WO2001086599A2 - Smart communications - Google Patents

Smart communications Download PDF

Info

Publication number
WO2001086599A2
WO2001086599A2 PCT/IB2001/000809 IB0100809W WO0186599A2 WO 2001086599 A2 WO2001086599 A2 WO 2001086599A2 IB 0100809 W IB0100809 W IB 0100809W WO 0186599 A2 WO0186599 A2 WO 0186599A2
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
communication device
wireless communication
contactless smart
user
Prior art date
Application number
PCT/IB2001/000809
Other languages
French (fr)
Other versions
WO2001086599A3 (en
Inventor
Avi Landman
Eli Rozen
Jacob Hassan
Original Assignee
Supercom Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Supercom Ltd. filed Critical Supercom Ltd.
Priority to AU2001255010A priority Critical patent/AU2001255010A1/en
Publication of WO2001086599A2 publication Critical patent/WO2001086599A2/en
Publication of WO2001086599A3 publication Critical patent/WO2001086599A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction

Definitions

  • This invention relates to wireless communications, and more particularly, to a
  • the present invention relates generally to the field of authentication of electronic transactions, and more particularly to a non-reputable digital signature that
  • 5,867,795 shows aportable electronic device including a virtual image display positioned
  • the device is capable of providing an image of
  • the above-referenced aptent shows a sensor constructed
  • US Patent No. 5,821,983 shows a smart card, a non-passive, secure
  • microprocessor-based data storage medium is used for the storage of a plurality of data
  • Smart cards are non-passive data storage devices which comprise a
  • microprocessor microprocessor
  • memory main memory
  • I/O circuitry I/O circuitry
  • the second user's public key can be freely distributed to anyone the
  • the message can only be decrypted using the
  • Digital signatures have been developed to provide a means for identifying a party
  • One method for creating digital signatures is to
  • the sending party 's public decrypting key and identifying information.
  • the receiving party sends public decrypting key and identifying information.
  • the interceptor may be able to convince a recipient
  • That party may simply deny sending a
  • the party may claim that he did not intend to execute a transaction
  • sender with the message is the database entry in the registry containing his public
  • the sender may repudiate a transaction by claiming that his public decrypting key was registered without his
  • An object of the invention is to provide a wireless device with the ability to have
  • the system may incorporate at least one biometric
  • a fingerprint reader such as a fingerprint reader, a camera or micro-camera for iris or face
  • Another object of the invention is to capture the biometric data of a person
  • the invention is to encrypt the biometric data and transmit it to a remote host or server for
  • the device/module may perform a local authorization of the
  • the device/module After the device/module has performed the local authorization, the device
  • the device may deny the user services.
  • Another object of the invention is to provide a financial information
  • Smart cards are utilized to
  • a smart card is advantageously utilized not only for authorization, but also to maintain a secure record of available funds.
  • the system not only provides the
  • a wireless communication device may be comprised of
  • a communications interface and a contactless smart card interface, such as a contactless
  • the controller may include a controller, transmission/reception subsystem, and/or user interface.
  • controller may be a microprocessor and the user interface may include a microphone
  • speaker key pad/board, micro-camera, display screen, touch screen or any other
  • An object of the invention is to provide a module to upgrade existing wireless
  • devices to include a smart card reader/writer, in particular a contactless smart card
  • wireless communication devices including personal digital
  • PDAs personal computers
  • cellular phones cellular phones
  • PCS systems personal computers
  • pagers etc.
  • object of the invention to provide enhanced security to such systems through biometric
  • a wireless communication device such as a cellular phone may be utilized to access a communication network.
  • transaction may be conducted over the communication network, and a token or other
  • indicia of value may be transmitted to the wireless communication device.
  • communication device may then download the token, or other indicia of value, or other
  • the transaction system may include one-to-one
  • a module may include a contact smart card reader.
  • module may be used with contact smart cards, contactless smart cards, or both.
  • the present invention is directed to methods and apparatus for storing a digital
  • a digital signature is stored in the memory of
  • bioauthentication smart card for comparison to a "live” signature.
  • Another object of the present invention is to store a digital signature that allows
  • Another object of the present invention is to analyze a stored digital signature with a real time signature applied to a smart card.
  • Another object of the present invention is to provide a method for positively
  • the present invention is directed to methods and apparatus for creating and
  • his signature into a smart card For example, his signature into a smart card.
  • the data is entered in digital form,
  • optical imaging e.g. a photograph or a scanned fingerprint, iris
  • registrant's biological indicia is encrypted using the registrant's private key and sent to
  • the certificate authority along with the registrant's public key.
  • the operator of the remote registration terminal verifies the identity of the registrant from the identifying documents and transmits the digitized representation to
  • the certificate authority compares the decrypted digital
  • the certificate authority forms a certificate by signing the digital signature
  • the certificate is stored in a database and
  • the database is public with no restriction as to who
  • access to the database may be
  • the registrant transmits a
  • the receiving party can transmit the certificate to the certificate authority and
  • the digital representation can be compared with
  • FIG. 1 shows an embodiment of the invention
  • FIG. 2 shows another embodiment of the invention
  • FIG. 3 shows another embodiment of the invention
  • FIG. 4 shows an embodiment of the invention
  • FIG. 5 shows another embodiment of the invention
  • FIG. 6 shows another embodiment of the invention.
  • Smart cards are usually divided into two categories: standard smart cards and contactless smart cards.
  • standard smart cards and contactless smart cards.
  • contactless smart cards A smart
  • card is a plastic card, having the size of a regular bank or credit card, that contains a
  • the chip in a contactless smart card can store large quantities of information.
  • microprocessor which can process data, turning the smart card into
  • the smart card is activated by placing the card in a terminal that can read and write data to/from the card.
  • Standard smart cards must be physically contacted
  • the invention is not limited to systems that use the radio
  • the system may use other communication frequency bands.
  • Wireless communication devices such as cellular phones and PDAs, are common
  • smart card reader/writer module may be provided as an attachment to a standard wireless
  • the module may operate at 13.56 MHz high-frequency standard.
  • the module may be appropriately sized to ergonomically match a host wireless device. For example,
  • the module may be approximately 5 cm long, 2-4 cm wide, 4 cm high.
  • the module may be approximately 5 cm long, 2-4 cm wide, 4 cm high.
  • module 210 is used for connecting to regular data modems.
  • module 210 is used for connecting to regular data modems.
