) or in a background system (80) connected to the transaction terminal,wherein a processor unit (33) is provided in the mobile terminal (20), in which processor unit a normal runtime environment (NZ) and a secure runtime environment (TZ) are implemented, wherein an input device driver (34) is implemented in the secure runtime environment (TZ) and is configured to securely forward inputs, via the input device (22, 24) of the mobile terminal (20), to the secure runtime environment (TZ) of the processor unit (33) of the mobile terminal (20) for further processing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as claimed in claim 1, wherein a secure communication channel is formed between the mobile terminal (20) and the transaction terminal (40) during the step of authenticating the user, in which at least the security-relevant data are transmitted in encrypted form using encryption methods, and communication via the secure communication channel is preferably effected according to the NFC standard.
  - 3. The method as claimed in claim 2, wherein a communication module driver (35) is implemented in the secure runtime environment (TZ) for the purpose of forming a secure communication channel between the mobile terminal (20) and the transaction terminal (40) and is configured to securely transmit data provided by the processor unit (33) to the transaction terminal (40) via a communication module (26) of the mobile terminal (20) and the secure communication channel.
  - 4. The method as claimed in claim 1, wherein, during the step of identifying a user by means of the transaction terminal (40), an identification data element which is stored on a payment card (60) belonging to the user and uniquely identifies the user is read in a contact-based or contactless manner by a reader (48) of the transaction terminal (40), or an identification data element which is stored on the mobile terminal (20) and uniquely identifies the user or the mobile terminal (20) is read.
  - 5. The method as claimed in claim 2, wherein, before the step of authenticating the user, at least one-sided authentication, preferably mutual authentication, for example in the form of challenge-response authentication, is used between the communication module (26) of the mobile terminal (20) and the transaction terminal (40), during which authentication the transaction terminal (40) must be authenticated with respect to the mobile terminal (20) and/or the mobile terminal (20) must be authenticated with respect to the transaction terminal (40).
  - 6. The method as claimed in claim 5, wherein authentication keys (K, K*) stored in the mobile terminal (20) and in the transaction terminal (40) and/or in a background system (80) connected to the latter are used to carry out the authentication by the mobile terminal (20) and/or the transaction terminal (40), wherein the key (K) stored in the mobile terminal (20) is an individualized key.
  - 7. The method as claimed in claim 6, wherein communication via the secure communication channel between the mobile terminal (20) and the transaction terminal (40) is encrypted on the basis of the authentication keys (K, K*), wherein the authentication keys (K, K*) are preferably used as a respective master key in order to derive a new respective session key for each transaction.
  - 8. The method as claimed in claim 1, wherein the secure runtime environment (TZ) is an ARM®
    - TrustZone®
      
      in which the secure MobiCore®
      
      operating system preferably runs.
  - 9. The method as claimed in claim 1, wherein the mobile terminal (20) is a mobile telephone and the operating system of the mobile telephone runs in the normal runtime environment (NZ).

10. A mobile terminal (20) for carrying out a transaction at a transaction terminal (40), wherein the mobile terminal (20) comprises:
- an input device (22, 24) for inputting a password, in particular a PIN, by a user; and
  
  a processor unit (33) in which a normal runtime environment (NZ) and a secure runtime environment (TZ) are implemented, wherein an input device driver (34) is implemented in the secure runtime environment (TZ) and is configured to securely forward inputs, via the input device (22, 24) of the mobile terminal (20), to the secure runtime environment (TZ) of the processor unit (33) of the mobile terminal (20) for further processing, and wherein an application (36) is also implemented in the secure runtime environment (TZ) of the processor unit (33) and is configured to make it possible to authenticate the user with respect to the transaction terminal (40) by checking whether the password input by the user using the input device (22, 24) of the mobile terminal (20) matches a password stored for this user in the transaction terminal (40) or in a background system (80) connected to the transaction terminal.

11. A transaction terminal (40) for carrying out a transaction by means of a mobile terminal (20), wherein the transaction terminal (40) comprises:
- a control unit (50) which is configured to identify a user; and
  
  a communication module (46) for forming a secure communication channel between the mobile terminal (20) and the transaction terminal (40),wherein the transaction terminal (40) is configured to authenticate the user in such a manner that a check is carried out in order to determine whether a password, in particular a PIN, input by the user using an input device (22, 24) of the mobile terminal (20) matches a password stored for the identified user in the transaction terminal (40) or in a background system (80) connected to the transaction terminal.
- View Dependent Claims (12)
- - 12. A system (10) for carrying out a transaction at a transaction terminal (40) as claimed in claim 11.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustonic Limited
Original Assignee
Trustonic Limited
Inventors
Spitz, Stephan

Application Number

US14/352,376
Publication Number

US 20140316993A1
Time in Patent Office

Days
Field of Search
US Class Current

705/72
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2109   Game systems

G06F 2221/2149   Restricted operating enviro...

G06Q 20/18   involving self-service term...

G06Q 20/3227   using secure elements embed...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/3821   Electronic credentials

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4097   using mutual authentication...

G07F 7/1025   Identification of user by a...

G07F 7/1091   Use of an encrypted form of...

H04M 1/72412   using two-way short-range w...

H04W 12/069   using certificates or pre-s...

H04W 88/06   adapted for operation in mu...

MOBILE TERMINAL, TRANSACTION TERMINAL, AND METHOD FOR CARRYING OUT A TRANSACTION AT A TRANSACTION TERMINAL BY MEANS OF A MOBILE TERMINAL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE TERMINAL, TRANSACTION TERMINAL, AND METHOD FOR CARRYING OUT A TRANSACTION AT A TRANSACTION TERMINAL BY MEANS OF A MOBILE TERMINAL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links