Electronic payment schemes in a mobile environment for short-range transactions

US 7,194,438 B2
Filed: 02/25/2004
Issued: 03/20/2007
Est. Priority Date: 02/25/2004
Status: Active Grant

First Claim

Patent Images

1. A method enabling a user in a mobile environment to conduct transactions via a self-service merchant terminal, comprising:

a) maintaining a security key in a mobile phone device;

b) transferring the security key and mobile phone identification into at least one user portable fob or pilot via an initial short-range radio link;

c) transferring the security key and the mobile phone identification from the at least one user portable fob or pilot to a self-service merchant terminal through the initial short-range radio link;

d) establishing a secure short-range connection between the self-service terminal and the mobile phone based on the transferred security key and the mobile phone identification information from the at least on user portable fob or pilot, wherein the initial short-range radio link has a significantly smaller radio coverage than the secure short-range connection, ande) verifying the presence of a correct pilot by the terminal via computing and comparing an expected response from the mobile phone with the transferred security key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A short-range transaction system enables a user to conduct transactions with a self-service terminal in a user-friendly environment without using currency. The user carries a portable smart card, which interacts with a mobile phone. After authentication via an RFID connection, the device MAC address and a security key (K) are imprinted in the card. In operation, the user waves the smart card past the self-service terminal and activates an RFID connection. The terminal sends the card a random number. The card returns the MAC address and a result (RES) computed using the hash value and the security key. The terminal using the MAC address and security key establishes a secure connection with the device. The terminal downloads the user'"'"'s transaction interface from the device and displays the user interface at the self-service terminal. The user completes a transaction at the terminal via the user interface.

169 Citations

43 Claims

1. A method enabling a user in a mobile environment to conduct transactions via a self-service merchant terminal, comprising:
- a) maintaining a security key in a mobile phone device;
  
  b) transferring the security key and mobile phone identification into at least one user portable fob or pilot via an initial short-range radio link;
  
  c) transferring the security key and the mobile phone identification from the at least one user portable fob or pilot to a self-service merchant terminal through the initial short-range radio link;
  
  d) establishing a secure short-range connection between the self-service terminal and the mobile phone based on the transferred security key and the mobile phone identification information from the at least on user portable fob or pilot, wherein the initial short-range radio link has a significantly smaller radio coverage than the secure short-range connection, ande) verifying the presence of a correct pilot by the terminal via computing and comparing an expected response from the mobile phone with the transferred security key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the secure short-range connection is used to conduct transactions without using currency.
  - 3. The method of claim 1, wherein the initial short-range radio link complies with RFID technology.
  - 4. The method of claim 1, wherein the secure short-range connection complies with Bluetooth technology.
  - 5. The method of claim 1, wherein the coverage area of the short-range radio link is under 10 centimeters for the initial short-range radio link and a RFID connection between the mobile phone device and the pilot.
  - 6. The method of claim 1, wherein the mobile phone identification is a Bluetooth address of the mobile phone.
  - 7. The method of claim 1 further comprising:
    - e) receiving a user transaction interface at the terminal upon establishment of the secure short-range connection.
  - 8. The method of claim 1 further comprising:
    - f) providing the at least one pilot a random number and a sequence number (SEQ) in response to a request for a secure connection between the terminal and the device.
  - 9. The method of claim 1 further comprising:
    - g) computing a RES=f (random number, SEQ, secret key (k)) and session key K′
      
      by the pilot and sending the RES and K′
      
      to the terminal.
  - 10. The method of claim 1 further comprising:
    - h) using the session key by the terminal to establish the secure connection with the device.
  - 11. The method of claim 1 further comprising:
    - i) deriving the session key by the device and using the derived session key for secure short-range communication with the terminal.
  - 12. The method of claim 1 further comprising:
    - j) verifying the presence of a correct pilot by the terminal via computing an expected response of XRES=f (random number, SEQ, K) and verifying whether RES=XRES.
  - 13. The method of claim 1 further comprising:
    - k) using symmetric keys for encryption/decryption of information transferred between the terminal and the device.
  - 14. The method of claim 1 further comprising:
    - l) using public key infrastructure for encryption/decryption of information transferred between the terminal and the device.
  - 15. The method of claim 1 further comprising:
    - m) storing a plurality of authentication codes in the at least one pilot for one time use in initiating secure connection requests.
  - 16. The method of claim 1 further comprising:
    - n) storing a plurality of authentication codes for one time use in the device for establishing short-range connections between the device and the terminal.
  - 17. The method of claim 1 further comprising:
    - o) transferring payment information from the terminal to the device via the secure channel based upon a session key K′
      
      ;
      
      p) automatically accepting the payment information by the device; and
      
      q) using a communication channel either provided by the terminal or the device to conduct a transaction.
  - 18. The method of claim 1 further comprising:
    - r) sending a request to the device by the terminal for the device to launch a payment application;
      
      s) launching the payment application after the device verifies the presence of a correct pilot;
      
      t) using the payment application at the terminal to launch a legacy payment client; and
      
      u) finalizing the transaction by a user at a user-interface displayed at the terminal.

19. A system for enabling a user in a mobile environment to conduct transactions via a self-service terminal, comprising:
- a) a mobile device including a short-range communication transceiver and an RFID transceiver;
  
  b) a semi-passive RFID transponder;
  
  c) a self-service terminal including a RFID transceiver and a short-range transceiver;
  
  d) means for storing identification information and at least security information in the mobile device;
  
  e) means for transferring said stored identification and the security information of the device over an RFID connection into the user portable fob or pilot;
  
  f) means for transferring by the user fob or pilot said transferred identification and security information to the self-service terminal over an RFID connection;
  
  g) means for establishing a secure short-range connection between the self-service terminal and the device based on said transferred identification and security information of the device from the user portable fob or pilot, wherein the RFID connection has significantly smaller radio coverage than the secure short-range connection, andh) means for verifying the presence of a correct pilot by the terminal via computing and comparing an expected response from the mobile phone with the transferred security key.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The system of claim 19, wherein the secure short-range connection is used to conduct transactions without using currency after establishment of the RFID connection.
  - 21. The system of claim 19 wherein the self-service terminal receives a user transaction interface upon establishment of the secure connection.
  - 22. The system of claim 19 further comprising:
    - h) means for storing a plurality of authentication codes for one time use in establishing a connection between the pilot and the device.
  - 23. The system of claim 19 further comprising:
    - i) means for storing a plurality of authentication codes for one time use in establishing short-range connections between the device and the terminal.
  - 24. The system of claim 19 wherein the pilot identifies the device for a short-range connection and initializes a security context.
  - 25. The system of claim 19 wherein the user operates the user transaction interface at the terminal.
  - 26. The system of claim 19 further comprising:
    - j) means activating the terminal for establishing a secure connection to the device.

27. A medium, executable in a computer system, enabling a user in a mobile environment to activate a self-service terminal to conduct transactions, the medium comprising:
- a) program code for storing at least a security key in a mobile phone device;
  
  b)program code for transferring the security key and mobile phone device identification in a user portable fob or pilot associated with the mobile phone device;
  
  c) program code for transferring the security key and the mobile phone identification from the at least one user portable fob or pilot to a self-service merchant terminal through the initial short-range radio link;
  
  d) program code for establishing a secure short-range connection between the self-service terminal and the mobile phone based on the transferred security key and the mobile phone identification information from the at least on user portable fob or pilot, wherein the initial short-range radio link has a significantly smaller radio coverage than the secure short-range connection, ande) program code for verifying the presence of a correct pilot by the terminal via computing and comparing an expected response from the mobile phone with the transferred security key.
- View Dependent Claims (28, 29, 30)
- - 28. The medium of claim 27 further comprising:
    - e) program code in the terminal for downloading a user interface from the mobile phone device after establishment of a secure connection with the mobile phone device.
  - 29. The medium of claim 27 further comprising:
    - f) program code for conducting product or service transactions between the terminal and the mobile phone device without using currency.
  - 30. The medium of claim 27 wherein the terminal is within a merchant establishment or in a kiosk.

