SECURE MANAGEMENT OF TRANSACTIONS USING A SMART/VIRTUAL CARD

US 20150332266A1
Filed: 05/16/2014
Published: 11/19/2015
Est. Priority Date: 05/16/2014
Status: Active Grant

First Claim

Patent Images

1. A method of securely managing smart card transactions, the method comprising:

receiving, by a processing entity, a smart card identifier from a smart card, wherein the smart card identifier is a transaction-specific identifier for a transaction, wherein the smart card identifier contains no financial data about a holder of the smart card, wherein the holder of the smart card is a first party to the transaction, and wherein the smart card identifier is hidden from a second party to the transaction;

receiving, by the processing entity, transaction data for the transaction from the second party, wherein the transaction data is blocked from the smart card;

associating, by the processing entity, the smart card identifier with account data for an account assigned to the holder of the smart card;

associating, by the processing entity, the transaction data with the account to determine if the transaction is valid according to information located in the account data; and

in response to determining that the transaction is valid, issuing, by the processing entity, a transaction confirmation to the smart card and a transaction approval to the second party to the transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and/or computer program product securely manages smart card transactions. A processing entity receives a smart card identifier from a smart card. The smart card identifier is a transaction-specific identifier for a transaction, and contains no financial data about a holder of the smart card. The smart card identifier is hidden from a second party to the transaction. The processing entity receives transaction data for the transaction from the second party, where the transaction data is blocked from the smart card. In response to determining that the transaction is valid, the processing entity issues a transaction confirmation to the smart card and a transaction approval to the second party to the transaction.

163 Citations

20 Claims

1. A method of securely managing smart card transactions, the method comprising:
- receiving, by a processing entity, a smart card identifier from a smart card, wherein the smart card identifier is a transaction-specific identifier for a transaction, wherein the smart card identifier contains no financial data about a holder of the smart card, wherein the holder of the smart card is a first party to the transaction, and wherein the smart card identifier is hidden from a second party to the transaction;
  
  receiving, by the processing entity, transaction data for the transaction from the second party, wherein the transaction data is blocked from the smart card;
  
  associating, by the processing entity, the smart card identifier with account data for an account assigned to the holder of the smart card;
  
  associating, by the processing entity, the transaction data with the account to determine if the transaction is valid according to information located in the account data; and
  
  in response to determining that the transaction is valid, issuing, by the processing entity, a transaction confirmation to the smart card and a transaction approval to the second party to the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the smart card is a virtual card on a mobile computing device that comprises a processor, and wherein the method further comprises:
    - receiving a protected application at the portable computing device, wherein a received protected application initially cannot be utilized by an operating system for execution by the processor;
      
      receiving a security object at the portable computing device, wherein the security object is used to convert the received protected application into an executable application that can be utilized by the operating system for execution by the processor; and
      
      executing the executable application by the processor to act as the virtual card, wherein the virtual card provides a functionality of a predefined physical electronic card.
  - 3. The method of claim 2, further comprising:
    - receiving a rescission command at the mobile computing device; and
      
      executing the rescission command to deactivate the security object, wherein deactivating the security object prevents future executions of the received protected application.
  - 4. The method of claim 2, wherein the received protected application is encrypted, wherein the security object is a processor-executable decryption object, and wherein the method further comprises:
    - decrypting the received protected application with the security object.
  - 5. The method of claim 2, wherein the received protected application is stored in a protected region of memory within the mobile computing device, wherein the security object provides access to the protected region of the memory within the mobile computing device, and wherein the method further comprises:
    - utilizing the security object to access the received protected application within the protected region of the memory within the mobile computing device.
  - 6. The method of claim 2, wherein the processor comprises a core, wherein the core comprises an L1 instruction cache, wherein the executable application comprises multiple processor-executable operands, and wherein the method further comprises:
    - moving a processor-executable operand from the executable application directly into the L1 instruction cache in the core by bypassing an instruction fetch address register (IFAR) in the core.
  - 7. The method of claim 2, wherein the predefined physical electronic card is a payment card, wherein the transaction is a financial transaction, wherein the account is a financial account for the holder of the smart card, wherein the second party is a vendor, wherein the mobile device comprises a display, and wherein the method further comprises:
    - generating a matrix barcode that contains payment information for a user of the mobile device; and
      
      displaying the matrix barcode on the display on the mobile device.
  - 8. The method of claim 2, wherein the predefined physical electronic card is an identification card, wherein the mobile device comprises a display, and wherein the method further comprises:
    - generating a matrix barcode that contains identification information for a user of the mobile device; and
      
      displaying the matrix barcode on the display on the mobile device.
  - 9. The method of claim 2, wherein the predefined physical electronic card is a premises access card, wherein the mobile device comprises a display, and wherein the method further comprises:
    - generating a matrix barcode that contains access authorization information for a user of the mobile device; and
      
      displaying the matrix barcode on the display on the mobile device.
  - 10. The method of claim 1, wherein the smart card is a standalone physical card, and wherein the method further comprises:
    - storing, in a memory in the smart card, a protected object, wherein the protected object initially cannot be utilized in its protected state by the processing circuit within the smart card;
      
      receiving, by an activity detector, a signal that describes a planned activity of a person who is in physical possession of the smart card;
      
      analyzing, by an activity analyzer, features of the planned activity, wherein, in response to the activity analyzer determining that a predefined risk associated with the planned activity exceeds a predetermined value, the activity analyzer;
      
      issues an instruction to the person who is in physical possession of the smart card to provide a biomarker to a biosensor on the smart card; and
      
      receives, from the biosensor, real-time biometric data for the person who is in physical possession of the smart card;
      
      receiving, by a receiving device, a security object;
      
