WO2014027287A1 - Issuance, obtaining and utilization of personalized digital end user credentials for use in electronic transactions performed with a mobile device - Google Patents

Issuance, obtaining and utilization of personalized digital end user credentials for use in electronic transactions performed with a mobile device Download PDF

Info

Publication number
WO2014027287A1
WO2014027287A1 PCT/IB2013/056518 IB2013056518W WO2014027287A1 WO 2014027287 A1 WO2014027287 A1 WO 2014027287A1 IB 2013056518 W IB2013056518 W IB 2013056518W WO 2014027287 A1 WO2014027287 A1 WO 2014027287A1
Authority
WO
WIPO (PCT)
Prior art keywords
end user
mobile device
received
response
sending
Prior art date
Application number
PCT/IB2013/056518
Other languages
French (fr)
Inventor
Jayden KHAKUREL
Original Assignee
Cardplus Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cardplus Oy filed Critical Cardplus Oy
Publication of WO2014027287A1 publication Critical patent/WO2014027287A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/18Payment architectures involving self-service terminals [SST], vending machines, kiosks or multimedia terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/351Virtual cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/122Online card verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/045Payment circuits using payment protocols involving tickets
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Definitions

  • the present invention relates to personalized digital end user credentials.
  • the pre ⁇ sent invention relates to issuance, obtaining and uti ⁇ lization of personalized digital end user credentials for use in electronic transactions performed with a mobile device.
  • plastic cards with a magnetic stripe, contactless technology or other embedded technology is popular and common for e.g. various membership cards, loyalty cards, gift cards and payment cards.
  • Current ⁇ ly a user typically subscribes for a card at issuer locations, banks and other places in order to e.g. re ⁇ ceive credits for spending and to receive offers.
  • the issuer then assigns a personalization company to print and deliver those cards to the end user with encoded credentials such as a name, an expiry date, and a card number which can later be used e.g. at a point of sale for various purposes.
  • an object of the present invention is to alleviate the problems described above and to introduce a solution that allows a digital version of a traditional plastic card.
  • a first aspect of the present invention is a method of issuing personalized digital end user cre ⁇ dentials, in which personalized digital credentials for a predetermined end user are generated at an issu ⁇ er unit. These credentials are for use in electronic transactions to be performed with a mobile device of the predetermined end user.
  • An activation code and a trigger code associated with the generated personal- ized digital end user credentials are sent from the issuer unit to the mobile device via a secured commu ⁇ nications connection.
  • An activation code entered by the end user and a unique device identifier associated with the mobile device and generated at the mobile de- vice in response to the received trigger code are re ⁇ ceived from the mobile device.
  • the received activation code and unique device identifier are checked.
  • the generated personalized digital end user credentials are sent from the issuer unit to the mobile device in response to a successful check.
  • a second aspect of the present invention is a method of obtaining issued personalized digital end user credentials, in which an activation code and a trigger code associated with personalized digital end user credentials generated at an issuer unit are re ⁇ ceived from the issuer unit to a mobile device of a predetermined end user via a secured communications connection. These credentials are for use in electronic transactions to be performed with the mobile de- vice.
  • a unique device identifier associated with the mobile device is generated in response to the received trigger code.
  • the end user is prompted to enter the received activation code.
  • the generated unique device identifier and the entered activation code are sent to the issuer unit.
  • the generated personalized digital end user credentials are received at the mobile device in response to a successful check of the sent device identifier and activation code at the issuer unit.
  • a third aspect of the present invention is an issuer unit which comprises a credentials generating means for generating personalized digital credentials for a predetermined end user, the credentials for use in electronic transactions to be performed with a mo ⁇ bile device of the predetermined end user.
  • the issuer unit further comprises a first sending means for send- ing to the mobile device via a secured communications connection, an activation code and a trigger code associated with the generated personalized digital end user credentials.
  • the issuer unit further comprises a receiving means for receiving from the mobile device an activation code entered by the end user and a unique device identifier associated with the mobile device and generated at the mobile device in response to the received trigger code.
  • the issuer unit further comprises a checking means for checking the received activation code and unique device identifier.
  • the is ⁇ suer unit further comprises a second sending means for sending the generated personalized digital end user credentials to the mobile device in response to a suc ⁇ cessful check.
  • a fourth aspect of the present invention is a mobile device of a predetermined end user which com ⁇ prises a first receiving means for receiving from an issuer unit via a secured communications connection, an activation code and a trigger code associated with personalized digital end user credentials generated at the issuer unit, the credentials for use in electronic transactions to be performed with the mobile device.
  • the mobile device further comprises a device identifi ⁇ er generating means for generating a unique device identifier associated with the mobile device in re ⁇ sponse to the received trigger code.
  • the mobile device further comprises a prompting means for prompting the end user to enter the received activation code.
  • the mobile device further comprises a sending means for sending the generated unique device identifier and the entered activation code to the issuer unit.
  • the mobile device further comprises a second receiving means for receiving the generated personalized digital end user credentials in response to successful check of the sent device identifier and activation code at the is ⁇ suer unit.
  • a fifth aspect of the present invention is a system which comprises the issuer unit of the third aspect, the mobile device of the fourth aspect, and a transaction terminal.
  • the transaction terminal comprises a reading means for reading the personalized digital end user credentials included in a transaction request sent from the mobile device via a short range connection.
  • the transaction terminal further comprises a verification request means for sending a verification ⁇ tion request including the read personalized digital end user credentials to the issuer unit for verification ⁇ tion and for receiving a verification response from the issuer unit.
  • the transaction terminal further comprises a grant/reject means for sending the transac ⁇ tion response granting or rejecting the transaction request in response to the received verification re ⁇ sponse indicating successful or failed verification, respectfully.
  • the issuer unit further comprises a ver ⁇ ification means for receiving the verification request, for performing a verification based on the re- ceived personalized digital end user credentials, and for sending to the transaction terminal the verification ⁇ tion response indicating success or failure of the performed verification.
  • a sixth aspect of the present invention is a computer program stored on a computer readable medium and comprising code adapted to cause the steps of the method of the first aspect when executed on a data- processing system.
  • a seventh aspect of the present invention is a computer program stored on a computer readable medi- urn and comprising code adapted to cause the steps of the method of the second aspect when executed on a da ⁇ ta-processing system.
  • the checking the received activation code and the unique device identifier comprises:
  • the re ⁇ ceiving further comprises receiving information about detected operating system of the mobile device.
  • the re ⁇ ceived personalized digital end user credentials are stored at the mobile device in a secured memory area.
  • the secured memory area is comprised in a universal integrated circuit card .
  • the oper ⁇ ating system of the mobile device is detected in re ⁇ sponse to the received trigger code.
  • the sending fur ⁇ ther comprises sending information about the detected operating system to the issuer unit.
  • a transac ⁇ tion request including the personalized digital end user credentials is sent via a short range connection to a transaction terminal, and a transaction response is received from the transaction terminal.
  • the trig ⁇ ger code comprises a uniform resource locator.
  • the issuer unit further comprises at least one of: an issuer server, a wallet server, an invoicing unit and a tick- eting unit.
  • a method, an issuer unit, a mobile device or a computer pro ⁇ gram which is an aspect of the invention may comprise at least one of the embodiments of the invention de ⁇ scribed above.
  • the invention allows a digital version of a traditional plastic card.
  • Fig. 1 is a block diagram illustrating a system according to an embodiment of the invention.
  • Fig. 2 is a signaling diagram illustrating methods according to embodiments of the present inven ⁇ tion.
  • FIG. 1 is a block diagram illustrating a system 100 according to an embodiment of the inven- tion.
  • the system 100 comprises an issuer unit 110, a mobile device 120 and a transaction terminal 130.
  • a secured communications connection 141 connects the is ⁇ suer unit 110 and the mobile device 120 to each other.
  • a communications connection 141 connects the issuer unit 110 and the transaction terminal 130 to each other.
  • a short range connection 150 is uti ⁇ lized in information exchange between the mobile de ⁇ vice 120 and the transaction terminal 130.
  • the secured communications connection 141 may comprise e.g. any cellular network technologies in ⁇ cluding, but are not limited to GSM (Global System for Mobile Communications) , WCDMA (Wideband Code Division Multiple Access), CDMA (Code Division Multiple Ac ⁇ cess) , and GPRS (General Packet Radio Service) . At least some of the messages exchanged between the issu ⁇ er unit 110 and the mobile device 120 (see Figure 1) may utilize SMS (Short Message Service) messages.
  • the communications connections 141 and 142 may comprise Internet connections.
  • the communications connection 150 may com ⁇ prise e.g. an NFC (Near Field Communication), a FeliCa (Felicity Card) , a MIFARE, a Bluetooth, and/or an RFID (Radio Frequency identification) connection.
  • the connection 150 may comprise a barcode reading/scanning connection.
  • the mobile device 120 may comprise e.g. a mo- bile smart phone, a multimedia computer, a tablet com ⁇ puter, or a personal digital assistant.
  • the issuer unit 110 may comprise at least one of: an issuer server 115, a wallet server 116, an invoicing unit 117 and a ticketing unit 118.
