WO2014120029A1 - Authentication method in a payment system with portable equipment - Google Patents

Authentication method in a payment system with portable equipment Download PDF

Info

Publication number
WO2014120029A1
WO2014120029A1 PCT/PL2013/000009 PL2013000009W WO2014120029A1 WO 2014120029 A1 WO2014120029 A1 WO 2014120029A1 PL 2013000009 W PL2013000009 W PL 2013000009W WO 2014120029 A1 WO2014120029 A1 WO 2014120029A1
Authority
WO
WIPO (PCT)
Prior art keywords
recipient
journalling
file system
user
server
Prior art date
Application number
PCT/PL2013/000009
Other languages
French (fr)
Inventor
Marcin SZARY
Krzysztof TOKARCZYK
Anna FUK
Original Assignee
Dco4Sp. Zo.O.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dco4Sp. Zo.O. filed Critical Dco4Sp. Zo.O.
Priority to PCT/PL2013/000009 priority Critical patent/WO2014120029A1/en
Publication of WO2014120029A1 publication Critical patent/WO2014120029A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Definitions

  • the subject of the invention is the authentication method in the payment system with portable equipment through the wireless data transmission with a portable communications device.
  • the current usable technology enables user identification wirelessly, with the use of many various technologies. These can be mobile phone interfaces or other specialised devices. Currently there are at least a few wireless methods of communication, which ensures adequate standards enabling secure user identification. These are Bluetooth, NFC, Wi-Fi, RFID technologies.
  • Wi-Fi is a popular technology which enables devices compatible with this technology to exchange data wirelessly using radio waves.
  • the wireless local area network (WLAN) is most frequently used, substituting wireless solutions used so far.
  • Devices using Wi-Fi solutions such as, for example, personal computers, smart phones, game consoles, tablets, TV sets, can connect to the Internet in this simple way through the wireless access point.
  • the range of such a solution (access point) is, approximately, up to 15-20 metres in a building and up to 100 metres in the open space without obstacles. The actual range is considerably dependent on the quality of the equipment used, the number of connected clients and the power which is used to transmit the signal.
  • access points can cover both small areas in buildings where walls block the signal considerably, as well as huge areas in the open space, where the radio waves propagation is not limited by terrain obstacles.
  • To connect the computer to the WiFi network it has to have a wireless interface.
  • the connection of the computer with the network controller is called a station.
  • all stations share the same frequency range.
  • the transmission in this channel is received by all the stations.
  • Wi-Fi networks are broadcast stations.
  • Wi-Fi devices can connect with the Internet when they are in the range of the network connected to the Internet.
  • the range of one or more connected access points (hotspots) may cover a few rooms or a few square kilometres. For the bigger areas, the range is realised by the groups of hotspots with their ranges overlapping.
  • wireless networks are used in houses, streets, and public places. Bigger shopping centres and airports offer free Internet access to make their offer more interesting and attract more clients. Free Wi-Fi access also drives advertising of many companies. Internet access is also often gained by routers with DSL or cable modems. Lately, portable access points have become very popular and they are routers which make the Internet available by the mobile networks used for that purpose. Also, newer GSM phones make it possible to create their own AP (access point). ; ;
  • Wi-Fi networks In many cities municipal Wi-Fi networks have been created and they include all agglomerations in their range. Similar things are done by universities in their dormitories. It is a relatively cheap way of Internet distribution in the area where cabling would be extremely expensive. There is also a WiFi implementation where computers connect each other, without the need for an access point. This type of communication was called ad-hoc Wi-Fi transmission. This functionality is used by smaller, portable devices for a data exchange. Also some phones use this kind of wireless communication to make the Internet available to other devices (e.g. iPhone), becoming hotspots. Wi-Fi allows a simple, uncomplicated and at the same time cheap implementation of the LAN network.
  • Wi-Fi devices will work all over the world. Also all devices with the "Wi-Fi Certified" logo awarded by Wi-Fi Alliance will be compatible with each other and are reversely compatible. Prepared individual developments of the 802.11 standard make it possible to improve the security and at the same time to increase the security of the data sent.
  • the 802.11 ⁇ standard is the first to be able to double the wireless network range.
  • the next modification influencing the range are aerials.
  • By using dedicated radiators it is possible to increase its value until the level defined by the local radio- communication law concerning the maximum broadcasting power for the needs of amateur needs. All of that requires considerable levels of energy needs.
  • Wi-Fi uses relatively high amounts of energy.
  • other solutions do not offer such a big range.
  • Production use of WLAN is limited to wireless readers, electric vehicles, with the limitation to small spaces.
  • WEP protocol Wired Equivalent Privacy
  • the security is achieved with the use of a shared ciphering key of the length of 10 or 104 bits.
  • WEP security is the simplest protection offered in WLAN networks. With the big load of the network (and the possibility of taking a big number of samples for analysis) a faster computer can break the ciphering in 30 minutes.
  • WPA protocol is an enhanced WEP version. It was established as a transitory version between WPA2 and WEP because it implements a permanent ciphering key change. Most network cards and access points compatible with WEP, also operate WPA. It allowed for the increase of security without the need for the equipment change.
  • WPA protocol can use the enterprise mode - which uses the RADIUS server, which assigns keys to suitable users, or the personal mode, which does not divide the keys into particular users but all the connected stations use one shared key (PSK - Pre-Shared Key)
  • WPA/WPA2 security very often the combinations of procedures are used, such as: filtering MAC addresses (an access point has a list of stations which are to have access to the WLAN network ensured), isolation of working stations (working stations are isolated from each other so that they cannot "see” each other), using VPN for movement (each client is treated as a remote VPN client and his/her movement to the access point is encrypted in the tunnel), hiding the name of the access point (this method is used to impede exposure of the SSID name).
  • filtering MAC addresses an access point has a list of stations which are to have access to the WLAN network ensured
  • isolation of working stations working stations are isolated from each other so that they cannot "see” each other
  • VPN for movement each client is treated as a remote VPN client and his/her movement to the access point is encrypted in the tunnel
  • hiding the name of the access point this method is used to impede exposure of the SSID name).
  • the components of the WLAN network are:
  • Bridges of wireless network Their task is to connect traditional network with the wireless one.
  • An access point is different from the bridge in that it works on the data surface.
  • Bridges are used when two localisations of the traditional computer network should be connected, for example two office buildings, by the use of the radio network without using cables.
  • multipliers of signals are used to increase the range of wireless networks. Their task is to eliminate "dead" points in WLAN range or lengthening the range in specified points.
  • NFC Near Field Communication system
  • NFC system for a secure data exchange between devices is known from many patent descriptions, among others from: EP1938242, EP1851865, EP2169924, EP1958470, EP2203835, EP1729253.
  • EP2203834 we know of a system of managing application data in NFC system which is implemented in a portable object which is a GSM phone and in contactless data transmission.
  • the method includes stages of creating internal application data in response to the appearance of the internal event in NFC system and delivering internal application data to the processor host of the NFC system.
  • Authentication happens through the authentication data transmission by the NFC interface by the module controlling the NFC scanner. Not until there is positive authorisation from the NFC does the NFC scanner enable the access to the data from NFC. To decrypt in the central module there is an electronic key stored and available to be used for the identification connected with the encrypted data.
  • NFC devices can be used as contactless payment systems, concurrent with the ones currently used in credit cards and electronic loyalty cards, making it possible for the mobile payments to be replaced by or to coexist with the above-mentioned solutions.
  • Today NFC implementations can be used in the following cases: to send images to be printed or displayed, to pay by holding the phone with the built in NFC near the NFC reader, to exchange information (about meetings, business cards etc.) through identification offered by NFC, to realise access systems through validation of an access code and/or an access key, to confirm identity, as two-factor authentication, with more advanced methods of data transmission by Bluetooth or Wi-Fi, to identify identification documents within a small range (in order to ensure data protection) and to support encrypting transmission of the data sent, safer than RFID.
  • NFC is a set of short distance wireless technologies operating within the distances of two inches or fewer.
  • An initiator and a target device are always engaged in the transmission.
  • the initiator generates electromagnetic field which powers a passive target device. It enables the implementation of NFC in the form of simple devices (object forms) which do not need their own separate power supply. These can be stickers, labels, key rings, cards in the form of payment cards.
  • NFC labels contain data and usually are "read only” type, but they can also be writeable. The can be written with unique client data or use the NFC Forum specification, which is being developed by an organisation which takes care of the NFC standard development. Labels enable secure storage of personal data such as: debit and credit card information, loyalty programs data, access codes and so on. NFC Forum defines four types of labels regarding the communication speed:
  • the initiator makes the magnetic field of a specified carrier frequency available.
  • a target device responds by changing (modulating) the current magnetic field.
  • the target device takes energy indispensable for acting from the field generated by the initiator.
  • both the initiator and the target device separately create their own magnetic fields.
  • the device switches off its field when it is waiting for the data. In this case there is a need for both devices to have chargers.
  • the NFC system uses two different coding modes. If an active device transmits the data with the speed of 106 kb/s, a modified Miller's coding is used, in other cases Manchester coding is used, used among others in the Ethernet network.
  • NFC devices can at the same time send and receive data. They can also discover possible collisions of signals.
  • the unquestionable disadvantage of NFC is the situation when the owner loses the label (card or telephone). None prevents the finder from using the device as if they were the user.
  • the mobile phone can be protected with the PIN 1 access code, but a normal card does not have such a functionality.
  • NFC solutions are perfect for a simple user identification.
  • the standard itself does not supply such perfect protection that the critical systems are effectively and sufficiently secured. It is sufficient for product identification, loyalty cards and small money transactions.
  • the NFC tag may be encoded in a variety of standards, including but not limited to ISO/IEC 14443 (both Type A and Type B), various MIFARE implementations, and FeliCa.
  • the electronic device provides inductive power to the NFC tag.
  • the NFC tag responds with a static Universal Resource Indicator (URI) which is encoded in such a way as to launch a special purpose application on the electronic device.
  • URI Universal Resource Indicator
  • the URI also contains an identifier string unique to each tag.
  • the same URI can be encoded in the form of a Quick Response (QR) code onto the surface of the tag.
  • QR Quick Response
  • the act of reading the tag will trigger the device to launch the application, passing the unique string as a parameter.
