WO2012048373A1 - Systems and methods of securely carrying out transactions - Google Patents

Systems and methods of securely carrying out transactions Download PDF

Info

Publication number
WO2012048373A1
WO2012048373A1 PCT/AU2011/001302 AU2011001302W WO2012048373A1 WO 2012048373 A1 WO2012048373 A1 WO 2012048373A1 AU 2011001302 W AU2011001302 W AU 2011001302W WO 2012048373 A1 WO2012048373 A1 WO 2012048373A1
Authority
WO
WIPO (PCT)
Prior art keywords
account
authentication unit
information
authentication
transaction
Prior art date
Application number
PCT/AU2011/001302
Other languages
French (fr)
Inventor
Hans Klieber
Frank Klieber
Original Assignee
Nokuta Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2010904591A external-priority patent/AU2010904591A0/en
Application filed by Nokuta Pty Ltd filed Critical Nokuta Pty Ltd
Publication of WO2012048373A1 publication Critical patent/WO2012048373A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/206Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3226Use of secure elements separate from M-devices

Definitions

  • the present invention relates to systems and methods for linking two or more devices for transferring encoded information.
  • Embodiments of the invention have been particularly developed for linking a personal device such as a mobile phone to a payment processing system to effect secure payment for a transaction. While some embodiments will be described herein with particular reference to that application, it will be appreciated that the invention is not limited to such a field of use, and is applicable in broader contexts.
  • EMV Europay, MasterCard and VISA
  • IC cards or chips integrated circuit cards
  • POS point of sale terminals
  • ATMs automated teller machines
  • PayPassTM and Visa payWaveTM allow transactions to be carried out wirelessly without user authentication during the transaction.
  • a method for securely carrying out a transaction including the steps of:
  • the target device is preferably one of a mobile phone, personal digital assistant (PDA), a personal computer, an under-skin chip-unit or a wristwatch. More preferably the target device is a mobile phone. In one embodiment the authentication unit is preferably selectively removable from the target device.
  • the method of the first aspect of the invention preferably further includes the step of initially uploading the account and authentication information to the authentication unit by inserting a special and unique data storage card into the target device that communicates securely with the authentication unit.
  • the data storage card can preferably only be used to transfer data once. The insertion can also be substituted by waving the card in front of the authentication unit or by decoding a photo of a 2 D code.
  • the method preferably further includes the step of initially uploading the account and authentication information to the authentication unit by wireless communication.
  • the account and authentication information preferably includes information indicative of one or more financial institution accounts or credit card accounts. [0013] The account and authentication information preferably includes information indicative of one or more of the following:
  • the step of accessing the authentication unit preferably includes the sub-steps of:
  • the password is preferably unique to a specific account linked to the authentication unit. In another embodiment, the password is preferably common to each account linked to the authentication unit.
  • the step of accessing the authentication unit preferably includes the sub-steps of:
  • the encrypted communication link is preferably established through a wireless communication protocol selected from Near Field Communication, Bluetooth, 2D codes, Cyber codes, Wi-Fi or Radio-Frequency Identification (RFID).
  • a wireless communication protocol selected from Near Field Communication, Bluetooth, 2D codes, Cyber codes, Wi-Fi or Radio-Frequency Identification (RFID).
  • an authentication unit integrated into said target device for securely storing account and authentication information, and providing access to said information in response to a request from said transaction terminal thereby to securely transfer said account and authentication information between said target device and said transaction terminal to carry out a secure transaction.
  • the system according to the second aspect preferably further includes a unique data storage card releasably insertable into the target device to securely transfer the account and authentication information to the authentication unit.
  • the data storage card can preferably only be used to transfer data once.
  • the target device is preferably capable of receiving uploaded account and authentication information for the authentication unit by wireless communication.
  • the authentication unit is preferably configured to store account and authentication information indicative of one or more financial institution accounts or credit card accounts.
  • the target device In response to a request from the transaction terminal, the target device preferably prompts a user to enter a password to access the information from the authentication unit, and based on the user entering a correct password, the authentication unit provides access to the information for transfer to the transaction terminal through the encrypted wireless communication link.
  • a device for securely carrying out a transaction including
  • a display to output information visually
  • a wireless communication device for establishing an encrypted wireless communication link with a transaction terminal when said device is within a predetermined range of said transaction terminal
  • an authentication unit for securely storing account and authentication information, and providing access to said information in response to a request from said transaction terminal thereby to securely transfer said information between said device and said transaction terminal to carry out a secure transaction.
  • the device is preferably one of a mobile phone, personal digital assistant (PDA), a personal computer, under-skin chip-unit or a wristwatch. More preferably the device is a mobile phone.
  • PDA personal digital assistant
  • a personal computer More preferably the device is a mobile phone.
  • the device preferably further includes a port configured to receive a unique data storage card to securely transfer the account and authentication information to the authentication unit.
  • the data storage card can preferably only be used to transfer data once.
  • the wireless communication device is preferably capable of wirelessly receiving uploaded account and authentication information for storage on the authentication unit.
  • the authentication unit is preferably configured to store account and authentication information indicative of one or more financial institution accounts or credit card accounts.
  • the device In response to a request from the transaction terminal, the device preferably prompts a user to enter a password through the interface to access the information from the authentication unit, and, based on the user entering a correct password, the authentication unit preferably provides access to the information for transfer to the transaction terminal through the encrypted wireless communication link.
  • any one of the terms comprising, comprised of or which comprises is an open term that means including at least the elements/features that follow, but not excluding others.
  • the term comprising, when used in the claims should not be interpreted as being limitative to the means or elements or steps listed thereafter.
  • the scope of the expression a device comprising A and B should not be limited to devices consisting only of elements A and B.
  • Any one of the terms including or which includes or that includes as used herein is also an open term that also means including at least the elements/features that follow the term, but not excluding others. Thus, including is synonymous with and means comprising.
  • FIG. 1 is a flow chart outlining a method of securely carrying out a transaction according to one embodiment of the invention
  • FIG. 2 is a schematic diagram of a mobile phone communicating wirelessly with a transaction terminal
  • FIG. 3 is a perspective drawing of a mobile phone according to one embodiment of the invention.
  • FIG. 4 is a perspective drawing of a personal digital assistant (PDA) according to another embodiment of the invention
  • FIG. 5 is a system level block diagram of one embodiment of the invention
  • FIG. 6 is a schematic system level block diagram of another embodiment of the invention.
  • FIG. 7 is a schematic system level block diagram of a further alternative embodiment of the invention.
  • FIG. 8 is a schematic diagram of a data storage card according to one embodiment of the invention.
  • FIG. 9 is a schematic system level block diagram of another alternative embodiment of the invention, wherein the phone does not require an external port for receiving an authentication card;
  • FIG. 10A is an illustration of a set of user instructions for initially uploading account ant authentication information to the authentication unit from a data card.
  • FIG. 10B is an illustration of a set of instructions for using the invention to carry out a secure transaction.
  • one aspect of the present invention provides a method for securely carrying out a transaction.
  • a target device such as a mobile phone
  • a transaction terminal wherein the target device is within a predetermined range of the transaction terminal.
  • an authentication unit within the mobile phone is accessed to retrieve account and authentication information in response to a request from the transaction terminal.
  • the account and authentication information is securely transferred between the mobile phone and the transaction terminal to carry out a secure transaction.
  • a unique data storage card is inserted into the mobile phone at step 100A. This card communicates securely with the authentication unit and uploads the account and authentication information to the authentication unit at step 100B.
  • FIGs 2 to 6 another aspect of the invention provides a system for securely carrying out a transaction between a transaction terminal 200 and a target device 202.
  • the target device 202 is a mobile phone.
  • target device 202 is a personal digital assistant (PDA).
  • PDA personal digital assistant
  • target device 202 is any one of a range of devices capable of incorporating a wireless communication device for communicating with a transaction terminal 200, including personal computers, an under-skin chip-unit, security access card or smart wristwatches.
  • target device 202 will be hereinafter described as a mobile phone.
  • mobile phone 202 is configured for establishing an encrypted wireless communication link 204 with the transaction terminal 200 when the target device is within a predetermined range of the transaction terminal.
  • the mobile phone 202 and transaction terminal 200 need to be within several metres of each other to communicate wirelessly.
  • phone 202 and terminal 200 need to be within a distance of about 10cm from each other.
  • mobile phone 202 includes an authentication unit 206 integrated for securely storing account and authentication information, and providing access to the information in response to a request from the transaction terminal 200.
  • Unit 206 is any processor or chip with embedded integrated circuits.
  • unit 206 includes memory, micro-processor components and dedicated security logic. Secure transfer of the account and authentication information between mobile phone 202 and transaction terminal 200 facilitates a secure transaction, which may be carried out in a known manner using existing systems of financial institutions.
  • Authentication unit 206 may be a self- powered device or may source power from the battery (not shown) of mobile phone 202.
  • Authentication unit 206 is configured to store account and authentication information indicative of one or more bank accounts, credit card accounts or other accounting systems that utilise personal or confidential data.
  • this information includes the same or similar information to that contained on plastic cards to facilitate the sharing of a common numbering scheme.
  • authentication information may include one or more numbers identifying a specific financial institution and user account, and validity check information.
  • authentication information includes a unique number having a prefix, called the Bank Identification Number, which is a sequence of digits at the beginning of the number that determine the bank to which a number belongs. These are, at the time, the first six digits. Continuing the above example, the next nine digits of the unique number are the individual account number, and the final digit is a validity check code.
  • the authentication information may also include issue and expiration dates, as well as extra codes such as issue numbers and security codes.
  • Authentication unit 206 may also be configured to store information indicative of non-monetary accounts that require authentication or validation from time to time. Examples of such non-monetary accounts include Medicare accounts, private health insurance accounts, club memberships, frequent flyer accounts, awards programmes and other benefit and membership accounts. Further, in some embodiments, authentication unit 206 is configured to store personal information such as drivers' license and passport information. Authentication unit 206 may also be configured to store information relating to everyday-use type passes such as bus, train, ferry and other transport passes, airline check-in accounts and Cabcharge accounts.
  • FIGS 5 to 7 depict three alternative embodiments of how authentication unit 206 is implemented into mobile phone 202.
  • authentication unit 206 is a permanently connected independent hardware unit within mobile phone 202 such as a stand-alone IC chip or microprocessor chip.
  • authentication unit 206 is configured to communicate with a central processing unit 208 of mobile phone 202 to facilitate the transaction.
  • a central processing unit 208 of mobile phone 202 For example, in an embodiment using a smart phone, an application is available for receiving user input and displaying information regarding the transaction in process.
  • phone 202 is configured to display the account balance when the transaction is completed. In one embodiment the balance is automatically erased after a short period of time, e.g. 10 seconds, so that thieves cannot look up a user's balances on a stolen phone.
  • authentication unit 206 is implemented as software integrated into the central processing unit 208 of mobile phone 202 and the transaction procedure is fully software implemented through the existing hardware of mobile phone 202.
  • the account and authentication information is securely stored in a database 216 and selectively accessed through an application or App available on the phone.
  • authentication unit 206 is itself a removable card that is inserted and removed from mobile phone 202 through port 212. Once inserted, authentication unit 206 communicates with the central processing unit 208 of mobile phone 202. In future it is envisaged that new Nanoscale devices/Microchip Processors or Quantum Devices using quantum mechanical phenomena will come onto the market. In the embodiment of Figure 7, these devices can be easily incorporated into an authentication unit 206 that can be implemented into a mobile phone 202.
  • Authentication unit 206 includes non-volatile memory, such as a hard disk (optical disc, magnetic tape holographic memory, motherboard and such) or a solid state device, for storing the account and authentication information.
  • non volatile memory such as EEPROM, NVM or flash memory can be used, each having its own benefits and draw backs.
  • NVB is a solid-state chip that maintains stored data without any external power source. Its capacity is substantially larger than that of an EEPROM.
  • Mobile phone 202 is any conventional mobile phone, cell phone or smart phone having a wireless communication device 210.
  • wireless device 210 is a Bluetooth antenna.
  • wireless device 210 is a Wi-Fi antenna, passive or active radio frequency identification (RFID) device, Near Field Communication device or other wireless transmitting/receiving device.
  • RFID radio frequency identification
  • Mobile phone 202 also includes conventional features such as an interface 214 in the form of a keypad or a touch screen to receive user input, a display 216 to output information visually, a database 216 in the form of a memory device, and a SIM card reader 218 to receive conventional SIM cards.
  • mobile phone 202 in response to a request from transaction terminal 200, prompts a user to enter a password, through user input 216 and display 216, to access the information from authentication unit 206. If the entered password is correct, authentication unit 206 provides access to the information for transferral to transaction terminal 200 through the encrypted wireless communication link 204. Preferably, mobile phone 202 displays notifications throughout the authorization and transaction procedure on display 216 to keep the user updated on progress.
  • mobile phone 202 includes a port 212 adapted to receive a unique data storage card 218 or, in the case of the embodiment of Figure 7, to receive removable authentication unit 206.
  • Port 212 is preferably located on one outer face of phone 202. However, in alternative embodiments, port 212 is located beneath a removable protective panel, such as adjacent the battery of phone 202.
  • card 218 is in the form of a subscriber identity module (SIM) card having an integrated circuit 220 mounted therein.
  • SIM subscriber identity module
  • card 218 is a portable USB memory device or other type of data card or unit.
  • Card 218 is releasably insertable into mobile phone 202 to securely transfer account and authentication information to authentication unit 206.
  • Card 218 may be a self -powered active device or may be a passive device sourcing power from mobile phone 202.
  • each data storage card 218 preferably holds a unique serial number 222 assigned to it by the issuing institution. In one embodiment this number is a 128-bit security code used to authenticate unit 206 on a network. Serial number 222 is preferably also stored on a database on the issuers' network and is preferably initially concealed behind a scratch panel 224 for security purposes. Panel 224 can be removed by the user prior to use.
  • card 218 contains its unique serial number 220, internationally unique number of the mobile user, security authentication and ciphering information, temporary information related to the local network, a list of the services the user has access to and two passwords (PIN for usual use and PUK for unlocking).
  • card 218 has a length of about 25 mm and a width of about 15 mm, and has a truncated or chamfered corner 226 to prevent mis-insertion.
  • card 218 has a size known as the 3FF or micro-SIM, which has dimensions of 15 mm by 12 mm.
  • card 218 is approximately the same size but a different shape to conventional phone SIM cards to prevent mix-up of the slots.
  • Cards 218 are preferably supplied as a full- sized card with the smaller card held in place by a few plastic links; it can easily be broken off to be used in a device that uses the smaller SIM.
  • data storage card 218 incorporates volatile memory ensuring it can only be used to transfer data once.
  • data storage card 218 includes non- volatile memory and can be used multiple times.
  • card 218 includes an access password that must be entered before the account and authentication information can be transferred to the authentication unit 206 in the mobile phone 202.
  • each data storage card 218 contains account information relating to a single account, which is issued by a bank, Credit Card Company or other financial institution and initially uploaded to authentication unit 206 by inserting card 218 into port 212.
  • Authentication unit 206 is configured to store account and authentication information for multiple accounts, each of which is uploaded by individual storage cards 218. In this manner, to store account and authentication information relating to two separate accounts, two data storage cards are inserted into port 212 in succession.
  • This embodiment of the invention allows, for example, information relating to many credit cards, debit cards, healthcare cards, membership cards etc. to be maintained on authentication unit 206 of phone 202.
  • the phone manufacturer is required to manufacture phones having port 212 for receiving data storage cards 218.
  • the ports are preferably prepared to allow the insertion from the outside without removing the battery.
  • the phone manufacturer may also provide the internal software which allows pairing (linking) of the central processing unit 208 with the authentication unit 206, security of the chip and destruction of the chip's information if illegally removed.
  • authentication unit 206 is implemented as software integrated into the central processing unit 208 of mobile phone 202 (as in Figure 6) and the account and authentication information is uploaded directly to authentication unit 206 by wireless communication to phone 202.
  • a financial institution might offer a secure wireless link to phone 202 in order to upload the account and authentication information to authentication unit 206 for future secure wireless transactions.
  • uploading of the account and authentication information may occur via wireless communication between phone 202 and another device such as a personal computer or another phone, or may be downloaded to phone 202 by the internet (such as through a 3G network).
  • no hardware modifications need to be made to phone 202, such as manufacturing a phone having port 212.
  • a financial institution issues a data storage card 218 to a user, say through the mail. That institution may optionally provide one or more activation number, PIN or telephone PIN which is preferably sent to the user by separate means to card 218 to ensure safety. Further, access to the specific account and authentication information on authentication unit 206 may be made through a call, e- mail or the like to the issuing institution.
  • the account information is transferred to the authentication unit 206 by waving the card in front of the authentication unit or by decoding a photo of a 2 D code.
  • PIN Personal Identification Number
  • the account and authentication information is encrypted for later verification of transactions.
  • the account and authentication information is erased from card 218, which cannot be used again. Card 218 can then be safely discarded. If the mobile phone 202 is lost or stolen, the codes can be blocked by the card issuer, similar to how stolen credit cards are blocked today.
  • the user may also be required to download and install software to access the authentication unit 206 from the phone 202.
  • This software may be available, for example, through a client website or as an application such as an iPhone or Smartphone app. However, in some embodiments, this software is pre-installed on phone 202.
  • the software or application may provide functionality for managing accounts. For example, an interface may be provided for updating authentication information, adding new accounts or removing old accounts.
  • security for each linked account can be set, changed and managed through the software or application. Security may be set to a high level wherein each account linked to phone 202 has individual security codes and settings, or a low level wherein a single access code is used to access all linked accounts.
  • the authentication unit 206 or related software is configured to remember certain patterns of transaction use and adjust security setting accordingly. For example, if a regular transaction of purchasing petrol occurs at a familiar location or at a familiar time, security settings may be reduced to more efficiently facilitate the transaction. Conversely, if a new and unfamiliar transaction occurs, such as at a location far from typical transactions, then security settings may be increased to restrict unauthorised use. Examples of increased security may include the requirement to show photo identification or other identification at the transaction, provide a personal signature, answer a predetermined question or input a second or different password. This feature of dynamic security can be activated or deactivated through software or an application.
  • the need for use of card 218 can be circumvented by initially activating authentication unit 206 wirelessly.
  • a user brings phone 202 into a financial institution having a wireless network.
  • the user can connect to that wireless network to activate or sync the authentication unit 206 with the user's account from that institution.
  • a 2-D input code may be transmitted to phone 202 through the wireless network from the financial institution. Correct inputting of this code syncs the account information with the authentication unit 206.
  • a user may be sent an activation code through e-mail.
  • account and authentication information can be uploaded to authentication unit simply by bringing card 218 into a predetermined proximity with phone 202, which reads the account information wirelessly in the same manner as a card chip reader.
  • authentication unit 206 may be authenticated using a mobile tagging process.
  • a credit card company or financial institution sends a user a two dimensional barcode image which can be captured with a camera implemented into phone 202. Processing or rendering of the barcode image using appropriate software reveals a unique code to be input for activation of a specific account for use with the authentication unit 206.
  • the mobile phone 202 including the authentication unit 206 can then be used in an encrypted wireless network or link at a point of sale transaction terminal 200 without leaving the control of the user.
  • the phone can be used by swiping it past a transaction terminal 200 or placing it within a predetermined proximity to transaction terminal 200, such as a POS terminal or ATM, to pay for goods and or receive money from the ATM.
  • the issuing bank or merchant establishes for terminal 200 a local hotspot or allows ad-hoc mode wireless contact by swiping the phone close to the terminal.
  • the transaction makes use of a secure system such as PayPal for increased security.
  • additional security measures such as a fingerprint scan or eye scan may be implemented for authenticating a transaction.
  • authentication unit 206 communicates wirelessly with a local card chip reader attached to a personal computer, say by USB connection.
  • the user can authenticate online transactions simply by bringing phone 202 into proximity with the card chip reader device. For example, when purchasing a product over the internet, via a seller's online store, the user may be prompted to provide their account or credit card details to effect the purchase. At this point, the user can swipe or bring their phone or other electronic device near the reader device to provide their details to the online seller. This has the advantage of the security of the wireless transaction, as described above, in addition to the online security provided by the seller. Another advantage is the time saved simply by passing the phone near the reader, rather than manually entering account or credit card details.
  • phone 202 prompts the user for a password or similar security measure. Additionally the merchant terminal may request a different code or signature. In these embodiments, the PIN or password is simply typed into phone 202 to verify the transaction.
  • Figure 9 shows an example set of instructions for initially uploading account and authentication information to authentication unit 206 from a data access card 218 and how to use the paired device at a transaction terminal 200 to carry out a secure transaction.
  • the card issuer sends a new one-use-only chip. This way there is only one device at any one time that works with the transactions of one specific account/card.
  • a large number of different accounts/cards can be individually read into the authentication unit 206, just as people carry any number of credit cards in their wallets today.
  • Individual account and authentication information stored on the authentication unit can also be deleted if an account is closed.
  • phone 202 prompts the user to select the desired account for which the transaction is to be carried out.
  • phones are capable of communicating between each other to transmit and receive payments between users. In this manner, two users can bring their phones into close proximity and securely transfer money to one another through linked bank accounts.
  • the invention can provide additional functionality to transfer information via phone 202 using e-mail, SMS, MMS or future similar systems such as quantum, nano or optic devices. Once paired or linked with phone 202, all data are available on the phone without the need to provide additional input.
  • the present invention provides for integrating and pairing a target device, such as a mobile phone or PDA, with a transaction authentication unit to provide easy payments, transactions or access to money through the target device in a secure and convenient way.
  • a target device such as a mobile phone or PDA
  • a transaction authentication unit to provide easy payments, transactions or access to money through the target device in a secure and convenient way.
  • the required information to carry out a secure transaction is sent to a merchant's transaction terminal by phone or computer by using a simple application and/or entering a password number. Since the authorisation number (such as a credit card number) does not need to be typed or remembered, it can be made from a larger number of digits or even mixes of numbers and letters to increase security.
  • the present invention acts as an electronic verification system integratable into a mobile phone or other electronic device (target device) to establish communication between the target device and a transaction terminal.
  • target device electronic device
  • the invention combines the two commonly used items of mobile phones/computers and plastic credit/debit cards to provide ease of carrying both as one. The main benefits to the customer are convenience and increased security.
  • the present invention also adds convenience to the merchant, as they can verify in a few seconds whether the transaction is valid and the user has sufficient credit or debit to cover the purchase.
  • mobile phone is used to refer to portable telecommunication devices including, cellular phones, smart phones, satellite phones, 3G capable devices and other related devices.
  • processor may refer to any device or portion of a device that processes electronic data, e.g., from registers and/or memory to transform that electronic data into other electronic data that, e.g., may be stored in registers and/or memory.
  • a "computer” or a “computing machine” or a “computing platform” may include one or more processors.
  • the methodologies described herein are, in one embodiment, performable by one or more processors that accept computer-readable (also called machine-readable) code containing a set of instructions that when executed by one or more of the processors carry out at least one of the methods described herein.
  • processors capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken are included.
  • processors may include one or more of a CPU, a graphics processing unit, and a programmable DSP unit.
  • the processing system further may include a memory subsystem including main RAM and/or a static RAM, and/or ROM.
  • a bus subsystem may be included for communicating between the components.
  • the processing system further may be a distributed processing system with processors interconnected by a network. If the processing system requires a display, such a display may be included, e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT) display. If manual data entry is required, the processing system also includes an input device such as one or more of an alphanumeric input unit such as a keyboard, a pointing control device such as a mouse, and so forth.
  • LCD liquid crystal display
  • CRT cathode ray tube
  • the term memory unit as used herein also encompasses a storage system such as a disk drive unit.
  • the processing system in some configurations may include a sound output device, and a network interface device.
  • the memory subsystem thus includes a computer-readable carrier medium that carries computer-readable code (e.g., software) including a set of instructions to cause performing, when executed by one or more processors, one of more of the methods described herein. Note that when the method includes several elements, e.g., several steps, no ordering of such elements is implied, unless specifically stated.
  • the software may reside in the hard disk, or may also reside, completely or at least partially, within the RAM and/or within the processor during execution thereof by the computer system.
  • the memory and the processor also constitute computer-readable carrier medium carrying computer-readable code.
  • a computer-readable carrier medium may form, or be included in a computer program product.
  • the one or more processors operate as a standalone device or may be connected, e.g., networked to other processor(s), in a networked deployment, the one or more processors may operate in the capacity of a server or a user machine in server-user network environment, or as a peer machine in a peer-to-peer or distributed network environment.
  • the one or more processors may form a personal computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine.
  • PC personal computer
  • PDA Personal Digital Assistant
  • each of the methods described herein is in the form of a computer-readable carrier medium carrying a set of instructions, e.g., a computer program that is for execution on one or more processors, e.g., one or more processors that are part of web server arrangement.
  • a computer-readable carrier medium carrying computer readable code including a set of instructions that when executed on one or more processors cause the processor or processors to implement a method.
  • aspects of the present invention may take the form of a method, an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects.
  • the present invention may take the form of carrier medium (e.g., a computer program product on a computer-readable storage medium) carrying computer-readable program code embodied in the medium.
  • the software may further be transmitted or received over a network via a network interface device. While the carrier medium is shown in an exemplary embodiment to be a single medium, the term "carrier medium" should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions.
  • carrier medium shall also be taken to include any medium that is capable of storing, encoding or carrying a set of instructions for execution by one or more of the processors and that cause the one or more processors to perform any one or more of the methodologies of the present invention.
  • a carrier medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media.
  • Non- volatile media includes, for example, optical, magnetic disks, and magneto-optical disks.
  • Volatile media includes dynamic memory, such as main memory.
  • Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise a bus subsystem. Transmission media may also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications.
  • carrier medium shall accordingly be taken to included, but not be limited to, solid-state memories, a computer product embodied in optical and magnetic media; a medium bearing a propagated signal detectable by at least one processor of one or more processors and representing a set of instructions that, when executed, implement a method; a carrier wave bearing a propagated signal detectable by at least one processor of the one or more processors and representing the set of instructions a propagated signal and representing the set of instructions; and a transmission medium in a network bearing a propagated signal detectable by at least one processor of the one or more processors and representing the set of instructions.

Abstract

Described herein are systems and methods for securely carrying out a transaction. One aspect of the invention provides a system for securely carrying out a transaction between a transaction terminal (200) and a target device (202), such as a mobile phone or personal digital assistant (PDA). Device (202) is incorporates a wireless communication device for communicating with transaction terminal (200). Device (202) is configured for establishing an encrypted wireless communication link (204) with the transaction terminal (200) when the device (202) is within a predetermined range of the transaction terminal (202). Once the phone (202) is linked with the transaction terminal (200) through the communication link (204), a secure transaction is carried out.

Description

SYSTEMS AND METHODS OF SECURELY CARRYING OUT TRANSACTIONS
FIELD OF THE INVENTION
[001] The present invention relates to systems and methods for linking two or more devices for transferring encoded information.
[002] Embodiments of the invention have been particularly developed for linking a personal device such as a mobile phone to a payment processing system to effect secure payment for a transaction. While some embodiments will be described herein with particular reference to that application, it will be appreciated that the invention is not limited to such a field of use, and is applicable in broader contexts.
BACKGROUND
[003] Any discussion of the background art throughout the specification should in no way be considered as an admission that such art is widely known or forms part of common general knowledge in the field.
[004] The functionality of mobile phones has increased significantly in the past decade, allowing users to carry out a number of different daily functions to simplify their lives. This increase in functionality has resulted in many people carrying their mobile phones with them almost anywhere they go.
[005] Independently, significant developments have been made to improve the speed and security of credit card transactions at points of sale. For example, EMV (Europay, MasterCard and VISA) is a global electronic transaction standard for inter- operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit, debit and similar monetary transactions. Further, systems such as PayPass™ and Visa payWave™ allow transactions to be carried out wirelessly without user authentication during the transaction.
[006] However, to date there is no common means for combining these two everyday items. Specifically, no software Applications (Apps) or integrated hardware exist for carrying out credit, debit or similar transactions at points of sale through mobile phones and similar electronic devices (Smart Phones, iPads, iPods, MP3 Players etc.).
SUMMARY OF THE INVENTION
[007] It is an object of the present invention to overcome or ameliorate at least one of the disadvantages of the prior art, or to provide a useful alternative.
[008] According to a first aspect of the present invention there is provided a method for securely carrying out a transaction, said method including the steps of:
(a) establishing an encrypted wireless communication link between a target device and a transaction terminal, wherein said target device is within a predetermined range of said transaction terminal;
(b) accessing an authentication unit within said target device to retrieve account and authentication information in response to a request from said transaction terminal; and
(c) securely transferring said account and authentication information between said target device and said transaction terminal to carry out a secure transaction.
[009] The target device is preferably one of a mobile phone, personal digital assistant (PDA), a personal computer, an under-skin chip-unit or a wristwatch. More preferably the target device is a mobile phone. In one embodiment the authentication unit is preferably selectively removable from the target device.
[0010] The method of the first aspect of the invention preferably further includes the step of initially uploading the account and authentication information to the authentication unit by inserting a special and unique data storage card into the target device that communicates securely with the authentication unit. The data storage card can preferably only be used to transfer data once. The insertion can also be substituted by waving the card in front of the authentication unit or by decoding a photo of a 2 D code.
[0011] In an alternative embodiment, the method preferably further includes the step of initially uploading the account and authentication information to the authentication unit by wireless communication.
[0012] The account and authentication information preferably includes information indicative of one or more financial institution accounts or credit card accounts. [0013] The account and authentication information preferably includes information indicative of one or more of the following:
• Medicare account;
• Private health insurance account;
• Club memberships;
• Awards programmes;
• Driver's license; or
• Passport.
[0014] The step of accessing the authentication unit preferably includes the sub-steps of:
(i) prompting a user, through the target device, for a password to access the information from the authentication unit; and
(ii) based on the user entering a correct password, providing access to the information through the authentication unit.
[0015] In one embodiment, the password is preferably unique to a specific account linked to the authentication unit. In another embodiment, the password is preferably common to each account linked to the authentication unit.
[0016] The step of accessing the authentication unit preferably includes the sub-steps of:
(i) determining predetermined familiarity characteristics of the transaction;
(ii) applying security settings based on the familiarity characteristics;
(iii) based on the security settings, either requesting access information from a user or not requesting access information from a user; and
(iv) providing access to the information through the authentication unit if the access information is sufficient or accurate.
[0017] The encrypted communication link is preferably established through a wireless communication protocol selected from Near Field Communication, Bluetooth, 2D codes, Cyber codes, Wi-Fi or Radio-Frequency Identification (RFID). [0018] According to a second aspect of the present invention there is provided a system for securely carrying out a transaction, the system including:
(a) a transaction terminal;
(b) a target device configured for establishing an encrypted wireless communication link with said transaction terminal when said target device is within a predetermined range of said transaction terminal; and
(c) an authentication unit integrated into said target device for securely storing account and authentication information, and providing access to said information in response to a request from said transaction terminal thereby to securely transfer said account and authentication information between said target device and said transaction terminal to carry out a secure transaction.
[0019] The system according to the second aspect preferably further includes a unique data storage card releasably insertable into the target device to securely transfer the account and authentication information to the authentication unit. The data storage card can preferably only be used to transfer data once.
[0020] In an alternative embodiment, the target device is preferably capable of receiving uploaded account and authentication information for the authentication unit by wireless communication.
[0021] The authentication unit is preferably configured to store account and authentication information indicative of one or more financial institution accounts or credit card accounts.
[0022] In response to a request from the transaction terminal, the target device preferably prompts a user to enter a password to access the information from the authentication unit, and based on the user entering a correct password, the authentication unit provides access to the information for transfer to the transaction terminal through the encrypted wireless communication link.
[0023] According to a third aspect of the present invention there is provided a device for securely carrying out a transaction, the device including
a processor;
a database;
an interface to receive user input;
a display to output information visually; a wireless communication device for establishing an encrypted wireless communication link with a transaction terminal when said device is within a predetermined range of said transaction terminal;
an authentication unit for securely storing account and authentication information, and providing access to said information in response to a request from said transaction terminal thereby to securely transfer said information between said device and said transaction terminal to carry out a secure transaction.
[0024] The device is preferably one of a mobile phone, personal digital assistant (PDA), a personal computer, under-skin chip-unit or a wristwatch. More preferably the device is a mobile phone.
[0025] The device preferably further includes a port configured to receive a unique data storage card to securely transfer the account and authentication information to the authentication unit. The data storage card can preferably only be used to transfer data once.
[0026] In an alternative embodiment, the wireless communication device is preferably capable of wirelessly receiving uploaded account and authentication information for storage on the authentication unit.
[0027] The authentication unit is preferably configured to store account and authentication information indicative of one or more financial institution accounts or credit card accounts.
[0028] In response to a request from the transaction terminal, the device preferably prompts a user to enter a password through the interface to access the information from the authentication unit, and, based on the user entering a correct password, the authentication unit preferably provides access to the information for transfer to the transaction terminal through the encrypted wireless communication link.
[0029] Reference throughout this specification to "one embodiment", "some embodiments" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases "in one embodiment", "in some embodiments" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment, but may refer to separate embodiments in each instance. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner, as would be apparent to one of ordinary skill in the art from this disclosure, in one or more embodiments.
[0030] As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
[0031] In the claims below and the description herein, any one of the terms comprising, comprised of or which comprises is an open term that means including at least the elements/features that follow, but not excluding others. Thus, the term comprising, when used in the claims, should not be interpreted as being limitative to the means or elements or steps listed thereafter. For example, the scope of the expression a device comprising A and B should not be limited to devices consisting only of elements A and B. Any one of the terms including or which includes or that includes as used herein is also an open term that also means including at least the elements/features that follow the term, but not excluding others. Thus, including is synonymous with and means comprising.
BRIEF DESCRIPTION OF THE DRAWINGS
[0032] Preferred embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings in which:
[0033] FIG. 1 is a flow chart outlining a method of securely carrying out a transaction according to one embodiment of the invention;
FIG. 2 is a schematic diagram of a mobile phone communicating wirelessly with a transaction terminal;
FIG. 3 is a perspective drawing of a mobile phone according to one embodiment of the invention;
FIG. 4 is a perspective drawing of a personal digital assistant (PDA) according to another embodiment of the invention; FIG. 5 is a system level block diagram of one embodiment of the invention;
FIG. 6 is a schematic system level block diagram of another embodiment of the invention;
FIG. 7 is a schematic system level block diagram of a further alternative embodiment of the invention;
FIG. 8 is a schematic diagram of a data storage card according to one embodiment of the invention;
FIG. 9 is a schematic system level block diagram of another alternative embodiment of the invention, wherein the phone does not require an external port for receiving an authentication card;
FIG. 10A is an illustration of a set of user instructions for initially uploading account ant authentication information to the authentication unit from a data card; and
FIG. 10B is an illustration of a set of instructions for using the invention to carry out a secure transaction.
DETAILED DESCRIPTION
[0034] Described herein are systems and methods for securely carrying out a transaction. With reference to Figure 1 of the drawings, one aspect of the present invention provides a method for securely carrying out a transaction. At step 100 an encrypted wireless communication link is established between a target device, such as a mobile phone, and a transaction terminal, wherein the target device is within a predetermined range of the transaction terminal. At step 102 an authentication unit within the mobile phone is accessed to retrieve account and authentication information in response to a request from the transaction terminal. At step 104 the account and authentication information is securely transferred between the mobile phone and the transaction terminal to carry out a secure transaction.
[0035] In one embodiment, to initially upload the transaction and authentication information to the authentication unit within the phone, a unique data storage card is inserted into the mobile phone at step 100A. This card communicates securely with the authentication unit and uploads the account and authentication information to the authentication unit at step 100B. [0036] Referring to Figures 2 to 6, another aspect of the invention provides a system for securely carrying out a transaction between a transaction terminal 200 and a target device 202. As shown in Figure 3, in one embodiment the target device 202 is a mobile phone. In the alternative embodiment shown in Figure 4, target device 202 is a personal digital assistant (PDA). It will be appreciated that in alternative embodiments the target device 202 is any one of a range of devices capable of incorporating a wireless communication device for communicating with a transaction terminal 200, including personal computers, an under-skin chip-unit, security access card or smart wristwatches. However, for the purposes of describing the invention, target device 202 will be hereinafter described as a mobile phone.
[0037] Referring to Figure 2, mobile phone 202 is configured for establishing an encrypted wireless communication link 204 with the transaction terminal 200 when the target device is within a predetermined range of the transaction terminal. For example, in the case of Bluetooth communication the mobile phone 202 and transaction terminal 200 need to be within several metres of each other to communicate wirelessly. In the case of Near Field communication, phone 202 and terminal 200 need to be within a distance of about 10cm from each other. Once phone 202 is linked with transaction terminal 200 through the communication link 204, a secure transaction can be carried out.
[0038] Referring specifically to Figures 5 to 7, mobile phone 202 includes an authentication unit 206 integrated for securely storing account and authentication information, and providing access to the information in response to a request from the transaction terminal 200. Unit 206 is any processor or chip with embedded integrated circuits. In one embodiment unit 206 includes memory, micro-processor components and dedicated security logic. Secure transfer of the account and authentication information between mobile phone 202 and transaction terminal 200 facilitates a secure transaction, which may be carried out in a known manner using existing systems of financial institutions. Authentication unit 206 may be a self- powered device or may source power from the battery (not shown) of mobile phone 202.
[0039] Authentication unit 206 is configured to store account and authentication information indicative of one or more bank accounts, credit card accounts or other accounting systems that utilise personal or confidential data. In one embodiment, this information includes the same or similar information to that contained on plastic cards to facilitate the sharing of a common numbering scheme. For example, authentication information may include one or more numbers identifying a specific financial institution and user account, and validity check information. In a specific example, authentication information includes a unique number having a prefix, called the Bank Identification Number, which is a sequence of digits at the beginning of the number that determine the bank to which a number belongs. These are, at the time, the first six digits. Continuing the above example, the next nine digits of the unique number are the individual account number, and the final digit is a validity check code. In addition, the authentication information may also include issue and expiration dates, as well as extra codes such as issue numbers and security codes.
[0040] Authentication unit 206 may also be configured to store information indicative of non-monetary accounts that require authentication or validation from time to time. Examples of such non-monetary accounts include Medicare accounts, private health insurance accounts, club memberships, frequent flyer accounts, awards programmes and other benefit and membership accounts. Further, in some embodiments, authentication unit 206 is configured to store personal information such as drivers' license and passport information. Authentication unit 206 may also be configured to store information relating to everyday-use type passes such as bus, train, ferry and other transport passes, airline check-in accounts and Cabcharge accounts.
[0041] Figures 5 to 7 depict three alternative embodiments of how authentication unit 206 is implemented into mobile phone 202. Referring initially to Figure 5, in one embodiment, authentication unit 206 is a permanently connected independent hardware unit within mobile phone 202 such as a stand-alone IC chip or microprocessor chip. In this embodiment, authentication unit 206 is configured to communicate with a central processing unit 208 of mobile phone 202 to facilitate the transaction. For example, in an embodiment using a smart phone, an application is available for receiving user input and displaying information regarding the transaction in process. In a particular example, phone 202 is configured to display the account balance when the transaction is completed. In one embodiment the balance is automatically erased after a short period of time, e.g. 10 seconds, so that thieves cannot look up a user's balances on a stolen phone.
[0042] Referring now to Figure 6, in an alternative embodiment authentication unit 206 is implemented as software integrated into the central processing unit 208 of mobile phone 202 and the transaction procedure is fully software implemented through the existing hardware of mobile phone 202. For example, in this embodiment, the account and authentication information is securely stored in a database 216 and selectively accessed through an application or App available on the phone.
[0043] Turning to Figure 7, a further alternative embodiment, authentication unit 206 is itself a removable card that is inserted and removed from mobile phone 202 through port 212. Once inserted, authentication unit 206 communicates with the central processing unit 208 of mobile phone 202. In future it is envisaged that new Nanoscale devices/Microchip Processors or Quantum Devices using quantum mechanical phenomena will come onto the market. In the embodiment of Figure 7, these devices can be easily incorporated into an authentication unit 206 that can be implemented into a mobile phone 202.
[0044] Authentication unit 206 includes non-volatile memory, such as a hard disk (optical disc, magnetic tape holographic memory, motherboard and such) or a solid state device, for storing the account and authentication information. Non volatile memory such as EEPROM, NVM or flash memory can be used, each having its own benefits and draw backs. For instance NVB is a solid-state chip that maintains stored data without any external power source. Its capacity is substantially larger than that of an EEPROM.
[0045] Mobile phone 202 is any conventional mobile phone, cell phone or smart phone having a wireless communication device 210. In one embodiment, wireless device 210 is a Bluetooth antenna. However, in other embodiments wireless device 210 is a Wi-Fi antenna, passive or active radio frequency identification (RFID) device, Near Field Communication device or other wireless transmitting/receiving device. In other embodiments, 2D codes or Cyber codes are used. Mobile phone 202 also includes conventional features such as an interface 214 in the form of a keypad or a touch screen to receive user input, a display 216 to output information visually, a database 216 in the form of a memory device, and a SIM card reader 218 to receive conventional SIM cards.
[0046] In one embodiment, in response to a request from transaction terminal 200, mobile phone 202 prompts a user to enter a password, through user input 216 and display 216, to access the information from authentication unit 206. If the entered password is correct, authentication unit 206 provides access to the information for transferral to transaction terminal 200 through the encrypted wireless communication link 204. Preferably, mobile phone 202 displays notifications throughout the authorization and transaction procedure on display 216 to keep the user updated on progress.
[0047] Referring to Figures 3 to 7, mobile phone 202 includes a port 212 adapted to receive a unique data storage card 218 or, in the case of the embodiment of Figure 7, to receive removable authentication unit 206. Port 212 is preferably located on one outer face of phone 202. However, in alternative embodiments, port 212 is located beneath a removable protective panel, such as adjacent the battery of phone 202.
[0048] With reference to Figure 8, in one embodiment, card 218 is in the form of a subscriber identity module (SIM) card having an integrated circuit 220 mounted therein. In other embodiments, card 218 is a portable USB memory device or other type of data card or unit. Card 218 is releasably insertable into mobile phone 202 to securely transfer account and authentication information to authentication unit 206. Card 218 may be a self -powered active device or may be a passive device sourcing power from mobile phone 202.
[0049] In one embodiment each data storage card 218 preferably holds a unique serial number 222 assigned to it by the issuing institution. In one embodiment this number is a 128-bit security code used to authenticate unit 206 on a network. Serial number 222 is preferably also stored on a database on the issuers' network and is preferably initially concealed behind a scratch panel 224 for security purposes. Panel 224 can be removed by the user prior to use.
[0050] In one specific embodiment, card 218 contains its unique serial number 220, internationally unique number of the mobile user, security authentication and ciphering information, temporary information related to the local network, a list of the services the user has access to and two passwords (PIN for usual use and PUK for unlocking).
[0051] In one embodiment, card 218 has a length of about 25 mm and a width of about 15 mm, and has a truncated or chamfered corner 226 to prevent mis-insertion. In an alternative embodiment, card 218 has a size known as the 3FF or micro-SIM, which has dimensions of 15 mm by 12 mm. In a further alternative embodiment, card 218 is approximately the same size but a different shape to conventional phone SIM cards to prevent mix-up of the slots. Cards 218 are preferably supplied as a full- sized card with the smaller card held in place by a few plastic links; it can easily be broken off to be used in a device that uses the smaller SIM.
[0052] In one embodiment, as a security measure data storage card 218 incorporates volatile memory ensuring it can only be used to transfer data once. In other embodiments, data storage card 218 includes non- volatile memory and can be used multiple times. In some embodiments, card 218 includes an access password that must be entered before the account and authentication information can be transferred to the authentication unit 206 in the mobile phone 202.
[0053] In one embodiment, each data storage card 218 contains account information relating to a single account, which is issued by a bank, Credit Card Company or other financial institution and initially uploaded to authentication unit 206 by inserting card 218 into port 212. Authentication unit 206 is configured to store account and authentication information for multiple accounts, each of which is uploaded by individual storage cards 218. In this manner, to store account and authentication information relating to two separate accounts, two data storage cards are inserted into port 212 in succession. This embodiment of the invention allows, for example, information relating to many credit cards, debit cards, healthcare cards, membership cards etc. to be maintained on authentication unit 206 of phone 202.
[0054] In each of the embodiments shown in Figures 5 to 7, the phone manufacturer is required to manufacture phones having port 212 for receiving data storage cards 218. The ports are preferably prepared to allow the insertion from the outside without removing the battery. The phone manufacturer may also provide the internal software which allows pairing (linking) of the central processing unit 208 with the authentication unit 206, security of the chip and destruction of the chip's information if illegally removed.
[0055] Referring now to Figure 9, in a further alternative embodiment, authentication unit 206 is implemented as software integrated into the central processing unit 208 of mobile phone 202 (as in Figure 6) and the account and authentication information is uploaded directly to authentication unit 206 by wireless communication to phone 202. For example, a financial institution might offer a secure wireless link to phone 202 in order to upload the account and authentication information to authentication unit 206 for future secure wireless transactions. Alternatively, uploading of the account and authentication information may occur via wireless communication between phone 202 and another device such as a personal computer or another phone, or may be downloaded to phone 202 by the internet (such as through a 3G network). In the embodiment of Figure 9 no hardware modifications need to be made to phone 202, such as manufacturing a phone having port 212. This is advantageous in that conventional mobile phones can be preconfigured or retro-configured to provide the above described functionality through appropriate software on the phone's central processing unit 208. That is, the only necessary modifications to a conventional mobile phone, or other electronic device, are software related and can be implemented after manufacture of the phone. For example, software for controlling authentication unit 206 may be provided by a downloadable or installable application for phone 202.
EXAMPLE IMPLEMENTATION OF THE INVENTION
[0056] Initially, a financial institution issues a data storage card 218 to a user, say through the mail. That institution may optionally provide one or more activation number, PIN or telephone PIN which is preferably sent to the user by separate means to card 218 to ensure safety. Further, access to the specific account and authentication information on authentication unit 206 may be made through a call, e- mail or the like to the issuing institution.
[0057] The user then inserts card 218 into port 212 of phone 202 and the account information contained on the card is read onto the authentication unit. Alternatively, the account information is transferred to the authentication unit 206 by waving the card in front of the authentication unit or by decoding a photo of a 2 D code. At the same time the user may be required to enter a Personal Identification Number (PIN) into mobile phone 202. Following this the account and authentication information is encrypted for later verification of transactions. In the case of card 218 having volatile memory, the account and authentication information is erased from card 218, which cannot be used again. Card 218 can then be safely discarded. If the mobile phone 202 is lost or stolen, the codes can be blocked by the card issuer, similar to how stolen credit cards are blocked today.
[0058] The user may also be required to download and install software to access the authentication unit 206 from the phone 202. This software may be available, for example, through a client website or as an application such as an iPhone or Smartphone app. However, in some embodiments, this software is pre-installed on phone 202. In either case, the software or application may provide functionality for managing accounts. For example, an interface may be provided for updating authentication information, adding new accounts or removing old accounts. In one embodiment, security for each linked account can be set, changed and managed through the software or application. Security may be set to a high level wherein each account linked to phone 202 has individual security codes and settings, or a low level wherein a single access code is used to access all linked accounts.
[0059] In further embodiments, the authentication unit 206 or related software is configured to remember certain patterns of transaction use and adjust security setting accordingly. For example, if a regular transaction of purchasing petrol occurs at a familiar location or at a familiar time, security settings may be reduced to more efficiently facilitate the transaction. Conversely, if a new and unfamiliar transaction occurs, such as at a location far from typical transactions, then security settings may be increased to restrict unauthorised use. Examples of increased security may include the requirement to show photo identification or other identification at the transaction, provide a personal signature, answer a predetermined question or input a second or different password. This feature of dynamic security can be activated or deactivated through software or an application.
[0060] In an alternative embodiment, the need for use of card 218 can be circumvented by initially activating authentication unit 206 wirelessly. For example, a user brings phone 202 into a financial institution having a wireless network. The user can connect to that wireless network to activate or sync the authentication unit 206 with the user's account from that institution. In a particular example, a 2-D input code may be transmitted to phone 202 through the wireless network from the financial institution. Correct inputting of this code syncs the account information with the authentication unit 206. Alternatively, a user may be sent an activation code through e-mail.
[0061] In another alternative embodiment, account and authentication information can be uploaded to authentication unit simply by bringing card 218 into a predetermined proximity with phone 202, which reads the account information wirelessly in the same manner as a card chip reader.
[0062] In a further alternative embodiment, authentication unit 206 may be authenticated using a mobile tagging process. For example, a credit card company or financial institution sends a user a two dimensional barcode image which can be captured with a camera implemented into phone 202. Processing or rendering of the barcode image using appropriate software reveals a unique code to be input for activation of a specific account for use with the authentication unit 206.
[0063] The mobile phone 202 including the authentication unit 206 can then be used in an encrypted wireless network or link at a point of sale transaction terminal 200 without leaving the control of the user. For example, the phone can be used by swiping it past a transaction terminal 200 or placing it within a predetermined proximity to transaction terminal 200, such as a POS terminal or ATM, to pay for goods and or receive money from the ATM. In one embodiment the issuing bank or merchant establishes for terminal 200 a local hotspot or allows ad-hoc mode wireless contact by swiping the phone close to the terminal.
[0064] In an alternative embodiment the transaction makes use of a secure system such as PayPal for increased security. In some embodiments, additional security measures such as a fingerprint scan or eye scan may be implemented for authenticating a transaction.
[0065] In a further alternative embodiment, authentication unit 206 communicates wirelessly with a local card chip reader attached to a personal computer, say by USB connection. In this embodiment, the user can authenticate online transactions simply by bringing phone 202 into proximity with the card chip reader device. For example, when purchasing a product over the internet, via a seller's online store, the user may be prompted to provide their account or credit card details to effect the purchase. At this point, the user can swipe or bring their phone or other electronic device near the reader device to provide their details to the online seller. This has the advantage of the security of the wireless transaction, as described above, in addition to the online security provided by the seller. Another advantage is the time saved simply by passing the phone near the reader, rather than manually entering account or credit card details.
[0066] In some embodiments, phone 202 prompts the user for a password or similar security measure. Additionally the merchant terminal may request a different code or signature. In these embodiments, the PIN or password is simply typed into phone 202 to verify the transaction.
[0067] Figure 9 shows an example set of instructions for initially uploading account and authentication information to authentication unit 206 from a data access card 218 and how to use the paired device at a transaction terminal 200 to carry out a secure transaction.
[0068] To move the card to a new or different phone or device, the card issuer sends a new one-use-only chip. This way there is only one device at any one time that works with the transactions of one specific account/card. A large number of different accounts/cards can be individually read into the authentication unit 206, just as people carry any number of credit cards in their wallets today. Individual account and authentication information stored on the authentication unit can also be deleted if an account is closed. In the case where information indicative of multiple accounts are stored on unit 206, phone 202 prompts the user to select the desired account for which the transaction is to be carried out.
[0069] As a security measure, all accounts or account information entered into the authentication unit 206 can be simultaneously blocked through one call to a central security centre in the case of theft.
