Method and device for end-user verification of an electronic transaction
First Claim
1. A method for verification of a transaction on an end-user device comprising:
- creating a transaction identification string using data stored in a first memory space on an end-user device, wherein the transaction identification string is a unique string associated with a transaction that has been negotiated with a merchant;
interrupting an electronic communication associated with the transaction before completion of the transaction using the data stored in the first memory space on the end-user device;
exhibiting the transaction identification string to an end-user using the data stored in the first memory space on the end-user device;
receiving a response to the transaction identification string by the end user device, wherein the interrupting comprises disallowing further electronic communication associated with the transaction until the response to the transaction identification string is received by refusing a connection with the merchant based on identifying information regarding the merchant; and
carrying out an action based upon the response using data stored in a second memory space on the end-user device, the first memory space separate from the second memory space.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides methods and apparatuses for verifying that a transaction is legitimate. The methods and apparatuses use protected memory space, such as kernel space of an operating system, or a separate memory space, such as is available on a SIM card of a cellular phone. The method of the invention proceeds by creating a transaction identification string (TID) and associating the TID with a transaction. The TID contains data relevant to or associated with the transaction and is typically readable by an end-user. The transaction is then interrupted until a user responds in the affirmative to allow completion of the transaction. Methods and devices used in the invention are particularly well suited to M-commerce, where transactions originating from a device are typically recognized by a merchant as coming from the owner of the device without further authentication.
30 Citations
25 Claims
-
1. A method for verification of a transaction on an end-user device comprising:
-
creating a transaction identification string using data stored in a first memory space on an end-user device, wherein the transaction identification string is a unique string associated with a transaction that has been negotiated with a merchant; interrupting an electronic communication associated with the transaction before completion of the transaction using the data stored in the first memory space on the end-user device; exhibiting the transaction identification string to an end-user using the data stored in the first memory space on the end-user device; receiving a response to the transaction identification string by the end user device, wherein the interrupting comprises disallowing further electronic communication associated with the transaction until the response to the transaction identification string is received by refusing a connection with the merchant based on identifying information regarding the merchant; and carrying out an action based upon the response using data stored in a second memory space on the end-user device, the first memory space separate from the second memory space. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A device capable of interrupting an electronic transaction comprising:
-
an application memory space in which is stored data used to carry out an electronic transaction; a non-transitory trusted memory space in which is stored data used to interrupt the electronic transaction, wherein the application memory space is separate from the non-transitory trusted memory space; a display for exhibiting a transaction identification string to an end-user, wherein the transaction identification string is a unique string associated with a transaction that has been negotiated with a merchant; a processor communicatively coupled to the display, the application memory space and the non-transitory trusted memory space; the application memory space and the non-transitory trusted memory space to store computer program instructions, the computer program instructions when executed on the processor cause the processor to perform operations comprising; interrupting the electronic transaction using the stored data in the non-transitory trusted memory space; receiving a response to the transaction identification string by the end-user, wherein the interrupting comprises disallowing further electronic communication associated with the transaction until the response to the transaction identification string is received by refusing a connection with the merchant based on identifying information regarding the merchant; and carrying out an action based on the response using the stored data in the application memory space. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification