Biometric authentication of mobile financial transactions by trusted service managers

US 8,554,689 B2
Filed: 03/12/2012
Issued: 10/08/2013
Est. Priority Date: 06/06/2008
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a financial transaction, the method comprising:

storing credentials of a user in a first secure element (SE) of a data communication device of the user, the credentials including user biometric authentication data and data for authenticating financial transactions of the user by a trusted service manager (TSM); and

storing an application program in a second SE of device separate from the first SE, wherein the first SE is operable in response to a request from the application program to verify the user'"'"'s identity from a biometric trait of the user input to the device,generate data authenticating the financial transaction by the TSM upon verifying the user'"'"'s identity, andtransmit the authenticating data to the second SE; and

the application program is operable when invoked by the user to prompt the user to input the biometric trait into the device,request verification of the biometric trait and authentication of the financial transaction by the TSM from the first SE, andgenerate transaction instruction codes to effect and authenticate the financial transaction by the TSM upon receipt of the authenticating data from the first SE.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a financial transaction at a point of sale (POS) includes storing an application program in a first secure element of a mobile phone. The application is configured to generate instruction codes to effect the financial transaction upon verification of a user'"'"'s identity. The user'"'"'s credentials are stored in a second SE of the phone, which is operable to verify the user'"'"'s identity from a biometric trait of the user input to the phone and to generate data authenticating the financial transaction in response to the verification of the user'"'"'s identity. At the POS, the user invokes the application and then inputs a biometric trait to the phone. The second SE verifies the user'"'"'s identity, and upon verification, generates data authenticating the transaction. The financial transaction data, including the instruction codes and the authenticating data, are then transmitted from the phone to the POS.

33 Citations

View as Search Results

20 Claims

1. A method for authenticating a financial transaction, the method comprising:
- storing credentials of a user in a first secure element (SE) of a data communication device of the user, the credentials including user biometric authentication data and data for authenticating financial transactions of the user by a trusted service manager (TSM); and
  
  storing an application program in a second SE of device separate from the first SE, wherein the first SE is operable in response to a request from the application program to verify the user'"'"'s identity from a biometric trait of the user input to the device,generate data authenticating the financial transaction by the TSM upon verifying the user'"'"'s identity, andtransmit the authenticating data to the second SE; and
  
  the application program is operable when invoked by the user to prompt the user to input the biometric trait into the device,request verification of the biometric trait and authentication of the financial transaction by the TSM from the first SE, andgenerate transaction instruction codes to effect and authenticate the financial transaction by the TSM upon receipt of the authenticating data from the first SE.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - invoking the application program on the user'"'"'s device at a point of sale (POS) of a vendor;
      
      inputting the biometric trait of the user into the user'"'"'s device;
      
      transmitting the data of the financial transaction, including the transaction instruction codes and data authenticating the financial transaction, from the user'"'"'s device to a data communication device at the POS, andtransmitting the data of the authenticated financial transaction from the POS device to a transaction processing device of the vendor.
  - 3. The method of claim 2, wherein the transmitting of the transaction data from the user'"'"'s device to the POS device is effected through a near field communication (NFC) link between the two devices.
  - 4. The method of claim 3, wherein the transmitting of the transaction data from the user'"'"'s device to the POS device comprises bringing the POS device and the user'"'"'s device to within a distance of about 10 centimeters or less from each other.
  - 5. The method of claim 2, wherein the inputting comprises transmitting data corresponding to the biometric trait directly from a biometric trait input device of the user'"'"'s device to the first SE via a data encryption tunnel circuit.
  - 6. The method of claim 2, wherein the POS data communication device comprises an automated teller machine (ATM), and further comprising depositing cash in or vending cash from the ATM to the user.
  - 7. The method of claim 1, wherein the biometric trait comprises a fingerprint of the user.
  - 8. The method of claim 1, wherein the user'"'"'s device comprises a mobile phone and at least one of the first and second SEs comprises a Subscriber Identity Module (SIM) card.
  - 9. The method of claim 8, wherein the inputting is operable to unlock the phone for use.
  - 10. The method of claim 1, wherein the data authenticating the transaction comprises one or more of a Card Verification Value (CVV) code, a Contactless Card and Chip Verification Value (iCVV) code, a Stored-Value Card (SVC) code or a bank identification number (BIN) code.
  - 11. The method of claim 1, wherein one or both of the storing of the user'"'"'s credentials in the first SE and the storing of the application program in the second SE is performed by the Trusted Service Manager (TSM).

12. An apparatus for authenticating a financial transaction, the apparatus comprising:
- a data communication device of a user, the device having separate first and second secure elements (SEs),the first SE storing credentials of the user, including data for authenticating financial transactions of the user by a third party trusted service manager (TSM),the second SE storing an application program,the first SE being operable in response to a request from the application program to verify the user'"'"'s identity from a biometric trait of the user input to the device, generate data authenticating the financial transaction upon verifying of the user'"'"'s identity, andtransmit the authenticating data to the second SE; and
  
  the application program being operable when invoked by the user to prompt the user to input the biometric trait into the device, request verification of the biometric trait and authentication of the financial transaction from the first SE, andgenerate transaction instruction codes to effect and authenticate the financial transaction upon receipt of the authenticating data from the first SE.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The apparatus of claim 12, wherein the user'"'"'s device comprises a fingerprint reader.
  - 14. The apparatus of claim 13, wherein the fingerprint reader is coupled to the first SE via a data encryption tunnel circuit.
  - 15. The apparatus of claim 14, wherein the data encryption tunnel circuit complies with the Federal Information Processing Standard (FIPS) Publication 140-2 (FIPS 140-2) Level 3 standard.
  - 16. (currently amended amended) The apparatus of claim 12, wherein the credentials of the user further comprise one or more of a user payment instrument, a user certificate, a user account key, a user account or user biometric trait authentication data.

17. A non-transitory machine-readable medium comprising a plurality of machine-readable instructions which, when executed by one or more processors of a data communication device of a user, are adapted to cause the one or more processors to perform a method, comprising:
- running an application program that prompts the user to input a biometric trait of the user into the device;
  
  verifying the user'"'"'s identity from the biometric trait input to the device;
  
  generating data authenticating a financial transaction of the user by a third party trusted service manager (TSM) from data previously stored in the device by the TSM in response to the verifying of the user'"'"'s identity; and
  
  generating transaction instruction codes operable to effect and authenticate the financial transaction, whereinthe verifying and the generating of the authenticating data are effected by a Payment/Wallet secure element (SE) of the device storing credentials of the user, andthe prompting and the generating of the transaction instructions codes are effected by an Application SE of the device in which the application program is stored.
- View Dependent Claims (18, 19, 20)
- - 18. The medium of claim 17, wherein:
    - the credentials of the user comprise one or more of a user payment instrument, a user certificate, a user account key, a user account or user biometric trait authentication data; and
      
      ,the data authenticating the transaction comprises one or more of a Card Verification Value (CVV) code, a Contactless Card and Chip Verification Value (iCVV) code, a Stored-Value Card (SVC) code or a bank identification number (BIN) code.
  - 19. The medium of claim 17, wherein:
    - the user'"'"'s data communication device comprises a mobile phone; and
      
      the method further comprises transmitting the transaction instruction codes to a data communication device of a vendor via a wireless link.
  - 20. The medium of claim 19, wherein the link comprises a near field communication (NFC) link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
Mardikar, Upendra, Duprat, Eric
Primary Examiner(s)
CHEUNG, CALVIN K

Application Number

US13/418,196
Publication Number

US 20120173434A1
Time in Patent Office

575 Days
Field of Search

705/64, 705/65, 705/67, 705/75, 705/76
US Class Current

705/64
CPC Class Codes

G06Q 20/1085   involving automatic teller ...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/204   comprising interface for re...

G06Q 20/3223   Realising banking transacti...

G06Q 20/3227   using secure elements embed...

G06Q 20/3265   characterised by personalis...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40145   Biometric identity checks

G06Q 40/00   Finance; Insurance; Tax str...

G07C 9/257   electronically G07C9/26 tak...

G07F 7/0826   Embedded security module

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0823 : using certificates cryptogr...

H04L 63/0861 : using biometrical features,...

H04L 9/3231 : Biological data, e.g. finge...

H04W 12/069 : using certificates or pre-s...

H04W 4/80 : Services using short range ...

View All

Biometric authentication of mobile financial transactions by trusted service managers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Biometric authentication of mobile financial transactions by trusted service managers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links