31. A method of enabling a first user portable fob or pilot device to serve as a master fob or pilot for at least one second user portable fob or pilot devices as slave devices capable of interacting with a terminal, comprising:
- installing a reader and switching means in a first user portable fob or pilot device serving as a master device and further including a processor and storage means;
  
  transferring and storing in the master fob or pilot device a phone address and a security key of a mobile phone;
  
  at least one second user portable fob or pilot device, each serving as a slave device to the master device and further including a processor and storage, each slave device capable ofreceiving and transmitting signals from/to the master device;
  
  transferring the phone address, security key and policy restraints in a slave device after receiving an address identifying the slave device; and
  
  using the slave device to interact with a terminal to purchase an item, after a secure connection is established between the terminal and the mobile phone.
- View Dependent Claims (32, 33, 34, 35, 37, 38, 39, 40, 41, 42)
- - 32. The method of claim 31, wherein the imprinting step further comprises:
    - limiting the validity of the at least one portable pilot based on a predefined policy constraint.
  - 33. The method of claim 31, wherein the predefined policy constraint includes at least one of a maximum purchase value and a maximum time limit in a slave device.
  - 34. The method of claim 31 further comprising:
    - storing a list of prohibited purchase items in the slave device.
  - 35. The method of claim 31 further comprising:
    - transmitting a list of purchased items from the terminal to the slave device.
  - 37. The method of claim 31 further comprising:
    - verifying in the slave device that no purchased item is a prohibited item.
  - 38. The method of claim 31 wherein a policy restraints limits usage of the slave device to a maximum value for a purchased item.
  - 39. The method of claim 31 wherein the policy restraints limits usage of the slave device to a maximum time period.
  - 40. The method of claim 31 wherein the terminal receives a signal from the slave indicating approval or denial of a purchased item.
  - 41. The method of claim 31 wherein the terminal displays approval or denial of the purchased items after receiving a signal from the slave device.
  - 42. The method of claim 31 wherein the slave device touches or holds the slave device in close proximity to the terminal to authorize payment for the purchased after the terminal displays approval of the purchased by the slave device.

36. The method of 31 further comprising:
- comparing the purchased items to prohibited items stored in the slave device.

43. A method enabling a user in a mobile environment to conduct transactions via a self-service merchant terminal, comprising:
- a) maintaining a security key in a mobile phone device;
  
  b) transferring the security key and mobile phone identification into at least one user portable fob or pilot via a RFID connection between the mobile phone device and the at least associated portable pilot;
  
  c) transferring the security key and the mobile phone identification from the at least one user portable fob or pilot to a self-service merchant terminal via a RFID connection between the mobile phone device and the at least associated portable pilot;
  
  d) establishing a secure short-range connection between the self-service terminal and the mobile phone based on the transferred security key and the mobile phone identification information from the at least on user portable fob or pilot, wherein the RFID connection has a significantly smaller radio coverage than the secure short-range connection,e) storing a plurality of authentication codes for one time use in the device for establishing short-range connections between the device and the terminal; and
  
  f) receiving a user transaction interface at the terminal upon establishment of the secure short-range connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Asokan, Nadarajah, Ekberg, Jan-Erik, Sovio, Sampo, Lahtinen, Pekka
Primary Examiner(s)
Fischer; Andrew J.
Assistant Examiner(s)
AUGUSTIN, EVENS J

Application Number

US10/785,025
Publication Number

US 20050187882A1
Time in Patent Office

1,119 Days
Field of Search

705/14, 705/17, 705/26, 705/65, 705/51, 705/75, 455/406, 455/558, 340/568.7, 340/539.1
US Class Current

705/50
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/327   Short range or proximity pa...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/382   insuring higher security of...

G06Q 20/3827   Use of message hashing

G06Q 20/388   using mutual authentication...

G07F 7/0886   the card reader being porta...

G07F 7/1008   Active credit-cards provide...

H04M 15/68   Payment of value-added serv...

H04M 2215/0196   Payment of value-added serv...

Electronic payment schemes in a mobile environment for short-range transactions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

169 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Electronic payment schemes in a mobile environment for short-range transactions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

169 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links