Private information exchange in smart card commerce

US 7,870,998 B2
Filed: 05/30/2008
Issued: 01/18/2011
Est. Priority Date: 05/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for performing private information exchange in smart card commerce, said method comprising:

in response to determining that biometric data received on a biometric reader corresponds to an authorized user, unlocking a communication channel on a communication port of a smart card and exchanging public keys;

in response to determining that a valid information request from an external point of sale machine has been received across said communication channel, the smart card decrypting said information request;

in response to determining that private data in the smart card has been requested in said information request, the smart card prompting for authorization to release said private data; and

performing private information exchange in smart card commerce by, in response to receiving authorization for release of the private data via at least one user input device on said smart card, the smart card permitting communication of an encrypted copy of said private data via said communication channel to said external point of sale machine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer program product for private information exchange in smart card commerce is disclosed. The method includes, in response to determining that an item of biometric data received on a biometric reader corresponds to an authorized user, unlocking a communication channel on a communication port, exchanging public keys between the user and authorized point of sale, receiving an information request from an external point of sale machine across the communication channel, decrypting an information request and parsing a data token. In response to determining that private data has been requested in the information request, a user is prompted for authorization to release the private information, and private information exchange in smart card commerce is performed by, in response to the user pressing a yes button on the smart card, placing an encrypted copy of the private data in the public area of the smart card for transmission across the communication channel to the external point of sale machine.

Citations

19 Claims

1. A method for performing private information exchange in smart card commerce, said method comprising:
- in response to determining that biometric data received on a biometric reader corresponds to an authorized user, unlocking a communication channel on a communication port of a smart card and exchanging public keys;
  
  in response to determining that a valid information request from an external point of sale machine has been received across said communication channel, the smart card decrypting said information request;
  
  in response to determining that private data in the smart card has been requested in said information request, the smart card prompting for authorization to release said private data; and
  
  performing private information exchange in smart card commerce by, in response to receiving authorization for release of the private data via at least one user input device on said smart card, the smart card permitting communication of an encrypted copy of said private data via said communication channel to said external point of sale machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising receiving said biometric data on said biometric reader of said smart card.
  - 3. The method of claim 1, said exchanging comprising placing a public key correlating to said authorized user in a public memory area of said smart card.
  - 4. The method of claim 1, said exchanging comprising receiving a public key from said external point of sale machine.
  - 5. The method of claim 1, further comprising encrypting said private data to generate said encrypted copy of said private data.
  - 6. The method of claim 1, further comprising refusing to perform private information exchange in said smart card commerce by, in response to denial of authorization via the at least one user input device on said smart card, closing said communication channel to said external point of sale machine and displaying a failure message on a display of the smart card.
  - 7. The method of claim 1, wherein:
    - the smart card includes a display;
      
      the at least one user input device is separate from the display; and
      
      the method further comprises receiving the authorization via the at least one user input device separate from the display.

8. A smart card, comprising:
- a communication port;
  
  a memory including private data;
  
  at least one user input device; and
  
  a processor that;
  
  in response to determining that biometric data received on the biometric reader corresponds to an authorized user, unlocks a communication channel on the communication port and exchanges public keys;
  
  in response to determining that a valid information request from an external point of sale machine has been received across said communication channel, decrypts said information request;
  
  in response to determining that the information request requests the private data, prompts for authorization to release said private data; and
  
  in response to receiving authorization for release of the private data via the at least one user input device on said smart card, permits communication of an encrypted copy of said private data via said communication channel to said external point of sale machine.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The smart card of claim 8, further comprising a biometric reader for receiving biometric data on said smart card.
  - 10. The smart card of claim 8, wherein the processor exchanges public keys by placing a public key correlating to said authorized user in a public area of said memory.
  - 11. The smart card of claim 8, wherein the processor encrypts said private data to generate said encrypted copy of said private data.
  - 12. The smart card of claim 8, and further comprising:
    - a display;
      
      wherein the processor, in response to denial of authorization via the at least one user input device on said smart card, closes said communication channel to said external point of sale machine and presents a failure message on said display.
  - 13. The smart card of claim 8, wherein the smart card includes a display separate from the at least one user input device.

14. A machine-readable storage medium having a plurality of instructions processable by a machine stored therein, wherein said plurality of instructions, when processed by said machine, causes said machine to perform:
- in response to determining that biometric data received on a biometric reader corresponds to an authorized user, unlocking a communication channel on a communication port of the smart card and exchanging public keys;
  
  in response to determining that a valid information request from an external point of sale machine has been received across said communication channel, decrypting said information request;
  
  in response to determining that private data in the smart card has been requested in said information request, prompting for authorization to release said private data; and
  
  performing private information exchange in smart card commerce by, in response to receiving authorization for release of the private data via at least one user input device on said smart card, permitting communication of an encrypted copy of said private data via said communication channel to said external point of sale machine.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The machine-readable storage medium of claim 14, wherein the receiving includes receiving said item of biometric data on said biometric reader of said smart card.
  - 16. The machine-readable storage medium of claim 14, wherein the exchanging includes placing a public key correlating to said authorized user in a public memory area of said smart card.
  - 17. The machine-readable storage medium of claim 14, wherein the exchanging includes receiving a public key from said external point of sale machine.
  - 18. The machine-readable storage medium of claim 14, wherein the plurality of instructions further cause the machine to perform encrypting said private data to generate said encrypted copy of said private data.
  - 19. The machine-readable storage medium of claim 14, wherein:
    - the smart card includes a display;
      
      the at least one user input device is separate from the display; and
      
      the plurality of instructions further cause the machine to receive the authorization via the at least one user input device separate from the display.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Chase-Salerno, Michael S., Dague, Sean, Grundy, Michael H., Ferri, Richard
Primary Examiner(s)
Labaze; Edwyn

Application Number

US12/129,844
Publication Number

US 20080229108A1
Time in Patent Office

963 Days
Field of Search

235/380, 235/492, 235/382, 235/382.5, 235/487, 235/451, 713185-186
US Class Current

235/380
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/35765   Access rights to memory zones

G06Q 20/40145   Biometric identity checks

G07F 7/1008   Active credit-cards provide...

Private information exchange in smart card commerce

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Private information exchange in smart card commerce

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links