  • the issuer server 115, the wallet server 116, the invoicing unit 117 and the ticketing unit 118 may all be arranged in one physical location, as shown in Figure 1. Alterna ⁇ tively, at least one of the issuer server 115, the wallet server 116, the invoicing unit 117 and the ticketing unit 118 may be distributed to another loca ⁇ tion (not shown in Figure 1) .
  • Issuer unit 110 may be associated with e.g. a financial entity, retail enti ⁇ ty, cooperation entity, airline cooperation entity or a combination of cooperation entities.
  • the issuer unit 110 comprises a credentials generating means 111 for generating personalized digi ⁇ tal credentials for a predetermined end user. These credentials are for use in electronic transactions to be performed with a mobile device 120 of the predeter- mined end user.
  • the issuer unit 110 further comprises a first sending means 112_1 for sending an activation code and a trigger code to the mobile device 120 via the secured communications connection 141.
  • the trigger code may comprise e.g. a uniform resource locator (URL) . Both the activation code and the trigger code are associated with the generated personalized digital end user credentials.
  • the issuer unit 110 further com ⁇ prises a receiving means 113 for receiving an activation code and a unique device identifier from the mo- bile device 120.
  • the activation code is a one entered by the end user and the unique device identifier is associated with the mobile device 120 and was generat- ed at the mobile device 120 in response to the trigger code it received.
  • the issuer unit 110 further compris ⁇ es a checking means 114 for checking the received ac ⁇ tivation code and unique device identifier.
  • the issuer unit 110 further comprises a second sending means 112_2 for sending the generated personalized digital end user credentials to the mobile device 120 in re ⁇ sponse to a successful check by the checking means 114.
  • the issuer unit 110 may further comprise a verification means 119 for receiving a verification request including personalized digital end user cre ⁇ dentials from the transaction terminal 130, for per ⁇ forming a verification based on the received personal- ized digital end user credentials, and for sending to the transaction terminal 130 a verification response indicating success or failure of the performed verifi ⁇ cation .
  • a verification means 119 for receiving a verification request including personalized digital end user cre ⁇ dentials from the transaction terminal 130, for per ⁇ forming a verification based on the received personal- ized digital end user credentials, and for sending to the transaction terminal 130 a verification response indicating success or failure of the performed verifi ⁇ cation .
  • the checking means 114 may be configured to perform the checking by: checking whether the received activation code is valid; in response to the received activation code being valid: checking whether the received unique device identifier is new; in response to the received unique device identifier being new: up- dating device information maintained at the issuer unit and associated with the mobile device 120 to in ⁇ clude the received unique device identifier, and in ⁇ structing the second sending means 112_2 to proceed with the sending of the generated personalized digital end user credentials to the mobile device 120; in re ⁇ sponse to the received unique device identifier not being new: checking whether the received unique device identifier matches the one included in the maintained device information; if yes, instructing the second sending means 112_2 to proceed with the sending of the generated personalized digital end user credentials to the mobile device 120.
  • the mobile device 120 comprises a first re ⁇ DCving means 121 for receiving the activation code and the trigger code from the issuer unit 110 via the secured communications connection 141.
  • the activation code and the trigger code are associated with the personalized digital end user cre ⁇ dentials generated at the issuer unit 110, and the credentials are for use in electronic transactions to be performed with the mobile device 120.
  • the mobile device 120 further comprises a device identifier gen ⁇ erating means 122 for generating a unique device identifier associated with the mobile device 120 in re ⁇ sponse to the received trigger code.
  • the mobile device 120 further comprises a prompting means 123 for prompting the end user to enter the received activa ⁇ tion code.
  • the mobile device 120 further comprises a sending means 124 for sending the generated unique de ⁇ vice identifier and the entered activation code to the issuer unit 110.
  • the mobile device 120 further com- prises a second receiving means 125 for receiving the generated personalized digital end user credentials in response to successful check of the sent device iden ⁇ tifier and activation code at the issuer unit 110.
  • the mobile device 120 may further comprise a secured memory area 126 for storing the received per ⁇ sonalized end user credentials.
  • the secured memory area 126 may be com ⁇ prised in a universal integrated circuit card (UICC) 127.
  • the mobile device 120 may further comprise a short range transaction means 128 for sending a trans ⁇ action request including the personalized digital end user credentials via the short range connection 150 to the transaction terminal 130 and for receiving a transaction response from the transaction terminal 130.
  • the transaction terminal 130 comprises a reading means 131 for reading the personalized digital end user credentials included in the transaction re ⁇ quest sent from the mobile device 120 via the short range connection 141.
  • the transaction terminal 130 further comprises a verification request means 132 for sending a verification request including the read personalized digital end user credentials to the issuer unit 110 for verification and for receiving a verification response from the issuer unit 110.
  • the transac ⁇ tion terminal 130 further comprises a grant/reject means 133 for sending a transaction response granting the transaction request in response to the received verification response indicating successful Decision ⁇ tion, or for sending a transaction response rejecting the transaction request in response to the received verification response indicating failed verification.
  • the transaction terminal 130 may comprise e.g. a Point of Sale, a vending machine, a check-in desk, a boarding gate (both bio-metric and non- biometric) , a gate at an event, a gas pump, etc. which may be equipped with the reading means 131 including a smart reader such as NFC (e.g. ISO 1443, ISO 15693), FeliCa, MIFARE, Bluetooth, RFID (Radio Frequency identification) readers, NFC compatible modules or readers or similar kind of devices, a barcode reader (e.g. ISO/IEC 15416 (linear) and ISO/IEC 15415 (2D), ISO/IEC 15416) or similar modules and scanners, etc.
  • a smart reader such as NFC (e.g. ISO 1443, ISO 15693), FeliCa, MIFARE, Bluetooth, RFID (Radio Frequency identification) readers, NFC compatible modules or readers or similar kind of devices
  • a barcode reader e.g. ISO/IEC 15416 (linear) and
  • the mo ⁇ bile device 120 with the credentials stored therein may be tapped or scanned towards the reading means 131 located at the transaction terminal 130.
  • the mobile device 120 may execute transactions using different formats, protocols, encryption, type or structure of user credentials exchanged with the transaction terminal 130.
  • FIG. 2 is a signaling diagram illustrating methods according to embodiments of the present inven ⁇ tion.
  • personalized digital credentials for a predetermined end user are generated at an issu ⁇ er unit 110. These credentials are for use in elec ⁇ tronic transactions to be performed with a mobile de- vice 120 of the predetermined end user.
  • the creden ⁇ tials may contain detailed information related to the end user, such as a first name, a last name, a validi ⁇ ty period, an account number, a membership number, a card number, a ticket number, credits having monetary value, prepaid credit, etc.
  • An activation code and a trigger code associ ⁇ ated with the generated personalized digital end user credentials are sent from the issuer unit 110 via a secured communications connection and they are re- ceived at the mobile device 120, step 202.
  • An SMS (Short Message Service) message may be utilized at step 202.
  • the trigger code may comprise e.g. a uniform resource locator (URL) .
  • a unique device identifier asso- ciated with the mobile device 120 is generated in re ⁇ sponse to the received trigger code.
  • the end user is prompted to enter the received activation code, step 204.
  • the operating system (OS) of the mobile device 120 may also be detected in response to the received trigger code, step 205.
  • the generated unique device identifier, the entered activation code, and optional ⁇ ly information about the detected operating system are sent to and received at the issuer unit 110.
  • the generated unique device identifier, the entered activation code, and optionally information about the detected operating system need to be sent at the same time.
  • Alternative ⁇ ly for example the generated unique device identifier and the information about the detected operating sys ⁇ tem may be sent first, and the activation code may be sent later after the end user has entered it.
  • the received activation code and the received unique device identifier are checked at the issuer unit 110. More particularly, at step 207, it is checked whether the activation code received at step 206 is valid.
  • an error response may be sent to the mobile device 120.
  • the received activation code is not valid (for example, if it is an incorrect code or an already used code)
  • an error response may be sent to the mobile device 120.
  • the received unique device identifier is new. If the re ⁇ ceived unique device identifier is new, device infor ⁇ mation maintained at the issuer unit and associated with the mobile device 120 is updated to include the received unique device identifier. Then, the method proceeds to step 211 in which the personalized digital end user credentials generated at step 201 are sent to the mobile device 120. However, if the received unique device identifier is not new, it is checked whether the received unique device identifier matches the one included in the maintained device information. If not, an error response may be sent to the mobile device 120. If yes, the method proceeds to step 211 in which the personalized digital end user credentials generat ⁇ ed at step 201 are sent to the mobile device 120.
  • the generated personalized digi ⁇ tal end user credentials are sent from the issuer unit 110 to the mobile device 120 in response to a success ⁇ ful check, and they are received at the mobile device 120.
  • the received personalized digi ⁇ tal end user credentials are stored at the mobile de ⁇ vice 120 in a secured memory area.
  • the credentials may be stored as encrypted and/or in the form of a bar ⁇ code, a barcode number, or in another encrypted form.
  • a transaction request including the personalized digital end user credentials is sent via a short range connection to a transaction terminal 130.
  • the transaction terminal 130 sends a verification request including the read per- sonalized digital end user credentials to the issuer unit 110 for verification.
  • the verification request may additionally include information related to the end user of the mobile device 120, validity period keywords, and other information.
  • the issuer unit 110 performs a verification based on the received personalized digi ⁇ tal end user credentials.
  • the issuer unit 110 sends to the transaction terminal 130 a verification response indi- eating success or failure of the performed verification ⁇ tion.
  • the issuer unit 110 may send the verification response to the mobile de ⁇ vice 120.
  • a transaction response is sent by the transaction terminal 130 and received by the mobile device 120, which response grants the transac ⁇ tion request in response to the received verification response indicating successful verification, or rejects the transaction request in response to the re- ceived verification response indicating failed verification. Granting the transaction request may also involve adding credit value (points) for a purchase or redemption of a credit value (points) . Rejecting the transaction request may also involve not adding credit value (points) for a purchase or no redemption of a credit value (points) .
  • the issuer unit 110 or the wallet server 116 may also determine the validity of the personalized digital end user credentials on the mobile device 120. At the end of a validity period of the personalized digital end user credentials, the issuer unit 110 or the wallet server 116 may automatically remove or re- new the particular expired end user credentials from the mobile device 120 without a separate notification. In case the mobile device 120 is lost, the issuer unit 110 may block the end user credentials used on the mo- bile device 120.
  • the issuer server 115 may transmit a one way message for the mobile device 120 using wallet server 116.
  • a message may be sent without using any SMS gateway and directly to the end user of the mobile de- vice 120 using the communications connection 141.
  • the transmitted message may be designed to send content to mobile devices 120 of multiple users at same time.
  • Such a message may comprise e.g. an advertisement, in ⁇ formation about events, changes of boarding gates at an airport, events, etc.
  • an end user at an event may receive a message to his/her mobile de ⁇ vice 120 explaining that the concert has been can ⁇ celled .
  • the issuer unit 110 may also issue a coupon, a voucher or mobile credits for the mobile devices 120.
  • One way of issuance is to generate codes at the wallet server 116 and deliver those codes to the mobile device 120 of the registered or activated user.
  • the code can be e.g. in the form of any numbers, barcode, barcode number, keywords or in other encrypted format.
  • the system 100 may include an invoicing unit
  • the invoicing unit 117 and the ticketing unit 118 may be arranged to maintain an account of available tickets or a digital form of receipts, or guarantee receipts for each reg ⁇ istered/activated end user of mobile devices 120.
  • the invoicing unit 117 and the ticketing unit 118 may or may not be associated with the wallet server 116. Fur ⁇ thermore, the invoicing unit 117 and the ticketing unit 118 can be arranged for analyzing, monitoring and checking the usage of each mobile device 120.
  • credentials stored in the mobile device 120 are compared with end user credentials on the issuer unit 110/wallet server 116 via the invoicing unit 117 or the ticketing unit 118, and receipts with product identifier, product name, serial number, purchase date and/or expiry date are generated once the purchase is done at the transaction terminal 130, whereas the ticketing unit 118 may generate a ticket identifier, event date, expiry date, locations, number of usage after the purchase of the ticket either at the trans ⁇ action terminal 130 or at suitable stores, and deliver them to the mobile device 120.
  • the end user may purchase the ticket by entering credit card information through Internet to the issuer account, and the valid ticket may appear on the mobile device 120 of the end user in the form of a notification via the connection 141.
  • the notification that appears may simply update the user' s credentials in the mobile de ⁇ vice 120 with the valid tickets for the particular event.
  • the user may simply tap or scan the event ticket using their mobile device 120 towards the read- ing means or the smart reader 131 at the transaction terminal 130.
  • the delivered ticket can be delivered via the connection 141 to the mobile device 120 of the regis ⁇ tered/activated end user, or it can be tapped to the transaction terminal 130. Details inside the tickets may be in any form, such as keywords, barcode, barcode numbers, simple text, numbers or in an encrypted for ⁇ mat that may be stored inside the secure memory 126.
  • the invoicing unit 117 and the ticketing unit 118 can be real time systems or close to real time systems.
  • the digital forms of receipts and the digital forms of tickets for public transportations, concerts, movies etc. can be used in real time or close to real time.
  • ⁇ formation about e.g. a validity period, guarantee pe ⁇ riod, boarding time, usage of tickets, etc. may be checked and confirmed with issuer unit 110/the wallet server 116 for future usability.
  • the exemplary embodiments can include, for example, any suitable servers, workstations, PCs, lap ⁇ top computers, personal digital assistants (PDAs) , In ⁇ ternet appliances, handheld devices, cellular tele- phones, smart phones, wireless devices, tablet devic ⁇ es, other devices, and the like, capable of performing the processes of the exemplary embodiments.
  • PDAs personal digital assistants
  • the devic ⁇ es and subsystems of the exemplary embodiments can communicate with each other using any suitable proto- col and can be implemented using one or more pro ⁇ grammed computer systems or devices.
  • One or more interface mechanisms can be used with the exemplary embodiments, including, for example, Internet access, telecommunications in any suita- ble form (e.g., voice, modem, and the like), wireless communications media, and the like.
  • em ⁇ ployed communications networks or links can include one or more wireless communications networks, cellular communications networks, 3G communications networks, Public Switched Telephone Network (PSTNs) , Packet Data Networks (PDNs) , the Internet, intranets, a combina ⁇ tion thereof, and the like.
  • PSTNs Public Switched Telephone Network
  • PDNs Packet Data Networks
  • Embodiments of the present invention may be implemented in software, hardware, application logic or a combination of software, hardware and application logic.
  • the application log ⁇ ic, software or instruction set is maintained on any one of various conventional computer-readable media.
  • a "computer-readable medium" may be any media or means that can contain, store, communicate, propagate or transport the in- structions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer.
  • a computer-readable medium may comprise a computer-readable storage medium that may be any me ⁇ dia or means that can contain or store the instruc- tions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer.
  • the exemplary embodiments can store information relating to various processes described herein. This information can be stored in one or more memories, such as a hard disk, optical disk, magneto-optical disk, RAM, and the like.
  • One or more databases can store the information used to implement the exemplary embodiments of the present inventions.
  • the databases can be organized using data structures (e.g., records, tables, arrays, fields, graphs, trees, lists, and the like) included in one or more memories or storage de ⁇ vices listed herein.
  • the processes described with re ⁇ spect to the exemplary embodiments can include appro ⁇ priate data structures for storing data collected and/or generated by the processes of the devices and subsystems of the exemplary embodiments in one or more databases .
  • All or a portion of the exemplary embodiments can be conveniently implemented using one or more gen- eral purpose processors, microprocessors, digital sig ⁇ nal processors, micro-controllers, and the like, pro ⁇ grammed according to the teachings of the exemplary embodiments of the present inventions, as will be ap ⁇ preciated by those skilled in the computer and/or software art(s) .
  • Appropriate software can be readily prepared by programmers of ordinary skill based on the teachings of the exemplary embodiments, as will be ap- preciated by those skilled in the software art.
  • the exemplary embodiments can be implemented by the preparation of application-specific integrated circuits or by interconnecting an appropriate network of conventional component circuits, as will be appre ⁇ ciated by those skilled in the electrical art(s) .
  • the exemplary embodiments are not limited to any specific combination of hardware and/or software.
  • the exemplary embodiments of the present inventions can include software for control ⁇ ling the components of the exemplary embodiments, for driving the components of the exemplary embodiments, for enabling the components of the exemplary embodi- ments to interact with a human user, and the like.
  • Such software can include, but is not limited to, de ⁇ vice drivers, firmware, operating systems, development tools, applications software, and the like.
  • Such com ⁇ puter readable media further can include the computer program of an embodiment of the present inventions for performing all or a portion (if processing is distributed) of the processing performed in implementing the inventions.
  • Computer code devices of the exemplary em ⁇ bodiments of the present inventions can include any suitable interpretable or executable code mechanism, including but not limited to scripts, interpretable programs, dynamic link libraries (DLLs) , Java classes and applets, complete executable programs, Common Ob ⁇ ject Request Broker Architecture (CORBA) objects, and the like. Moreover, parts of the processing of the exemplary embodiments of the present inventions can be distributed for better performance, reliability, cost, and the like.
  • DLLs dynamic link libraries
  • Java classes and applets Java classes and applets
  • CORBA Common Ob ⁇ ject Request Broker Architecture
  • the components of the exem- plary embodiments can include computer readable medium or memories for holding instructions programmed ac ⁇ cording to the teachings of the present inventions and for holding data structures, tables, records, and/or other data described herein.
  • Computer readable medium can include any suitable medium that participates in providing instructions to a processor for execution. Such a medium can take many forms, including but not limited to, non-volatile media, volatile media, trans ⁇ mission media, and the like.
  • Non-volatile media can include, for example, optical or magnetic disks, mag ⁇ neto-optical disks, and the like.
  • Volatile media can include dynamic memories, and the like.
  • Transmission media can include coaxial cables, copper wire, fiber optics, and the like.
  • Transmission media also can take the form of acoustic, optical, electromagnetic waves, and the like, such as those generated during radio frequency (RF) communications, infrared (IR) data com ⁇ munications, and the like.
  • Common forms of computer- readable media can include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, any other suitable magnetic medium, a CD-ROM, CD ⁇ R, CD ⁇ RW, DVD, DVD-RAM, DVD1RW, DVD ⁇ R, HD DVD, HD DVD-R, HD DVD- RW, HD DVD-RAM, Blu-ray Disc, any other suitable opti ⁇ cal medium, punch cards, paper tape, optical mark sheets, any other suitable physical medium with pat ⁇ terns of holes or other optically recognizable indi- cia, a RAM, a PROM, an EPROM, a FLASH-EPROM, any other suitable memory chip or cartridge, a carrier wave or any other suitable medium from which a computer can read .

Abstract

The invention allows a digital version of a traditional plastic card. Personalized digital credentials for an end user are generated at an issuer unit. These credentials are for use in electronic transactions to be performed with a mobile device of the end user. An activation code and a trigger code associated with the generated personalized digital end user credentials are sent from the issuer unit to the mobile de- vice via a secured communications connection. An activation code entered by the end user and a unique device identifier associated with the mobile device and generated at the mobile device in response to the received trigger code are received from the mobile device. The received activation code and unique de- vice identifier are checked. The generated personalized digital end user credentials are sent from the issuer unit to the mobile device in response to a successful check.

Description

ISSUANCE, OBTAINING AND UTILIZATION OF PERSONALIZED DIGITAL END USER CREDENTIALS FOR USE IN ELECTRONIC TRANSACTIONS PERFORMED WITH A MOBILE DEVICE
FIELD OF THE INVENTION
The present invention relates to personalized digital end user credentials. In particular, the pre¬ sent invention relates to issuance, obtaining and uti¬ lization of personalized digital end user credentials for use in electronic transactions performed with a mobile device.
BACKGROUND OF THE INVENTION
Use of plastic cards with a magnetic stripe, contactless technology or other embedded technology is popular and common for e.g. various membership cards, loyalty cards, gift cards and payment cards. Current¬ ly, a user typically subscribes for a card at issuer locations, banks and other places in order to e.g. re¬ ceive credits for spending and to receive offers. The issuer then assigns a personalization company to print and deliver those cards to the end user with encoded credentials such as a name, an expiry date, and a card number which can later be used e.g. at a point of sale for various purposes.
However, actual physical cards, such as plas¬ tic cards, result in unnecessary plastic waste after they expire, they get lost or stolen easily, and they can get damaged or dirty. Furthermore, various ser¬ vices etc. each require their own card, which often results in the end user having to keep a multitude of various plastic cards.
Therefore, an object of the present invention is to alleviate the problems described above and to introduce a solution that allows a digital version of a traditional plastic card. SUMMARY OF THE INVENTION
A first aspect of the present invention is a method of issuing personalized digital end user cre¬ dentials, in which personalized digital credentials for a predetermined end user are generated at an issu¬ er unit. These credentials are for use in electronic transactions to be performed with a mobile device of the predetermined end user. An activation code and a trigger code associated with the generated personal- ized digital end user credentials are sent from the issuer unit to the mobile device via a secured commu¬ nications connection. An activation code entered by the end user and a unique device identifier associated with the mobile device and generated at the mobile de- vice in response to the received trigger code are re¬ ceived from the mobile device. The received activation code and unique device identifier are checked. The generated personalized digital end user credentials are sent from the issuer unit to the mobile device in response to a successful check.
A second aspect of the present invention is a method of obtaining issued personalized digital end user credentials, in which an activation code and a trigger code associated with personalized digital end user credentials generated at an issuer unit are re¬ ceived from the issuer unit to a mobile device of a predetermined end user via a secured communications connection. These credentials are for use in electronic transactions to be performed with the mobile de- vice. A unique device identifier associated with the mobile device is generated in response to the received trigger code. The end user is prompted to enter the received activation code. The generated unique device identifier and the entered activation code are sent to the issuer unit. The generated personalized digital end user credentials are received at the mobile device in response to a successful check of the sent device identifier and activation code at the issuer unit.
A third aspect of the present invention is an issuer unit which comprises a credentials generating means for generating personalized digital credentials for a predetermined end user, the credentials for use in electronic transactions to be performed with a mo¬ bile device of the predetermined end user. The issuer unit further comprises a first sending means for send- ing to the mobile device via a secured communications connection, an activation code and a trigger code associated with the generated personalized digital end user credentials. The issuer unit further comprises a receiving means for receiving from the mobile device an activation code entered by the end user and a unique device identifier associated with the mobile device and generated at the mobile device in response to the received trigger code. The issuer unit further comprises a checking means for checking the received activation code and unique device identifier. The is¬ suer unit further comprises a second sending means for sending the generated personalized digital end user credentials to the mobile device in response to a suc¬ cessful check.
A fourth aspect of the present invention is a mobile device of a predetermined end user which com¬ prises a first receiving means for receiving from an issuer unit via a secured communications connection, an activation code and a trigger code associated with personalized digital end user credentials generated at the issuer unit, the credentials for use in electronic transactions to be performed with the mobile device. The mobile device further comprises a device identifi¬ er generating means for generating a unique device identifier associated with the mobile device in re¬ sponse to the received trigger code. The mobile device further comprises a prompting means for prompting the end user to enter the received activation code. The mobile device further comprises a sending means for sending the generated unique device identifier and the entered activation code to the issuer unit. The mobile device further comprises a second receiving means for receiving the generated personalized digital end user credentials in response to successful check of the sent device identifier and activation code at the is¬ suer unit.
A fifth aspect of the present invention is a system which comprises the issuer unit of the third aspect, the mobile device of the fourth aspect, and a transaction terminal. The transaction terminal comprises a reading means for reading the personalized digital end user credentials included in a transaction request sent from the mobile device via a short range connection. The transaction terminal further comprises a verification request means for sending a verifica¬ tion request including the read personalized digital end user credentials to the issuer unit for verifica¬ tion and for receiving a verification response from the issuer unit. The transaction terminal further comprises a grant/reject means for sending the transac¬ tion response granting or rejecting the transaction request in response to the received verification re¬ sponse indicating successful or failed verification, respectfully. The issuer unit further comprises a ver¬ ification means for receiving the verification request, for performing a verification based on the re- ceived personalized digital end user credentials, and for sending to the transaction terminal the verifica¬ tion response indicating success or failure of the performed verification.
A sixth aspect of the present invention is a computer program stored on a computer readable medium and comprising code adapted to cause the steps of the method of the first aspect when executed on a data- processing system.
A seventh aspect of the present invention is a computer program stored on a computer readable medi- urn and comprising code adapted to cause the steps of the method of the second aspect when executed on a da¬ ta-processing system.
In an embodiment of the invention, the checking the received activation code and the unique device identifier comprises:
checking whether the received activation code is valid;
in response to the received activation code being valid:
checking whether the received unique device identifier is new;
in response to the received unique device identifier being new:
updating device information maintained at the issuer unit and associated with the mobile device to include the received unique device identifier, and proceeding to the step of sending the generated per¬ sonalized digital end user credentials to the mobile device ;
in response to the received unique device identifier not being new:
checking whether the received unique device identifier matches the one included in the maintained device information;
if yes, proceeding to the step of sending the generated personalized digital end user credentials to the mobile device.
In an embodiment of the invention, the re¬ ceiving further comprises receiving information about detected operating system of the mobile device.
In an embodiment of the invention, the re¬ ceived personalized digital end user credentials are stored at the mobile device in a secured memory area. In an embodiment of the invention, the secured memory area is comprised in a universal integrated circuit card .
In an embodiment of the invention, the oper¬ ating system of the mobile device is detected in re¬ sponse to the received trigger code. The sending fur¬ ther comprises sending information about the detected operating system to the issuer unit.
In an embodiment of the invention, a transac¬ tion request including the personalized digital end user credentials is sent via a short range connection to a transaction terminal, and a transaction response is received from the transaction terminal.
In an embodiment of the invention, the trig¬ ger code comprises a uniform resource locator.
In an embodiment of the invention, the issuer unit further comprises at least one of: an issuer server, a wallet server, an invoicing unit and a tick- eting unit.
It is to be understood that the aspects and embodiments of the invention described above may be used in any combination with each other. Several of the aspects and embodiments may be combined together to form a further embodiment of the invention. A method, an issuer unit, a mobile device or a computer pro¬ gram which is an aspect of the invention may comprise at least one of the embodiments of the invention de¬ scribed above.
The invention allows a digital version of a traditional plastic card.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings, which are included to provide a further understanding of the invention and constitute a part of this specification, illus¬ trate embodiments of the invention and together with the description help to explain the principles of the invention. In the drawings:
Fig. 1 is a block diagram illustrating a system according to an embodiment of the invention, and
Fig. 2 is a signaling diagram illustrating methods according to embodiments of the present inven¬ tion.
DETAILED DESCRIPTION OF THE INVENTION
Reference will now be made in detail to the embodiments of the present invention, examples of which are illustrated in the accompanying drawings.
Figure 1 is a block diagram illustrating a system 100 according to an embodiment of the inven- tion. The system 100 comprises an issuer unit 110, a mobile device 120 and a transaction terminal 130. A secured communications connection 141 connects the is¬ suer unit 110 and the mobile device 120 to each other. Similarly, a communications connection 141 connects the issuer unit 110 and the transaction terminal 130 to each other. A short range connection 150 is uti¬ lized in information exchange between the mobile de¬ vice 120 and the transaction terminal 130.
The secured communications connection 141 may comprise e.g. any cellular network technologies in¬ cluding, but are not limited to GSM (Global System for Mobile Communications) , WCDMA (Wideband Code Division Multiple Access), CDMA (Code Division Multiple Ac¬ cess) , and GPRS (General Packet Radio Service) . At least some of the messages exchanged between the issu¬ er unit 110 and the mobile device 120 (see Figure 1) may utilize SMS (Short Message Service) messages. The communications connections 141 and 142 may comprise Internet connections.
The communications connection 150 may com¬ prise e.g. an NFC (Near Field Communication), a FeliCa (Felicity Card) , a MIFARE, a Bluetooth, and/or an RFID (Radio Frequency identification) connection. In yet another embodiment, the connection 150 may comprise a barcode reading/scanning connection.
The mobile device 120 may comprise e.g. a mo- bile smart phone, a multimedia computer, a tablet com¬ puter, or a personal digital assistant.
The issuer unit 110 may comprise at least one of: an issuer server 115, a wallet server 116, an invoicing unit 117 and a ticketing unit 118. The issuer server 115, the wallet server 116, the invoicing unit 117 and the ticketing unit 118 may all be arranged in one physical location, as shown in Figure 1. Alterna¬ tively, at least one of the issuer server 115, the wallet server 116, the invoicing unit 117 and the ticketing unit 118 may be distributed to another loca¬ tion (not shown in Figure 1) . Issuer unit 110 may be associated with e.g. a financial entity, retail enti¬ ty, cooperation entity, airline cooperation entity or a combination of cooperation entities.
The issuer unit 110 comprises a credentials generating means 111 for generating personalized digi¬ tal credentials for a predetermined end user. These credentials are for use in electronic transactions to be performed with a mobile device 120 of the predeter- mined end user. The issuer unit 110 further comprises a first sending means 112_1 for sending an activation code and a trigger code to the mobile device 120 via the secured communications connection 141. The trigger code may comprise e.g. a uniform resource locator (URL) . Both the activation code and the trigger code are associated with the generated personalized digital end user credentials. The issuer unit 110 further com¬ prises a receiving means 113 for receiving an activation code and a unique device identifier from the mo- bile device 120. The activation code is a one entered by the end user and the unique device identifier is associated with the mobile device 120 and was generat- ed at the mobile device 120 in response to the trigger code it received. The issuer unit 110 further compris¬ es a checking means 114 for checking the received ac¬ tivation code and unique device identifier. The issuer unit 110 further comprises a second sending means 112_2 for sending the generated personalized digital end user credentials to the mobile device 120 in re¬ sponse to a successful check by the checking means 114.
The issuer unit 110 may further comprise a verification means 119 for receiving a verification request including personalized digital end user cre¬ dentials from the transaction terminal 130, for per¬ forming a verification based on the received personal- ized digital end user credentials, and for sending to the transaction terminal 130 a verification response indicating success or failure of the performed verifi¬ cation .
The checking means 114 may be configured to perform the checking by: checking whether the received activation code is valid; in response to the received activation code being valid: checking whether the received unique device identifier is new; in response to the received unique device identifier being new: up- dating device information maintained at the issuer unit and associated with the mobile device 120 to in¬ clude the received unique device identifier, and in¬ structing the second sending means 112_2 to proceed with the sending of the generated personalized digital end user credentials to the mobile device 120; in re¬ sponse to the received unique device identifier not being new: checking whether the received unique device identifier matches the one included in the maintained device information; if yes, instructing the second sending means 112_2 to proceed with the sending of the generated personalized digital end user credentials to the mobile device 120. The mobile device 120 comprises a first re¬ ceiving means 121 for receiving the activation code and the trigger code from the issuer unit 110 via the secured communications connection 141. As discussed above, the activation code and the trigger code are associated with the personalized digital end user cre¬ dentials generated at the issuer unit 110, and the credentials are for use in electronic transactions to be performed with the mobile device 120. The mobile device 120 further comprises a device identifier gen¬ erating means 122 for generating a unique device identifier associated with the mobile device 120 in re¬ sponse to the received trigger code. The mobile device 120 further comprises a prompting means 123 for prompting the end user to enter the received activa¬ tion code. The mobile device 120 further comprises a sending means 124 for sending the generated unique de¬ vice identifier and the entered activation code to the issuer unit 110. The mobile device 120 further com- prises a second receiving means 125 for receiving the generated personalized digital end user credentials in response to successful check of the sent device iden¬ tifier and activation code at the issuer unit 110.
The mobile device 120 may further comprise a secured memory area 126 for storing the received per¬ sonalized end user credentials. In an embodiment of the invention, the secured memory area 126 may be com¬ prised in a universal integrated circuit card (UICC) 127. The mobile device 120 may further comprise a short range transaction means 128 for sending a trans¬ action request including the personalized digital end user credentials via the short range connection 150 to the transaction terminal 130 and for receiving a transaction response from the transaction terminal 130.
The transaction terminal 130 comprises a reading means 131 for reading the personalized digital end user credentials included in the transaction re¬ quest sent from the mobile device 120 via the short range connection 141. The transaction terminal 130 further comprises a verification request means 132 for sending a verification request including the read personalized digital end user credentials to the issuer unit 110 for verification and for receiving a verification response from the issuer unit 110. The transac¬ tion terminal 130 further comprises a grant/reject means 133 for sending a transaction response granting the transaction request in response to the received verification response indicating successful verifica¬ tion, or for sending a transaction response rejecting the transaction request in response to the received verification response indicating failed verification.
The transaction terminal 130 may comprise e.g. a Point of Sale, a vending machine, a check-in desk, a boarding gate (both bio-metric and non- biometric) , a gate at an event, a gas pump, etc. which may be equipped with the reading means 131 including a smart reader such as NFC (e.g. ISO 1443, ISO 15693), FeliCa, MIFARE, Bluetooth, RFID (Radio Frequency identification) readers, NFC compatible modules or readers or similar kind of devices, a barcode reader (e.g. ISO/IEC 15416 (linear) and ISO/IEC 15415 (2D), ISO/IEC 15416) or similar modules and scanners, etc. The mo¬ bile device 120 with the credentials stored therein may be tapped or scanned towards the reading means 131 located at the transaction terminal 130. The mobile device 120 may execute transactions using different formats, protocols, encryption, type or structure of user credentials exchanged with the transaction terminal 130.
Figure 2 is a signaling diagram illustrating methods according to embodiments of the present inven¬ tion. At step 201, personalized digital credentials for a predetermined end user are generated at an issu¬ er unit 110. These credentials are for use in elec¬ tronic transactions to be performed with a mobile de- vice 120 of the predetermined end user. The creden¬ tials may contain detailed information related to the end user, such as a first name, a last name, a validi¬ ty period, an account number, a membership number, a card number, a ticket number, credits having monetary value, prepaid credit, etc.
An activation code and a trigger code associ¬ ated with the generated personalized digital end user credentials are sent from the issuer unit 110 via a secured communications connection and they are re- ceived at the mobile device 120, step 202. An SMS (Short Message Service) message may be utilized at step 202. The trigger code may comprise e.g. a uniform resource locator (URL) .
At step 203, a unique device identifier asso- ciated with the mobile device 120 is generated in re¬ sponse to the received trigger code. The end user is prompted to enter the received activation code, step 204. The operating system (OS) of the mobile device 120 may also be detected in response to the received trigger code, step 205.
At step 206, the generated unique device identifier, the entered activation code, and optional¬ ly information about the detected operating system are sent to and received at the issuer unit 110. However, it is to be noted that not all of the generated unique device identifier, the entered activation code, and optionally information about the detected operating system need to be sent at the same time. Alternative¬ ly, for example the generated unique device identifier and the information about the detected operating sys¬ tem may be sent first, and the activation code may be sent later after the end user has entered it. Then, the received activation code and the received unique device identifier are checked at the issuer unit 110. More particularly, at step 207, it is checked whether the activation code received at step 206 is valid. If the received activation code is not valid (for example, if it is an incorrect code or an already used code) , an error response may be sent to the mobile device 120. In response to the received ac¬ tivation code being valid, it is checked whether the received unique device identifier is new. If the re¬ ceived unique device identifier is new, device infor¬ mation maintained at the issuer unit and associated with the mobile device 120 is updated to include the received unique device identifier. Then, the method proceeds to step 211 in which the personalized digital end user credentials generated at step 201 are sent to the mobile device 120. However, if the received unique device identifier is not new, it is checked whether the received unique device identifier matches the one included in the maintained device information. If not, an error response may be sent to the mobile device 120. If yes, the method proceeds to step 211 in which the personalized digital end user credentials generat¬ ed at step 201 are sent to the mobile device 120.
At step 211, the generated personalized digi¬ tal end user credentials are sent from the issuer unit 110 to the mobile device 120 in response to a success¬ ful check, and they are received at the mobile device 120.
At step 212, the received personalized digi¬ tal end user credentials are stored at the mobile de¬ vice 120 in a secured memory area. The credentials may be stored as encrypted and/or in the form of a bar¬ code, a barcode number, or in another encrypted form.
At step 213, a transaction request including the personalized digital end user credentials is sent via a short range connection to a transaction terminal 130.
At step 214, the transaction terminal 130 sends a verification request including the read per- sonalized digital end user credentials to the issuer unit 110 for verification. The verification request may additionally include information related to the end user of the mobile device 120, validity period keywords, and other information.
At step 215, the issuer unit 110 performs a verification based on the received personalized digi¬ tal end user credentials.
At step 216, the issuer unit 110 sends to the transaction terminal 130 a verification response indi- eating success or failure of the performed verifica¬ tion. Alternatively/additionally, the issuer unit 110 may send the verification response to the mobile de¬ vice 120.
At step 217, a transaction response is sent by the transaction terminal 130 and received by the mobile device 120, which response grants the transac¬ tion request in response to the received verification response indicating successful verification, or rejects the transaction request in response to the re- ceived verification response indicating failed verification. Granting the transaction request may also involve adding credit value (points) for a purchase or redemption of a credit value (points) . Rejecting the transaction request may also involve not adding credit value (points) for a purchase or no redemption of a credit value (points) .
The issuer unit 110 or the wallet server 116 may also determine the validity of the personalized digital end user credentials on the mobile device 120. At the end of a validity period of the personalized digital end user credentials, the issuer unit 110 or the wallet server 116 may automatically remove or re- new the particular expired end user credentials from the mobile device 120 without a separate notification. In case the mobile device 120 is lost, the issuer unit 110 may block the end user credentials used on the mo- bile device 120.
The issuer server 115 may transmit a one way message for the mobile device 120 using wallet server 116. Such a message may be sent without using any SMS gateway and directly to the end user of the mobile de- vice 120 using the communications connection 141. The transmitted message may be designed to send content to mobile devices 120 of multiple users at same time. Such a message may comprise e.g. an advertisement, in¬ formation about events, changes of boarding gates at an airport, events, etc. For example, an end user at an event may receive a message to his/her mobile de¬ vice 120 explaining that the concert has been can¬ celled .
The issuer unit 110 may also issue a coupon, a voucher or mobile credits for the mobile devices 120. There may be single or multiple issuers associat¬ ed with the issuer unit 110. Multiple issuers may is¬ sue coupons, vouchers, and/or mobile credits to a same user of the mobile device 120. One way of issuance is to generate codes at the wallet server 116 and deliver those codes to the mobile device 120 of the registered or activated user. The code can be e.g. in the form of any numbers, barcode, barcode number, keywords or in other encrypted format.
The system 100 may include an invoicing unit
117 and a ticketing unit 118 which may be arranged to maintain an account of available tickets or a digital form of receipts, or guarantee receipts for each reg¬ istered/activated end user of mobile devices 120. The invoicing unit 117 and the ticketing unit 118 may or may not be associated with the wallet server 116. Fur¬ thermore, the invoicing unit 117 and the ticketing unit 118 can be arranged for analyzing, monitoring and checking the usage of each mobile device 120.
In an embodiment of the invention, credentials stored in the mobile device 120 are compared with end user credentials on the issuer unit 110/wallet server 116 via the invoicing unit 117 or the ticketing unit 118, and receipts with product identifier, product name, serial number, purchase date and/or expiry date are generated once the purchase is done at the transaction terminal 130, whereas the ticketing unit 118 may generate a ticket identifier, event date, expiry date, locations, number of usage after the purchase of the ticket either at the trans¬ action terminal 130 or at suitable stores, and deliver them to the mobile device 120. For example, the end user may purchase the ticket by entering credit card information through Internet to the issuer account, and the valid ticket may appear on the mobile device 120 of the end user in the form of a notification via the connection 141. The notification that appears may simply update the user' s credentials in the mobile de¬ vice 120 with the valid tickets for the particular event. Then, the user may simply tap or scan the event ticket using their mobile device 120 towards the read- ing means or the smart reader 131 at the transaction terminal 130.
The delivered ticket can be delivered via the connection 141 to the mobile device 120 of the regis¬ tered/activated end user, or it can be tapped to the transaction terminal 130. Details inside the tickets may be in any form, such as keywords, barcode, barcode numbers, simple text, numbers or in an encrypted for¬ mat that may be stored inside the secure memory 126.
The invoicing unit 117 and the ticketing unit 118 can be real time systems or close to real time systems. The digital forms of receipts and the digital forms of tickets for public transportations, concerts, movies etc. can be used in real time or close to real time. In this kind of scenario, there is no need to send tickets to the end user in paper form. Rather, they are sent to the end user of the mobile device 120 in a digital form. For example, after sending a ticket or a receipt to the user of the mobile device 120, in¬ formation about e.g. a validity period, guarantee pe¬ riod, boarding time, usage of tickets, etc. may be checked and confirmed with issuer unit 110/the wallet server 116 for future usability.
The exemplary embodiments can include, for example, any suitable servers, workstations, PCs, lap¬ top computers, personal digital assistants (PDAs) , In¬ ternet appliances, handheld devices, cellular tele- phones, smart phones, wireless devices, tablet devic¬ es, other devices, and the like, capable of performing the processes of the exemplary embodiments. The devic¬ es and subsystems of the exemplary embodiments can communicate with each other using any suitable proto- col and can be implemented using one or more pro¬ grammed computer systems or devices.
One or more interface mechanisms can be used with the exemplary embodiments, including, for example, Internet access, telecommunications in any suita- ble form (e.g., voice, modem, and the like), wireless communications media, and the like. For example, em¬ ployed communications networks or links can include one or more wireless communications networks, cellular communications networks, 3G communications networks, Public Switched Telephone Network (PSTNs) , Packet Data Networks (PDNs) , the Internet, intranets, a combina¬ tion thereof, and the like.
Embodiments of the present invention may be implemented in software, hardware, application logic or a combination of software, hardware and application logic. In an example embodiment, the application log¬ ic, software or instruction set is maintained on any one of various conventional computer-readable media. In the context of this document, a "computer-readable medium" may be any media or means that can contain, store, communicate, propagate or transport the in- structions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer. A computer-readable medium may comprise a computer-readable storage medium that may be any me¬ dia or means that can contain or store the instruc- tions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer. The exemplary embodiments can store information relating to various processes described herein. This information can be stored in one or more memories, such as a hard disk, optical disk, magneto-optical disk, RAM, and the like. One or more databases can store the information used to implement the exemplary embodiments of the present inventions. The databases can be organized using data structures (e.g., records, tables, arrays, fields, graphs, trees, lists, and the like) included in one or more memories or storage de¬ vices listed herein. The processes described with re¬ spect to the exemplary embodiments can include appro¬ priate data structures for storing data collected and/or generated by the processes of the devices and subsystems of the exemplary embodiments in one or more databases .
All or a portion of the exemplary embodiments can be conveniently implemented using one or more gen- eral purpose processors, microprocessors, digital sig¬ nal processors, micro-controllers, and the like, pro¬ grammed according to the teachings of the exemplary embodiments of the present inventions, as will be ap¬ preciated by those skilled in the computer and/or software art(s) . Appropriate software can be readily prepared by programmers of ordinary skill based on the teachings of the exemplary embodiments, as will be ap- preciated by those skilled in the software art. In ad¬ dition, the exemplary embodiments can be implemented by the preparation of application-specific integrated circuits or by interconnecting an appropriate network of conventional component circuits, as will be appre¬ ciated by those skilled in the electrical art(s) . Thus, the exemplary embodiments are not limited to any specific combination of hardware and/or software.
Stored on any one or on a combination of com- puter readable media, the exemplary embodiments of the present inventions can include software for control¬ ling the components of the exemplary embodiments, for driving the components of the exemplary embodiments, for enabling the components of the exemplary embodi- ments to interact with a human user, and the like. Such software can include, but is not limited to, de¬ vice drivers, firmware, operating systems, development tools, applications software, and the like. Such com¬ puter readable media further can include the computer program of an embodiment of the present inventions for performing all or a portion (if processing is distributed) of the processing performed in implementing the inventions. Computer code devices of the exemplary em¬ bodiments of the present inventions can include any suitable interpretable or executable code mechanism, including but not limited to scripts, interpretable programs, dynamic link libraries (DLLs) , Java classes and applets, complete executable programs, Common Ob¬ ject Request Broker Architecture (CORBA) objects, and the like. Moreover, parts of the processing of the exemplary embodiments of the present inventions can be distributed for better performance, reliability, cost, and the like.
As stated above, the components of the exem- plary embodiments can include computer readable medium or memories for holding instructions programmed ac¬ cording to the teachings of the present inventions and for holding data structures, tables, records, and/or other data described herein. Computer readable medium can include any suitable medium that participates in providing instructions to a processor for execution. Such a medium can take many forms, including but not limited to, non-volatile media, volatile media, trans¬ mission media, and the like. Non-volatile media can include, for example, optical or magnetic disks, mag¬ neto-optical disks, and the like. Volatile media can include dynamic memories, and the like. Transmission media can include coaxial cables, copper wire, fiber optics, and the like. Transmission media also can take the form of acoustic, optical, electromagnetic waves, and the like, such as those generated during radio frequency (RF) communications, infrared (IR) data com¬ munications, and the like. Common forms of computer- readable media can include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, any other suitable magnetic medium, a CD-ROM, CD±R, CD±RW, DVD, DVD-RAM, DVD1RW, DVD±R, HD DVD, HD DVD-R, HD DVD- RW, HD DVD-RAM, Blu-ray Disc, any other suitable opti¬ cal medium, punch cards, paper tape, optical mark sheets, any other suitable physical medium with pat¬ terns of holes or other optically recognizable indi- cia, a RAM, a PROM, an EPROM, a FLASH-EPROM, any other suitable memory chip or cartridge, a carrier wave or any other suitable medium from which a computer can read .
If desired, the different functions discussed herein may be performed in a different order and/or concurrently with each other.
While the present inventions have been de¬ scribed in connection with a number of exemplary embodiments, and implementations, the present inventions are not so limited, but rather cover various modifica¬ tions, and equivalent arrangements, which fall within the purview of prospective claims.

Claims

1. A method of issuing personalized digital end user credentials, c h a r a c t e r i z e d in com¬ prising :
generating (201), at an issuer unit, personalized digital credentials for a predetermined end us¬ er, said credentials for use in electronic transac¬ tions to be performed with a mobile device of said predetermined end user;
sending (202), from the issuer unit to said mobile device via a secured communications connection, an activation code and a trigger code associated with said generated personalized digital end user creden¬ tials;
receiving (206) from said mobile device an activation code entered by said end user and a unique device identifier associated with said mobile device and generated at said mobile device in response to the received trigger code;
checking (207-210) the received activation code and unique device identifier;
sending (211), from the issuer unit to said mobile device, said generated personalized digital end user credentials in response to a successful check.
2. The method according to claim 1, wherein said checking (207-210) said received activation code and said unique device identifier comprises:
checking (207) whether the received activation code is valid;
in response to the received activation code being valid:
checking (208) whether the received unique device identifier is new;
in response to the received unique device identifier being new:
updating (210) device information maintained at the issuer unit and associated with said mobile de- vice to include the received unique device identifier, and proceeding to the step of sending (211) said generated personalized digital end user credentials to said mobile device;
in response to the received unique device identifier not being new:
checking (209) whether the received unique device identifier matches the one included in the maintained device information;
if yes, proceeding to the step of sending
(211) said generated personalized digital end user credentials to said mobile device.
3. The method according to claim 1 or 2, wherein said receiving (206) further comprises receiv- ing information about detected operating system of said mobile device.
4. A computer program stored on a computer readable medium and comprising code adapted to cause the steps of any of claims 1-3 when executed on a da- ta-processing system.
5. A method of obtaining issued personalized digital end user credentials, c h a r a c t e r i z e d in comprising:
receiving (202), from an issuer unit to a mo- bile device of a predetermined end user via a secured communications connection, an activation code and a trigger code associated with personalized digital end user credentials generated at the issuer unit, said credentials for use in electronic transactions to be performed with said mobile device;
generating (203) a unique device identifier associated with said mobile device in response to the received trigger code;
prompting (204) the end user to enter the re- ceived activation code; sending (206) the generated unique device identifier and the entered activation code to the is¬ suer unit; and
in response to a successful check of the sent device identifier and activation code at the issuer unit, receiving (211) said generated personalized dig¬ ital end user credentials at said mobile device.
6. The method according to claim 5, further comprising storing (212) the received personalized digital end user credentials at said mobile device in a secured memory area.
7. The method according to claim 5 or 6, further comprising detecting (205) the operating system of said mobile device in response to the received trigger code;
wherein said sending (206) further comprises sending information about the detected operating system to the issuer unit.
8. The method according to any of claims 5-7, further comprising sending (213) a transaction request including the personalized digital end user creden¬ tials via a short range connection to a transaction terminal, and receiving (217) a transaction response from the transaction terminal.
9. A computer program stored on a computer readable medium and comprising code adapted to cause the steps of any of claims 5-8 when executed on a da¬ ta-processing system.
10. An issuer unit (110), c h a r a c t e r - i z e d in comprising:
a credentials generating means (111) for generating personalized digital credentials for a prede¬ termined end user, said credentials for use in elec¬ tronic transactions to be performed with a mobile de- vice (120) of said predetermined end user;
a first sending means (112_1) for sending to said mobile device (120) via a secured communications connection, an activation code and a trigger code associated with said generated personalized digital end user credentials;
a receiving means (113) for receiving from said mobile device (120) an activation code entered by said end user and a unique device identifier associat¬ ed with said mobile device (120) and generated at said mobile device (120) in response to the received trig¬ ger code;
a checking means (114) for checking the received activation code and unique device identifier;
a second sending means (112_2) for sending said generated personalized digital end user creden¬ tials to said mobile device (120) in response to a successful check.
11. The issuer unit (110) according to claim 10, wherein said checking means (114) is configured to perform said checking by:
checking whether the received activation code is valid;
in response to the received activation code being valid:
checking whether the received unique device identifier is new;
in response to the received unique device identifier being new:
updating device information maintained at the issuer unit and associated with said mobile device (120) to include the received unique device identifi- er, and instructing the second sending means (112_2) to proceed with the sending of said generated person¬ alized digital end user credentials to said mobile de¬ vice (120);
in response to the received unique device identifier not being new: checking whether the received unique device identifier matches the one included in the maintained device information;
if yes, instructing the second sending means (112_2) to proceed with the sending of said generated personalized digital end user credentials to said mo¬ bile device (120) .
12. The issuer unit (110) according to claim 10 or 11, wherein the trigger code comprises a uniform resource locator.
13. The issuer unit (110) according to any of claims 10-12, further comprising at least one of: an issuer server (115), a wallet server (116), an invoic¬ ing unit (117) and a ticketing unit (118) .
14. A mobile device (120) of a predetermined end user, c h a r a c t e r i z e d in comprising:
a first receiving means (121) for receiving from an issuer unit (110) via a secured communications connection, an activation code and a trigger code as- sociated with personalized digital end user creden¬ tials generated at the issuer unit (110), said creden¬ tials for use in electronic transactions to be per¬ formed with said mobile device (120);
a device identifier generating means (122) for generating a unique device identifier associated with said mobile device (120) in response to the re¬ ceived trigger code;
a prompting means (123) for prompting the end user to enter the received activation code;
a sending means (124) for sending the generated unique device identifier and the entered activa¬ tion code to the issuer unit (110); and
a second receiving means (125) for receiving said generated personalized digital end user creden- tials in response to successful check of the sent de¬ vice identifier and activation code at the issuer unit (110) .
15. The mobile device (120) according to claim 14, further comprising a secured memory area