  • FIG. 2 may be integrated into the battery of device 220.
  • FIG. 2 may be integrated into the battery of device 220.
  • the module may be incorporated into the wireless device 220.
  • module 210 may be a separate add-on device for
  • Module 210 may be connected to
  • communication device 220 through an external connector and may receive power from a battery (not shown) in communication device 220.
  • a battery not shown
  • a communication device 220 may receive power from a battery (not shown) in communication device 220.
  • a battery not shown
  • module power supply (not shown) may be included in module 210.
  • the module power supply (not shown) may be included in module 210.
  • the module power supply may be included in module 210. The module power supply
  • a user may request to receive a biometric authorization smart card from a service
  • the user may visit the service center or bank.
  • the user may be required to present at least one form of
  • identification e.g., driver's license, passport, birth certificate
  • the biometric authorization As shown in FIG. 1, the biometric authorization
  • smart card (105) may have a signature scratch pad (110) on the back of the card, which
  • the user may initialize by signing the scratch pad X number of times. For example, the
  • the signature has been applied to the back of the smart card, the signature will be stored in a digital form on a microchip in the card. This has the advantage of eliminating the
  • biometric information is stored in the card and the individual is always in
  • This embodiment elimates the concerns regading the collection
  • a communcations device may be a landline telephone, a wireless device, or a
  • a card holder may
  • This may include landline
  • the card holder may select a form or method of payment (615).
  • the method of payment may
  • biometric card may be integrated into the biometric card or separate from the biometric card.
  • biometric card may be integrated into the biometric card or separate from the biometric card.
  • the scratch pad may be associated with a bank credit card which may only be used when
  • the correct signature is applied to the scratch pad at the time of purchase.
  • the card may be used as a biometric authorization
  • the card holder may be requested to sign his/her name with an ihkless pen or stylus on
  • the scratch pad may be electrically
  • the smart card chip may read and analyze the data from the pressure-sensitive area (i.e., the scratch pad) (630).
  • the smart chip may perform a comparison between the pressure-sensitive area (i.e., the scratch pad) (630).
  • the smart chip will be encrypted in the chip's memory.
  • the smart chip internally performs
  • a threshold level may be set to determine the accuracy of the "match" between
  • the chip may enabled the transaction by transmitting a signal to
  • the signal may be as simple as a yes or no response. Alternatively, the
  • signal may be an encrypted form of the signature. Then the card holder will be able to
  • the card holder may
  • a user when the comparison fails, a user may either
  • Device 320 may communicate with module 310 via a modem 305.
  • the module may communicate with module 310 via a modem 305.
  • PCU central processor unit
  • PCU 315 may control activity indicators 325 such as transmission/reception
  • PCU 315 may control a display (not shown),
  • module 310 which may be located in module 310, in device 320 or both.
  • device 320 which may be located in module 310, in device 320 or both.
  • module 310 may share a PCU 315 located in device 320. Module 310 may also be equipped with encryption decryption unit 335, which
  • the encryption/decryption unit 335 is used to calculate the encryption/decryption unit 335 .
  • the information exchanged between the smart card and the module/device may be
  • the card is encrypted according to various well-documented methods.
  • the card is encrypted according to various well-documented methods.
  • the card is encrypted according to various well-documented methods.
  • the card reader/writer may authenticate the card reader/writer by generating a random number and sending it to the reader/writer.
  • the reader/writer has to encrypt the random challenge (number)
  • the card reader/writer may also authenticate the card's identity
  • the card is then required to sign the number with its own private key, which is part of a private key/public key pair, and
  • module 310 may include a radio frequency (RF) unit 345 connected
  • RF unit 345 may include: (1) a down converter coupled to a low noise amplifier for converting received RF signal waveforms to intermediate frequency (IF)
  • the RF section/unit 345 may also be coupled to reader/writer antenna 375.
  • reader/writer antennas may be used which allow reading and writing distances
  • Reader/writer antenna 375 should not be
  • the contactless reader/writer may be
  • the module 10 may be incorporated into the module 10
  • the wireless device as shown in FIG. 4.
  • the wireless device may be controlled by the PCU
  • PCU 415 may control a display (not shown).
  • an encryption/decryption unit 435 which may be
  • the device may include two RF units 400 and 445 connected
  • RF unit 445 may be coupled to reader/writer antenna 475 for providing communication with the smart card.
  • RF unit 400 may provide the traditional voice
  • the module may be incorporated into the
  • the wireless device and have only one RF unit.
  • a biometric unit 365/465 may be provided for security purposes.
  • the biometric unit 365/465 may include a biometric input device, such as a
  • the biometric unit for voice recognition, to capture biometric information.
  • 365/465 may encrypt the captured data and send it to a remote server or host that will use
  • the biometric unit 365/465 may perform local
  • biometric unit 365 may interface with any other biometric reader or any other biometric authentication device.
  • the biometric authentication server may either
  • module 10 may be capable of conducting many types of
  • One example is secure wireless financial transactions. More specifically,
  • the operation of the device 20 may initialize a smart card and/or download an increase in value to a value-holding smart card.
  • the device may also operate to debit value or
  • the user may establish communications with a retailer/host. Once communications are established,
  • the user may be able to receive and preview specially formatted graphical advertisements
  • the host may require the user to identify
  • the module 10 may be used to purchase and
  • a user may purchase tickets or tokens that may be downloaded onto the smart card for storage. Once the user arrives at an event, the user
  • the smart card may use the smart card as the admission ticket eliminating the need for a paper ticket.
  • the user of the card will gain entry permission by presenting the contactless card near
  • One smart card can be used to store at least one
  • Restrictions may be provided that limit the download of tickets or tokens to
  • a contactless smart card from selected wireless devices.
  • remotely purchased items may be represented by tokens placed on the smart card (contact
  • the tokens may be redeemed at any redemption point, such as a store or
  • the token Once the ticket has been redeemed, the ticket maybe marked as unusable or
  • the redemption point may also include a biometric unit which
  • biometric data can be used in coordination with the biometric data to authenticate redemption of the ticket, token, or debit of the value from the smart card.
  • the contactless smart chip may contain an RF unit to be
  • the wireless device or add-on device may be adapted to transmit/receive
  • a smart card may be restricted to be used only with a predefined cellular
  • authorization program may allow the card the flexibility to work with a group of wireless
  • contactless card may be accomplished using the Bluetooth Standard.
  • inventions may also be incorporated into a contact card.