  • the application then passes the user id, password hash, and unique identifier string to a cloud service.
  • the cloud service validates the information, and performs an action associated with the unique tag identifier, or based on a command issued by a user as input on the portable electronic device.
  • the action or command is performed on a lock or lock server associated with the tag identifier to actuate the door lock.
  • the server sends a confirmation of the action performed to the electronic device.
  • An alternate embodiment of the process represented with camera enabled portable electronic device reading a Quick Response (QR) code instead of reading the URI through NFC.
  • QR Quick Response
  • the user launches a QR code reader application, scans the QR code, the application parses the code as a URI and the application acts accordingly to actuate the lock using a unique identifier embedded in the QR code.
  • WO2012151660 and WO2012151684 we know of Mobile Image Payment System or environment that includes the consumer environment from which the consumer encounters the OMRI 200 and interacts with the OMRI 200 using their computer device (e.g. desktop computer, mobile device, etc.) via the transaction application.
  • the environment also has the merchant operating their computer device (e.g. a merchant computer system including one or more servers, one or more desktop computers, one or more point of sale (POS) terminals, and/or one or more mobile devices), who requests generation of the OMRI 200 to include product data, merchant data and/or transaction data (further described below) from the transaction service.
  • POS point of sale
  • the merchant can make the OMRI 200 available in the consumer environment for subsequent access by the consumer and/or can send the OMRI 200 directly to the computer device of the consumer via the communications network.
  • the merchant can also instruct the transaction service to send the OMRI 200 directly to the computer device of the consumer via the communications network.
  • the communications network can be one or more networks, for example such as but not limited to: the Internet; an extranet; and/or an intranet. Further, the communications network can be a wired or wireless network. It is also recognized that network messages (between the various devices and a transaction system) can be communicated via short range wireless communication protocols such as but not limited to Bluetooth TM, infrared (IR), radio frequency (RF), near field communication (NFC) and/or by long range communication protocols (e.g. HTTP, HTTPS, etc.), in view of the type of electronic communication required between any pair of devices and the system. For example, the devices could communicate with one another using short range Bluetooth TM communications while the devices either could communicate with one another using long range HTTP or HTTPS based communications.
  • WO2012151685 the split mobile payment system is presented which makes use of a mobile payment application ("MPA") in the form of a software application which runs on the Consumer's Mobile Device.
  • the MPA may come pre-installed on the Mobile Device and/or may be downloaded on to the Mobile Device.
  • the MPA is configured to be able to communicate with the Payment Platform via the Internet using the Mobile Device's web-enabled functionality.
  • the merchant's Point of Sale Payment Application (“PPA" - the software application running on the merchant's POS system or network, and used to facilitate POS transactions) is also configured to be able to communicate with a Payment Platform either via the Internet or via a dedicated connection. It is contemplated that such communications will include security features such as data encryption, as necessary.
  • the MPA communicates the Consumer's Payment Account Identifier (which is used to identify to the Payment Platform, the Consumer's Payment Account that the funds are to be transferred from to pay the merchant) to the merchant's PPA, which the PPA will pass on to the Payment Platform. It is contemplated that several mechanisms can be used to communicate such Payment Account Identifier to the PPA. In one embodiment, the use of what shall be referred to herein as "Image Technology" contemplates that the Payment Account Identifier be in the form of a 1-D (linear) bar code, 2-D bar code, hologram or the like (which for ease of reference will generally be referred to herein, as a bar code).
  • the bar code is displayed on the screen display of the Consumer's Mobile Device, and presented to the merchant to be scanned (e.g., through a PPA Terminal).
  • Transportting Technology contemplates that the Payment Account Identifier or information identifying the Consumer's Payment Account (“Payment Account Identifying Information”) will simply be transmitted from the Consumer's Mobile Device to the PPA using such Transmitting Technology (i.e. NFC, Bluetooth, Infrared or other similar short-range, communication technology).
  • the merchant's PPA will be suitably equipped to receive such communication from the MPA/Mobile Device. It is contemplated that such communications will be suitably encrypted.
  • Consumer's Payment Account to the Payment Service Platform via the merchant terminal can involve the transmission of the Consumer's Payment Account Identifying Information from the Mobile Device (i.e. via the payment application) to the merchant terminal (i.e. via the merchant application) using NFC, Bluetooth, Infrared or other similar short-range, communication technology.
  • an operator of the PCD 100 may desire to purchase one or more products/services that may be scanned with a product scanner. Prior to or in parallel to the operation of scanning products with the product scanner, the operator of the PCD 100 may retrieve the unique terminal identifier and the merchant identifier associated with the tag which is affixed to the ECR of the Merchant POS system. The operator of the PCD may retrieve the data from the tag by scanning the tag with the camera or with a near-fieldcommunication ("NFC") antenna. The image being scanned by the camera may comprise one of the tags.
  • NFC near-fieldcommunication
  • the tag may comprise machine-readable data such as a two- dimensional bar code that contains a unique identifier associated with a particular electronic cash register and a particular merchant.
  • the 2-D bar code may include, but is not limited to, the following symbologies: Aztec Code, 3-DI, ArrayTag, Small Aztec Code, Chromatic Alphabet, Chromocode, Codablock, Code 1 , Code 16K, Code 49, ColorCode, Compact Matrix Code, CP Code, CyberCode, d-touch, DataGlyphs, Datamatrix, Datastrip Code, Dot Code A, EZcode, Grid Matrix Code, High Capacity Color Bar code, HueCode, INTACTA.CODE, InterCode, MaxiCode, mCode, MiniCode, Micro PDF417, MMCC, Nintendo e-Reader#Dot code, Optar, PaperDisk, PDF417, PDMark, QR Code, QuickMark Code, Semacode, SmartCode, Snowflake Code, ShotCode, SuperCode
  • a one dimensional bar code may be employed to provide the unique electronic cash register identifier and the unique identifier associated with the merchant.
  • Exemplary one-dimensional bar codes may include, but are not limited to, U.P.C., Codabar, Code 25 - Non- interleaved 2 of 5, Code 25 - Interleaved 2 of 5, Code 39, Code 93, Code 128, Code 128A, Code 128B, Code 128C, Code 11 , CPC Binary, DUN 14, EAN 2, EAN 5, EAN 8, EAN 13, Facing Identification Mark, GS 1-128 (formerly known as UCC/EAN-128), GS 1 DataBar formerly Reduced Space Symbology ("RSS"), HIBC (HIBCC Bar Code Standard), ITF- 14, Latent image bar code, Pharmacode, Plessey, PLANET, POSTNET, Intelligent Mail Bar code, MSI, PostBar, RM4SCC / KIX, JAN, and Telepen.
  • U.P.C. Codabar
  • machine readable codes for retrieving the unique identifiers associated with the electronic cash register and merchant are well within the scope of the invention such as contactless or wireless communication methods such as near- field communications (NFCs) used with smart cards and RF-ID cards as understood by one of ordinary skill in the art.
  • NFCs near- field communications
  • the operator of the PCD may key-in a human-readable code associated with the unique identifier of the electronic cash register and the merchant.
  • the central mobile payment controller may communicate with the merchant enterprise system for receiving product scan data generated by the product scanner.
  • the personal identification number (“PIN”) module allows the operator to change his or her PIN as understood by one of ordinary skill in the art.
  • the locations module supports a function in which the PCD may display the closest merchants who support the PCD payment features.
  • the NFC tap module allows an operator to activate NFC functionality of the PCD.
  • the search module allows an operator to search for specific transactions that were made using the PCD.
  • the show map module may support functions such as a geographical map relative to the location of the PCD as well as maps of building plans for merchants who support payments with the PCD.
  • RFID label can be placed and used for monitoring and managing of goods, valuable things, animals or people.
  • it has many advantages. It does not need to be clearly visible and it is possible to read hundreds of RFID labels at the same time. This is impossible in the case of bar codes.
  • Various RFID implementations can be used in order to: check access, trace people and animals, trace goods, tolls and contactless payments, trace luggage at the airports. The number of applications depends on the user's creativity. It should be kept in mind, though, that it is a very primitive system offering very basic functionalities.
  • RFID works on the basis of identification made by the radio by the use of labels or stickers placed on objects which are to be identified.
  • the signal transmitter known as a reader, sends a signal to a label and reads its response. Then the reader sends the result into the computer or software in order for it to be analysed further.
  • the information is stored in an electronic form as an unbreakable memory content.
  • RFID labels contain a little transmitter which is a transmitter and receiver at the same time.
  • the reader sends a radio signal to the label and questions it. After receiving the message, the response with the identification data happens, which can be a unique serial number of the label, data specific to the marked product such as the production date, product name, series number etc.
  • the labels can be passive, battery assisted passive (BAP) or active.
  • BAP labels use a small battery placed on the board which is activated the moment it is awakened by the RFID reader. Obviously, passive labels are cheaper and smaller because of their much simpler construction and there is no need for the battery. However, the labels use reader energy instead. It must be situated close enough to provide a sufficient level of transmitted power. Because labels can have unique numbers, RFID system can differentiate between many labels which can appear within the reader range and can read them all at the same time. Labels can be of a type read-only and also have a serial number which can be linked to the records in the the database or may be of the overwrite type where the user decides about the values defined by himself/herself.
  • RFID labels consist of at least two parts: an aerial for sending and receiving signals and an integrated circuit whose task is to store and process information, decode and code the signals received, transform the energy from the radio waves generated by the reader.
  • Readers usually have a very specified range distance into which they can read labels. This enables them to define areas of read and limit distances which crossing makes reading impossible.
  • a great RFID labels' advantage is their small size.
  • RFID labels were placed on insects. In subsequent miniaturisation stages it was possible to achieve sizes of the hundredths of millimetres. It causes the miniaturization of the aerials integrated with the devices, and, consequently, decreasing the range of activity of the label-reader pair.
  • the presented solutions were used, among others, in the mobile phones communication. Solutions in the form of a microSD card have appeared, which can be a passive label, but after being put into the phone and charged by the card reader, can become an RFID reader.
  • the solutions of using RFID labels have also been implemented by Nokia in a few makes of phones of this company.
  • RFID labels solutions have been implemented in various logistic systems, storing systems and access control, and among others to: tag fixed assets in companies and products on shop shelves, mark parts of a large number of elements of a bigger product to unambiguously interpret their origins and destination, especially in enterprises where because of a large number of parts, an average worker is not able to determine the use of all the construction elements of a bigger machine or a vehicle; anti-theft protections in the shape of labels of books, clothes and other, especially more expensive, products which can be found on shop shelves, access control, in which RFID labels exchanged old, often failing magnetic cards, with the simultaneous elimination of magnetic readers in comparison to which RFID label readers do not require physical contact, minimising the risk of damaging the card or the reader; in transport and logistics, where because of the high speed of reading, the standard found its place with labelling the packages, to secure identification documents, making it difficult to forge them, tolls, e.g.