      combining, by a blending logic, the real-time biometric data with the security object to generate a hybrid security object; and
      
      converting, by a conversion logic that uses the hybrid security object, the received protected object into a usable object that can be utilized by the processing circuit within the smart card.
  - 11. The method of claim 10, wherein the biosensor is a camera, wherein the biomarker is a digital photograph of the person who is authorized to be in physical possession of the smart card, and wherein the method further comprises:
    - storing, in a photo memory, a previous digital photograph of the person who is authorized to be in physical possession of the smart card, wherein the previous digital photograph was taken before the biomarker was taken;
      
      comparing, by a comparison logic, the previous digital photograph and the biomarker; and
      
      blocking, by a blocking logic, the conversion logic from creating the usable object in response to the previous digital photograph failing to match the biomarker.
  - 12. The method of claim 10, wherein the planned activity is a planned financial transaction, and wherein the method further comprises:
    - identifying, by a physical positioning hardware device, a physical location of the smart card in real-time; and
      
      determining, by a financial transaction logic and the activity analyzer, that the predefined risk associated with the planned activity exceeds the predetermined value in response to the physical positioning logic determining that the smart card is at a physical location that has been predetermined to be incongruous with the planned financial transaction.
  - 13. The method of claim 10, wherein the person who is in physical possession of the smart card is a particular worker, wherein the planned activity is an equipment maintenance/operation, and wherein the method further comprises:
    - identifying, by a worker evaluation logic, an activity that has been preauthorized to be performed by the particular worker; and
      
      blocking, by an activity approval logic, the conversion logic from creating the hybrid security object in response to the equipment maintenance/operation failing to match the activity that has been preauthorized to be performed by the particular worker.
  - 14. The method of claim 10, further comprising:
    - executing, in response to the smart card receiving a rescission command, a rescission command to deactivate the security object, wherein deactivating the security object prevents future executions of the protected object.
  - 15. The method of claim 10, wherein the protected object is stored in a protected region of memory within the smart card, wherein the hybrid security object provides access to the protected region of the memory within the smart card, and wherein the method further comprises:
    - utilizing, by a memory access hardware logic, the hybrid security object to access the protected object within the protected region of the memory within the smart card.
  - 16. The method of claim 10, wherein the smart card is a payment card, and wherein the method further comprises:
    - generating, by a matrix barcode generator, a matrix barcode that contains payment information for the person who is in physical possession of the smart card; and
      
      displaying, on a display on the standalone physical card, the matrix barcode.
  - 17. The method of claim 10, wherein the smart card is an identification card, and wherein the method further comprises:
    - generating, by a matrix barcode generator, a matrix barcode that contains identification information for the person who is in physical possession of the smart card; and
      
      displaying, on a display on the standalone physical card, the matrix barcode.
  - 18. The method of claim 17, wherein the smart card is a premises access card, and wherein the method further comprises:
    - generating, by a matrix barcode generator, a matrix barcode that contains access authorization information for the person who is in physical possession of the smart card; and
      
      displaying, on a display on the standalone physical card, the matrix barcode.

19. A computer program product for managing smart card transactions, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code readable and executable by one or more processors to perform a method comprising:
- receiving a smart card identifier from a smart card, wherein the smart card identifier is a transaction-specific identifier for a transaction, wherein the smart card identifier contains no financial data for a holder of the smart card, wherein the holder of the smart card is a first party to the transaction, and wherein the smart card identifier is hidden from a second party to the transaction;
  
  receiving transaction data for the transaction from the second party, wherein the transaction data is blocked from the smart card;
  
  associating the smart card identifier with account data for an account assigned to the holder of the smart card;
  
  associating the transaction data with the account to determine if the transaction is valid according to information located in the account data; and
  
  in response to determining that the transaction is valid, issuing a transaction confirmation to the smart card and a transaction approval to the second party to the transaction.

20. A computer system comprising:
- a processor, a computer readable memory, and a computer readable storage medium;
  
  first program instructions to receive a smart card identifier from a smart card, wherein the smart card identifier is a transaction-specific identifier for a transaction, wherein the smart card identifier contains no financial data for a holder of the smart card, wherein the holder of the smart card is a first party to the transaction, and wherein the smart card identifier is hidden from a second party to the transaction;
  
  second program instructions to receive transaction data for the transaction from the second party, wherein the transaction data is blocked from the smart card;
  
  third program instructions to associate the smart card identifier with account data for an account assigned to the holder of the smart card;
  
  fourth program instructions to associate the transaction data with the account to determine if the transaction is valid according to information located in the account data; and
  
  fifth program instructions to, in response to determining that the transaction is valid, issue a transaction confirmation to the smart card and a transaction approval to the second party to the transaction; and
  
  whereinthe first, second, third, fourth, and fifth program instructions are stored on the computer readable storage medium and executed by the processor via the computer readable memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
FRIEDLANDER, ROBERT R., KRAEMER, JAMES R., LINTON, JEB R.

Granted Patent

US 10,475,026 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/60   Protecting data

G06F 21/62   Protecting access to data v...

G06F 9/22   Microcontrol or microprogra...

G06F 9/30003   Arrangements for executing ...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/4555   Para-virtualisation, i.e. g...

G06Q 20/32   using wireless devices

G06Q 20/3274   using a pictured code, e.g....

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/351   Virtual cards

G06Q 20/401   Transaction verification

G06Q 20/40145   Biometric identity checks

G06Q 20/42   Confirmation, e.g. check or...

H04L 63/0428   wherein the data content is...

H04W 12/37   Managing security policies ...

SECURE MANAGEMENT OF TRANSACTIONS USING A SMART/VIRTUAL CARD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

163 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE MANAGEMENT OF TRANSACTIONS USING A SMART/VIRTUAL CARD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

163 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links