Abstract

A method and apparatus for providing a wireless device with the ability to have secure e-commerce transactions utilizing a contactless smart card. Additionally, the method and apparatus provide for a wireless smart card transaction system which utilizes biometric identification methods. The system may incorporate at least one biometric input device, such as a fingerprint reader, a camera or micro-camera for iris or face recognition, and/or a standard microphone for voice recognition or any other biometric input device.

Description

SMART COMMUNICATIONS
This application claims the benefits ofUnited States Provisional Application Nos.
60/197,775, filed April 14, 2000, and 60/264,013, filed January 26, 2001, which are co-
pending and are hereby incorporated by reference.
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to wireless communications, and more particularly, to a
system suitable to utilize smart card technology with a wireless communication device
to provide authorization and security features for wireless communications and
transactions.
In addition, the present invention relates generally to the field of authentication of electronic transactions, and more particularly to a non-reputable digital signature that
allows authentication of the identity of a user/customer by comparison with an unique
biological indicia.
2. Description of the Related Technology
Cellular phones are well known in the prior art. For example, U.S. Patent No.
5,867,795 shows aportable electronic device including a virtual image display positioned
within a housing or remote unit. The device is capable of providing an image of
information contained on a smart card as well as transactions processed in response to data transmitted by a two-way voice transceiver between a host database and the portable
electronic device. In addition, the above-referenced aptent shows a sensor constructed
to have the smart card positioned adjacent thereto in data sensing juxtaposition and
electronics connected to the sensor for processing data between the host database and the
portable electronic device, and for reading and writing data to the smart card.
US Patent No. 5,821,983 shows a smart card, a non-passive, secure
microprocessor-based data storage medium, is used for the storage of a plurality of data
messages and is read by a video telephone terminal equipped with a smart card reader to
provide transmission of a data message, comprising video image data, either in still frame
or full motion format, to a remote video telephone terminal. The use of the smart card
for storage of a data message provides a secure, transportable message that is available
for transmission from any video telephone terminal having smart card reading capability.
Smart cards are non-passive data storage devices which comprise a
microprocessor, memory and I/O circuitry. Smart cards are generally used when a secure
and portable means to store data is desired. There are contactless smart cards which do
not require physical contact to transfer data between the card and a card reader. There
are also smart cards which have electrical contacts to facilitate such data transfer. Prior
art U.S. Patent No. 4,480,178 describes a contactless smart card, and U.S. Patent No.
5,120,939 describes the security which smart cards provide when used as data memory
devices.
Electronic commerce is a widespread means of conducting business. The Internet
and World Wide Web have created new avenues for conducting business. Electronic business transactions present a number legal and financial problems. These electronic
transactions create security concerns because the data is transmitted across public
networks and can be intercepted. Encryption methods have been developed which allow
data to be read only by the designated receiver. For example, public key encryption
allows a first user to send a message to a second user that is encrypted using the second
user's public key. The second user's public key can be freely distributed to anyone the
second user wishes to communicate with. The message can only be decrypted using the
second user's private key. If the message is intercepted it cannot be decoded without the
second user's private key.
The identity of a party transmitting amessage executing an electronic transaction
is also of concern, particularly where one of the parties is obliged to perform in the future
or is subject to some future liability. In such transactions it is necessary that the parties
not be able to repudiate the agreement. Also, the identity of the parties must be clearly established so that each can be assured that the other party is in fact the person it
represents to be, and is able to perform. Further, the identity of the parties may need to
be established with a high degree of certainty to support a legal claim, should one of the
parties later attempt to avoid or repudiate the transaction.
Digital signatures have been developed to provide a means for identifying a party
transmitting an electronic message. One method for creating digital signatures is to
generate public and private key pairs for each of a group of parties that may wish to
exchange digitally signed documents. Each of the parties stores its public decrypting keys
in a registry along with identifying information, such as the key owner's name and e-mail address. The key owners each keep their private encrypting keys secret.
To create a digital signature a party encrypts a message with his private
encrypting key that includes the same identifying information that is stored in the
registry. The party receiving the encrypted message goes to the registry and retrieves the
sending party's public decrypting key and identifying information. The receiving party
decrypts the message using the decrypting key from the registry and extracts the
identifying information. If the identifying information found in the message matches the
information stored in the registry then the receiving party concludes that the message is
genuine. Further, there is some assurance that the sending party will not deny that he sent
the message since only the sending party's private encrypting key can create a message
that the sending party's public decrypting key can decode.
Known digital signature techniques suffer from certain problems. A third party
may intercept a signed message and use the signed message to spoof another party. By
retransmitting the signed message, the interceptor may be able to convince a recipient
that he is the true sender. This is the so-called "man-in-the-middle" attack.
In addition, known digital signatures are subject to repudiation. A party may no
longer wish to be bound by a disadvantageous agreement or may be subject to criminal
or civil liability if he made the agreement. That party may simply deny sending a
particular message. The party may claim that he did not intend to execute a transaction
with a particular party but was instead the victim of a man-in-the-middle attack.
With known digital signature techniques, the only information connecting the
sender with the message is the database entry in the registry containing his public
decrypting key and the identifying information. Thus, the sender may repudiate a transaction by claiming that his public decrypting key was registered without his
authority.
SUMMARY OF THE INVENTION
An object of the invention is to provide a wireless device with the ability to have
secure e-cornmerce transactions utilizing a contactless smart card. It is a further object
of the present invention to provide a wireless smart card transaction system which utilizes
biometric identification methods. The system may incorporate at least one biometric
input device, such as a fingerprint reader, a camera or micro-camera for iris or face
recognition, standard microphone for voice recognition or any other biometric input
device.
Another object of the invention to is to capture the biometric data of a person
using the device/module. Once the biometric data has been captured, another object of
the invention is to encrypt the biometric data and transmit it to a remote host or server for
authorization. Alternatively, the device/module may perform a local authorization of the
biometric data. After the device/module has performed the local authorization, the device
may transmit an encrypted authorization message to a host or service supplier. If either
authorization method fails to approve of a user, the device may deny the user services.
Another object of the invention is to provide a financial information and
transaction system which utilizes wireless communications. In this system, a device is
connected to a financial institution via a wireless connection. Smart cards are utilized to
verify authorization for communications and transactions, thereby minimizing potential
security problems which could otherwise result from use of a wireless device.
Alternatively, a smart card is advantageously utilized not only for authorization, but also to maintain a secure record of available funds. The system not only provides the
functionality of an ATM network, but also provides non-financial services, thereby
forming an integrated system.
In another embodiment, a wireless communication device may be comprised of
a communications interface and a contactless smart card interface, such as a contactless
reader/writer, connected to the commumcations interface. The communications interface
may include a controller, transmission/reception subsystem, and/or user interface. The
controller may be a microprocessor and the user interface may include a microphone,
speaker, key pad/board, micro-camera, display screen, touch screen or any other
input/output device.
An object of the invention is to provide a module to upgrade existing wireless
devices to include a smart card reader/writer, in particular a contactless smart card
reader/writer, in order to communicate with contactless cards.
It is a further object of the invention to provide a smart card transaction system
which is integrated with wireless communication devices, including personal digital
assistants (PDAs), cellular phones, PCS systems, pagers, etc. The format of the wireless
communication is not a limitation to the system. It is a further object of the invention to
provide smart card based transactions and token redemption systems. It is a further
object of the invention to provide enhanced security to such systems through biometric
authentication processes and apparatus. It is a further obj ect of the invention to provide
a transaction system integrated with a wireless communication system utilizing either
contact based or contactless smart card technologies.
According to an advantageous feature of the invention, a wireless communication device such as a cellular phone may be utilized to access a communication network. A
transaction may be conducted over the communication network, and a token or other
indicia of value may be transmitted to the wireless communication device. The wireless