  • RFID labels as a form of prepaid tickets in public transport, which reduces queues at ticket offices and decreases distribution costs; animal and people identification, where some implants have been implemented to make it possible to identify lost pets and people, managing large herds of farm animals and, in case of people, to identify permanent clients of bars and other places.
  • Authentication with the help of any technologies presented above needs determining the rules on which the authentication will take place.
  • the equipment layer does not ensure the right level of security. It is necessary to determine a set of procedures, especially a user's guide, of the constructed implementation. Regardless of whether the protections are achieved through the encrypted wireless transmission or by using some different options, it seems necessary to establish the centre which could be a registration centre at the same time.
  • connection authorisation Assigning a unique number in the system to a unique equipment identification (label, MAC address of the network interface) will be called the connection authorisation.
  • a given device e.g. it can be a Bluetooth interface of a mobile phone
  • they will be subordinate to the authorisation:
  • Ethernet device Media Access Control
  • the Ethernet device Media Access Control
  • the first 24 bits describe the producer of the serial card, the other 24 bits are a unique identifier of a given copy of the card.
  • MAC address occurs in the case of every Ethernet interface. It is a consistent address for all serial cards and includes the wired and wireless connections
  • the registration in the authentication centre will start with reading wirelessly a unique identifier of the device which will be used by the user. Next, it will be linked with a unique number in the system. The next step will make it possible to get the powers to do things possible in a given system and planned for this specific user.
  • the identification method using a device which communicates wirelessly helps simplify and speed up entering the data into the resources gathered in the IT systems, but it is not personal data in the sense of the legal regulations but it is about saving into the user's account the results of a given activity.
  • the NFC transmitter allows: loading the information, direct cash payments, access control, controlling functions, authentication in the Internet auctions, bets and transactions, and above all for RFID-tag identification of valuable objects, electronic devices and their parts etc., from GSM on the basis of a website or balancing the account.
  • the device allows authenticating various operations from the platform of a mobile telephone equipped with the papillary lines sensor or through the function of mobile video in the user's phone.
  • Known seamless technology is a mobile phone payment and transaction service using QR codes on the front-end and Seamless proven transaction server on the back- end.
  • Technology is the only fully-integrated mobile phone payment solution handling the entire transaction chain, from customer through to settlement.
  • the cashier sends the sum payable to the SEQR transaction switch.
  • the customer scans the unique QR code on the cashier and sends the merchant ID to the SEQR transaction switch.
  • the customer receives a payment request on his mobile phone, and is asked to approve the amount.
  • the customer confirms the amount to be paid by entering their personal four digit pin code.
  • the banks verify the information and processes the transaction.
  • the SEQR transaction switch confirms the transaction to the cashier and the customer.
  • the essence of the invention is that the information package A ft from the NFC label of the recipient through a user's portable device is sent to the memory segment of the server assigned to the recipient in the journalling file system and after adding the data from the terminal of the recipient, it is sent back to the user's portable device, who sends the full information package A to the bank server of the user, after which in the bank server of the user the entry of the ordered operation is made in the segment of the user's memory and in the memory segment assigned to the journalling file system, wherein with the help of the server of the journalling file system systematically in the time shorter than every 5 seconds the entries are checked in the memory segment of the bank server assigned to the journalling file system and then the information package B is created, which with the help of the server of the journalling file system is sent to the bank server of the recipient, there the entries of the ordered operation are made in the memory segment assigned to the recipient and in the memory segment assigned to the journalling file system and preferably the information package BO with the help of the server of the journalling file system is sent to
  • the encrypted information package from the NFC label of the recipient is preferably decrypted with the public key of the asymmetric cryptography in the opened application of the user's portable device.
  • the information package is sent to the memory segment of assigned to the recipient in a decrypted form or partially encrypted form.
  • the information package from the NFC label is sent to the journalling file system in the form of a unique set of characters.
  • An advantage of the solution according to the invention is increasing the speed of the secure authentication of the data transmission between the computer system, especially an isolated journalling file system, and a personal portable communications device, whose MAC address is the identifier in the bank's computer system.
  • a customer usually has their telephone with them in every situation as a portable communications device.
  • the authentication method in the payment system with portable equipment through the wireless data transmission between a user's portable communications device with the NFC module of the confirming user, an NFC label of the recipient, from which the information package is collected, and an isolated computer journalling file system in communication with the recipient's computer system equipped with the payment terminal of the recipient, from which the data in a digital form are obtained and sent to the bank server, where the entry of the operation is made in the memory segments dedicated to the recipient and the user, the condition of the entries is checked and the response from the server of journalling file system is sent to the payment terminal.
  • the information package A 0 is sent from the NFC label through the user's portable device to the server's memory segment assigned to the recipient in the journalling file system.
  • the user's portable device After adding the data from the terminal of the recipient, it is sent back to the user's portable device, who sends the full information package A to the bank server of the user.
  • the entry of the ordered operation is made in the segment of the user memory and in the memory segment assigned to the journalling file system.
  • the entries With the help of the server of the journalling file system systematically in the time shorter than every 5 seconds the entries are checked in the memory segment of the bank server assigned to the journalling file system.
  • the information package B is created, which with the help of the server of the journalling file system is sent to the bank server of the recipient.
  • the entries of the ordered operation are made in the memory segment assigned to the recipient and in the memory segment assigned to the journalling file system.
  • the information package BO with the help of the server of the journalling file system is sent to the recipient's terminal.
  • the encrypted information package from the NFC label of the recipient is used and is decrypted with the public key of the asymmetric cryptography in the opened application of the user's portable device.
  • the information package is sent to the memory segment assigned to the recipient in a decrypted form or partially encrypted form.
  • the security increase for the information package from the NFC label is achieved by writing it in the form of a unique set of characters, which is sent to the journalling file system. The invention is presented below in the form of implementation.
  • the user's phone equipped with the NFC module and a payment application that is a programme placed in the phone's memory card and processed by the processor of the portable device of the user, makes it possible to pay fast after bringing it close to the NFC label presented, for example, by the merchant, which contains all the data needed to order a classic money transfer.
  • the NFC label used in a passive form that is, it possesses 'hard-coded' data needed for the transfer, which we usually enter into the template of a money transfer - that is the recipient's account number, the recipient's name, the transfer title.
  • the customer when he or she scans the NFC label, emulates manual entering of all the data needed for the transfer, fills in the sum of money and orders the transfer of the money.
  • the recipient's bank account number is in reality the number belonging to the billing agent (called here smoopay), but all the payments coming through the account are identified as owed to the final recipient.
  • the data in the label are encrypted with the use of the asymmetric cryptography, and the public key, being the pair to the secret private key, with which the information was encrypted in the label, is available from the level of the mobile application, therefore to the bank module of the application responsible for the money transfer the information gets in the decrypted form.
  • NFC label in an active form means that a unique and unpredictable identifier is entered into the tag, which in itself does not contain any key data for the money transfer and is only a unique identifier for the journalling file system, and when it is sent through the mobile application, it results in receiving the data needed for the money transfer, such as the recipient's account number, the recipient's name, the money transfer title, optionally the sum of money to be transferred.
  • the flexibility of an active label means that it does not need to be 'hard-coded' because it is only a reference to the network resources which can be modified in any moment, for example by setting the sum from the level of the point of sales. The customer receives then the full set of information, including the sum of the transaction, therefore he or she authenticates only the money transfer.
  • the user with the use of a portable device receives the information package A Q from the NFC label of the recipient and together with the information about their own individual device sends it to the server's memory segment assigned to the recipient in the journalling file system.
  • the information package is sent back to the user's portable device, who sends the full information A package to the bank server of the user, about which the information is written in the memory of the user's portable device.
  • the entry of the ordered operation is made in the segment of the user memory and in the memory segment assigned to the journalling file system.
  • the recordings are checked in the memory segment of the bank server assigned to the journalling file system.
  • the information package B is created and is sent to the bank server of the recipient.
  • the entries of the ordered operation are made in the memory segment assigned to the recipient and in the memory segment assigned to the journalling file system.
  • the information package B 0 about the authentication and doing the operation is sent to the recipient's terminal.
  • the encrypted information package from the NFC label of the recipient is used and is decrypted with the public key of the asymmetric cryptography in the opened application of the user's portable device.
  • the information package is sent to the memory segment assigned to the recipient in an decrypted form or partially encrypted form.
  • the security increase for the information package from the NFC label is achieved by writing it in the form of a unique set of characters, for example discourse$%&n$%&n$ &n$%&" which is sent to the journalling file system.
  • the NFC technology is used in such a way to securely and above all quickly make a "classical" money transfer between two accounts of the same bank, by automating entering the data indispensable for such a transfer. This process done manually takes so long that it would be impossible to use this model of payment in commercial conditions.

Abstract

The subject of the invention is the authentication method in the payment system with portable equipment through the wireless data transmission between a portable communications device with the NFC module of the confirming user, an NFC label of the recipient, from which the information package is collected, and an isolated computer journalling file system in communication with the recipient's computer system equipped with the payment terminal of the recipient, from which the data in a digital form are received and sent to the bank server, where the operation entry is made in the memory segments dedicated to the recipient and the user, the condition of the entries is checked and the response from the server of journalling file system is sent to the payment terminal, characterised in that the information package A0 is sent from the NFC label through the user's portable device to the server's memory segment assigned to the recipient in the journalling file system and after adding the data from the terminal of the recipient, it is sent back to the user's portable device, who sends the full information package A to the bank server of the user, after which in the bank server of the user the entry of the ordered operation is made in the segment of the user memory and in the memory segment assigned to the journalling file system, wherein with the help of the server of the journalling file system systematically in the time shorter than every 5 seconds the entries are checked in the memory segment of the bank server assigned to the journalling file system and then the information package B is created, which with the help of the server of the journalling file system is sent to the bank server of the recipient; there the entries of the ordered operation are made in the memory segment assigned to the recipient and in the memory segment assigned to the journalling file system and preferably the information package B0 with the help of the server of the journalling file system is sent to the recipient's terminal. Preferably, the encrypted information package from the NFC label of the recipient is decrypted with the public key of the asymmetric cryptography in the opened application of the user's portable device. The information package is sent to the memory segment of the server assigned to the recipient in a decrypted form or partially encrypted form. Optionally, the information package from the NFC label is sent to the journalling file system in the form of a unique set of characters.