(126) for storing the received personalized end user credentials .
16. The mobile device (120) according to claim 15, wherein the secured memory area (126) is comprised in a universal integrated circuit card
(127) .
17. The mobile device (120) according to any of claims 14-16, further comprising a transaction means (128) for sending a transaction request includ¬ ing the personalized digital end user credentials via a short range connection to a transaction terminal (130) and for receiving a transaction response from the transaction terminal (130) .
18. A system (100), c h a r a c t e r i z e d in comprising :
the issuer unit (110) according to any of claims 10-13;
the mobile device (120) according to any of claims 14-17; and
a transaction terminal (130), comprising a reading means (131) for reading the personalized digi¬ tal end user credentials included in a transaction re- quest sent from the mobile device via a short range connection, a verification request means (132) for sending a verification request including the read personalized digital end user credentials to the issuer unit (110) for verification and for receiving a veri- fication response from the issuer unit (110), and a grant/reject means (133) for sending the transaction response granting or rejecting the transaction request in response to the received verification response in¬ dicating successful or failed verification, respect- fully;
wherein the issuer unit (110) further comprises a verification means (119) for receiving the verification request, for performing a verification based on the received personalized digital end user credentials, and for sending to the transaction terminal (130) the verification response indicating success or failure of the performed verification.
PCT/IB2013/056518 2012-08-14 2013-08-09 Issuance, obtaining and utilization of personalized digital end user credentials for use in electronic transactions performed with a mobile device WO2014027287A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20125843 2012-08-14
FI20125843A FI20125843L (en) 2012-08-14 2012-08-14 Delivery, receipt and use of a personalized digital declaration of authenticity regarding the end user for use in electronic transactions conducted with a mobile

Publications (1)

Publication Number Publication Date
WO2014027287A1 true WO2014027287A1 (en) 2014-02-20

Family

ID=49328596

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2013/056518 WO2014027287A1 (en) 2012-08-14 2013-08-09 Issuance, obtaining and utilization of personalized digital end user credentials for use in electronic transactions performed with a mobile device

Country Status (2)

Country Link
FI (1) FI20125843L (en)
WO (1) WO2014027287A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019103793A1 (en) 2017-11-22 2019-05-31 Mastercard International Incorporated Bin-conserving tokenization techniques generating tokens in reverse order and employing common device pan with differing pan sequence number values across token instances
US11544781B2 (en) 2017-12-23 2023-01-03 Mastercard International Incorporated Leveraging a network “positive card” list to inform risk management decisions

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060105742A1 (en) * 2002-10-31 2006-05-18 Kim Yun K Method for issuing instant mobile card using wireless network and accounting it using short distance communication
WO2009112793A1 (en) * 2008-03-14 2009-09-17 British Telecommunications Public Limited Company Mobile payments
WO2011006142A1 (en) * 2009-07-09 2011-01-13 Cubic Corporation Id application for nfc-enabled mobile device
WO2012042262A1 (en) * 2010-09-28 2012-04-05 Barclays Bank Plc Mobile payment system
US20120123883A1 (en) * 2010-11-17 2012-05-17 Inside Secure Nfc transaction server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060105742A1 (en) * 2002-10-31 2006-05-18 Kim Yun K Method for issuing instant mobile card using wireless network and accounting it using short distance communication
WO2009112793A1 (en) * 2008-03-14 2009-09-17 British Telecommunications Public Limited Company Mobile payments
WO2011006142A1 (en) * 2009-07-09 2011-01-13 Cubic Corporation Id application for nfc-enabled mobile device
WO2012042262A1 (en) * 2010-09-28 2012-04-05 Barclays Bank Plc Mobile payment system
US20120123883A1 (en) * 2010-11-17 2012-05-17 Inside Secure Nfc transaction server

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019103793A1 (en) 2017-11-22 2019-05-31 Mastercard International Incorporated Bin-conserving tokenization techniques generating tokens in reverse order and employing common device pan with differing pan sequence number values across token instances
US10963871B2 (en) 2017-11-22 2021-03-30 Mastercard International Incorporated Bin-conserving tokenization techniques generating tokens in reverse order and employing common device pan with differing pan sequence number values across token instances
US11544781B2 (en) 2017-12-23 2023-01-03 Mastercard International Incorporated Leveraging a network “positive card” list to inform risk management decisions
US11928729B2 (en) 2017-12-23 2024-03-12 Mastercard International Incorporated Leveraging a network “positive card” list to inform risk management decisions

Also Published As

Publication number Publication date
FI20125843L (en) 2014-02-15

Similar Documents

Publication Publication Date Title
KR102254357B1 (en) Credit payment method and device based on card emulation of mobile terminal
US8600881B2 (en) System and method for uniquely identifying point of sale devices in an open payment network
TWI428858B (en) Apparatus and method for integrated payment and electronic merchandise transfer
US8469277B2 (en) Methods, systems and computer program products for wireless payment transactions
US6343284B1 (en) Method and system for billing on the internet
CN102881071B (en) Electronic ticket anti-counterfeiting system and method
US9307341B2 (en) Payment application download to mobile phone and phone personalization
US20150193765A1 (en) Method and System for Mobile Payment and Access Control
CN104272332A (en) System and method for dynamic temporary payment authorization in a portable communication device
CN110235380B (en) Payment processing method and device
KR20140093710A (en) Payment system and method
EP2731065A1 (en) Method for processing a payment, and system and electronic device for implementing the same
WO2012100122A1 (en) Systems and methods for virtual mobile transaction
US20230017281A1 (en) Dynamic application selection based on contextual data
KR20120133706A (en) Apparatus for registration card and method of the same
KR101648506B1 (en) Service System and Service Providing Method for Complex Settlement
WO2014027287A1 (en) Issuance, obtaining and utilization of personalized digital end user credentials for use in electronic transactions performed with a mobile device
KR20190103113A (en) Financial transaction method of mobile equipment, apparatus thereof, and medium storing program source thereof
TW201537486A (en) Method and system for mobile payment and access control
JP7039770B1 (en) Terminal type identification in interaction processing
KR20130028498A (en) System and method for processing of financial service
KR101705404B1 (en) Card registeration system by contacting card and operating method thereof
KR20170037925A (en) System for Processing Payment by using Special Identity Code
KR101623972B1 (en) System for Payment by Using Identity Code of Affiliated Store
KR20040075159A (en) System and Method for Confirming Card Settlement

Legal Events

Date Code Title Description
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13774823

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13774823

Country of ref document: EP

Kind code of ref document: A1