communication device may then download the token, or other indicia of value, or other
information to a smart card via integrated or add-on contact based or contactless smart
card interfaces (such as a reader/writer). The transaction system may include one-to-one
security/authentication features or one-to-many security/authentication features, when
involving a remote host computer database storage.
In another embodiment, a module may include a contact smart card reader. The
module may be used with contact smart cards, contactless smart cards, or both.
These, together with other objects and advantages which will be subsequently
apparent, reside in the details of construction and operation as more fully hereinafter
described in the claims, with reference to the accompanying drawings forming a part thereof, wherein like numerals refer to like elements throughout.
The present invention is directed to methods and apparatus for storing a digital
signature, analzing a "live" signature and comparing the two to provide positive user
authentication and non-repudiation. It is an object of the present invention to store a
unique characteristic of the sender, such as biological indicia that can only have come
from the user. In a perferred embodiment, a digital signature is stored in the memory of
a bioauthentication smart card for comparison to a "live" signature.
Another object of the present invention is to store a digital signature that allows
positive identification of the sender which cannot be repudiated.
Another object of the present invention is to analyze a stored digital signature with a real time signature applied to a smart card.
Another object of the present invention is to provide a method for positively
identifying a user during an electronic transaction with a biologically-based digital
indicia. The present invention is directed to methods and apparatus for creating and
storing a digital for use in electronic commerce. The person requesting the electronic
transaction
digital certificate such that the digital certificate provides positive identification of the
sender and minimizes the ability of the sender to repudiate the authenticity of the certificate and any transaction embodied in an electronic document appended to the
certificate.
According to an aspect of the present invention, a person, hereinafter called a
user, wishing to obtain a bioauthentication smart card visits a local bank or service center
and enters a data corresponding to a biological or physical characteristic of himself, for
example, his signature into a smart card. Preferably, the data is entered in digital form,
but could be entered by optical imaging (e.g. a photograph or a scanned fingerprint, iris,
or retina) which is then processed into digital form. The digital representation of the
registrant's biological indicia is encrypted using the registrant's private key and sent to
the certificate authority along with the registrant's public key. The certificate authority
decrypts the digital representation and stores it. The registrant then visits a remote
registration terminal in person with the digital representation and other identifying
documents. The operator of the remote registration terminal verifies the identity of the registrant from the identifying documents and transmits the digitized representation to
the certificate authority. The certificate authority compares the decrypted digital
representation with the representation sent from the remote registration terminal. If a
match is found, the certificate authority forms a certificate by signing the digital signature
using the certificate authority's encrypting key. The certificate is stored in a database and
is sent to the registrant. Preferably, the database is public with no restriction as to who
may access the stored certificate data. Alternatively, access to the database may be
restricted to, for example, employees of a particular corporation or government
department, database subscribers, or members of a stock exchange.
According to another aspect of the present invention, the registrant transmits a
digital message including the certificate described above. The digital message is then
encrypted with the registrant's private encrypting key. The party receiving the encrypted
message decrypts the message using the registrant's public decrypting key. The receiving
party inspects the message to verify that the appended certificate is valid and that the
certificate was prepared by a reputable certificate authority by comparing the certificate
with the information stored in the database. The reputation of the certificate authority
provides some assurance that the message is genuine and that the sender will not later
repudiate the message because his signature and identifying information are part of the
certificate stored in the public database.
If additional assurance that the registrant actually transmitted the message is
desired, the receiving party can transmit the certificate to the certificate authority and
request that the certificate be decrypted to extract the digitized representation. The digital
representation is then compared with the digital representation originally submitted by the registrant. If even greater assurance is required, for example, where the registrant later
attempts to repudiate the message, the digital representation can be compared with
biological indicia of the registrant from which the digital signature was originally formed.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows an embodiment of the invention;
FIG. 2 shows another embodiment of the invention;
FIG. 3 shows another embodiment of the invention;
FIG. 4 shows an embodiment of the invention;
FIG. 5 shows another embodiment of the invention;
FIG. 6 shows another embodiment of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
The smart card market is a rapidly growing market. Smart cards are usually divided into two categories: standard smart cards and contactless smart cards. A smart
card is a plastic card, having the size of a regular bank or credit card, that contains a
semiconductor chip. The International Standards Organization (ISO) specifies the size
and thickness of both credit cards and smart cards. The basic contact smart card standard
is the ISO 7816 series, part 1-10, while contactless cards will be governed by the ISO
14443 standard. The invention is not limited to systems that implement these standards.
The chip in a contactless smart card can store large quantities of information. The card
may also contain a microprocessor, which can process data, turning the smart card into
a small computer. The smart card is activated by placing the card in a terminal that can read and write data to/from the card. Standard smart cards must be physically contacted
by the terminal for data to be read or written. Contactless smart cards, however, can be
accessed without physical contact. Instead, data can be exchanged via radio frequency
technology, which is usually 13.56 MHz. To make this possible, a contactless smart card
must contain not only a memory and/or a PCU unit but also a transmitter/receiver unit
which modulates/demodulates the data and an antenna connected to the chip to
transmit/receive the data. The invention is not limited to systems that use the radio
frequency bands. The system may use other communication frequency bands.
Wireless communication devices, such as cellular phones and PDAs, are common
portable communications devices. There is a need to provide smart card transaction
capabilities in these portable devices and to upgrade these wireless communications
devices to accommodate smart card transactions. In an embodiment of the invention, a
smart card reader/writer module may be provided as an attachment to a standard wireless
device. The module may operate at 13.56 MHz high-frequency standard. The module may be appropriately sized to ergonomically match a host wireless device. For example,
the module may be approximately 5 cm long, 2-4 cm wide, 4 cm high. The module may
be connected to device 220, as shown in FIG. 2, via an interface connector such those
used for connecting to regular data modems. In an alternative embodiment, module 210,
as shown in FIG. 2, may be integrated into the battery of device 220. In another
alternative embodiment, the module may be incorporated into the wireless device 220.
As shown in FIGS.2 and 3, module 210 may be a separate add-on device for
connecting to a wireless communication device 220. Module 210 may be connected to
communication device 220 through an external connector and may receive power from a battery (not shown) in communication device 220. In an alternative embodiment, a
power supply (not shown) may be included in module 210. The module power supply
may also be used as a reserve power supply for communication device 220.
A user may request to receive a biometric authorization smart card from a service
center or bank. In a preferred embodiment, the user may visit the service center or bank
to initialize the smart card. The user may be required to present at least one form of
identification (e.g., driver's license, passport, birth certificate) to the service provider or
bank before receiving the smart card. As shown in FIG. 1, the biometric authorization
smart card (105) may have a signature scratch pad (110) on the back of the card, which
the user may initialize by signing the scratch pad X number of times. For example, the
user may be requred to sign the scratch pad three times in front of the bank officer. Once
the signature has been applied to the back of the smart card, the signature will be stored in a digital form on a microchip in the card. This has the advantage of eliminating the
need for a remote storage center for the biometric information of the user.
With today's advancing technology, there is a growing concern over the
collection of personal information such as biometric information for databases, which can
be sold to other companies or the government without an individual's knowledge. The
growing concern over Big Brother has provided a need for the invention shown herein,
where the biometric information is stored in the card and the individual is always in
possession of that card. This embodiment elimates the concerns regading the collection
of personal biometric information for a centralized database.
After a user has obtained and intialized a biometric authorization smart card, the
user or card holder may purchase goods or services using any type of communication device. A communcations device may be a landline telephone, a wireless device, or a
computer capable of exchanging data with another communications device. Figure 6
shows a flow chart of a method of using the biometric smart card. A card holder may
establish a communication link via a wireless personal device with another party or
service provider (605). It should be noted that any type of communication device may
be used to establish a communication link with another party. This may include landline