[0070] In an alternative embodiment, phones are capable of communicating between each other to transmit and receive payments between users. In this manner, two users can bring their phones into close proximity and securely transfer money to one another through linked bank accounts.
[0071] In alternative embodiments, the invention can provide additional functionality to transfer information via phone 202 using e-mail, SMS, MMS or future similar systems such as quantum, nano or optic devices. Once paired or linked with phone 202, all data are available on the phone without the need to provide additional input.
[0072] It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive. For example, functionality may be added or deleted from the block diagrams and operations may be interchanged among functional blocks. Steps may be added or deleted to methods described within the scope of the present invention.
CONCLUSIONS
[0073] It will be appreciated that the disclosure above provides various significant systems and methods for carrying out a secure transaction.
[0074] The present invention provides for integrating and pairing a target device, such as a mobile phone or PDA, with a transaction authentication unit to provide easy payments, transactions or access to money through the target device in a secure and convenient way. The required information to carry out a secure transaction is sent to a merchant's transaction terminal by phone or computer by using a simple application and/or entering a password number. Since the authorisation number (such as a credit card number) does not need to be typed or remembered, it can be made from a larger number of digits or even mixes of numbers and letters to increase security.
[0075] It is envisioned that such a system may essentially replace plastic cards such as credit/debit cards. Using the present invention, a secure transaction can take place without the user temporarily surrendering their credit card to an unknown sales person. [0076] The present invention acts as an electronic verification system integratable into a mobile phone or other electronic device (target device) to establish communication between the target device and a transaction terminal. The invention combines the two commonly used items of mobile phones/computers and plastic credit/debit cards to provide ease of carrying both as one. The main benefits to the customer are convenience and increased security.
[0077] The present invention also adds convenience to the merchant, as they can verify in a few seconds whether the transaction is valid and the user has sufficient credit or debit to cover the purchase.
[0078] Implementation of the present invention would ultimately allow credit card companies and financial institutions to remove the magnetic strip from cards. There appears to be a drive away from using these strips likely due to their tendency to malfunction.
DEFINITIONS
[0079] Throughout this specification, use of the term "mobile phone" is used to refer to portable telecommunication devices including, cellular phones, smart phones, satellite phones, 3G capable devices and other related devices.
[0080] Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification discussions utilizing terms such as "processing," "computing," "calculating," "determining", analysing" or the like, refer to the action and/or processes of a computer or computing system, or similar electronic computing device, that manipulate and/or transform data represented as physical, such as electronic, quantities into other data similarly represented as physical quantities.
[0081] In a similar manner, the term "processor" may refer to any device or portion of a device that processes electronic data, e.g., from registers and/or memory to transform that electronic data into other electronic data that, e.g., may be stored in registers and/or memory. A "computer" or a "computing machine" or a "computing platform" may include one or more processors. [0082] The methodologies described herein are, in one embodiment, performable by one or more processors that accept computer-readable (also called machine-readable) code containing a set of instructions that when executed by one or more of the processors carry out at least one of the methods described herein. Any processor capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken are included. Thus, one example is a typical processing system that includes one or more processors. Each processor may include one or more of a CPU, a graphics processing unit, and a programmable DSP unit. The processing system further may include a memory subsystem including main RAM and/or a static RAM, and/or ROM. A bus subsystem may be included for communicating between the components. The processing system further may be a distributed processing system with processors interconnected by a network. If the processing system requires a display, such a display may be included, e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT) display. If manual data entry is required, the processing system also includes an input device such as one or more of an alphanumeric input unit such as a keyboard, a pointing control device such as a mouse, and so forth.
[0083] The term memory unit as used herein, if clear from the context and unless explicitly stated otherwise, also encompasses a storage system such as a disk drive unit. The processing system in some configurations may include a sound output device, and a network interface device. The memory subsystem thus includes a computer-readable carrier medium that carries computer-readable code (e.g., software) including a set of instructions to cause performing, when executed by one or more processors, one of more of the methods described herein. Note that when the method includes several elements, e.g., several steps, no ordering of such elements is implied, unless specifically stated. The software may reside in the hard disk, or may also reside, completely or at least partially, within the RAM and/or within the processor during execution thereof by the computer system. Thus, the memory and the processor also constitute computer-readable carrier medium carrying computer-readable code.
[0084] Furthermore, a computer-readable carrier medium may form, or be included in a computer program product. [0085] In alternative embodiments, the one or more processors operate as a standalone device or may be connected, e.g., networked to other processor(s), in a networked deployment, the one or more processors may operate in the capacity of a server or a user machine in server-user network environment, or as a peer machine in a peer-to-peer or distributed network environment. The one or more processors may form a personal computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine.
[0086] Note that while some diagrams only show a single processor and a single memory that carries the computer-readable code, those in the art will understand that many of the components described above are included, but not explicitly shown or described in order not to obscure the inventive aspect. For example, while only a single machine is illustrated, the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
[0087] Thus, one embodiment of each of the methods described herein is in the form of a computer-readable carrier medium carrying a set of instructions, e.g., a computer program that is for execution on one or more processors, e.g., one or more processors that are part of web server arrangement. Thus, as will be appreciated by those skilled in the art, embodiments of the present invention may be embodied as a method, an apparatus such as a special purpose apparatus, an apparatus such as a data processing system, or a computer-readable carrier medium, e.g., a computer program product. The computer-readable carrier medium carries computer readable code including a set of instructions that when executed on one or more processors cause the processor or processors to implement a method. Accordingly, aspects of the present invention may take the form of a method, an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of carrier medium (e.g., a computer program product on a computer-readable storage medium) carrying computer-readable program code embodied in the medium. [0088] The software may further be transmitted or received over a network via a network interface device. While the carrier medium is shown in an exemplary embodiment to be a single medium, the term "carrier medium" should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. The term "carrier medium" shall also be taken to include any medium that is capable of storing, encoding or carrying a set of instructions for execution by one or more of the processors and that cause the one or more processors to perform any one or more of the methodologies of the present invention. A carrier medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non- volatile media includes, for example, optical, magnetic disks, and magneto-optical disks. Volatile media includes dynamic memory, such as main memory. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise a bus subsystem. Transmission media may also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications. For example, the term "carrier medium" shall accordingly be taken to included, but not be limited to, solid-state memories, a computer product embodied in optical and magnetic media; a medium bearing a propagated signal detectable by at least one processor of one or more processors and representing a set of instructions that, when executed, implement a method; a carrier wave bearing a propagated signal detectable by at least one processor of the one or more processors and representing the set of instructions a propagated signal and representing the set of instructions; and a transmission medium in a network bearing a propagated signal detectable by at least one processor of the one or more processors and representing the set of instructions.
[0089] It will be understood that the steps of methods discussed are performed in one embodiment by an appropriate processor (or processors) of a processing (i.e., computer) system executing instructions (computer-readable code) stored in storage. It will also be understood that the invention is not limited to any particular implementation or programming technique and that the invention may be implemented using any appropriate techniques for implementing the functionality described herein. The invention is not limited to any particular programming language or operating system. [0090] It should be appreciated that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, FIG., or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
[0091] Furthermore, while some embodiments described herein include some but not other features included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention, and form different embodiments, as would be understood by those skilled in the art. For example, in the following claims, any of the claimed embodiments can be used in any combination.
[0092] Furthermore, some of the embodiments are described herein as a method or combination of elements of a method that can be implemented by a processor of a computer system or by other means of carrying out the function. Thus, a processor with the necessary instructions for carrying out such a method or element of a method forms a means for carrying out the method or element of a method. Furthermore, an element described herein of an apparatus embodiment is an example of a means for carrying out the function performed by the element for the purpose of carrying out the invention.
[0093] In the description provided herein, numerous specific details are set forth.
However, it is understood that embodiments of the invention may be practiced without these specific details. In other instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

Claims

THE CLAIMS DEFINING THE INVENTION ARE AS FOLLOWS:
1. A method for securely carrying out a transaction, said method including the steps of:
(a) establishing an encrypted wireless communication link between a target device and a transaction terminal, wherein said target device is within a predetermined range of said transaction terminal;
(b) accessing an authentication unit within said target device to retrieve account and authentication information in response to a request from said transaction terminal; and
(c) securely transferring said account and authentication information between said target device and said transaction terminal to carry out a secure transaction.
2. A method according to claim 1 further including the step of initially uploading said account and authentication information to said authentication unit by inserting a data storage card into said target device that communicates securely with said authentication unit.
3. A method according to claim 1 further including the step of initially uploading said account and authentication information to said authentication unit by wireless communication.
4. A method according to claim 3 wherein said data storage card can only be used to transfer data once.
5. A method according to any one of the preceding claims wherein said target device is one of a mobile phone, personal digital assistant (PDA), a personal computer, an under-skin chip-unit or a wristwatch.
6. A method according to any one of the preceding claims wherein said authentication unit is selectively removable from said target device.
7. A method according to any one of the preceding claims wherein said account and authentication information includes information indicative of one or more financial institution accounts or credit card accounts.
8. A method according to any one of the preceding claims wherein said account and authentication information includes information indicative of one or more of the following:
• Medicare account;
• Private health insurance account;
• Club memberships;
• Awards programmes;
• Driver's license; or
• Passport.
9. A method according to any one of the preceding claims wherein the step of accessing said authentication unit includes the sub-steps of:
(i) prompting a user, through said target device, for a password to access said information from said authentication unit; and
(ii) based on said user entering a correct password, providing access to said information through said authentication unit.
10. A method according to claim 9 wherein said password is unique to a specific account linked to said authentication unit.
11. A method according to claim 9 wherein said password is common to each account linked to said authentication unit.
12. A method according to any one of the preceding claims wherein the step of accessing said authentication unit includes the sub-steps of:
(i) determining predetermined familiarity characteristics of said transaction;
(ii) applying security settings based on said familiarity characteristics;
(iii) based on said security settings, either requesting access information from a user or not requesting access information from a user; and
(iv) providing access to said information through said authentication unit if said access information is sufficient or accurate.
13. A method according to any one of the preceding claims wherein said encrypted communication link is established through a wireless communication protocol selected from Near Field Communication, Bluetooth, 2D codes, Cyber codes, Wi-Fi or Radio- Frequency Identification (RFID).
14. A system for securely carrying out a transaction, the system including:
(a) a transaction terminal;
(b) a target device configured for establishing an encrypted wireless communication link with said transaction terminal when said target device is within a predetermined range of said transaction terminal; and
(c) an authentication unit integrated into said target device for securely storing account and authentication information, and providing access to said information in response to a request from said transaction terminal thereby to securely transfer said account and authentication information between said target device and said transaction terminal to carry out a secure transaction.
15. A system according to claim 14 further including a unique data storage card releasably insertable into said target device to securely transfer said account and authentication information to said authentication unit.
16. A system according to claim 15 wherein said data storage card can only be used to transfer data once.
17. A system according to claim 14 wherein said target device is capable of receiving uploaded account and authentication information for said authentication unit by wireless communication.
18. A system according to any one of claims 14 to 17 wherein said target device is one of a mobile phone, personal digital assistant (PDA), a personal computer, an under- skin chip-unit or a wristwatch.
19. A system according to any one of claims 14 to 18 wherein said authentication unit is selectively removable from said target device.
20. A system according to any one of claims 14 to 19 wherein said authentication unit is configured to store account and authentication information indicative of one or more financial institution accounts or credit card accounts.
21. A system according to any one of claims 14 to 20 wherein said account and authentication information includes information indicative of one or more of the following:
• Medicare account;
• Private health insurance account;
• Club memberships;
• Awards programmes;
• Driver's license; or
• Passport.
22. A system according to any one of claims 14 to 21 wherein:
in response to a request from said transaction terminal, said target device prompts a user to enter a password to access said information from said authentication unit; and
based on said user entering a correct password, said authentication unit provides access to said information for transfer to said transaction terminal through said encrypted wireless communication link.
23. A system according to any one of claims 14 to 22 wherein said encrypted communication link is established through a wireless communication protocol selected from Near Field Communication, Bluetooth, Wi-Fi or Radio-Frequency Identification (RFID).
24. A device for securely carrying out a transaction, the device including
a processor;
an interface to receive user input;
a display to output information visually; a wireless communication device for establishing an encrypted wireless communication link with a transaction terminal when said device is within a predetermined range of said transaction terminal; and
an authentication unit for securely storing account and authentication information, and providing access to said information in response to a request from said transaction terminal thereby to securely transfer said information between said device and said transaction terminal to carry out a secure transaction.
25. A device according to claim 24 further including a port configured to receive a unique data storage card to securely transfer said account and authentication information to said authentication unit.
26. A device according to claim 24 or claim 25 wherein said data storage card can only be used to transfer data once.
27. A device according to any one of claims 24 to 26 wherein said wireless communication device is capable of wirelessly receiving uploaded account and authentication information for storage on said authentication unit.
28. A device according to any one of claims 24 to 27 wherein said device is one of a mobile phone, personal digital assistant (PDA), a personal computer, an under-skin chip- unit or a wristwatch.
29. A device according to any one of claims 24 to 28 wherein said authentication unit is selectively removable from said device.
30. A device according to any one of claims 24 to 29 wherein said authentication unit is configured to store account and authentication information indicative of one or more financial institution accounts or credit card accounts.
31. A device according to any one of claims 24 to 30 wherein said account and authentication information includes information indicative of one or more of the following:
• Medicare account; • Private health insurance account;
• Club memberships;
• Awards programmes;
• Driver's license; or
• Passport.
32. A device according to any one of claims 24 to 31 wherein:
in response to a request from said transaction terminal, said device prompts a user to enter a password through said interface to access said information from said authentication unit; and
based on said user entering a correct password, said authentication unit provides access to said information for transfer to said transaction terminal through said encrypted wireless communication link.
33. A device according to any one of claims 24 to 32 wherein said encrypted communication link is established through a wireless communication protocol selected from Near Field Communication, Bluetooth, Wi-Fi or Radio-Frequency Identification (RFID).
34. A method, system or device for securely carrying out a transaction substantially as herein described with reference to any one of the embodiments of the invention illustrated in the accompanying drawings and/or examples.
PCT/AU2011/001302 2010-10-14 2011-10-13 Systems and methods of securely carrying out transactions WO2012048373A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AU2010904591 2010-10-14
AU2010904591A AU2010904591A0 (en) 2010-10-14 Novel method of integrating (linking) one or more special purpose designed devices with a target device - enabling easy and secure financial transactions
AU2011200063A AU2011200063B1 (en) 2010-10-14 2011-01-07 Systems and methods of securely carrying out transactions
AU2011200063 2011-01-07

Publications (1)

Publication Number Publication Date
WO2012048373A1 true WO2012048373A1 (en) 2012-04-19

Family

ID=45398560

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2011/001302 WO2012048373A1 (en) 2010-10-14 2011-10-13 Systems and methods of securely carrying out transactions

Country Status (2)

Country Link
AU (1) AU2011200063B1 (en)
WO (1) WO2012048373A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105074746A (en) * 2013-03-26 2015-11-18 邵通 Two-time near distance connection secure payment device, method, and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991749A (en) * 1996-09-11 1999-11-23 Morrill, Jr.; Paul H. Wireless telephony for collecting tolls, conducting financial transactions, and authorizing other activities
US20080167017A1 (en) * 2007-01-09 2008-07-10 Dave Wentker Mobile payment management
US20100049615A1 (en) * 2008-01-24 2010-02-25 Qualcomm Incorporated Mobile commerce authentication and authorization system
US20100051685A1 (en) * 2008-09-03 2010-03-04 First Data Corporation Enabling consumer choice on contactless transactions when using a dual-branded payment instrument

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003017128A1 (en) * 2001-08-13 2003-02-27 Exclaim Enterprises, Inc. Method and apparatus for electronic data sharing
US20030055785A1 (en) * 2001-09-20 2003-03-20 International Business Machines Corporation System and method for electronic wallet transactions
US7707113B1 (en) * 2007-09-28 2010-04-27 Sprint Communications Company L.P. Method and system for setting levels of electronic wallet security

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991749A (en) * 1996-09-11 1999-11-23 Morrill, Jr.; Paul H. Wireless telephony for collecting tolls, conducting financial transactions, and authorizing other activities
US20080167017A1 (en) * 2007-01-09 2008-07-10 Dave Wentker Mobile payment management
US20100049615A1 (en) * 2008-01-24 2010-02-25 Qualcomm Incorporated Mobile commerce authentication and authorization system
US20100051685A1 (en) * 2008-09-03 2010-03-04 First Data Corporation Enabling consumer choice on contactless transactions when using a dual-branded payment instrument

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105074746A (en) * 2013-03-26 2015-11-18 邵通 Two-time near distance connection secure payment device, method, and system

Also Published As

Publication number Publication date
AU2011200063B1 (en) 2011-06-23

Similar Documents

Publication Publication Date Title
US9904800B2 (en) Portable e-wallet and universal card
US20190303945A1 (en) Smartcard Payment System and Method
US10275758B2 (en) System for secure payment over a wireless communication network
US9177241B2 (en) Portable e-wallet and universal card
US9473295B2 (en) Virtual transportation point of sale
US20140164154A1 (en) Payment initiation and acceptance system
US20130024372A1 (en) Portable e-wallet and universal card
CN105493116A (en) Methods and systems for provisioning payment credentials
CN105593886A (en) Methods and apparatus for performing local transactions
AU2013289925A1 (en) Virtual transportation point of sale
US20170169424A1 (en) Delegation of transactions
US20190378115A1 (en) Electronic payment apparatus
WO2012048373A1 (en) Systems and methods of securely carrying out transactions
EP2873024B1 (en) Virtual transportation point of sale
Pourghomi et al. Cloud-based NFC Mobile Payments

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11831847

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11831847

Country of ref document: EP

Kind code of ref document: A1