Description

AUTHENTICATION METHOD IN A PAYMENT SYSTEM WITH PORTABLE
EQUIPMENT
The subject of the invention is the authentication method in the payment system with portable equipment through the wireless data transmission with a portable communications device.
Mobile phones, or speaking more generally, portable devices, thanks to the technological development, show the efficiency which allows starting advanced applications so far possible only on portable computers. The sophistication of these devices allows the user to access the Internet almost without limits, and thanks to the quickly growing market for mobile applications, to use it for various everyday activities such as looking through newspapers, internet articles, social networks, managing the calendar and email, watching/listening to multimedia files. In short, a mobile phone is becoming an indispensable and inherent tool in everyday life. One of the areas where portable devices can find their application is the market of cashless transactions. In this case, apart from the users of portable devices, the other side of the cashless transaction, merchants, should be mentioned. They make demands from the new technologies of the transactions, such as improving the effectiveness of operations, reducing costs and increasing the security.
The current usable technology enables user identification wirelessly, with the use of many various technologies. These can be mobile phone interfaces or other specialised devices. Currently there are at least a few wireless methods of communication, which ensures adequate standards enabling secure user identification. These are Bluetooth, NFC, Wi-Fi, RFID technologies.
The methods of information exchange between the moving end device of the user and stationary transceiver within the range of the reception of the radio receivers of close range, are known from WO 02/078381 A 1 , US 20030114104A1 and US
200301 10216A1 descriptions, wherein the devices in the reception range are identified in relation to their manufacturers and types of devices and on the basis of this identification the chosen materials are sent in the reception area.
In the patent description EP 1819106 the method of exchanging information between the moving user's end device, especially a mobile phone, PDA, pocket computer or portable PC, netbook from the collection of these end devices, and, preferably, the whole stationary transceiver is described, wherein the information exchange depends on the user's manipulation, which enables the transceiver to transmit the information from the transceiver to the specific mobile end transmitting device, so that the acceptance sphere, within the range of the transceiver in the distance independent of the X distance from the transceiver, is established, wherein the transmission of the information from the transceiver of the mobile end device happens depending on the relation between the X distance and the Y distance of the mobile end device from the transceiver, and thanks to the tagging used, it is possible for the user to identify the presence of the mobile device in the acceptance area; using the sensor of the level of the transceiver, the radio level of the mobile end device is determined within the range of the transceiver, the limit value of the level is assigned, which matches the X distance and with the use of the analysing unit of the transceiver there appears an indication if the measured actual value of the radio level exceeds the back value of the level or not. The X distance is derived from the radio-technical parameters of the mobile end devices. The radio-technical parameter is the level of intensity of the radio field of the mobile end device, which is measured in the transceiver.
Wi-Fi is a popular technology which enables devices compatible with this technology to exchange data wirelessly using radio waves. The wireless local area network (WLAN) is most frequently used, substituting wireless solutions used so far. Devices using Wi-Fi solutions such as, for example, personal computers, smart phones, game consoles, tablets, TV sets, can connect to the Internet in this simple way through the wireless access point. The range of such a solution (access point) is, approximately, up to 15-20 metres in a building and up to 100 metres in the open space without obstacles. The actual range is considerably dependent on the quality of the equipment used, the number of connected clients and the power which is used to transmit the signal. Thanks to that, access points can cover both small areas in buildings where walls block the signal considerably, as well as huge areas in the open space, where the radio waves propagation is not limited by terrain obstacles. To connect the computer to the WiFi network, it has to have a wireless interface. The connection of the computer with the network controller is called a station. Within the network, all stations share the same frequency range. The transmission in this channel is received by all the stations. For this reason, Wi-Fi networks are broadcast stations. Wi-Fi devices can connect with the Internet when they are in the range of the network connected to the Internet. The range of one or more connected access points (hotspots) may cover a few rooms or a few square kilometres. For the bigger areas, the range is realised by the groups of hotspots with their ranges overlapping. At present, wireless networks are used in houses, streets, and public places. Bigger shopping centres and airports offer free Internet access to make their offer more interesting and attract more clients. Free Wi-Fi access also drives advertising of many companies. Internet access is also often gained by routers with DSL or cable modems. Lately, portable access points have become very popular and they are routers which make the Internet available by the mobile networks used for that purpose. Also, newer GSM phones make it possible to create their own AP (access point). ; ;
In many cities municipal Wi-Fi networks have been created and they include all agglomerations in their range. Similar things are done by universities in their dormitories. It is a relatively cheap way of Internet distribution in the area where cabling would be extremely expensive. There is also a WiFi implementation where computers connect each other, without the need for an access point. This type of communication was called ad-hoc Wi-Fi transmission. This functionality is used by smaller, portable devices for a data exchange. Also some phones use this kind of wireless communication to make the Internet available to other devices (e.g. iPhone), becoming hotspots. Wi-Fi allows a simple, uncomplicated and at the same time cheap implementation of the LAN network. There are many places where, because of technical (open spaces) and aesthetic aspects (historical monuments), wireless networks are the only option for providing communication between computer systems. Because of the popularization of the standard, today the price of electronic things allowing the use of the benefits of WLAN is low, so most of the devices are equipped with network cards. Contrary to mobile phones, Wi-Fi devices will work all over the world. Also all devices with the "Wi-Fi Certified" logo awarded by Wi-Fi Alliance will be compatible with each other and are reversely compatible. Prepared individual developments of the 802.11 standard make it possible to improve the security and at the same time to increase the security of the data sent.
Some limitation is created by the fact that awarded frequency ranges are not consistent all over the world. Generally, in Europe there are 13 channels available, in the USA 11 , and Japan allows the existence of 14 channels in the 2,4 GHz range. Besides, in Europe the power of the signal is limited to 100 mW. W-Fi network range is also limited. An average hotspot (802.11 b/g) with average aerials has the range of about 30 metres inside buildings and about 100 metres in the open space.
The 802.11η standard is the first to be able to double the wireless network range. The next modification influencing the range are aerials. By using dedicated radiators it is possible to increase its value until the level defined by the local radio- communication law concerning the maximum broadcasting power for the needs of amateur needs. All of that requires considerable levels of energy needs. In comparison with other solutions, e.g. Bluetooth, Wi-Fi uses relatively high amounts of energy. However, other solutions do not offer such a big range. Production use of WLAN is limited to wireless readers, electric vehicles, with the limitation to small spaces.
We can distinguish a few standards of wirelesss networks:
- 802.11a - speed up to 54 Mb/s, frequency 5 GHz;
- 802.1 lb - speed up to 11 Mb/s, frequency 2,4 GHz, the range in buildings 30 m, in the open space up to 120 m;
- 802.1 lg - speed up to 54 Mb/s, frequency 2,4 GHz with the range similar to 802.11b but it is more prone to disruptions;
- 802.1 In - speed up to 300 Mb/s, frequency 5 GHz.
- 802.1 lac - speed up to 6 Gb/s, frequency 5 GHz.
Nowadays the most frequently used is the 802.1 lg standard. For industrial applications and popular hotspots it is 802.11 b, because nowadays only this standard guarantees that it will be operated by every WLAN interface. At first it was a big problem to ensure appropriate protection for wireless networks. A few security implementations have been designed:
- WEP protocol (Wired Equivalent Privacy). In this case the security is achieved with the use of a shared ciphering key of the length of 10 or 104 bits. Currently WEP security is the simplest protection offered in WLAN networks. With the big load of the network (and the possibility of taking a big number of samples for analysis) a faster computer can break the ciphering in 30 minutes.
- WPA protocol is an enhanced WEP version. It was established as a transitory version between WPA2 and WEP because it implements a permanent ciphering key change. Most network cards and access points compatible with WEP, also operate WPA. It allowed for the increase of security without the need for the equipment change. WPA protocol can use the enterprise mode - which uses the RADIUS server, which assigns keys to suitable users, or the personal mode, which does not divide the keys into particular users but all the connected stations use one shared key (PSK - Pre-Shared Key)
Apart from the above-mentioned WEP, WPA/WPA2 security, very often the combinations of procedures are used, such as: filtering MAC addresses (an access point has a list of stations which are to have access to the WLAN network ensured), isolation of working stations (working stations are isolated from each other so that they cannot "see" each other), using VPN for movement (each client is treated as a remote VPN client and his/her movement to the access point is encrypted in the tunnel), hiding the name of the access point (this method is used to impede exposure of the SSID name).
Using the combination of the protections increases the level of the transmission's security. It is quite inconvenient and can be applied rather when the clients often connect to the specified AP (Access Point), because it does not force the reconfiguration of the access point with every new WLAN station.
The components of the WLAN network are:
- Wireless Access Point (WAP), whose task is to separate the wireless signal received by the cable. It ensures the connection of wired stations with the wireless ones. From the point of view of the network topography, WAP is a hub (signal distributor) and at the same time the signal converter form the wired into the wireless and vice versa;
- wireless interface, whose task is to ensure the connection with the wireless network. Usually they are connected as, PCI expansion, miniPCI, USB, Express Card. Nowadays most devices have them built in their motherboard;
- wireless routers, which unite functionalities of WAP, switch and router ensuring forwarding of the signals from external interfaces.
- bridges of wireless network. Their task is to connect traditional network with the wireless one. An access point is different from the bridge in that it works on the data surface. Bridges are used when two localisations of the traditional computer network should be connected, for example two office buildings, by the use of the radio network without using cables.
- multipliers of signals (amplifiers) are used to increase the range of wireless networks. Their task is to eliminate "dead" points in WLAN range or lengthening the range in specified points.
A Near Field Communication system (NFC) was designed to make two-way communication between endpoints possible. Previously, the wireless connection systems made only one-way communication possible. Since unpowered NFC implementation versions can be read by a different NFC device, it is possible to replace earlier one-way installations with the new ones.
Using NFC system for a secure data exchange between devices is known from many patent descriptions, among others from: EP1938242, EP1851865, EP2169924, EP1958470, EP2203835, EP1729253.
From the patent description EP2203834 we know of a system of managing application data in NFC system which is implemented in a portable object which is a GSM phone and in contactless data transmission. The method includes stages of creating internal application data in response to the appearance of the internal event in NFC system and delivering internal application data to the processor host of the NFC system.
In the EP1729253 patent description a safe way of data transmission using the NFC interface is described, wherein the data in the data memory of NFC marker are stored and made available using an NFC scanner through the NFC interface. Through the central module, authentication data and/or at least an electronic key are generated, wherein authentication data and/or an electronic key, at least partially, by at least one telecommunications network are transmitted to the module controlling NFC markers and/or to the controlling module of an NFC scanner, which is authenticated by authenticating the data transmission by the NFC interface of an NFC scanner. Encrypted data, which have been transmitted through an NFC scanner from the NFC marker on the module controlling an NFC scanner, can be decrypted using the controlling module with an NFC scanner using the electronic key. Authentication happens through the authentication data transmission by the NFC interface by the module controlling the NFC scanner. Not until there is positive authorisation from the NFC does the NFC scanner enable the access to the data from NFC. To decrypt in the central module there is an electronic key stored and available to be used for the identification connected with the encrypted data.
NFC devices can be used as contactless payment systems, concurrent with the ones currently used in credit cards and electronic loyalty cards, making it possible for the mobile payments to be replaced by or to coexist with the above-mentioned solutions. Today NFC implementations can be used in the following cases: to send images to be printed or displayed, to pay by holding the phone with the built in NFC near the NFC reader, to exchange information (about meetings, business cards etc.) through identification offered by NFC, to realise access systems through validation of an access code and/or an access key, to confirm identity, as two-factor authentication, with more advanced methods of data transmission by Bluetooth or Wi-Fi, to identify identification documents within a small range (in order to ensure data protection) and to support encrypting transmission of the data sent, safer than RFID.
NFC is a set of short distance wireless technologies operating within the distances of two inches or fewer. An initiator and a target device are always engaged in the transmission. The initiator generates electromagnetic field which powers a passive target device. It enables the implementation of NFC in the form of simple devices (object forms) which do not need their own separate power supply. These can be stickers, labels, key rings, cards in the form of payment cards.
NFC labels contain data and usually are "read only" type, but they can also be writeable. The can be written with unique client data or use the NFC Forum specification, which is being developed by an organisation which takes care of the NFC standard development. Labels enable secure storage of personal data such as: debit and credit card information, loyalty programs data, access codes and so on. NFC Forum defines four types of labels regarding the communication speed:
- passive communication mode, in which the initiator makes the magnetic field of a specified carrier frequency available. A target device responds by changing (modulating) the current magnetic field. In this case the target device takes energy indispensable for acting from the field generated by the initiator.
- active communication mode, in which both the initiator and the target device separately create their own magnetic fields. The device switches off its field when it is waiting for the data. In this case there is a need for both devices to have chargers.
The NFC system uses two different coding modes. If an active device transmits the data with the speed of 106 kb/s, a modified Miller's coding is used, in other cases Manchester coding is used, used among others in the Ethernet network.
NFC coding modes
Capacity flow Active devices Passive devices
424 kbit s Manchester 10% ASK 10% ASK
Manchester
212 kbit/s Manchester 10% ASK 10% ASK
Manchester
106 kbit/s Modified Miller 100% ASK 10% ASK
Manchester
NFC devices can at the same time send and receive data. They can also discover possible collisions of signals. The unquestionable disadvantage of NFC is the situation when the owner loses the label (card or telephone). Nothing prevents the finder from using the device as if they were the user. The mobile phone can be protected with the PIN 1 access code, but a normal card does not have such a functionality.
Summing up, NFC solutions are perfect for a simple user identification. The standard itself does not supply such perfect protection that the critical systems are effectively and sufficiently secured. It is sufficient for product identification, loyalty cards and small money transactions.
In the description number WO2012151290 entitled "Systems and methods for controlling a locking mechanism using a portable electronic device related applications" an NFC enabled portable electronic device reading a passive NFC tag is presented. The NFC tag may be encoded in a variety of standards, including but not limited to ISO/IEC 14443 (both Type A and Type B), various MIFARE implementations, and FeliCa. The electronic device provides inductive power to the NFC tag. The NFC tag responds with a static Universal Resource Indicator (URI) which is encoded in such a way as to launch a special purpose application on the electronic device. The URI also contains an identifier string unique to each tag. The same URI can be encoded in the form of a Quick Response (QR) code onto the surface of the tag. The act of reading the tag will trigger the device to launch the application, passing the unique string as a parameter. The application then passes the user id, password hash, and unique identifier string to a cloud service. The cloud service validates the information, and performs an action associated with the unique tag identifier, or based on a command issued by a user as input on the portable electronic device. The action or command is performed on a lock or lock server associated with the tag identifier to actuate the door lock. The server sends a confirmation of the action performed to the electronic device. An alternate embodiment of the process represented with camera enabled portable electronic device reading a Quick Response (QR) code instead of reading the URI through NFC. In this case the URI mentioned would be encoded in QR format instead of an NFC data type. The user launches a QR code reader application, scans the QR code, the application parses the code as a URI and the application acts accordingly to actuate the lock using a unique identifier embedded in the QR code.
From the patent description WO2012151660 and WO2012151684 we know of Mobile Image Payment System or environment that includes the consumer environment from which the consumer encounters the OMRI 200 and interacts with the OMRI 200 using their computer device (e.g. desktop computer, mobile device, etc.) via the transaction application. The environment also has the merchant operating their computer device (e.g. a merchant computer system including one or more servers, one or more desktop computers, one or more point of sale (POS) terminals, and/or one or more mobile devices), who requests generation of the OMRI 200 to include product data, merchant data and/or transaction data (further described below) from the transaction service. The merchant can make the OMRI 200 available in the consumer environment for subsequent access by the consumer and/or can send the OMRI 200 directly to the computer device of the consumer via the communications network. The merchant can also instruct the transaction service to send the OMRI 200 directly to the computer device of the consumer via the communications network. The communications network can be one or more networks, for example such as but not limited to: the Internet; an extranet; and/or an intranet. Further, the communications network can be a wired or wireless network. It is also recognized that network messages (between the various devices and a transaction system) can be communicated via short range wireless communication protocols such as but not limited to Bluetooth TM, infrared (IR), radio frequency (RF), near field communication (NFC) and/or by long range communication protocols (e.g. HTTP, HTTPS, etc.), in view of the type of electronic communication required between any pair of devices and the system. For example, the devices could communicate with one another using short range Bluetooth TM communications while the devices either could communicate with one another using long range HTTP or HTTPS based communications.
In the patent description WO2012151685 the split mobile payment system is presented which makes use of a mobile payment application ("MPA") in the form of a software application which runs on the Consumer's Mobile Device. The MPA may come pre-installed on the Mobile Device and/or may be downloaded on to the Mobile Device. The MPA is configured to be able to communicate with the Payment Platform via the Internet using the Mobile Device's web-enabled functionality. The merchant's Point of Sale Payment Application ("PPA" - the software application running on the merchant's POS system or network, and used to facilitate POS transactions) is also configured to be able to communicate with a Payment Platform either via the Internet or via a dedicated connection. It is contemplated that such communications will include security features such as data encryption, as necessary. The MPA communicates the Consumer's Payment Account Identifier (which is used to identify to the Payment Platform, the Consumer's Payment Account that the funds are to be transferred from to pay the merchant) to the merchant's PPA, which the PPA will pass on to the Payment Platform. It is contemplated that several mechanisms can be used to communicate such Payment Account Identifier to the PPA. In one embodiment, the use of what shall be referred to herein as "Image Technology" contemplates that the Payment Account Identifier be in the form of a 1-D (linear) bar code, 2-D bar code, hologram or the like (which for ease of reference will generally be referred to herein, as a bar code). In this embodiment, the bar code is displayed on the screen display of the Consumer's Mobile Device, and presented to the merchant to be scanned (e.g., through a PPA Terminal). In another embodiment, the use of what shall be referred to herein as "Transmitting Technology" contemplates that the Payment Account Identifier or information identifying the Consumer's Payment Account ("Payment Account Identifying Information") will simply be transmitted from the Consumer's Mobile Device to the PPA using such Transmitting Technology (i.e. NFC, Bluetooth, Infrared or other similar short-range, communication technology). The merchant's PPA will be suitably equipped to receive such communication from the MPA/Mobile Device. It is contemplated that such communications will be suitably encrypted. Within the context of the present disclosure, the majority of the functionality of a traditional POS terminal is transferred to the Consumer's Mobile Device, resulting in the majority of the steps of a purchase transaction (particularly those involving relatively sensitive information) taking place between the Consumer's Mobile Device and the Payment Platform (rather than between the merchant POS and a Payment Platform, as is typically the case in traditional retail credit card transactions). Consumer's Payment Account to the Payment Service Platform via the merchant terminal (i.e. via the merchant application) can involve the transmission of the Consumer's Payment Account Identifying Information from the Mobile Device (i.e. via the payment application) to the merchant terminal (i.e. via the merchant application) using NFC, Bluetooth, Infrared or other similar short-range, communication technology. In the case of a short code being used as the code data, the transmission of this code data information to the merchant may be something as simple as verbal transmission between the merchant and consumer and/or by simply reading of the code data off of the screen of the device by the merchant - in the case where the code data is displayed on the screen of the device (e.g. via interaction with the payment application by the consumer). Another embodiment is where a speaker of the device is used by the payment application to audibly communicate the code data to the merchant.
From the patent description WO2012158219 we know of the system and method for managing transactions with a portable computing device priority and related applications statement. At High-Level Operation of System an operator of the PCD 100 may desire to purchase one or more products/services that may be scanned with a product scanner. Prior to or in parallel to the operation of scanning products with the product scanner, the operator of the PCD 100 may retrieve the unique terminal identifier and the merchant identifier associated with the tag which is affixed to the ECR of the Merchant POS system. The operator of the PCD may retrieve the data from the tag by scanning the tag with the camera or with a near-fieldcommunication ("NFC") antenna. The image being scanned by the camera may comprise one of the tags. As noted previously, the tag may comprise machine-readable data such as a two- dimensional bar code that contains a unique identifier associated with a particular electronic cash register and a particular merchant. The 2-D bar code may include, but is not limited to, the following symbologies: Aztec Code, 3-DI, ArrayTag, Small Aztec Code, Chromatic Alphabet, Chromocode, Codablock, Code 1 , Code 16K, Code 49, ColorCode, Compact Matrix Code, CP Code, CyberCode, d-touch, DataGlyphs, Datamatrix, Datastrip Code, Dot Code A, EZcode, Grid Matrix Code, High Capacity Color Bar code, HueCode, INTACTA.CODE, InterCode, MaxiCode, mCode, MiniCode, Micro PDF417, MMCC, Nintendo e-Reader#Dot code, Optar, PaperDisk, PDF417, PDMark, QR Code, QuickMark Code, Semacode, SmartCode, Snowflake Code, ShotCode, SuperCode, Trillcode, UltraCode, UnisCode, VeriCode, VSCode, WaterCode, for example. Instead of a two dimensional bar code, a one dimensional bar code may be employed to provide the unique electronic cash register identifier and the unique identifier associated with the merchant. Exemplary one-dimensional bar codes may include, but are not limited to, U.P.C., Codabar, Code 25 - Non- interleaved 2 of 5, Code 25 - Interleaved 2 of 5, Code 39, Code 93, Code 128, Code 128A, Code 128B, Code 128C, Code 11 , CPC Binary, DUN 14, EAN 2, EAN 5, EAN 8, EAN 13, Facing Identification Mark, GS 1-128 (formerly known as UCC/EAN-128), GS 1 DataBar formerly Reduced Space Symbology ("RSS"), HIBC (HIBCC Bar Code Standard), ITF- 14, Latent image bar code, Pharmacode, Plessey, PLANET, POSTNET, Intelligent Mail Bar code, MSI, PostBar, RM4SCC / KIX, JAN, and Telepen. Other machine readable codes for retrieving the unique identifiers associated with the electronic cash register and merchant are well within the scope of the invention such as contactless or wireless communication methods such as near- field communications (NFCs) used with smart cards and RF-ID cards as understood by one of ordinary skill in the art. Further, in another exemplary embodiment, the operator of the PCD may key-in a human-readable code associated with the unique identifier of the electronic cash register and the merchant. As discussed above, once the central mobile payment controller has the unique identifier associated with the electronic cash register and the identifier associated with the merchant from the scanned image, then the central mobile payment controller may communicate with the merchant enterprise system for receiving product scan data generated by the product scanner. The personal identification number ("PIN") module allows the operator to change his or her PIN as understood by one of ordinary skill in the art. The locations module supports a function in which the PCD may display the closest merchants who support the PCD payment features. The NFC tap module allows an operator to activate NFC functionality of the PCD. The search module allows an operator to search for specific transactions that were made using the PCD. The show map module may support functions such as a geographical map relative to the location of the PCD as well as maps of building plans for merchants who support payments with the PCD.
Similarly to an NFC label, RFID label can be placed and used for monitoring and managing of goods, valuable things, animals or people. In comparison with traditional printed codes, it has many advantages. It does not need to be clearly visible and it is possible to read hundreds of RFID labels at the same time. This is impossible in the case of bar codes. Various RFID implementations can be used in order to: check access, trace people and animals, trace goods, tolls and contactless payments, trace luggage at the airports. The number of applications depends on the user's creativity. It should be kept in mind, though, that it is a very primitive system offering very basic functionalities.
RFID works on the basis of identification made by the radio by the use of labels or stickers placed on objects which are to be identified. The signal transmitter, known as a reader, sends a signal to a label and reads its response. Then the reader sends the result into the computer or software in order for it to be analysed further. The information is stored in an electronic form as an unbreakable memory content. RFID labels contain a little transmitter which is a transmitter and receiver at the same time. The reader sends a radio signal to the label and questions it. After receiving the message, the response with the identification data happens, which can be a unique serial number of the label, data specific to the marked product such as the production date, product name, series number etc. The labels can be passive, battery assisted passive (BAP) or active. BAP labels use a small battery placed on the board which is activated the moment it is awakened by the RFID reader. Obviously, passive labels are cheaper and smaller because of their much simpler construction and there is no need for the battery. However, the labels use reader energy instead. It must be situated close enough to provide a sufficient level of transmitted power. Because labels can have unique numbers, RFID system can differentiate between many labels which can appear within the reader range and can read them all at the same time. Labels can be of a type read-only and also have a serial number which can be linked to the records in the the database or may be of the overwrite type where the user decides about the values defined by himself/herself.
From the technical point of view, RFID labels consist of at least two parts: an aerial for sending and receiving signals and an integrated circuit whose task is to store and process information, decode and code the signals received, transform the energy from the radio waves generated by the reader.
Readers usually have a very specified range distance into which they can read labels. This enables them to define areas of read and limit distances which crossing makes reading impossible.
A great RFID labels' advantage is their small size. During scientific tests, RFID labels were placed on insects. In subsequent miniaturisation stages it was possible to achieve sizes of the hundredths of millimetres. It causes the miniaturization of the aerials integrated with the devices, and, consequently, decreasing the range of activity of the label-reader pair. The presented solutions were used, among others, in the mobile phones communication. Solutions in the form of a microSD card have appeared, which can be a passive label, but after being put into the phone and charged by the card reader, can become an RFID reader. The solutions of using RFID labels have also been implemented by Nokia in a few makes of phones of this company.
RFID labels solutions have been implemented in various logistic systems, storing systems and access control, and among others to: tag fixed assets in companies and products on shop shelves, mark parts of a large number of elements of a bigger product to unambiguously interpret their origins and destination, especially in enterprises where because of a large number of parts, an average worker is not able to determine the use of all the construction elements of a bigger machine or a vehicle; anti-theft protections in the shape of labels of books, clothes and other, especially more expensive, products which can be found on shop shelves, access control, in which RFID labels exchanged old, often failing magnetic cards, with the simultaneous elimination of magnetic readers in comparison to which RFID label readers do not require physical contact, minimising the risk of damaging the card or the reader; in transport and logistics, where because of the high speed of reading, the standard found its place with labelling the packages, to secure identification documents, making it difficult to forge them, tolls, e.g. by using RFID labels as a form of prepaid tickets in public transport, which reduces queues at ticket offices and decreases distribution costs; animal and people identification, where some implants have been implemented to make it possible to identify lost pets and people, managing large herds of farm animals and, in case of people, to identify permanent clients of bars and other places.
As every solution, this system has its weaknesses which can lead to damages disqualifying RFID labels from the subsequent action. Depending on the kind and frequency of the magnetic field, it is possible to make it totally impossible to read the data. The quality of RFID labels influences the using conditions and high temperature and jolts can lead to the separation of the components of RFID tags.
For the change of information included in remote resources it is necessary to verify the rights to do the mentioned activities. It is optimal to make it wirelessly. At the same time it is necessary to fulfil some essential conditions: unambiguous identification of the user wanting to make such changes, excluding eavesdropping on the wireless communication, preventing intercepting the session by MITM attack (Man In The Middle), owing to the current electromagnetic smog, authorised devise should be isolated. To increase the security the problems shown above can be considerably reduced by shortening the range of the receivers.
Authentication with the help of any technologies presented above needs determining the rules on which the authentication will take place. The equipment layer does not ensure the right level of security. It is necessary to determine a set of procedures, especially a user's guide, of the constructed implementation. Regardless of whether the protections are achieved through the encrypted wireless transmission or by using some different options, it seems necessary to establish the centre which could be a registration centre at the same time.
Assigning a unique number in the system to a unique equipment identification (label, MAC address of the network interface) will be called the connection authorisation. As a result of such an action, a given device (e.g. it can be a Bluetooth interface of a mobile phone) will be able to initiate an event which will make a change of state of information or information change in the remote resources. Among other things, they will be subordinate to the authorisation:
- IEEE MAC address of the Bluetooth device as a unique device address using the Bluetooth technology. It is a 45-bit number written in the hexadecimal system.
- MAC address of the Ethernet device (Media Access Control). It is a 48-bit number written in the hexadecimal system. The first 24 bits describe the producer of the serial card, the other 24 bits are a unique identifier of a given copy of the card. MAC address occurs in the case of every Ethernet interface. It is a consistent address for all serial cards and includes the wired and wireless connections
- RFID serial number. Taking into consideration the fact that these are solutions offering many possibilities, it should be first stated how big range of unique numbers will ensure the sufficient number of unique labels. - any unique identifier possible to check wirelessly.
Most labels in their serial number (MAC address) have encrypted information who is the producer of the solution. It will make it possible to preliminarily see if the user uses the supported equipment (visual identification), if the user wants to impersonate another person, etc.
From the procedural point of view, the registration in the authentication centre will start with reading wirelessly a unique identifier of the device which will be used by the user. Next, it will be linked with a unique number in the system. The next step will make it possible to get the powers to do things possible in a given system and planned for this specific user.
To sum up the registration procedure, it can be said that it consists of: reading the unique identifier, creating the assigning of system user - unique identifier, determining the rights of the user.
To be able to enter the data to the resources gathered in the IT systems in the shape of databases, it is essential to confirm that the data which are to be entered concern a given person or a given user account if it is not associated with a concrete person. The identification method using a device which communicates wirelessly helps simplify and speed up entering the data into the resources gathered in the IT systems, but it is not personal data in the sense of the legal regulations but it is about saving into the user's account the results of a given activity.
From the patent description US20070197261 we know of the solution of a mobile phone with the function of a remote control AIO (All In One) or a card software to block the radio, car, house and RFID, with the authentication and paying function. There is a function of using a universal key based on the wireless connection GSM, UMTS, W-LAN, Bluetooth, RFID transmitter, for every kind of locks, gates and entrances, which enables performing the functions of direct electronic settling of payments through mobile phones for all accesses, services or information realised. One can enter with the fingerprint or an oral command, with the direct biometric confirmation by the sensor.
The NFC transmitter allows: loading the information, direct cash payments, access control, controlling functions, authentication in the Internet auctions, bets and transactions, and above all for RFID-tag identification of valuable objects, electronic devices and their parts etc., from GSM on the basis of a website or balancing the account. The device allows authenticating various operations from the platform of a mobile telephone equipped with the papillary lines sensor or through the function of mobile video in the user's phone.
From the patent description US2012019361 we know of a method and device for a three-feature authentication with the use of a small wireless device. The wireless device stores a digital key and sends the digital key wirelessly to the external application or device. The wireless device can be authenticated by the user's voice or movements in two- or three-dimentional space.
Known seamless technology is a mobile phone payment and transaction service using QR codes on the front-end and Seamless proven transaction server on the back- end. Technology is the only fully-integrated mobile phone payment solution handling the entire transaction chain, from customer through to settlement.
The cashier sends the sum payable to the SEQR transaction switch. The customer scans the unique QR code on the cashier and sends the merchant ID to the SEQR transaction switch. The customer receives a payment request on his mobile phone, and is asked to approve the amount. The customer confirms the amount to be paid by entering their personal four digit pin code. Similarly to a regular card payment, the banks verify the information and processes the transaction. The SEQR transaction switch confirms the transaction to the cashier and the customer.
The essence of the invention is that the information package Aft from the NFC label of the recipient through a user's portable device is sent to the memory segment of the server assigned to the recipient in the journalling file system and after adding the data from the terminal of the recipient, it is sent back to the user's portable device, who sends the full information package A to the bank server of the user, after which in the bank server of the user the entry of the ordered operation is made in the segment of the user's memory and in the memory segment assigned to the journalling file system, wherein with the help of the server of the journalling file system systematically in the time shorter than every 5 seconds the entries are checked in the memory segment of the bank server assigned to the journalling file system and then the information package B is created, which with the help of the server of the journalling file system is sent to the bank server of the recipient, there the entries of the ordered operation are made in the memory segment assigned to the recipient and in the memory segment assigned to the journalling file system and preferably the information package BO with the help of the server of the journalling file system is sent to the recipient's terminal . Optionally, the encrypted information package from the NFC label of the recipient is preferably decrypted with the public key of the asymmetric cryptography in the opened application of the user's portable device. The information package is sent to the memory segment of assigned to the recipient in a decrypted form or partially encrypted form. Optionally, the information package from the NFC label is sent to the journalling file system in the form of a unique set of characters.
An advantage of the solution according to the invention is increasing the speed of the secure authentication of the data transmission between the computer system, especially an isolated journalling file system, and a personal portable communications device, whose MAC address is the identifier in the bank's computer system. A customer usually has their telephone with them in every situation as a portable communications device.
According to the invention, the authentication method in the payment system with portable equipment through the wireless data transmission between a user's portable communications device with the NFC module of the confirming user, an NFC label of the recipient, from which the information package is collected, and an isolated computer journalling file system in communication with the recipient's computer system equipped with the payment terminal of the recipient, from which the data in a digital form are obtained and sent to the bank server, where the entry of the operation is made in the memory segments dedicated to the recipient and the user, the condition of the entries is checked and the response from the server of journalling file system is sent to the payment terminal. The information package A0 is sent from the NFC label through the user's portable device to the server's memory segment assigned to the recipient in the journalling file system. After adding the data from the terminal of the recipient, it is sent back to the user's portable device, who sends the full information package A to the bank server of the user. On this basis, in the bank server of the user the entry of the ordered operation is made in the segment of the user memory and in the memory segment assigned to the journalling file system. With the help of the server of the journalling file system systematically in the time shorter than every 5 seconds the entries are checked in the memory segment of the bank server assigned to the journalling file system. Then the information package B is created, which with the help of the server of the journalling file system is sent to the bank server of the recipient. There the entries of the ordered operation are made in the memory segment assigned to the recipient and in the memory segment assigned to the journalling file system. The information package BO with the help of the server of the journalling file system is sent to the recipient's terminal. To increase the security, the encrypted information package from the NFC label of the recipient is used and is decrypted with the public key of the asymmetric cryptography in the opened application of the user's portable device. The information package is sent to the memory segment assigned to the recipient in a decrypted form or partially encrypted form. The security increase for the information package from the NFC label is achieved by writing it in the form of a unique set of characters, which is sent to the journalling file system. The invention is presented below in the form of implementation. The user's phone equipped with the NFC module and a payment application, that is a programme placed in the phone's memory card and processed by the processor of the portable device of the user, makes it possible to pay fast after bringing it close to the NFC label presented, for example, by the merchant, which contains all the data needed to order a classic money transfer.
The NFC label used in a passive form, that is, it possesses 'hard-coded' data needed for the transfer, which we usually enter into the template of a money transfer - that is the recipient's account number, the recipient's name, the transfer title. The customer, when he or she scans the NFC label, emulates manual entering of all the data needed for the transfer, fills in the sum of money and orders the transfer of the money. Embedded in the NFC label the recipient's bank account number is in reality the number belonging to the billing agent (called here smoopay), but all the payments coming through the account are identified as owed to the final recipient. Optionally, the data in the label are encrypted with the use of the asymmetric cryptography, and the public key, being the pair to the secret private key, with which the information was encrypted in the label, is available from the level of the mobile application, therefore to the bank module of the application responsible for the money transfer the information gets in the decrypted form.
Using the NFC label in an active form means that a unique and unpredictable identifier is entered into the tag, which in itself does not contain any key data for the money transfer and is only a unique identifier for the journalling file system, and when it is sent through the mobile application, it results in receiving the data needed for the money transfer, such as the recipient's account number, the recipient's name, the money transfer title, optionally the sum of money to be transferred. The flexibility of an active label means that it does not need to be 'hard-coded' because it is only a reference to the network resources which can be modified in any moment, for example by setting the sum from the level of the point of sales. The customer receives then the full set of information, including the sum of the transaction, therefore he or she authenticates only the money transfer.
In the invention through the wireless data transmission the user with the use of a portable device receives the information package AQ from the NFC label of the recipient and together with the information about their own individual device sends it to the server's memory segment assigned to the recipient in the journalling file system. After adding the data, especially the said sum, received from the terminal of the recipient, the information package is sent back to the user's portable device, who sends the full information A package to the bank server of the user, about which the information is written in the memory of the user's portable device. On this basis in the bank server of the user the entry of the ordered operation is made in the segment of the user memory and in the memory segment assigned to the journalling file system. With the help of the server of the journalling file system systematically in the time shorter than every 5 seconds the recordings are checked in the memory segment of the bank server assigned to the journalling file system. After receiving the information from the memory segment assigned to the journalling file system in the bank server of the user, with the use of the server of the journalling file system the information package B is created and is sent to the bank server of the recipient. There the entries of the ordered operation are made in the memory segment assigned to the recipient and in the memory segment assigned to the journalling file system. Almost simultaneously with the help of the server of the journalling file system the information package B0 about the authentication and doing the operation is sent to the recipient's terminal. To increase the security, the encrypted information package from the NFC label of the recipient is used and is decrypted with the public key of the asymmetric cryptography in the opened application of the user's portable device. The information package is sent to the memory segment assigned to the recipient in an decrypted form or partially encrypted form. The security increase for the information package from the NFC label is achieved by writing it in the form of a unique set of characters, for example„$%&n$%&n$ &n$%&", which is sent to the journalling file system.
Because there are some cases of unauthorised forwarding of the connections through the NFC labels, in the solution the NFC technology is used in such a way to securely and above all quickly make a "classical" money transfer between two accounts of the same bank, by automating entering the data indispensable for such a transfer. This process done manually takes so long that it would be impossible to use this model of payment in commercial conditions.

Claims

Patent claims We claim:
1. The authentication method in the payment system with portable equipment through the wireless data transmission between a portable communications device with the NFC module of the confirming user, an NFC label of the recipient from which the information package is collected, and an isolated computer journalling file system in communication with the recipient's computer system equipped with the payment terminal of the recipient, from which the data in a digital form are obtained and sent to the bank server, where the operation entry is made in the memory segments dedicated to the recipient and the user, the condition of the entries is checked and the response from the server of the journalling file system is sent to the payment terminal, characterised in that the information package AQ is sent from the NFC label through the user's portable device to the server's memory segment assigned to the recipient in the journalling file system, and after adding the data from the terminal of the recipient, it is sent back to the user's portable device, who sends the full information package A to the bank server of the user, after which in the bank server of the user the entry of the ordered operation is made in the segment of the user's memory and in the memory segment assigned to the journalling file system, wherein with the help of the server of the journalling file system systematically in the time shorter than every 5 seconds the entries are checked in the memory segment of the bank server assigned to the journalling file system and then the information package B is created, which with the help of the server of the journalling file system is sent to the bank server of the recipient, there the entries of the ordered operation are made in the memory segment assigned to the recipient and in the memory segment assigned to the journalling file system and preferably the information package B0with the help of the server of the journalling file system is sent to the recipient's terminal.
2. The method according to claim 1 characterised in that the encrypted information package from the NFC label of the recipient preferably is decrypted with the public key of the asymmetric cryptography in the opened application of the user's portable device.
3. The method according to claim 2 characterised in that the information package is sent to the memory segment of the server assigned to the recipient in a decrypted form or partially encrypted form.
4. The method according to claim 1 characterised in that the information package from the NFC label is sent to the journalling file system in the form of a unique set of characters.
PCT/PL2013/000009 2013-01-29 2013-01-29 Authentication method in a payment system with portable equipment WO2014120029A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/PL2013/000009 WO2014120029A1 (en) 2013-01-29 2013-01-29 Authentication method in a payment system with portable equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/PL2013/000009 WO2014120029A1 (en) 2013-01-29 2013-01-29 Authentication method in a payment system with portable equipment

Publications (1)

Publication Number Publication Date
WO2014120029A1 true WO2014120029A1 (en) 2014-08-07

Family

ID=51262638

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/PL2013/000009 WO2014120029A1 (en) 2013-01-29 2013-01-29 Authentication method in a payment system with portable equipment

Country Status (1)

Country Link
WO (1) WO2014120029A1 (en)

Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002078381A1 (en) 2001-03-26 2002-10-03 Accinity Ab System for delivering location related information to mobile telecommunication devices
US20030110216A1 (en) 2001-12-06 2003-06-12 Mathias Althin Mobile guide communications system
US20030114104A1 (en) 2001-12-18 2003-06-19 Roy Want Method and system for identifying when a first device is within a physical range of a second device
EP1729253A1 (en) 2005-05-12 2006-12-06 Swisscom AG Method and system for secure data transfer over an NFC-connection
EP1819106A1 (en) 2006-02-13 2007-08-15 Blue Cell Networks GmbH Method for data exchange between a fixed and a mobile Bluetooth station depending on the spatial proximity of said stations
US20070197261A1 (en) 2004-03-19 2007-08-23 Humbel Roger M Mobile Telephone All In One Remote Key Or Software Regulating Card For Radio Bicycle Locks, Cars, Houses, And Rfid Tags, With Authorisation And Payment Function
EP1851865A1 (en) 2005-02-09 2007-11-07 Nxp B.V. Method for ensuring a secure nfc functionality of a wireless mobile communication device and wireless mobile communication device having a secure nfc functionality
EP1938242A1 (en) 2005-10-17 2008-07-02 Stmicroelectronics Sa Nfc reader having a low energy consumption passive operating mode
EP1958470A1 (en) 2005-12-09 2008-08-20 Sony Ericsson Mobile Communications AB Passive nfc activation of short distance wireless communication
EP2169924A1 (en) 2008-09-30 2010-03-31 Research In Motion Limited Mobile wireless communications device having touch activated near field communications (NFC) circuit
EP2203835A1 (en) 2007-09-27 2010-07-07 Inside Contactless Method and device for managing application data in an nfc system in response to the sending or receiving of data without contact
US20110264543A1 (en) * 2010-04-26 2011-10-27 Ebay Inc. Reverse payment flow
US20120019361A1 (en) 2009-06-22 2012-01-26 Mourad Ben Ayed Systems for three factor authentication
US20120259717A1 (en) * 2011-04-08 2012-10-11 Research In Motion Limited Payment processing system including mobile wireless communications device to send a payment confirmation to a transaction terminal and associated methods
WO2012151290A1 (en) 2011-05-02 2012-11-08 Apigy Inc. Systems and methods for controlling a locking mechanism using a portable electronic device
WO2012151685A1 (en) 2011-05-11 2012-11-15 Mark Itwaru Split mobile payment system
WO2012158219A2 (en) 2011-05-17 2012-11-22 Qualcomm Incorporated System and method for managing transactions with a portable computing device

Patent Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002078381A1 (en) 2001-03-26 2002-10-03 Accinity Ab System for delivering location related information to mobile telecommunication devices
US20030110216A1 (en) 2001-12-06 2003-06-12 Mathias Althin Mobile guide communications system
US20030114104A1 (en) 2001-12-18 2003-06-19 Roy Want Method and system for identifying when a first device is within a physical range of a second device
US20070197261A1 (en) 2004-03-19 2007-08-23 Humbel Roger M Mobile Telephone All In One Remote Key Or Software Regulating Card For Radio Bicycle Locks, Cars, Houses, And Rfid Tags, With Authorisation And Payment Function
EP1851865A1 (en) 2005-02-09 2007-11-07 Nxp B.V. Method for ensuring a secure nfc functionality of a wireless mobile communication device and wireless mobile communication device having a secure nfc functionality
EP1729253A1 (en) 2005-05-12 2006-12-06 Swisscom AG Method and system for secure data transfer over an NFC-connection
EP1938242A1 (en) 2005-10-17 2008-07-02 Stmicroelectronics Sa Nfc reader having a low energy consumption passive operating mode
EP1958470A1 (en) 2005-12-09 2008-08-20 Sony Ericsson Mobile Communications AB Passive nfc activation of short distance wireless communication
EP1819106A1 (en) 2006-02-13 2007-08-15 Blue Cell Networks GmbH Method for data exchange between a fixed and a mobile Bluetooth station depending on the spatial proximity of said stations
EP2203835A1 (en) 2007-09-27 2010-07-07 Inside Contactless Method and device for managing application data in an nfc system in response to the sending or receiving of data without contact
EP2203834A1 (en) 2007-09-27 2010-07-07 Inside Contactless Method and device for managing application data in a nfc system
EP2169924A1 (en) 2008-09-30 2010-03-31 Research In Motion Limited Mobile wireless communications device having touch activated near field communications (NFC) circuit
US20120019361A1 (en) 2009-06-22 2012-01-26 Mourad Ben Ayed Systems for three factor authentication
US20110264543A1 (en) * 2010-04-26 2011-10-27 Ebay Inc. Reverse payment flow
US20120259717A1 (en) * 2011-04-08 2012-10-11 Research In Motion Limited Payment processing system including mobile wireless communications device to send a payment confirmation to a transaction terminal and associated methods
WO2012151290A1 (en) 2011-05-02 2012-11-08 Apigy Inc. Systems and methods for controlling a locking mechanism using a portable electronic device
WO2012151685A1 (en) 2011-05-11 2012-11-15 Mark Itwaru Split mobile payment system
WO2012151684A1 (en) 2011-05-11 2012-11-15 Mark Itwaru Mobile image payment system using short codes
WO2012151660A1 (en) 2011-05-11 2012-11-15 Mark Itwaru Mobile image payment system
WO2012158219A2 (en) 2011-05-17 2012-11-22 Qualcomm Incorporated System and method for managing transactions with a portable computing device

Similar Documents

Publication Publication Date Title
JP6441396B2 (en) System and method for dynamic temporary payment authentication in portable communication devices
Curran et al. Near field communication
ES2773100T3 (en) Distributed transaction processing system and methods
EP2538382A1 (en) Point of sale system for transaction payment delegation
Singh Near-field communication (NFC): an alternative to RFID in libraries
CN102867250A (en) Mobile device for transaction payment delegation
JP2008541289A (en) How to safely read data from a transponder
US20120124394A1 (en) System and Method for Providing a Virtual Secure Element on a Portable Communication Device
CN102640181A (en) Automatic information distribution system between indicia reader system and mobile device
Lee et al. Mobile platform for networked RFID applications
US11176540B2 (en) Card-to-card direct communication
Suparta Application of near field communication technology for mobile airline ticketing
Ali et al. Secure mobile communication in m-payment system using NFC technology
KR20160071471A (en) Wireless protocol message conversion device and methods of using thereof
CN106462840A (en) Remote transaction system, method and point of sale terminal
Baldo et al. The SIESTA project: Near Field Communication based applications for tourism
CN102509359A (en) Information automatic processing terminal and information automatic processing system
CN104657854A (en) Wireless power supply to enable payment transaction
KR20150069237A (en) Payment method and system using dynamic NFC tag
CN108416581A (en) A kind of methods, devices and systems of on-line payment
KR101408210B1 (en) Method and system for providing complex services using NFC tag card
KR20160071421A (en) System and method for dynamic temporary payment authorization in a portable communication device
CN101014985A (en) System and method of facilitating contactless payment transactions across different payment systems using a common mobile device acting as a stored value device
WO2015199558A1 (en) The authorize payment method in mobile devices
Kulkarni Near field communication (NFC) technology and its application

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13707058

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 17/12/2015)

122 Ep: pct application non-entry in european phase

Ref document number: 13707058

Country of ref document: EP

Kind code of ref document: A1