telephones, wireless communication devices, and computer related communication
devices, so long as the communication device is equipped to read the biometric
authorization smart card.
Once the card holder has established communications with a service provider, the
card holder will select an action to be taken with the service provider, such as the
purchase of goods and services (610). After a user has decided initiate a purchase, the
card holder may select a form or method of payment (615). The method of payment may
be integrated into the biometric card or separate from the biometric card. For example,
the scratch pad may be associated with a bank credit card which may only be used when
the correct signature is applied to the scratch pad at the time of purchase.
In an alternative embodiment, the card may be used as a biometric authorization
system for different accounts that have been established with different service providers.
The card holder may be requested to sign his/her name with an ihkless pen or stylus on
the electronic scratch pad of the smart card (620). The scratch pad may be electrically
connected to a smart card chip integrated within the biometric authorization smart card
(625). This may also be seen in FIG. 6.
The smart card chip may read and analyze the data from the pressure-sensitive area (i.e., the scratch pad) (630). The smart chip may perform a comparison between the
signature stored in the smart chip and a "live" signature to provide positive user
authentication and non-repudiation.. For security, the signature pattern stored in the
smart chip will be encrypted in the chip's memory. The smart chip internally performs
a comparison between the stored signature and the "live" signature of the card holder
received from the scratch pad (635).
A threshold level may be set to determine the accuracy of the "match" between
the stored signature and the "live" signature. If the comparison yields a result above a
pre-defined threshold, the chip may enabled the transaction by transmitting a signal to
the vendor. The signal may be as simple as a yes or no response. Alternatively, the
signal may be an encrypted form of the signature. Then the card holder will be able to
complete the transaction. If the comparison fails to yield a match, the card holder may
not be able to complete the transaction.
In an embodiment of the invention, when the comparison fails, a user may either
repeat the signature and authentication process or give an alternative identification such as a PIN (using the communications device) or any other method, in order to complete
the transaction.
Device 320 may communicate with module 310 via a modem 305. The module
may be controlled by central processor unit (PCU) 315, which may be connected to
modem 305. PCU 315 may control activity indicators 325 such as transmission/reception
activity and on/off status. In addition, PCU 315 may control a display (not shown),
which may be located in module 310, in device 320 or both. In another embodiment,
module 310 may share a PCU 315 located in device 320. Module 310 may also be equipped with encryption decryption unit 335, which
may be controlled by the PCU 315. The encryption/decryption unit 335 is used to
prevent a third party from intercepting the data transferred to and from the contactless
card. The information exchanged between the smart card and the module/device may be
encrypted according to various well-documented methods. In one embodiment, the card
may authenticate the card reader/writer by generating a random number and sending it to the reader/writer. The reader/writer has to encrypt the random challenge (number)
with a shared encryption key and return the result to the card. The card then compares
the returned result with its own encryption before agreeing to communicate with the
reader/writer. Conversely, the card reader/writer may also authenticate the card's identity
by sending a random challenge (number) to the card. The card is then required to sign the number with its own private key, which is part of a private key/public key pair, and
return it to the reader/writer for verification.
Furthermore, module 310 may include a radio frequency (RF) unit 345 connected
to PCU 335. RF unit 345 may include: (1) a down converter coupled to a low noise amplifier for converting received RF signal waveforms to intermediate frequency (IF)
waveforms; (2) an up converter coupled to a high power amplifier for converting
modulated analog waveforms from an IF to an RF for amplification and transmission to
the antenna; (3) a first analog to digital converter having an input connected to the down
converter, for converting the analog LF waveform to a series of digital samples; and/or
(4) a first digital to analog converter connected to the up converter for converting
modulated digital samples from the processor board to an LF frequency.
The RF section/unit 345 may also be coupled to reader/writer antenna 375. A variety of reader/writer antennas may be used which allow reading and writing distances
up to 100mm, but usually between 0-30mm. Reader/writer antenna 375 should not
interfere with the functionality of the device 320. The contactless reader/writer may be
provided by companies such as Baltech AG or Tamura Hinchley Ltd.
In an alternative embodiment, the module 10 may be incorporated into the
wireless device as shown in FIG. 4. The wireless device may be controlled by the PCU
415, which may control activity indicators 425, such as transmission/reception activity
and on/off status. In addition, PCU 415 may control a display (not shown). The wireless
device may also be equipped with an encryption/decryption unit 435, which may be
controlled by the PCU 415. The device may include two RF units 400 and 445 connected
to PCU 415. RF unit 445 may be coupled to reader/writer antenna 475 for providing communication with the smart card. RF unit 400 may provide the traditional voice
communications circuitry.
In another alternative embodiment, the module may be incorporated into the
wireless device and have only one RF unit. In this embodiment, the voice
communications and the smart card transmissions are completed using the same antenna.
In another embodiment, a biometric unit 365/465 may be provided for security purposes. The biometric unit 365/465 may include a biometric input device, such as a
fingerprint reader, camera/micro-camera for iris or face recognition, or a standard
microphone for voice recognition, to capture biometric information. The biometric unit
365/465 may encrypt the captured data and send it to a remote server or host that will use
the data for authentication. Alternatively, the biometric unit 365/465 may perform local
authentication and transmit encrypted messages to a host or server, which may be remote. In another embodiment of the invention, biometric unit 365 may interface with any other biometric reader or any other biometric authentication device.
In another embodiment, when a biometric authentication server receives
encrypted biometric data from the device/module the biometric authentication server may
be capable of decrypting the data. The biometric authentication server may either
identify the owner of the biometric data (one to many) and send the owner's LD data or,
when presented 2 sets of biometric data, it replies with either match or no match signal
(one-to-one).
During operation, module 10 may be capable of conducting many types of
transactions. One example is secure wireless financial transactions. More specifically,
the operation of the device 20 may initialize a smart card and/or download an increase in value to a value-holding smart card. The device may also operate to debit value or
record a credit transaction for the purchase of merchandise or services. In a typical
scenario utilizing module 10 in a commercial purchasing transaction, the user may establish communications with a retailer/host. Once communications are established,
the user may be able to receive and preview specially formatted graphical advertisements
within display, such as for the purchase of a specific consumer good, or the user may
define the required items to be purchased. The host may require the user to identify
himself. This may be accomplished by authentication (by a PIN or any Biometric
method such as voice, finger print, iris, face, etc.). If authorization is completed, the host
computer decreases the stored money amount by the price of the item purchased.
In an embodiment of the invention, the module 10 may be used to purchase and
download tickets or other tokens. A user may purchase tickets or tokens that may be downloaded onto the smart card for storage. Once the user arrives at an event, the user
may use the smart card as the admission ticket eliminating the need for a paper ticket.
The user of the card will gain entry permission by presenting the contactless card near
a local contactless card reader/writer. One smart card can be used to store at least one
ticket or token that may be redeemed at places such as movie theaters, stadiums, airline
gates etc. Restrictions may be provided that limit the download of tickets or tokens to
a contactless smart card from selected wireless devices. In addition, or alternatively,
remotely purchased items may be represented by tokens placed on the smart card (contact
or contactless). The tokens may be redeemed at any redemption point, such as a store or
other distribution station or delivery services for merchandise or services represented by
the token. Once the ticket has been redeemed, the ticket maybe marked as unusable or
removed from the memory of the smart chip.
Advantageously, the redemption point may also include a biometric unit which
can be used in coordination with the biometric data to authenticate redemption of the ticket, token, or debit of the value from the smart card.
In another embodiment, the contactless smart chip may contain an RF unit to be
able to communicate with the wireless device directly via the cellular or wireless
communication frequency without utilizing a contactless reader/writer at all.
Alternatively, the wireless device or add-on device may be adapted to transmit/receive
or read write commands over its principle antenna at an appropriate frequency for the
smart cards. A smart card may be restricted to be used only with a predefined cellular
phone or a group of cellular phones or other wireless device or with a predefined user
over any device. If an authorization program fails to match a card and a device or a card and a user, services or data transmission/reception may be denied. Alternatively, the
authorization program may allow the card the flexibility to work with a group of wireless
devices. This method provides an additional level of security and flexibility. It should
understood that the RF communication between the communication device and the
contactless card may be accomplished using the Bluetooth Standard. The present
invention may also be incorporated into a contact card.

Claims

We claim:
1. A wireless communication device comprising:
a communications interface;
a contactless smart card interface connected to the commumcations interface.
2 A wireless communication device according to claim 1 wherein the communications interface
further comprising: a controller;
a transmission reception subsystem;
a user interface.
3. A wireless communication device according to claim 1 wherein the contactless smart card interface is a contactless smart card read writer.
4. A wireless communication device according to claim 1 wherein the contactless smart card interface is integrated into the wireless communication device.
5. A wireless communication device according to claim 1 wherein the contactless smart card
interface is an add-on module connected to the wireless communication device.
6. A wireless communication device according to claim 1 further comprising:
an authentication subsystem.
7. A wireless communication device according to claim 2 wherein the smart card interface
further comprising a reader/writer antenna.
8. A module for a communication device according to claim 6 further comprising a biometric
unit.
9. A module for a communication device according to claim 8 wherein the biometric unit
further comprising an input unit and output unit.
10. A method for providing wireless communications: purchasing an item using a wireless communication device and purchasing medium;
providing a security feature to verify a user identification;
delivering the item electronically and storing the item on the purchasing medium.
11. A method for providing wireless communications according to claim 7, further comprising
the step of: redeeming the item stored on the purchasing medium.
12. A method for providing wireless communications according to claim 7 , further comprising
the step of: verifying biometric information of the user.
13. A financial information and transaction system comprising:
a host financial computer system, said host system maintaining records of user account
information; a wireless communication device for accessing said host financial computer system, wherein
comprising first means for wirelessly transmitting and receiving data, and a contactless smart card
reader; and wherein data corresponding to said user account information is exchanged between said host
system and said wireless communication device, such that a user obtains information and performs
transactions on said host financial system through a contactless smart card device that is coupled to said contactless smart card reader, said contactless smart card device including means for encrypting
data which is exchanged with said host financial system.
14. A method for providing wireless communications comprising the steps of:
capturing biometric data using a wireless device;
performing an authorization to verify a user identification.
15. A method for providing wireless communications according to claim 14 wherein the
contactless smart card interface is a contactless smart card read writer.
PCT/IB2001/000809 2000-04-14 2001-04-13 Smart communications WO2001086599A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001255010A AU2001255010A1 (en) 2000-04-14 2001-04-13 Smart communications

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US19777500P 2000-04-14 2000-04-14
US60/197,775 2000-04-14
US26401301P 2001-01-26 2001-01-26
US60/264,013 2001-01-26

Publications (2)

Publication Number Publication Date
WO2001086599A2 true WO2001086599A2 (en) 2001-11-15
WO2001086599A3 WO2001086599A3 (en) 2002-06-20

Family

ID=26893150

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2001/000809 WO2001086599A2 (en) 2000-04-14 2001-04-13 Smart communications

Country Status (2)

Country Link
AU (1) AU2001255010A1 (en)
WO (1) WO2001086599A2 (en)

Cited By (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003021539A1 (en) * 2001-08-31 2003-03-13 Schlumberger Systemes S.A. Voice activated smart card
EP1359778A1 (en) * 2002-05-03 2003-11-05 Motorola, Inc. System, method and station for use in secure communication
SG107121A1 (en) * 2001-11-22 2004-11-29 Ntt Docomo Inc Authentication system, mobile terminal, and authentication method
WO2005027035A1 (en) * 2003-09-16 2005-03-24 Gold Fusion International Limited Contactless transmission system, apparatus and method
EP1546990A1 (en) * 2002-07-30 2005-06-29 Kenneth Stephen Bailey Plug in credit card reader module for wireless cellular phone verifications
WO2007072109A1 (en) * 2005-12-21 2007-06-28 Security Software Inc. Safe transaction system using an intelligent card
US7337326B2 (en) 2002-03-28 2008-02-26 Innovation Connection Corporation Apparatus and method for effecting secure physical and commercial transactions in a contactless manner using biometric identity validation
US7336973B2 (en) 2002-10-30 2008-02-26 Way Systems, Inc Mobile communication device equipped with a magnetic stripe reader
GB2430785B (en) * 2004-07-01 2008-06-25 American Express Travel Relate System for biometric security using a smartcard
US7765128B2 (en) 2004-07-21 2010-07-27 Smart Destinations Inc. Programmable ticketing system
EP2249591A1 (en) * 2008-02-01 2010-11-10 Beijing Watch Data System Co., Ltd. Telecommunication intelligent card and method for signaling interaction with external non-contact
WO2013156798A1 (en) * 2012-04-20 2013-10-24 Powa Technologies Limited Authorization system & commercial transaction system
WO2013156796A1 (en) * 2012-04-20 2013-10-24 Powa Technologies Limited Chip-and-pin reader device and commercial transaction system including same
GB2504267A (en) * 2012-07-22 2014-01-29 John Michael Lowe Human fingerprint authentication system for contactless transactions
WO2015200858A1 (en) * 2014-06-27 2015-12-30 Intel Corporation Face based secure messaging
WO2016013999A1 (en) * 2014-07-22 2016-01-28 Mt Bilgi Teknolojileri Ve Dis Ticaret A. Ş. Biometric secure sales and payment terminal using face recognition and finger print definition methods
US9361620B2 (en) 2011-10-14 2016-06-07 Leisure Pass Group Limited Electronic transaction system with entitlement and promotion engines
WO2016190829A1 (en) * 2015-05-28 2016-12-01 Mt Bilgi Teknolojileri Ve Diş Tic. A. Ş. Id access device enabling any type of electronic payment functions including contact, contactless and biometric
US10592894B2 (en) 2009-02-10 2020-03-17 4361423 Canada Inc. Apparatus and method for commercial transactions using a communication device
US10621590B2 (en) 2017-02-22 2020-04-14 Square, Inc. Line-based chip card tamper detection
US10635820B1 (en) 2017-09-29 2020-04-28 Square, Inc. Update policy-based anti-rollback techniques
US10643200B2 (en) 2010-10-13 2020-05-05 Square, Inc. Point of sale system
US10684848B1 (en) 2016-03-30 2020-06-16 Square, Inc. Blocking and non-blocking firmware update
US10733589B2 (en) 2017-04-28 2020-08-04 Square, Inc. Point of sale device power management and under voltage protection
US10733588B1 (en) 2014-06-11 2020-08-04 Square, Inc. User interface presentation on system with multiple terminals
US10753982B2 (en) 2014-12-09 2020-08-25 Square, Inc. Monitoring battery health of a battery used in a device
US10762196B2 (en) 2018-12-21 2020-09-01 Square, Inc. Point of sale (POS) systems and methods with dynamic kernel selection
US10810570B1 (en) 2019-09-30 2020-10-20 Square, Inc. Point of sale device with cradle for mobile computing device
US10817869B2 (en) 2016-06-29 2020-10-27 Square, Inc. Preliminary enablement of transaction processing circuitry
US10937019B2 (en) 2016-06-08 2021-03-02 Square, Inc. Wireless communication system with auxiliary antenna
US10949189B2 (en) 2017-06-28 2021-03-16 Square, Inc. Securely updating software on connected electronic devices
US10970698B1 (en) 2017-12-08 2021-04-06 Square, Inc. Reader detection signal bypassing secure processor
US10970708B2 (en) 2016-12-31 2021-04-06 Square, Inc. Predictive data object acquisition and processing
US10990969B2 (en) 2018-12-21 2021-04-27 Square, Inc. Point of sale (POS) systems and methods for dynamically processing payment data based on payment reader capability
US11010765B2 (en) 2016-06-29 2021-05-18 Square, Inc. Preliminary acquisition of payment information
US11049095B2 (en) 2018-12-21 2021-06-29 Square, Inc. Point of sale (POS) systems and methods with dynamic kernel selection
US11080674B1 (en) 2014-09-19 2021-08-03 Square, Inc. Point of sale system
US11080675B1 (en) 2015-09-08 2021-08-03 Square, Inc. Point-of-sale system having a secure touch mode
US11087315B2 (en) 2015-09-24 2021-08-10 Square, Inc. Server-assisted pairing for wireless communications
US11087301B1 (en) 2017-12-19 2021-08-10 Square, Inc. Tamper resistant device
US11100298B1 (en) 2017-12-08 2021-08-24 Square, Inc. Transaction object reader with analog and digital signal interface
US11257058B1 (en) 2017-10-30 2022-02-22 Square, Inc. Sharing output device between unsecured processor and secured processor
US11328134B1 (en) 2014-06-23 2022-05-10 Block, Inc. Displaceable reader circuitry
US11481750B2 (en) 2015-06-30 2022-10-25 Block, Inc. Pairing a payment object reader with a point-of-sale terminal
US11665817B2 (en) 2019-09-30 2023-05-30 Block, Inc. Tamper detection based on flexible member connecting circuitry elements
US11663368B2 (en) 2019-09-30 2023-05-30 Block, Inc. Tamper detection based on removal of fastener from recess
US11871237B1 (en) 2016-06-30 2024-01-09 Block, Inc. Pairing a payment object reader with a point-of-sale terminal

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9454752B2 (en) 2001-07-10 2016-09-27 Chartoleaux Kg Limited Liability Company Reload protocol at a transaction processing entity
US9031880B2 (en) 2001-07-10 2015-05-12 Iii Holdings 1, Llc Systems and methods for non-traditional payment using biometric data
US7735725B1 (en) 2001-07-10 2010-06-15 Fred Bishop Processing an RF transaction using a routing number
US6805287B2 (en) 2002-09-12 2004-10-19 American Express Travel Related Services Company, Inc. System and method for converting a stored value card to a credit card

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4480178A (en) 1983-04-04 1984-10-30 At&T Information Systems Tuning arrangement for interfacing credit card-like device to a reader system
US5120939A (en) 1989-11-09 1992-06-09 At&T Bell Laboratories Databaseless security system
US5821983A (en) 1994-05-20 1998-10-13 Lucent Technologies, Inc. Data message storage and transmission using a videophone and smart card
US5867795A (en) 1996-08-23 1999-02-02 Motorola, Inc. Portable electronic device with transceiver and visual image display

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1376460B1 (en) * 1995-06-02 2008-04-09 Nxp B.V. Chip card
NL1004249C2 (en) * 1996-10-11 1998-04-15 Datelnet Smart Services B V System with a computer and a number of portable terminals for a smart card, as well as a terminal for use in this system.
CN1260939A (en) * 1997-06-16 2000-07-19 瑞士电信公司 Mobile device, chip card and method of communication
US8346663B2 (en) * 1998-01-30 2013-01-01 Citicorp Development Center, Inc. Method and system of contactless interfacing for smart card banking
CA2327728A1 (en) * 1998-04-08 1999-10-21 On Track Innovations Ltd. Secured data transaction system for smart cards

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4480178A (en) 1983-04-04 1984-10-30 At&T Information Systems Tuning arrangement for interfacing credit card-like device to a reader system
US5120939A (en) 1989-11-09 1992-06-09 At&T Bell Laboratories Databaseless security system
US5821983A (en) 1994-05-20 1998-10-13 Lucent Technologies, Inc. Data message storage and transmission using a videophone and smart card
US5867795A (en) 1996-08-23 1999-02-02 Motorola, Inc. Portable electronic device with transceiver and visual image display

Cited By (71)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003021539A1 (en) * 2001-08-31 2003-03-13 Schlumberger Systemes S.A. Voice activated smart card
US8266451B2 (en) 2001-08-31 2012-09-11 Gemalto Sa Voice activated smart card
US7401357B2 (en) 2001-11-22 2008-07-15 Ntt Docomo, Inc. Authentication system, mobile terminal, and authentication method
SG107121A1 (en) * 2001-11-22 2004-11-29 Ntt Docomo Inc Authentication system, mobile terminal, and authentication method
US7337326B2 (en) 2002-03-28 2008-02-26 Innovation Connection Corporation Apparatus and method for effecting secure physical and commercial transactions in a contactless manner using biometric identity validation
EP1359778A1 (en) * 2002-05-03 2003-11-05 Motorola, Inc. System, method and station for use in secure communication
EP1546990A1 (en) * 2002-07-30 2005-06-29 Kenneth Stephen Bailey Plug in credit card reader module for wireless cellular phone verifications
EP1546990A4 (en) * 2002-07-30 2006-07-05 Kenneth Stephen Bailey Plug in credit card reader module for wireless cellular phone verifications
US7336973B2 (en) 2002-10-30 2008-02-26 Way Systems, Inc Mobile communication device equipped with a magnetic stripe reader
WO2005027035A1 (en) * 2003-09-16 2005-03-24 Gold Fusion International Limited Contactless transmission system, apparatus and method
GB2430785B (en) * 2004-07-01 2008-06-25 American Express Travel Relate System for biometric security using a smartcard
US7765128B2 (en) 2004-07-21 2010-07-27 Smart Destinations Inc. Programmable ticketing system
US8346618B2 (en) 2004-07-21 2013-01-01 Smart Destinations Inc. Programmable ticketing system
WO2007072109A1 (en) * 2005-12-21 2007-06-28 Security Software Inc. Safe transaction system using an intelligent card
EP2249591A4 (en) * 2008-02-01 2013-12-18 Beijing Watch Data Sys Co Ltd Telecommunication intelligent card and method for signaling interaction with external non-contact
EP2249591A1 (en) * 2008-02-01 2010-11-10 Beijing Watch Data System Co., Ltd. Telecommunication intelligent card and method for signaling interaction with external non-contact
US10592895B2 (en) 2009-02-10 2020-03-17 4361423 Canada Inc. Apparatus and method for commercial transactions using a communication device
US10592894B2 (en) 2009-02-10 2020-03-17 4361423 Canada Inc. Apparatus and method for commercial transactions using a communication device
US10970710B2 (en) 2009-02-10 2021-04-06 4361423 Canada Inc. Apparatus and method for commercial transactions using a communication device
US10970709B2 (en) 2009-02-10 2021-04-06 4361423 Canada Inc. Apparatus and method for commercial transactions using a communication device
US10643200B2 (en) 2010-10-13 2020-05-05 Square, Inc. Point of sale system
US9361620B2 (en) 2011-10-14 2016-06-07 Leisure Pass Group Limited Electronic transaction system with entitlement and promotion engines
WO2013156798A1 (en) * 2012-04-20 2013-10-24 Powa Technologies Limited Authorization system & commercial transaction system
WO2013156796A1 (en) * 2012-04-20 2013-10-24 Powa Technologies Limited Chip-and-pin reader device and commercial transaction system including same
GB2504267A (en) * 2012-07-22 2014-01-29 John Michael Lowe Human fingerprint authentication system for contactless transactions
US10733588B1 (en) 2014-06-11 2020-08-04 Square, Inc. User interface presentation on system with multiple terminals
US11328134B1 (en) 2014-06-23 2022-05-10 Block, Inc. Displaceable reader circuitry
WO2015200858A1 (en) * 2014-06-27 2015-12-30 Intel Corporation Face based secure messaging
US9525668B2 (en) 2014-06-27 2016-12-20 Intel Corporation Face based secure messaging
TWI563410B (en) * 2014-06-27 2016-12-21 Intel Corp Processing system, non-transitory computer readable medium and communication method
US10430791B2 (en) 2014-07-22 2019-10-01 Mt Bilgi Teknolojileri Ve Dis Ticaret A. S. Biometric secure sales and payment terminal using face recognition and finger print definition methods
WO2016013999A1 (en) * 2014-07-22 2016-01-28 Mt Bilgi Teknolojileri Ve Dis Ticaret A. Ş. Biometric secure sales and payment terminal using face recognition and finger print definition methods
US11537803B2 (en) 2014-09-19 2022-12-27 Block, Inc. Point of sale system
US11080674B1 (en) 2014-09-19 2021-08-03 Square, Inc. Point of sale system
US11836566B2 (en) 2014-09-19 2023-12-05 Block, Inc Point of sale system
US11954549B2 (en) 2014-09-19 2024-04-09 Block, Inc. Point of sale system
US10753982B2 (en) 2014-12-09 2020-08-25 Square, Inc. Monitoring battery health of a battery used in a device
WO2016190829A1 (en) * 2015-05-28 2016-12-01 Mt Bilgi Teknolojileri Ve Diş Tic. A. Ş. Id access device enabling any type of electronic payment functions including contact, contactless and biometric
US11481750B2 (en) 2015-06-30 2022-10-25 Block, Inc. Pairing a payment object reader with a point-of-sale terminal
US11080675B1 (en) 2015-09-08 2021-08-03 Square, Inc. Point-of-sale system having a secure touch mode
US11087315B2 (en) 2015-09-24 2021-08-10 Square, Inc. Server-assisted pairing for wireless communications
US10684848B1 (en) 2016-03-30 2020-06-16 Square, Inc. Blocking and non-blocking firmware update
US10937019B2 (en) 2016-06-08 2021-03-02 Square, Inc. Wireless communication system with auxiliary antenna
US11748739B2 (en) 2016-06-08 2023-09-05 Block, Inc. Wireless communication system with auxiliary antenna
US11010765B2 (en) 2016-06-29 2021-05-18 Square, Inc. Preliminary acquisition of payment information
US10817869B2 (en) 2016-06-29 2020-10-27 Square, Inc. Preliminary enablement of transaction processing circuitry
US11871237B1 (en) 2016-06-30 2024-01-09 Block, Inc. Pairing a payment object reader with a point-of-sale terminal
US10970708B2 (en) 2016-12-31 2021-04-06 Square, Inc. Predictive data object acquisition and processing
US10621590B2 (en) 2017-02-22 2020-04-14 Square, Inc. Line-based chip card tamper detection
US11113698B2 (en) 2017-02-22 2021-09-07 Square, Inc. Line-based chip card tamper detection
US11669842B2 (en) 2017-02-22 2023-06-06 Block, Inc. Transaction chip incorporating a contact interface
US11899515B2 (en) 2017-04-28 2024-02-13 Block, Inc. Point of sale device power management and undervoltage protection
US10733589B2 (en) 2017-04-28 2020-08-04 Square, Inc. Point of sale device power management and under voltage protection
US11561593B2 (en) 2017-04-28 2023-01-24 Block, Inc. Point of sale device power management and undervoltage protection
US10949189B2 (en) 2017-06-28 2021-03-16 Square, Inc. Securely updating software on connected electronic devices
US11762646B2 (en) 2017-06-28 2023-09-19 Block, Inc. Securely updating software on connected electronic devices
US10635820B1 (en) 2017-09-29 2020-04-28 Square, Inc. Update policy-based anti-rollback techniques
US11257058B1 (en) 2017-10-30 2022-02-22 Square, Inc. Sharing output device between unsecured processor and secured processor
US11100298B1 (en) 2017-12-08 2021-08-24 Square, Inc. Transaction object reader with analog and digital signal interface
US10970698B1 (en) 2017-12-08 2021-04-06 Square, Inc. Reader detection signal bypassing secure processor
US11797965B2 (en) 2017-12-08 2023-10-24 Block, Inc. Reader detection signal based proximity feedback
US11087301B1 (en) 2017-12-19 2021-08-10 Square, Inc. Tamper resistant device
US11775957B2 (en) 2018-12-21 2023-10-03 Block, Inc. Point of sale (POS) systems and methods with kernel selection
US10762196B2 (en) 2018-12-21 2020-09-01 Square, Inc. Point of sale (POS) systems and methods with dynamic kernel selection
US10990969B2 (en) 2018-12-21 2021-04-27 Square, Inc. Point of sale (POS) systems and methods for dynamically processing payment data based on payment reader capability
US11049095B2 (en) 2018-12-21 2021-06-29 Square, Inc. Point of sale (POS) systems and methods with dynamic kernel selection
US11663368B2 (en) 2019-09-30 2023-05-30 Block, Inc. Tamper detection based on removal of fastener from recess
US11665817B2 (en) 2019-09-30 2023-05-30 Block, Inc. Tamper detection based on flexible member connecting circuitry elements
US10810570B1 (en) 2019-09-30 2020-10-20 Square, Inc. Point of sale device with cradle for mobile computing device
US11797970B2 (en) 2019-09-30 2023-10-24 Block, Inc. Point of sale device with cradle for mobile computing device
US11847631B2 (en) 2019-09-30 2023-12-19 Block, Inc. Point of sale device with cradle for computing device

Also Published As

Publication number Publication date
WO2001086599A3 (en) 2002-06-20
AU2001255010A1 (en) 2001-11-20

Similar Documents

Publication Publication Date Title
WO2001086599A2 (en) Smart communications
US8340296B2 (en) Method and system for registering and verifying smart card certificate for users moving between public key infrastructure domains
JP4833481B2 (en) Electronic credit card
US8016189B2 (en) Electronic transaction systems and methods therefor
US8275364B2 (en) Systems and methods for contactless payment authorization
US6983882B2 (en) Personal biometric authentication and authorization device
EP3038034B1 (en) Secure mobile payment system
US10270587B1 (en) Methods and systems for electronic transactions using multifactor authentication
CN202210326U (en) Personal payment terminal provided with keyboard
US6978380B1 (en) System and method for secure authentication of a subscriber of network services
EP3098786A1 (en) Emv transactions in mobile terminals
US20070131759A1 (en) Smartcard and magnetic stripe emulator with biometric authentication
US20110238573A1 (en) Cardless atm transaction method and system
US20090055319A1 (en) Novel card-less, name-less, number-less, and paper-less method and system of highly secure completely anonymous customer-merchant transactions
CN102713920A (en) A personalized multifunctional access device possessing an individualized form of authenticating and controlling data exchange
EP1522040A1 (en) Smart card network interface device
WO2012125477A2 (en) System and device for facilitating a transaction by consolidating sim, personal token, and associated applications for electronic wallet transactions
US20100131414A1 (en) Personal identification device for secure transactions
CN102257540A (en) Enhanced smart card usage
US7416114B2 (en) Electronic value transfer device equipped with non-contact IC interface
RU2479029C2 (en) Subscriber id verification
EP2365477A1 (en) Personal identification device for secure transactions
WO2000074007A1 (en) Network authentication with smart chip and magnetic stripe
JP2001344544A (en) Portable terminal and electronic clearing system using the same
US10503936B2 (en) Systems and methods for utilizing magnetic fingerprints obtained using magnetic stripe card readers to derive transaction tokens

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP