EP3698307A1 - Data transfer apparatus and method - Google Patents

Data transfer apparatus and method

Info

Publication number
EP3698307A1
EP3698307A1 EP18800742.1A EP18800742A EP3698307A1 EP 3698307 A1 EP3698307 A1 EP 3698307A1 EP 18800742 A EP18800742 A EP 18800742A EP 3698307 A1 EP3698307 A1 EP 3698307A1
Authority
EP
European Patent Office
Prior art keywords
electronic device
data
key
privy
identification data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP18800742.1A
Other languages
German (de)
French (fr)
Inventor
Keith SYMINGTON
Stuart Jamieson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
COMCARDE Ltd
Original Assignee
Comcarde Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Comcarde Ltd filed Critical Comcarde Ltd
Publication of EP3698307A1 publication Critical patent/EP3698307A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Definitions

  • the present invention relates to a method of and apparatus for effecting transfer of privy data from a first electronic device to a second electronic device.
  • the present invention also relates to a method of and apparatus for making privy data available for use.
  • the vendor has an Internet accessible server platform by way of which goods and services are made available for sale.
  • a purchase involves payment being made from the customer to the vendor by way of privy data, such as debit or credit card details or banking details. Often the customer's privy data is stored by the vendor's server platform for later use. Storage of privy data is before a customer makes a purchase, for example during a registration phase, or during a purchase.
  • the present inventors have appreciated the above described known approach to present a risk to security of customers' privy data.
  • the present invention has been devised in light of this appreciation. It is therefore an object for the present invention to provide an improved method of effecting transfer of privy data from a first electronic device to a second electronic device. It is a further object for the present invention to provide improved apparatus for transferring privy data from a first electronic device to a second electronic device.
  • a method of effecting transfer of privy data from a first electronic device to a second electronic device comprising:
  • first device identification data which identifies the first electronic device or a user of the first electronic device, from the first electronic device to the second electronic device;
  • the key subsequent to erasing the key, conveying the key and second device identification data, which identifies the first electronic device or a user of the first electronic device, from the first electronic device to the second electronic device; and in the second electronic device, decrypting the privy data in dependence on the key received from the first electronic device and the second device identification data matching the first device identification data, whereby the privy data is accessed by the second electronic device.
  • the method of effecting transfer of privy data such as data relating to purchase of goods or services, from a first electronic device, such as a smartphone, to a second electronic device, such as electronic point of sale apparatus, comprises conveying first device identification data, which identifies the first electronic device, from the first electronic device to the second electronic device.
  • the method then comprises conveying a data packet from the first electronic device to the second electronic device, the data packet comprising privy data.
  • the method yet further comprises operating the second electronic device to encrypt the privy data with a key.
  • the key is then erased from the second electronic device.
  • the encrypted privy data may, for example, be stored, with erasure of the key providing for security of the encrypted privy data.
  • the method comprises conveying the key and second device identification data, which identifies the first electronic device, from the first electronic device to the second electronic device.
  • the method then comprises decrypting in the second electronic device the privy data in dependence on the key received from the first electronic device and the second device
  • the privy data is accessed by the second electronic device. Determining if the second device identification data matches, for example is the same as, the first device identification data provides for security of the encrypted privy data by confirming that it is the first electronic device instigating decryption before the encrypted privy data is decrypted by way of the key received from the first electronic device.
  • the method may thus provide for improved protection of the privy data by involvement of the first electronic device in allowing access to the privy data by the second electronic device.
  • the method may further comprise operating the first electronic device to create the key. Furthermore, the data packet conveyed from the first electronic device to the second electronic device may further comprise the key. When the key is erased from the second electronic device, the first electronic device already has the key whereby the first electronic device can convey the key with the second device identification data later when the second electronic device is to be allowed access to the encrypted privy data.
  • the method may further comprise operating the second electronic device to create the key. There is therefore no need for the data packet conveyed from the first electronic device to the second electronic device to further comprise the key. However, erasure of the key from the second electronic device would mean loss of the key. Therefore, and before the step of erasing the key from the second electronic device, the method further comprises conveying the key from the second electronic device to the first electronic device.
  • the first electronic device may thus have the key whereby the first electronic device can convey the key with the second device identification data later when the second electronic device is to be allowed access to the encrypted privy data.
  • the step of operating the first electronic device to create a key may, for example, be carried out by an App running on the first electronic device or by a computer program running on the second electronic device.
  • the key may comprise an alphanumeric string.
  • the key may comprise a checksum.
  • the key may comprise user data which is unique to a user of the first electronic device, such as a username of the user.
  • the key may be hashed, such as by way of SHA-2.
  • at least one of a salt and a pepper may be used before the key is hashed.
  • the method may comprise creating plural different keys.
  • the plural different keys may be created at different times. Each one of the plural different keys may be sent to a respective one of plural second electronic devices.
  • the first electronic device may therefore transfer privy data and perhaps different privy data to each of plural second electronic devices.
  • the method comprises operating the second electronic device to encrypt the privy data with the key.
  • the encrypted privy data may be stored, for example transiently before being conveyed from the second electronic device, locally to the second electronic device or remotely from the second electronic device.
  • the encrypted privy data may be stored with the first device identification data.
  • the encrypted privy data and the first device identification data may be stored in a privy data record.
  • the encrypted privy data may therefore be retrieved later, such as from a database containing encrypted privy data from each of plural first electronic devices, by way of the first device identification data.
  • the encrypted privy data may be stored with encrypted decryption confirmation data and unencrypted decryption confirmation data.
  • the encrypted privy data may be stored in the privy data record.
  • the encrypted decryption confirmation data is decrypted when the encrypted privy data is decrypted later and the decrypted decryption confirmation data is compared with the stored unencrypted decryption confirmation data to determine whether or not the privy data has been decrypted properly.
  • the second electronic device may be operative to form the decryption confirmation data.
  • the decryption confirmation data may, for example, be random data.
  • the method may further comprise operating the second electronic device to encrypt the privy data with a second key.
  • the method may further comprise operating the second electronic device to create the second key.
  • the second key may comprise an alphanumeric string.
  • the second key may comprise a checksum.
  • the privy data may therefore be encrypted by way of the first and second keys. Although the first key is erased, the second key may be retained. However, no risk may be presented because both of the first and second keys are required for later
  • the method comprises erasing the key (i.e. the first key) from the second electronic device.
  • erasure of the key provides for security of the encrypted privy data by creating dependence on later provision of the key to allow for decryption of the privy data.
  • the key may therefore be erased immediately following use of the key to encrypt the privy data.
  • the key may be conveyed to the first electronic device before the key is erased from the second electronic device.
  • the first device identification data may comprise at least one: MAC; IMEI; mobile telephone number where the first electronic device is a mobile telephone; email address for the first electronic device; and a device token, i.e. a unique identifier for the first electronic device.
  • the step of operating the first electronic device to create the key may comprise creating a device token which is used instead of hardware related first device identification data.
  • the method may further comprise conveying the first device identification data from the first electronic device to another first electronic device.
  • the other first electronic device may be a second device operated by the person who operates the original first electronic device.
  • the first device identification data may be conveyed by manual operation, e.g. entry by the user by way of a keypad on the other first electronic device, wirelessly, such as in accordance with the Bluetooth protocol or by way of Near Field Communication (NFC), or by operating the other first electronic device to scan a code optically, such as a QR code, the code comprising the first device identification data.
  • First device identification data in the form of a token which is independent of hardware may be useful in such circumstances.
  • the first device identification data may be conveyed from the first electronic device to the second electronic device during a first session and the data packet may be conveyed to the second electronic device during a second session, the second session taking place after the first session.
  • the first device identification data may be stored in a database.
  • the first device identification data may be paired in the database with data pertaining to the user, such as a username and perhaps also contact details for the user. Where there are plural first electronic devices the database may comprise plural and indeed a large number of records with each record relating to a different one of the plural first electronic devices.
  • the data packet may be conveyed to the second electronic device with the first device identification data.
  • the first device identification data conveyed with the data packet may be used to address the record already containing the first device identification data whereby the privy data comprised in the data packet may be stored after encryption in the database with the first device identification data.
  • the data packet may be conveyed to the second electronic device with the first device identification data and the first device
  • identification data may be stored in the database with the privy data comprised in the data packet after the privy data is encrypted.
  • the encrypted privy data and the first device identification data may be comprised in a new record added to the database.
  • the method may comprise both of the first and second approaches.
  • the first approach may be used to form an initial database comprising plural first device identification data, such as from an existing customer base
  • the second approach may be used to augment the initial database with further first device identification data, such as from new customers.
  • the privy data may comprise data for effecting a financial transaction. More specifically the privy data may comprise data for making payment from a user of the first electronic device to a user of the second electronic device.
  • the privy data may comprise bank information for the user of the first electronic device. More
  • the bank information may comprise card data, such as debit or credit card data.
  • the card data may comprise a Primary Account Number (PAN).
  • PAN Primary Account Number
  • the card data may further comprise at least one of: card start date; card expiry date; and CW number.
  • the method may comprise storing the PAN in an exclude database.
  • the method may comprise forming an exclude database.
  • the exclude database may comprise exclude data based on the privy data.
  • the privy data comprises data for effecting a financial transaction
  • the exclude data may comprise a PAN.
  • the exclude data may be hashed, such as by way of SHA-2.
  • the exclude database may comprise plural exclude data, each of the plural exclude data being in respect of a different one of the plural first electronic devices.
  • Exclude data may be stored in the exclude database when a first electronic device is in data communication for the first time with the second electronic device.
  • the method may further comprise comparing the fresh exclude data with exclude data already comprised in the exclude database. If the fresh exclude data is the same as exclude data already comprised in the exclude database, the second electronic device may be operative to cease inclusion of the fresh exclude data in the exclude database and may be further operative to terminate the session between the first and second electronic devices.
  • the method may further comprise preventing further transfer of privy data.
  • Preventing further transfer of privy data may comprise a first electronic device of the user being operative to send a prevention request to the second electronic device, the prevention request comprising the key and exclude data.
  • the key may be hashed.
  • at least one of a salt and a pepper may be used before the key is hashed.
  • the second electronic device may be operative to remove the exclude data from the exclude database. Presence of exclude data in the exclude database may be required for subsequent use of the privy data such as a making a purchase by way of the privy data.
  • the first electronic device may be operative to change the key.
  • the first electronic device may be operative to generate an alphanumeric string for use as the key which differs from the alphanumeric string used previously as the key. Privy data held by the second electronic device which has been encrypted by the previously used key therefore cannot be decrypted whereby a user of the first electronic device can make his or her previously disclosed privy data irrecoverable.
  • the method may further comprise the second electronic device conveying a test packet to the first electronic device.
  • the test packet may comprise a certificate which is encrypted with the key.
  • the second electronic device may be operative to encrypt the certificate with the key before the step of erasing the key from the second electronic device.
  • the second electronic device may therefore be operative to store the encrypted certificate for subsequent transmission of the test packet to the first electronic device.
  • the encrypted certificate may be decrypted by the first electronic device by way of the key to thereby verify the identity of the second electronic device.
  • the certificate may also be encrypted with the second key.
  • the second key may be comprised in the test packet sent from the second electronic device to the first electronic device.
  • the first electronic device may therefore decrypt the certificate by way of the received second key.
  • the second key comprised in the test packet may be encrypted with the first key.
  • the second electronic device may be operative to encrypt the second key with the first key before the step of erasing the first key from the second electronic device.
  • the second electronic device may therefore be operative to store the encrypted second key for subsequent transmission of the test packet to the first electronic device.
  • the second electronic device may be operative to decrypt the encrypted second key with the first key and then to decrypt the encrypted certificate with the first and second keys.
  • the second electronic device may be further operative to erase the second key following decryption of the encrypted certificate.
  • a payment may be made subject to two or more parties approving the payment.
  • Decryption of privy data held by the second electronic device may therefore depend on involvement of the first electronic device and at least one further electronic device.
  • Decryption involving at least one further electronic device is now described with reference to a third electronic device, although features described with reference to the third electronic device may be similarly applied in respect of each of plural electronic devices further to the third electronic device.
  • the method may further comprise operating the second electronic device to create the key.
  • the privy data is encrypted with the key in the second electronic device.
  • the second electronic device may be operative to split the key into first and second parts.
  • the first part of the key may be conveyed to the first electronic device and the second part of the key may be conveyed to the third electronic device.
  • the key may be split into four parts.
  • the second electronic device may convey the first part of the key to the first electronic device and may convey the second part of the key to the third electronic device.
  • the second electronic device may convey the second part of the key to the third electronic device in dependence on identification of the third electronic device by way of stored identification data for the third electronic device. Storage of identification data for the third electronic device is described below.
  • the second electronic device may convey the first and second parts of the key to the first electronic device and the first electronic device may convey the second part of the key to the third electronic device.
  • the first electronic device may convey the first part of the key to the second electronic device and the third electronic device may convey the second part of the key to the second electronic device.
  • the second electronic device may reassemble the key from the first and second parts. As described above, the second electronic device may decrypt the privy data with the reassembled key.
  • the third electronic device may convey third device identification data, which identifies the third electronic device or a user of the third electronic device, to the second electronic device.
  • the second electronic device may compare the third device identification data with at least one stored device identification data and, if there is a match between the third device identification data and the at least one stored device identification data decrypt the privy data.
  • the least one stored device identification data may thus comprise device identification data that identifies the third electronic device or a user of the third electronic device whereby the identity of the third electronic device or a user of the third electronic device may be confirmed before the privy data is decrypted.
  • the at least one stored device identification data may be received from the first electronic device and, more specifically, the at least one stored device identification data may be conveyed from the first electronic device to the second electronic device with the privy data or when the first electronic device conveys the first device identification data to the second electronic device.
  • the first electronic device may therefore be operative to nominate the third electronic device for involvement in decryption of the privy data.
  • the first electronic device may be operative to nominate each of fourth and further electronic devices for involvement in decryption of the privy data by conveying device identification data for each of the fourth and further electronic devices to the second electronic device.
  • decryption of the privy data may depend on matching of a subset of the first device identification data and plural further device identification data with received device identification data.
  • the subset may comprise at least two device identification data.
  • Plural electronic devices may thus be nominated for potential involvement in decryption of the privy data, with decryption of the privy being conditional on receipt of device identification data from at least two of the plural electronic devices and fewer than all of the plural electronic devices.
  • the method may be comprised in a payment process.
  • the method may therefore further comprise the second electronic device conveying an amount to be paid to the first electronic device.
  • the first electronic device may be operated by the user to either approve or disapprove the proposed transaction.
  • the first electronic device may be operative to carry out the step conveying the key and second device identification data from the first electronic device to the second electronic device to thereby initiate payment.
  • the second electronic device may be operative to take payment in dependence on the decrypted privy data.
  • the first electronic device may be a mobile device such as a tablet computer or a smartphone.
  • the first electronic device may therefore be operable as described above in dependence on an App running on the first electronic device.
  • the second electronic device may comprise computing apparatus, such as a server.
  • the second electronic device may be operated on or on behalf of a vendor of goods or services.
  • the second electronic device may be operated on or on behalf of a payment handling establishment, such as a bank.
  • Communication between the first and second electronic devices may be wireless and may be at least in part by way of the Internet.
  • a computer program comprising program instructions for causing computer apparatus to perform the method according to the second aspect of the present invention. More specifically, the computer program may be at least one of: embodied on a record medium; embodied in read only memory; stored in a computer memory; and carried on an electrical carrier signal. Further embodiments of the second aspect of the present invention may comprise one or more features of the first aspect of the present invention.
  • a computer system comprising program instructions for causing computer apparatus to perform the method according to the second aspect of the present invention. More specifically the program instructions may be at least one of: embodied on a record medium; embodied in a read only memory; stored in a computer memory; and carried on an electrical carrier signal. Further embodiments of the third aspect of the present invention may comprise one or more features of the first aspect of the present invention.
  • apparatus for transferring privy data comprising:
  • first electronic device and a second electronic device configured to convey first device identification data from the first electronic device to the second electronic device, the first device identification data identifying the first electronic device or a user of the first electronic device,
  • the first and second electronic devices being further configured to convey a data packet from the first electronic device to the second electronic device, the data packet comprising privy data
  • the second electronic device being configured to encrypt the privy data with a key and to erase the key from the second electronic device, subsequent to erasing the key
  • the first and second electronic devices being configured to convey the key and second device identification data, which identifies the first electronic device or a user of the first electronic device, from the first electronic device to the second electronic device
  • Embodiments of the fourth aspect of the present invention may comprise one or more features of the first aspect of the present invention.
  • the method makes privy data available for use.
  • the method comprises storing first device identification data with encrypted privy data in a first electronic device, the encrypted privy data having been encrypted with a key, the key now being no longer comprised in the first electronic device.
  • the privy data may have been conveyed to the first electronic device by another party along with the key.
  • the first electronic device may have been operative to encrypt the privy data with the key before storing the encrypted privy data either locally or remotely and erasing the key.
  • the privy data is now inaccessible without the key which is needed for decryption of the encrypted privy data.
  • the key and second device identification data are conveyed from a second electronic device to the first electronic device.
  • the method further comprises decrypting in the first electronic device the privy data in dependence on the received key and the second device identification data matching the first device identification data whereby the privy data is operated on by the first electronic device.
  • the privy data is now available for use.
  • the method may further comprise conveying the decrypted privy data to at least one further electronic device. Making the decrypted privy data available to at least one further electronic device is thus under the control of the second electronic device.
  • the first device identification data may have been generated by the second electronic device.
  • the privy data may pertain to a user of the second electronic device. As described above, the first device identification data may be characteristic of the second electronic device and may be used to access the user's privy data in a database comprising plural different privy data each stored with a respective one of plural different first device identification data.
  • the further electronic device may be the second electronic device.
  • a third electronic device may have generated the first device identification data.
  • the privy data may pertain to a user of the third electronic device. The user of the third electronic device may allow the second electronic device access to the privy data by conveying the key and second device
  • the method may further comprise conveying the decrypted privy data to the second electronic device.
  • the user of the third electronic device thus allows for selective access to at least one second electronic device to the privy data stored by way of the first electronic device.
  • apparatus for making privy data available for use comprising: a first electronic device operative to store first device identification data with encrypted privy data, the encrypted privy data having been encrypted with a key the key now being no longer comprised in the first electronic device; and
  • a second electronic device which is operative with the first electronic device to convey the key and second device identification data from the second electronic device to the first electronic device
  • the first electronic device being operative to decrypt the privy data in dependence on the received key and the second device identification data matching the first device identification data whereby the privy data is accessed by the first electronic device.
  • Embodiments of the yet further aspect of the present invention may comprise one or more features of any previous aspect of the present invention.
  • Figure 1 is a block diagram representation of apparatus for transferring privy data according to the present invention
  • Figures 2A and 2B are flow chart representations of a method of transferring privy data according to the present invention.
  • Figure 3 is a block diagram representation of apparatus for making privy data available for use according to the present invention.
  • the apparatus for transferring privy data 10 comprises plural customer computing apparatus 12 and a vendor's server platform 14.
  • the customer computing apparatus 12 is, for example, a Personal Computer (PC), a tablet computer or a smartphone.
  • Each of the customer computing apparatus 12 is in data communication with the vendor's server platform 14 by way of a computer network, such as the Internet, or a metropolitan or wide area network, such as the Global System for Mobile Communications (GSM) or 4G network.
  • GSM Global System for Mobile Communications
  • the vendor offers goods or services for sale by way of a website which may be browsed by a user of each of the plural customer computing apparatus 12.
  • each user registers with the vendor whereby payment information for the user is stored by or by way of the vendor's server platform 14.
  • payment information for the user is stored by or by way of the vendor's server platform 14.
  • a payment process is initiated during which the stored payment information is used to effect payment for goods or services.
  • FIG. 2A Flow chart representations of a method of transferring privy data according to the present invention are shown in Figures 2A and 2B. The method will now be described with reference to the apparatus for transferring privy data 10 shown in Figure 1 .
  • a new customer registers with the vendor.
  • the registration process is represented in Figure 2A and involves the customer entering details of his or her payment card 20 (which constitutes privy data) into the customer computing apparatus 12 by way of an App running on the customer computing apparatus.
  • the details entered include the Primary Account Number (PAN), card start date, card expiry date, and CW number.
  • PAN Primary Account Number
  • the App running on the customer computing apparatus 12 is operative to create a first key 22.
  • the first key comprises an alphanumeric string, a checksum and user data, such as a username of the customer, which is unique to the user of the customer computing apparatus 12.
  • the customer computing apparatus 12 is operative to hash the first key, such as by way of SHA-2, with at least one of a salt and a pepper being used before the first key is hashed.
  • the App is further operative to display the first key to the customer with a recommendation to record the first key for data restoration purposes.
  • the App is also operative to create first device identification data 24.
  • the first device identification data such as by way of SHA-2
  • identification data comprises one of a MAC for the customer computing apparatus 12, IMEI for the customer computing apparatus 12, mobile telephone number where the first electronic device is a mobile telephone, email address for the customer computing apparatus and a device token, i.e. a unique identifier for the first electronic device.
  • the registration process further comprises the customer computing apparatus 12 forming a data packet which comprises the payment card details, the hashed first key and the first device identification data.
  • the data packet is conveyed to the vendor's server platform 14, 26.
  • the first key is created in the vendor's server platform instead of in the customer computing apparatus 12. There is therefore no need for the data packet comprise the key because the first key is already in the possession of the vendor's server platform.
  • the step described below of erasure of the first key from the vendor's server platform 14 would mean loss of the first key. Therefore, and before the step of erasing the first key from the vendor's server platform, the first key is conveyed from the vendor's server platform 14 to the customer computing apparatus 12 whereby the customer computing apparatus 12 has the first key for subsequent decryption of encrypted payment card details.
  • the first device identification data is conveyed to the vendor's server platform 14 in advance of the payment card details and the hashed first key. This approach is followed where a customer carries out a bare registration with the vendor, such as by way of an email address for the customer, but does not go at this stage so far as providing payment card details.
  • the payment card details and the hashed first key are conveyed to the vendor's server platform 14 later, such as when the customer is ready to make his or her first purchase.
  • the vendor's server platform 14 Upon receipt of the data packet the vendor's server platform 14 is operative to determine whether or not the PAN is present in an exclude list 28. If the PAN is already present in the exclude list, the data packet is not acted upon and the customer is informed accordingly. If the PAN is not present in the exclude list, the PAN is added to the exclude list. Thereafter the vendor's server platform 14 is operative in accordance with known procedure to check the validity of the card for which payment card details have been provided by way of a zero amount transaction. The CW number is discarded by the vendor's server platform 14 because it is not required for transactions. The vendor's server platform 14 is operative to form a string of random data which constitutes decryption confirmation data.
  • the vendor's server platform 14 is then operative to encrypt the payment card details and the decryption confirmation data with the first key and a second key.
  • AN example encryption scheme is AES256.
  • the second key is described further below.
  • the encrypted payment card details and encrypted decryption confirmation data are then stored in a database 30 along with the unencrypted decryption confirmation data, the last three digits of the PAN in unencrypted form and the first device identification data with the first device identification data serving as an index for retrieval of the encrypted payment card details.
  • the registration process concludes with the first key being erased from the vendor's server platform 14, 32 whereby the customer computing apparatus 12 alone of the customer computing apparatus 12 and the vendor's server platform 14 has the first key.
  • the vendor's server platform 14 creates a second key which is hashed, such as by way of SHA-2, with at least one of a salt and a pepper being used before the second key is hashed. This step is carried out earlier than the steps represented in Figure 2A whereby the second key is available for use with payment card details from plural customer computing apparatus 12.
  • the vendor's server platform 14 is further operative to encrypt a security certificate with the first and second keys before the first key is erased. The encrypted security certificate is then stored for later use with the encrypted payment card details in the database.
  • the above described registration process is repeated in respect of each of plural different customers each operating his or her own customer computing apparatus 12.
  • the database is thus populated with encrypted payment card details for each of the plural customers with the exclude list being likewise populated.
  • a customer may register with each of plural different vendors with the process involving the steps described above in respect of each of the plural different vendors.
  • the customer computing apparatus 12 therefore creates plural different keys with each key being in respect of a different vendor's server platform 14.
  • a customer may wish to de-register from a vendor.
  • De-registration comprises the user operating the customer computing apparatus 12 by way of the App to form a prevention request 34.
  • the prevention request comprises the first key which is hashed as described above and the PAN of the customer's payment card details.
  • the customer computing apparatus 12 is then operative to convey the prevention request to the vendor's server platform 14, 36.
  • the vendor's server platform 14 Upon receipt of the prevention request, the vendor's server platform 14 is operative to remove the PAN comprised in the prevention request from the exclude list 38.
  • the customer's payment card details comprising the now removed PAN may no longer be used to effect a transaction until the customer's payment card details are re-registered.
  • An alternative or additional approach to preventing further use of the customer's payment card details involves the customer operating the customer computing apparatus 12 to change the first key and to erase the original first key. In the absence of the original first key the customer's payment card details cannot now be decrypted whereby the customer makes the payment card details irrecoverable.
  • details relating to the lost customer computing apparatus 12 are removed from the database comprised in the vendor's server platform 14 by way of a web console. The customer then reregisters by way of another customer computing apparatus 12.
  • the customer contacts the vendor or a third party managing the process on behalf of the vendor. Subject to the customer passing the zero value transaction process described above, the vendor or the third party deletes payment card details for the customer from the database comprised in the vendor's server platform 14.
  • the payment process is represented in Figure 2B and involves the customer operating his customer computing apparatus 12 to establish a session with the vendor's server platform 14.
  • the customer computing apparatus 12 conveys the first device identification data to the vendor's server platform 14, 52 which is operative to retrieve the encrypted security certificate and the encrypted second key from the database in dependence on the received first device
  • the vendor's server platform 14 is then operative to form a test packet comprising the encrypted security certificate and the encrypted second key and to convey the test packet to the customer computing apparatus 12, 54.
  • the customer computing apparatus 12 Upon receipt of the test packet, the customer computing apparatus 12 is operative to decrypt the encrypted second key with the locally held first key and then to decrypt the encrypted security certificate with the locally held first key and the now decrypted second key.
  • the second key is then erased from the customer computing apparatus 12 and the customer computing apparatus 12 is operative to use the decrypted security certificate to verify the identity of the vendor's server platform 14, 54 before the second key is disclosed to the vendor's server platform 14.
  • the payment process then involves the vendor's server platform 14 being operative to convey an amount to be paid to the customer computing apparatus 12, 56.
  • the customer computing apparatus 12 is operated by the user to either approve 58 or disapprove the proposed transaction. Thereafter the customer computing apparatus 12 is operative to convey the first hashed key and the first device identification data (which constitutes the second device identification data) to the vendor's server platform 14, 60 to thereby initiate payment. Upon receipt of the first hashed key and the first device identification data, the vendor's server platform 14 is operative to identify a data record in the database which is indexed by the first device
  • the vendor's server platform 14 If there is no data record in the database which is indexed by the received first device identification data, the vendor's server platform 14 is operative to determine that the payment request is invalid and the transaction is aborted. If there is a data record in the database which is indexed by the received first device identification data, the vendor's server platform 14 is operative to retrieve from the data record the encrypted payment card details, the encrypted decryption
  • the vendor's server platform 14 is then operative to decrypt the encrypted payment card details and the encrypted decryption confirmation data with the received first key and the locally held second key 62.
  • the now decrypted decryption confirmation data is compared with the unencrypted decryption confirmation data to confirm proper decryption.
  • the last three digits of the PAN are compared with the last three digits of the PAN comprised in the decrypted payment card details to confirm that the correct payment card details are being processed. Payment is then made in accordance with an established method in dependence on the now decrypted payment card details 64.
  • a customer may make use of more than one customer computing apparatus 12 to effect payment.
  • the customer may make use of a tablet computer and a smartphone with each device running the App described above.
  • the registration process described above is completed with one of the two devices. Later the customer wishes to be able to use either one of the two devices.
  • the customer therefore operates the second device, i.e. the device other than the device used for registration, to establish a session with the vendor's server platform 14.
  • the vendor's server platform 14 is operative to prompt the customer to enter the first key by way of the second device.
  • the first key is entered manually by the customer, such as by way of a keypad comprised in the second device or by using the second device to scan a QR code representing the first key.
  • the first key is conveyed wirelessly from the first device to the second device, such as in
  • the second device is also operative to receive first identification data from the first device, the first identification being in the form of a token which is independent of hardware whereby encrypted payment card details may be retrieved from the database in dependence on the token and irrespective of the device which is in communication with the vendor's server platform 14. Registration of the first device is therefore on the basis of the token in preference to hardware dependent first identification data.
  • a payment process involving the second device proceeds as described above with reference to Figure 2B with the second device conveying the received first hashed key and the received token (which constitutes first device identification data) to the vendor's server platform 14 to thereby initiate payment.
  • approval for payment depends on the involvement of a subset of plural customer computing apparatus 12.
  • one of the plural customer computing apparatus 12 nominates the other customer computing apparatus for potential involvement in the approval for payment.
  • the customer computing apparatus 12 nominates the other customer computing apparatus by conveying device identification data for itself and each of the other customer computing apparatus the vendor's server platform 14 with the received device identification data being stored by the vendor's server platform.
  • the device identification data for each of the other customer computing apparatus is either conveyed to the vendor's server platform 14 when the customer computing apparatus 12 conveys its device identification data to the vendor's server platform or when the privy data is conveyed to the vendor's server platform.
  • a pool of customer computing apparatus is thus nominated for potential involvement in payment approval.
  • the vendor's server platform 14 is then operative to create a key, as described above, with the created key then being conveyed to one of the customer computing apparatus 12.
  • the customer computing apparatus 12 then splits the key into plural parts with one part of the key being kept by the customer computing apparatus and at least one other part being sent to a respective at least one other customer computing apparatus.
  • the key is split into parts in the vendor's server platform 14 and either sent direct to each customer computing apparatus with the customer computing apparatus being identified by the stored device identification data or sent to each customer computing apparatus by way of one of the customer computing apparatus 12.
  • the key is then erased from the vendor's server platform 14 following encryption of the received privy data with the key.
  • decryption of the privy data depends on receipt of a part of the key by the vendor's server platform 14 from each of the nominated customer computing apparatus along with device identification data from each of the nominated customer computing apparatus.
  • the key is reassembled from the received parts and the reassembled key is used to decrypt the privy data.
  • Decryption of the privy data is as described above. Here, decryption depends on the involvement of plural customer computing apparatus whereby payment depends on approval being given by each user of the plural customer computing apparatus.
  • Decryption can be set in the vendor's server platform 14 to depend on approval from a minimum number of users, such as a minimum of three users. Therefore, the key should be split on the customer computing apparatus side into the requisite number of parts for the threshold minimum number of users to be reached.
  • the apparatus for making privy data available for use 70 comprises a central computing apparatus 72 (which constitutes a first electronic device), a client computing apparatus 74 and plural distributed computing apparatus 76.
  • the central computing apparatus 72 stores confidential data (which constitutes privy data) relating to the user of the client computing apparatus 74.
  • the central computing apparatus 72 is operative to create first and second keys as described above.
  • the central computing apparatus 72 is also operative to create first device identification data, such as a unique username for the user of the client computing apparatus 74.
  • the confidential data is encrypted with the first and second keys and stored with the first device identification data in a database.
  • the first key is conveyed with the first device identification data to the client computing apparatus 74.
  • the first key is then erased from the central computing apparatus 72 with the second key being kept. Later the user of the client computing apparatus 74 wishes to access the confidential data. The user therefore operates the client computing apparatus 74 to convey the first key and the username to the central computing apparatus 72. Upon receipt of the first key and the username, the central computing apparatus 72 is operative to retrieve the encrypted confidential data from the database in dependence on the username. The central computing apparatus 72 is operative to decrypt the encrypted confidential data with the first and second keys whereby the decrypted confidential data is accessible to the client computing apparatus 74. According to another approach, the user wishes to make the confidential data available to each of the distributed computing apparatus 76. The user therefore operates the client computing apparatus 74 to convey the first key and the username to each of the distributed computing apparatus 76.
  • Each of the distributed computing apparatus 76 is operative to convey the first key and the username to the central computing apparatus 72.
  • the central computing apparatus 72 is then operative as described above to retrieve and decrypt the encrypted confidential data and to make the decrypted confidential data available to the distributed computing apparatus 76.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a method of effecting transfer of privy data from a first electronic device (12) to a second electronic device (14). The method comprises conveying first device identification data, which identifies the first electronic device (12) or a user of the first electronic device, from the first electronic device to the second electronic device (14). The method also comprises conveying a data packet, which comprises privy data, from the first electronic device (12) to the second electronic device (14) and operating the second electronic device to encrypt the privy data with a key with the key then being erased from the second electronic device. Subsequent to erasing the key, the key and second device identification data, which identifies the first electronic device or a user of the first electronic device, are conveyed from the first electronic device (12) to the second electronic device (14). The privy data is then decrypted in the second electronic device (14) in dependence on the key received from the first electronic device (12) and the second device identification data matching the first device identification data, whereby the privy data is accessed by the second electronic device.

Description

Title of Invention: Data transfer apparatus and method
Field of the Invention
The present invention relates to a method of and apparatus for effecting transfer of privy data from a first electronic device to a second electronic device. The present invention also relates to a method of and apparatus for making privy data available for use.
Background Art
Arrangements for making payments by way of computing apparatus are known. According to an established approach, the vendor has an Internet accessible server platform by way of which goods and services are made available for sale.
Customers purchase goods or services from the vendor by way of respective computing apparatus which is in data communication with the vendor's server platform. A purchase involves payment being made from the customer to the vendor by way of privy data, such as debit or credit card details or banking details. Often the customer's privy data is stored by the vendor's server platform for later use. Storage of privy data is before a customer makes a purchase, for example during a registration phase, or during a purchase.
The present inventors have appreciated the above described known approach to present a risk to security of customers' privy data. The present invention has been devised in light of this appreciation. It is therefore an object for the present invention to provide an improved method of effecting transfer of privy data from a first electronic device to a second electronic device. It is a further object for the present invention to provide improved apparatus for transferring privy data from a first electronic device to a second electronic device.
Statement of Invention
According to a first aspect of the present invention there is provided a method of effecting transfer of privy data from a first electronic device to a second electronic device, the method comprising:
conveying first device identification data, which identifies the first electronic device or a user of the first electronic device, from the first electronic device to the second electronic device;
conveying a data packet from the first electronic device to the second electronic device, the data packet comprising privy data;
operating the second electronic device to encrypt the privy data with a key; erasing the key from the second electronic device;
subsequent to erasing the key, conveying the key and second device identification data, which identifies the first electronic device or a user of the first electronic device, from the first electronic device to the second electronic device; and in the second electronic device, decrypting the privy data in dependence on the key received from the first electronic device and the second device identification data matching the first device identification data, whereby the privy data is accessed by the second electronic device.
The method of effecting transfer of privy data, such as data relating to purchase of goods or services, from a first electronic device, such as a smartphone, to a second electronic device, such as electronic point of sale apparatus, comprises conveying first device identification data, which identifies the first electronic device, from the first electronic device to the second electronic device. The method then comprises conveying a data packet from the first electronic device to the second electronic device, the data packet comprising privy data. The method yet further comprises operating the second electronic device to encrypt the privy data with a key. The key is then erased from the second electronic device. The encrypted privy data may, for example, be stored, with erasure of the key providing for security of the encrypted privy data. Subsequent to erasing the key from the second electronic device, such as when access to the privy data is desired, the method comprises conveying the key and second device identification data, which identifies the first electronic device, from the first electronic device to the second electronic device. The method then comprises decrypting in the second electronic device the privy data in dependence on the key received from the first electronic device and the second device
identification data matching the first device identification data, whereby the privy data is accessed by the second electronic device. Determining if the second device identification data matches, for example is the same as, the first device identification data provides for security of the encrypted privy data by confirming that it is the first electronic device instigating decryption before the encrypted privy data is decrypted by way of the key received from the first electronic device. The method may thus provide for improved protection of the privy data by involvement of the first electronic device in allowing access to the privy data by the second electronic device.
According to a first approach, the method may further comprise operating the first electronic device to create the key. Furthermore, the data packet conveyed from the first electronic device to the second electronic device may further comprise the key. When the key is erased from the second electronic device, the first electronic device already has the key whereby the first electronic device can convey the key with the second device identification data later when the second electronic device is to be allowed access to the encrypted privy data.
According to a second approach, the method may further comprise operating the second electronic device to create the key. There is therefore no need for the data packet conveyed from the first electronic device to the second electronic device to further comprise the key. However, erasure of the key from the second electronic device would mean loss of the key. Therefore, and before the step of erasing the key from the second electronic device, the method further comprises conveying the key from the second electronic device to the first electronic device. The first electronic device may thus have the key whereby the first electronic device can convey the key with the second device identification data later when the second electronic device is to be allowed access to the encrypted privy data.
The step of operating the first electronic device to create a key may, for example, be carried out by an App running on the first electronic device or by a computer program running on the second electronic device. The key may comprise an alphanumeric string. In addition, the key may comprise a checksum. Alternatively or in addition, the key may comprise user data which is unique to a user of the first electronic device, such as a username of the user. The key may be hashed, such as by way of SHA-2. In addition, at least one of a salt and a pepper may be used before the key is hashed. The method may comprise creating plural different keys. The plural different keys may be created at different times. Each one of the plural different keys may be sent to a respective one of plural second electronic devices. The first electronic device may therefore transfer privy data and perhaps different privy data to each of plural second electronic devices.
The method comprises operating the second electronic device to encrypt the privy data with the key. The encrypted privy data may be stored, for example transiently before being conveyed from the second electronic device, locally to the second electronic device or remotely from the second electronic device. The encrypted privy data may be stored with the first device identification data. The encrypted privy data and the first device identification data may be stored in a privy data record. The encrypted privy data may therefore be retrieved later, such as from a database containing encrypted privy data from each of plural first electronic devices, by way of the first device identification data. The encrypted privy data may be stored with encrypted decryption confirmation data and unencrypted decryption confirmation data. The encrypted privy data may be stored in the privy data record. The encrypted decryption confirmation data is decrypted when the encrypted privy data is decrypted later and the decrypted decryption confirmation data is compared with the stored unencrypted decryption confirmation data to determine whether or not the privy data has been decrypted properly. The second electronic device may be operative to form the decryption confirmation data. The decryption confirmation data may, for example, be random data.
The method may further comprise operating the second electronic device to encrypt the privy data with a second key. The method may further comprise operating the second electronic device to create the second key. The second key may comprise an alphanumeric string. In addition, the second key may comprise a checksum. The privy data may therefore be encrypted by way of the first and second keys. Although the first key is erased, the second key may be retained. However, no risk may be presented because both of the first and second keys are required for later
decryption. Use of the second key reduces the risk of the privy data being decrypted by a third party which gains access to the encrypted privy data and obtains the first key from the first electronic device such as by way of phishing. Furthermore, only the second electronic device which has the second key may decrypt the privy data.
The method comprises erasing the key (i.e. the first key) from the second electronic device. As mentioned above, erasure of the key provides for security of the encrypted privy data by creating dependence on later provision of the key to allow for decryption of the privy data. The key may therefore be erased immediately following use of the key to encrypt the privy data. Where the key has been created in the second electronic device, the key may be conveyed to the first electronic device before the key is erased from the second electronic device.
The first device identification data may comprise at least one: MAC; IMEI; mobile telephone number where the first electronic device is a mobile telephone; email address for the first electronic device; and a device token, i.e. a unique identifier for the first electronic device. Where the first device identification data is hardware related, i.e. MAC, IMEI or mobile telephone number, the step of operating the first electronic device to create the key may comprise creating a device token which is used instead of hardware related first device identification data.
The method may further comprise conveying the first device identification data from the first electronic device to another first electronic device. The other first electronic device may be a second device operated by the person who operates the original first electronic device. The first device identification data may be conveyed by manual operation, e.g. entry by the user by way of a keypad on the other first electronic device, wirelessly, such as in accordance with the Bluetooth protocol or by way of Near Field Communication (NFC), or by operating the other first electronic device to scan a code optically, such as a QR code, the code comprising the first device identification data. First device identification data in the form of a token which is independent of hardware may be useful in such circumstances. According to a first approach, the first device identification data may be conveyed from the first electronic device to the second electronic device during a first session and the data packet may be conveyed to the second electronic device during a second session, the second session taking place after the first session. The first device identification data may be stored in a database. The first device identification data may be paired in the database with data pertaining to the user, such as a username and perhaps also contact details for the user. Where there are plural first electronic devices the database may comprise plural and indeed a large number of records with each record relating to a different one of the plural first electronic devices. During a subsequent session the data packet may be conveyed to the second electronic device with the first device identification data. The first device identification data conveyed with the data packet may be used to address the record already containing the first device identification data whereby the privy data comprised in the data packet may be stored after encryption in the database with the first device identification data.
According to a second approach, there may be no first session during which the first device identification data is conveyed from the first electronic device to the second electronic device. Instead the data packet may be conveyed to the second electronic device with the first device identification data and the first device
identification data may be stored in the database with the privy data comprised in the data packet after the privy data is encrypted. The encrypted privy data and the first device identification data may be comprised in a new record added to the database.
The method may comprise both of the first and second approaches. The first approach may be used to form an initial database comprising plural first device identification data, such as from an existing customer base, and the second approach may be used to augment the initial database with further first device identification data, such as from new customers.
The privy data may comprise data for effecting a financial transaction. More specifically the privy data may comprise data for making payment from a user of the first electronic device to a user of the second electronic device. The privy data may comprise bank information for the user of the first electronic device. More
specifically the bank information may comprise card data, such as debit or credit card data. The card data may comprise a Primary Account Number (PAN). The card data may further comprise at least one of: card start date; card expiry date; and CW number. The method may comprise storing the PAN in an exclude database.
The method may comprise forming an exclude database. The exclude database may comprise exclude data based on the privy data. For example where the privy data comprises data for effecting a financial transaction the exclude data may comprise a PAN. The exclude data may be hashed, such as by way of SHA-2.
Where there are plural first electronic devices, the exclude database may comprise plural exclude data, each of the plural exclude data being in respect of a different one of the plural first electronic devices. Exclude data may be stored in the exclude database when a first electronic device is in data communication for the first time with the second electronic device. When a first electronic device requests addition of fresh exclude data to the exclude database the method may further comprise comparing the fresh exclude data with exclude data already comprised in the exclude database. If the fresh exclude data is the same as exclude data already comprised in the exclude database, the second electronic device may be operative to cease inclusion of the fresh exclude data in the exclude database and may be further operative to terminate the session between the first and second electronic devices. The method may further comprise preventing further transfer of privy data.
Preventing further transfer of privy data may comprise a first electronic device of the user being operative to send a prevention request to the second electronic device, the prevention request comprising the key and exclude data. As described above, the key may be hashed. In addition, at least one of a salt and a pepper may be used before the key is hashed. Following receipt of the prevention request, the second electronic device may be operative to remove the exclude data from the exclude database. Presence of exclude data in the exclude database may be required for subsequent use of the privy data such as a making a purchase by way of the privy data.
The first electronic device may be operative to change the key. For example, the first electronic device may be operative to generate an alphanumeric string for use as the key which differs from the alphanumeric string used previously as the key. Privy data held by the second electronic device which has been encrypted by the previously used key therefore cannot be decrypted whereby a user of the first electronic device can make his or her previously disclosed privy data irrecoverable.
Before the step of conveying the key and second device identification data from the first electronic device to the second electronic device, the method may further comprise the second electronic device conveying a test packet to the first electronic device. The test packet may comprise a certificate which is encrypted with the key. The second electronic device may be operative to encrypt the certificate with the key before the step of erasing the key from the second electronic device. The second electronic device may therefore be operative to store the encrypted certificate for subsequent transmission of the test packet to the first electronic device. The encrypted certificate may be decrypted by the first electronic device by way of the key to thereby verify the identity of the second electronic device. The certificate may also be encrypted with the second key. The second key may be comprised in the test packet sent from the second electronic device to the first electronic device. The first electronic device may therefore decrypt the certificate by way of the received second key. The second key comprised in the test packet may be encrypted with the first key. The second electronic device may be operative to encrypt the second key with the first key before the step of erasing the first key from the second electronic device. The second electronic device may therefore be operative to store the encrypted second key for subsequent transmission of the test packet to the first electronic device. Upon receipt of the test packet, the second electronic device may be operative to decrypt the encrypted second key with the first key and then to decrypt the encrypted certificate with the first and second keys. The second electronic device may be further operative to erase the second key following decryption of the encrypted certificate.
A payment may be made subject to two or more parties approving the payment. Decryption of privy data held by the second electronic device may therefore depend on involvement of the first electronic device and at least one further electronic device. Decryption involving at least one further electronic device is now described with reference to a third electronic device, although features described with reference to the third electronic device may be similarly applied in respect of each of plural electronic devices further to the third electronic device. As described above, the method may further comprise operating the second electronic device to create the key. Furthermore, the privy data is encrypted with the key in the second electronic device. Where decryption involves the first electronic device and a third electronic device, the second electronic device may be operative to split the key into first and second parts. The first part of the key may be conveyed to the first electronic device and the second part of the key may be conveyed to the third electronic device. Where, for example, there are two further electronic devices further to the first and third electronic devices, the key may be split into four parts. In one approach, the second electronic device may convey the first part of the key to the first electronic device and may convey the second part of the key to the third electronic device. The second electronic device may convey the second part of the key to the third electronic device in dependence on identification of the third electronic device by way of stored identification data for the third electronic device. Storage of identification data for the third electronic device is described below. In another approach, the second electronic device may convey the first and second parts of the key to the first electronic device and the first electronic device may convey the second part of the key to the third electronic device.
Subsequent to erasure of the key from the second electronic device following encryption of the privy data with the key, the first electronic device may convey the first part of the key to the second electronic device and the third electronic device may convey the second part of the key to the second electronic device. Upon receipt of the first and second parts of the key, the second electronic device may reassemble the key from the first and second parts. As described above, the second electronic device may decrypt the privy data with the reassembled key.
When the third electronic device conveys the second part of the key to the second electronic device, the third electronic device may convey third device identification data, which identifies the third electronic device or a user of the third electronic device, to the second electronic device. Upon receipt of the third device
identification data, the second electronic device may compare the third device identification data with at least one stored device identification data and, if there is a match between the third device identification data and the at least one stored device identification data decrypt the privy data. The least one stored device identification data may thus comprise device identification data that identifies the third electronic device or a user of the third electronic device whereby the identity of the third electronic device or a user of the third electronic device may be confirmed before the privy data is decrypted. The at least one stored device identification data may be received from the first electronic device and, more specifically, the at least one stored device identification data may be conveyed from the first electronic device to the second electronic device with the privy data or when the first electronic device conveys the first device identification data to the second electronic device. The first electronic device may therefore be operative to nominate the third electronic device for involvement in decryption of the privy data. Likewise, the first electronic device may be operative to nominate each of fourth and further electronic devices for involvement in decryption of the privy data by conveying device identification data for each of the fourth and further electronic devices to the second electronic device.
Where the second electronic device stores the first device identification data and plural further device identification data, i.e. device identification data for each of the third electronic device and at least one further electronic device, decryption of the privy data may depend on matching of a subset of the first device identification data and plural further device identification data with received device identification data. The subset may comprise at least two device identification data. Plural electronic devices may thus be nominated for potential involvement in decryption of the privy data, with decryption of the privy being conditional on receipt of device identification data from at least two of the plural electronic devices and fewer than all of the plural electronic devices. As mentioned above, the method may be comprised in a payment process. The method may therefore further comprise the second electronic device conveying an amount to be paid to the first electronic device. The first electronic device may be operated by the user to either approve or disapprove the proposed transaction.
Thereafter the first electronic device may be operative to carry out the step conveying the key and second device identification data from the first electronic device to the second electronic device to thereby initiate payment. Following decryption of the privy data the second electronic device may be operative to take payment in dependence on the decrypted privy data. The first electronic device may be a mobile device such as a tablet computer or a smartphone. The first electronic device may therefore be operable as described above in dependence on an App running on the first electronic device. The second electronic device may comprise computing apparatus, such as a server. The second electronic device may be operated on or on behalf of a vendor of goods or services. Alternatively the second electronic device may be operated on or on behalf of a payment handling establishment, such as a bank. Communication between the first and second electronic devices may be wireless and may be at least in part by way of the Internet.
According to a second aspect of the present invention there is provided a computer program comprising program instructions for causing computer apparatus to perform the method according to the second aspect of the present invention. More specifically, the computer program may be at least one of: embodied on a record medium; embodied in read only memory; stored in a computer memory; and carried on an electrical carrier signal. Further embodiments of the second aspect of the present invention may comprise one or more features of the first aspect of the present invention.
According to a third aspect of the present invention there is provided a computer system comprising program instructions for causing computer apparatus to perform the method according to the second aspect of the present invention. More specifically the program instructions may be at least one of: embodied on a record medium; embodied in a read only memory; stored in a computer memory; and carried on an electrical carrier signal. Further embodiments of the third aspect of the present invention may comprise one or more features of the first aspect of the present invention.
According to a fourth aspect of the present invention there is provided apparatus for transferring privy data, the apparatus comprising:
a first electronic device and a second electronic device configured to convey first device identification data from the first electronic device to the second electronic device, the first device identification data identifying the first electronic device or a user of the first electronic device,
the first and second electronic devices being further configured to convey a data packet from the first electronic device to the second electronic device, the data packet comprising privy data,
the second electronic device being configured to encrypt the privy data with a key and to erase the key from the second electronic device, subsequent to erasing the key, the first and second electronic devices being configured to convey the key and second device identification data, which identifies the first electronic device or a user of the first electronic device, from the first electronic device to the second electronic device, and
the second electronic device being configured to decrypt the privy data in dependence on the key received from the first electronic device and the second device identification data matching the first device identification data, whereby the privy data is accessed by the second electronic device. Embodiments of the fourth aspect of the present invention may comprise one or more features of the first aspect of the present invention.
According to a further aspect of the present invention there is provided a method of making privy data available for use, the method comprising:
storing first device identification data with encrypted privy data in a first electronic device, the encrypted privy data having been encrypted with a key, the key now being no longer comprised in the first electronic device;
conveying the key and second device identification data from a second electronic device to the first electronic device; and
decrypting in the first electronic device the privy data in dependence on the received key and the second device identification data matching the first device identification data whereby the privy data is accessed by the first electronic device.
The method according to the further aspect makes privy data available for use. The method comprises storing first device identification data with encrypted privy data in a first electronic device, the encrypted privy data having been encrypted with a key, the key now being no longer comprised in the first electronic device. The privy data may have been conveyed to the first electronic device by another party along with the key. In addition, the first electronic device may have been operative to encrypt the privy data with the key before storing the encrypted privy data either locally or remotely and erasing the key. The privy data is now inaccessible without the key which is needed for decryption of the encrypted privy data. The key and second device identification data are conveyed from a second electronic device to the first electronic device. This step may be carried out later and perhaps weeks or months later. The method further comprises decrypting in the first electronic device the privy data in dependence on the received key and the second device identification data matching the first device identification data whereby the privy data is operated on by the first electronic device. The privy data is now available for use.
The method may further comprise conveying the decrypted privy data to at least one further electronic device. Making the decrypted privy data available to at least one further electronic device is thus under the control of the second electronic device. The first device identification data may have been generated by the second electronic device. The privy data may pertain to a user of the second electronic device. As described above, the first device identification data may be characteristic of the second electronic device and may be used to access the user's privy data in a database comprising plural different privy data each stored with a respective one of plural different first device identification data. The further electronic device may be the second electronic device. A third electronic device may have generated the first device identification data. The privy data may pertain to a user of the third electronic device. The user of the third electronic device may allow the second electronic device access to the privy data by conveying the key and second device
identification data to the second electronic device. The key and second device identification data are then conveyed from the second electronic device to the first electronic device. If the first and second device identification data match, the privy data is decrypted with the key. The method may further comprise conveying the decrypted privy data to the second electronic device. The user of the third electronic device thus allows for selective access to at least one second electronic device to the privy data stored by way of the first electronic device.
Further embodiments of the further aspect of the present invention may comprise one or more features of any previous aspect of the present invention.
According to a yet further aspect of the present invention there is provided apparatus for making privy data available for use, the apparatus comprising: a first electronic device operative to store first device identification data with encrypted privy data, the encrypted privy data having been encrypted with a key the key now being no longer comprised in the first electronic device; and
a second electronic device which is operative with the first electronic device to convey the key and second device identification data from the second electronic device to the first electronic device,
the first electronic device being operative to decrypt the privy data in dependence on the received key and the second device identification data matching the first device identification data whereby the privy data is accessed by the first electronic device.
Embodiments of the yet further aspect of the present invention may comprise one or more features of any previous aspect of the present invention. Brief Description of Drawings
Further features and advantages of the present invention will become apparent from the following specific description, which is given by way of example only and with reference to the accompanying drawings, in which:
Figure 1 is a block diagram representation of apparatus for transferring privy data according to the present invention;
Figures 2A and 2B are flow chart representations of a method of transferring privy data according to the present invention; and
Figure 3 is a block diagram representation of apparatus for making privy data available for use according to the present invention.
Description of Embodiments
A block diagram representation of apparatus for transferring privy data 10 according to the present invention is shown in Figure 1 . The apparatus for transferring privy data 10 comprises plural customer computing apparatus 12 and a vendor's server platform 14. The customer computing apparatus 12 is, for example, a Personal Computer (PC), a tablet computer or a smartphone. Each of the customer computing apparatus 12 is in data communication with the vendor's server platform 14 by way of a computer network, such as the Internet, or a metropolitan or wide area network, such as the Global System for Mobile Communications (GSM) or 4G network. The vendor offers goods or services for sale by way of a website which may be browsed by a user of each of the plural customer computing apparatus 12. As described in more detail below, each user registers with the vendor whereby payment information for the user is stored by or by way of the vendor's server platform 14. When a user wishes to purchase goods or services by way of the vendor's website, a payment process is initiated during which the stored payment information is used to effect payment for goods or services.
Flow chart representations of a method of transferring privy data according to the present invention are shown in Figures 2A and 2B. The method will now be described with reference to the apparatus for transferring privy data 10 shown in Figure 1 . As mentioned above, a new customer registers with the vendor. The registration process is represented in Figure 2A and involves the customer entering details of his or her payment card 20 (which constitutes privy data) into the customer computing apparatus 12 by way of an App running on the customer computing apparatus. The details entered include the Primary Account Number (PAN), card start date, card expiry date, and CW number. The App running on the customer computing apparatus 12 is operative to create a first key 22. The first key comprises an alphanumeric string, a checksum and user data, such as a username of the customer, which is unique to the user of the customer computing apparatus 12. The customer computing apparatus 12 is operative to hash the first key, such as by way of SHA-2, with at least one of a salt and a pepper being used before the first key is hashed. The App is further operative to display the first key to the customer with a recommendation to record the first key for data restoration purposes. The App is also operative to create first device identification data 24. The first device
identification data comprises one of a MAC for the customer computing apparatus 12, IMEI for the customer computing apparatus 12, mobile telephone number where the first electronic device is a mobile telephone, email address for the customer computing apparatus and a device token, i.e. a unique identifier for the first electronic device. The registration process further comprises the customer computing apparatus 12 forming a data packet which comprises the payment card details, the hashed first key and the first device identification data. The data packet is conveyed to the vendor's server platform 14, 26. According to an alternative approach, the first key is created in the vendor's server platform instead of in the customer computing apparatus 12. There is therefore no need for the data packet comprise the key because the first key is already in the possession of the vendor's server platform. However, the step described below of erasure of the first key from the vendor's server platform 14 would mean loss of the first key. Therefore, and before the step of erasing the first key from the vendor's server platform, the first key is conveyed from the vendor's server platform 14 to the customer computing apparatus 12 whereby the customer computing apparatus 12 has the first key for subsequent decryption of encrypted payment card details. According to another registration approach, the first device identification data is conveyed to the vendor's server platform 14 in advance of the payment card details and the hashed first key. This approach is followed where a customer carries out a bare registration with the vendor, such as by way of an email address for the customer, but does not go at this stage so far as providing payment card details. The payment card details and the hashed first key are conveyed to the vendor's server platform 14 later, such as when the customer is ready to make his or her first purchase.
Upon receipt of the data packet the vendor's server platform 14 is operative to determine whether or not the PAN is present in an exclude list 28. If the PAN is already present in the exclude list, the data packet is not acted upon and the customer is informed accordingly. If the PAN is not present in the exclude list, the PAN is added to the exclude list. Thereafter the vendor's server platform 14 is operative in accordance with known procedure to check the validity of the card for which payment card details have been provided by way of a zero amount transaction. The CW number is discarded by the vendor's server platform 14 because it is not required for transactions. The vendor's server platform 14 is operative to form a string of random data which constitutes decryption confirmation data. The vendor's server platform 14 is then operative to encrypt the payment card details and the decryption confirmation data with the first key and a second key. AN example encryption scheme is AES256. The second key is described further below. The encrypted payment card details and encrypted decryption confirmation data are then stored in a database 30 along with the unencrypted decryption confirmation data, the last three digits of the PAN in unencrypted form and the first device identification data with the first device identification data serving as an index for retrieval of the encrypted payment card details. The registration process concludes with the first key being erased from the vendor's server platform 14, 32 whereby the customer computing apparatus 12 alone of the customer computing apparatus 12 and the vendor's server platform 14 has the first key.
Although not shown in Figure 2A, the vendor's server platform 14 creates a second key which is hashed, such as by way of SHA-2, with at least one of a salt and a pepper being used before the second key is hashed. This step is carried out earlier than the steps represented in Figure 2A whereby the second key is available for use with payment card details from plural customer computing apparatus 12. The vendor's server platform 14 is further operative to encrypt a security certificate with the first and second keys before the first key is erased. The encrypted security certificate is then stored for later use with the encrypted payment card details in the database.
The above described registration process is repeated in respect of each of plural different customers each operating his or her own customer computing apparatus 12. The database is thus populated with encrypted payment card details for each of the plural customers with the exclude list being likewise populated. Furthermore a customer may register with each of plural different vendors with the process involving the steps described above in respect of each of the plural different vendors. The customer computing apparatus 12 therefore creates plural different keys with each key being in respect of a different vendor's server platform 14.
A customer may wish to de-register from a vendor. De-registration comprises the user operating the customer computing apparatus 12 by way of the App to form a prevention request 34. The prevention request comprises the first key which is hashed as described above and the PAN of the customer's payment card details. The customer computing apparatus 12 is then operative to convey the prevention request to the vendor's server platform 14, 36. Upon receipt of the prevention request, the vendor's server platform 14 is operative to remove the PAN comprised in the prevention request from the exclude list 38. The customer's payment card details comprising the now removed PAN may no longer be used to effect a transaction until the customer's payment card details are re-registered. An alternative or additional approach to preventing further use of the customer's payment card details involves the customer operating the customer computing apparatus 12 to change the first key and to erase the original first key. In the absence of the original first key the customer's payment card details cannot now be decrypted whereby the customer makes the payment card details irrecoverable. When a customer loses the customer computing apparatus 12 details relating to the lost customer computing apparatus 12 are removed from the database comprised in the vendor's server platform 14 by way of a web console. The customer then reregisters by way of another customer computing apparatus 12. When a customer loses all his or her customer computing apparatus 12 and the first key, the customer contacts the vendor or a third party managing the process on behalf of the vendor. Subject to the customer passing the zero value transaction process described above, the vendor or the third party deletes payment card details for the customer from the database comprised in the vendor's server platform 14.
The payment process is represented in Figure 2B and involves the customer operating his customer computing apparatus 12 to establish a session with the vendor's server platform 14. As a first step, the customer computing apparatus 12 conveys the first device identification data to the vendor's server platform 14, 52 which is operative to retrieve the encrypted security certificate and the encrypted second key from the database in dependence on the received first device
identification data. The vendor's server platform 14 is then operative to form a test packet comprising the encrypted security certificate and the encrypted second key and to convey the test packet to the customer computing apparatus 12, 54. Upon receipt of the test packet, the customer computing apparatus 12 is operative to decrypt the encrypted second key with the locally held first key and then to decrypt the encrypted security certificate with the locally held first key and the now decrypted second key. The second key is then erased from the customer computing apparatus 12 and the customer computing apparatus 12 is operative to use the decrypted security certificate to verify the identity of the vendor's server platform 14, 54 before the second key is disclosed to the vendor's server platform 14. The payment process then involves the vendor's server platform 14 being operative to convey an amount to be paid to the customer computing apparatus 12, 56. The customer computing apparatus 12 is operated by the user to either approve 58 or disapprove the proposed transaction. Thereafter the customer computing apparatus 12 is operative to convey the first hashed key and the first device identification data (which constitutes the second device identification data) to the vendor's server platform 14, 60 to thereby initiate payment. Upon receipt of the first hashed key and the first device identification data, the vendor's server platform 14 is operative to identify a data record in the database which is indexed by the first device
identification data. If there is no data record in the database which is indexed by the received first device identification data, the vendor's server platform 14 is operative to determine that the payment request is invalid and the transaction is aborted. If there is a data record in the database which is indexed by the received first device identification data, the vendor's server platform 14 is operative to retrieve from the data record the encrypted payment card details, the encrypted decryption
confirmation data, the unencrypted decryption confirmation data and the last three digits of the PAN. The vendor's server platform 14 is then operative to decrypt the encrypted payment card details and the encrypted decryption confirmation data with the received first key and the locally held second key 62. The now decrypted decryption confirmation data is compared with the unencrypted decryption confirmation data to confirm proper decryption. In addition the last three digits of the PAN are compared with the last three digits of the PAN comprised in the decrypted payment card details to confirm that the correct payment card details are being processed. Payment is then made in accordance with an established method in dependence on the now decrypted payment card details 64.
A customer may make use of more than one customer computing apparatus 12 to effect payment. For example, the customer may make use of a tablet computer and a smartphone with each device running the App described above. The registration process described above is completed with one of the two devices. Later the customer wishes to be able to use either one of the two devices. The customer therefore operates the second device, i.e. the device other than the device used for registration, to establish a session with the vendor's server platform 14. The vendor's server platform 14 is operative to prompt the customer to enter the first key by way of the second device. The first key is entered manually by the customer, such as by way of a keypad comprised in the second device or by using the second device to scan a QR code representing the first key. Alternatively the first key is conveyed wirelessly from the first device to the second device, such as in
accordance with a Bluetooth protocol or by way of a Near Field Communication (NFC) link. The second device is also operative to receive first identification data from the first device, the first identification being in the form of a token which is independent of hardware whereby encrypted payment card details may be retrieved from the database in dependence on the token and irrespective of the device which is in communication with the vendor's server platform 14. Registration of the first device is therefore on the basis of the token in preference to hardware dependent first identification data. A payment process involving the second device proceeds as described above with reference to Figure 2B with the second device conveying the received first hashed key and the received token (which constitutes first device identification data) to the vendor's server platform 14 to thereby initiate payment.
According to an alternative embodiment, approval for payment depends on the involvement of a subset of plural customer computing apparatus 12. In this embodiment, one of the plural customer computing apparatus 12 nominates the other customer computing apparatus for potential involvement in the approval for payment. The customer computing apparatus 12 nominates the other customer computing apparatus by conveying device identification data for itself and each of the other customer computing apparatus the vendor's server platform 14 with the received device identification data being stored by the vendor's server platform. The device identification data for each of the other customer computing apparatus is either conveyed to the vendor's server platform 14 when the customer computing apparatus 12 conveys its device identification data to the vendor's server platform or when the privy data is conveyed to the vendor's server platform. A pool of customer computing apparatus is thus nominated for potential involvement in payment approval. The vendor's server platform 14 is then operative to create a key, as described above, with the created key then being conveyed to one of the customer computing apparatus 12. The customer computing apparatus 12 then splits the key into plural parts with one part of the key being kept by the customer computing apparatus and at least one other part being sent to a respective at least one other customer computing apparatus. Alternatively, the key is split into parts in the vendor's server platform 14 and either sent direct to each customer computing apparatus with the customer computing apparatus being identified by the stored device identification data or sent to each customer computing apparatus by way of one of the customer computing apparatus 12. As described above, the key is then erased from the vendor's server platform 14 following encryption of the received privy data with the key.
When payment is to be made, decryption of the privy data depends on receipt of a part of the key by the vendor's server platform 14 from each of the nominated customer computing apparatus along with device identification data from each of the nominated customer computing apparatus. When all of the parts are received and the device identification data received from each of the customer computing apparatus has been matched with one of the stored device identification data, the key is reassembled from the received parts and the reassembled key is used to decrypt the privy data. Decryption of the privy data is as described above. Here, decryption depends on the involvement of plural customer computing apparatus whereby payment depends on approval being given by each user of the plural customer computing apparatus. Decryption can be set in the vendor's server platform 14 to depend on approval from a minimum number of users, such as a minimum of three users. Therefore, the key should be split on the customer computing apparatus side into the requisite number of parts for the threshold minimum number of users to be reached.
A block diagram representation of apparatus for making privy data available for use 70 is shown in Figure 3. The apparatus for making privy data available for use 70 comprises a central computing apparatus 72 (which constitutes a first electronic device), a client computing apparatus 74 and plural distributed computing apparatus 76. The central computing apparatus 72 stores confidential data (which constitutes privy data) relating to the user of the client computing apparatus 74. The central computing apparatus 72 is operative to create first and second keys as described above. The central computing apparatus 72 is also operative to create first device identification data, such as a unique username for the user of the client computing apparatus 74. The confidential data is encrypted with the first and second keys and stored with the first device identification data in a database. The first key is conveyed with the first device identification data to the client computing apparatus 74. The first key is then erased from the central computing apparatus 72 with the second key being kept. Later the user of the client computing apparatus 74 wishes to access the confidential data. The user therefore operates the client computing apparatus 74 to convey the first key and the username to the central computing apparatus 72. Upon receipt of the first key and the username, the central computing apparatus 72 is operative to retrieve the encrypted confidential data from the database in dependence on the username. The central computing apparatus 72 is operative to decrypt the encrypted confidential data with the first and second keys whereby the decrypted confidential data is accessible to the client computing apparatus 74. According to another approach, the user wishes to make the confidential data available to each of the distributed computing apparatus 76. The user therefore operates the client computing apparatus 74 to convey the first key and the username to each of the distributed computing apparatus 76. Each of the distributed computing apparatus 76 is operative to convey the first key and the username to the central computing apparatus 72. The central computing apparatus 72 is then operative as described above to retrieve and decrypt the encrypted confidential data and to make the decrypted confidential data available to the distributed computing apparatus 76.

Claims

Claims
1 . A method of effecting transfer of privy data from a first electronic device to a second electronic device, the method comprising:
conveying first device identification data, which identifies the first electronic device or a user of the first electronic device, from the first electronic device to the second electronic device;
conveying a data packet from the first electronic device to the second electronic device, the data packet comprising privy data;
operating the second electronic device to encrypt the privy data with a key; erasing the key from the second electronic device;
subsequent to erasing the key, conveying the key and second device identification data, which identifies the first electronic device or a user of the first electronic device, from the first electronic device to the second electronic device; and in the second electronic device, decrypting the privy data in dependence on the key received from the first electronic device and the second device identification data matching the first device identification data, whereby the privy data is accessed by the second electronic device.
2. The method according to claim 1 further comprising operating the first electronic device to create the key, wherein the data packet conveyed from the first electronic device to the second electronic device further comprises the key.
3. The method according to claim 1 further comprising: operating the second electronic device to create the key; and, before the step of erasing the key from the second electronic device, conveying the key from the second electronic device to the first electronic device.
4. The method according to any one of the preceding claims, wherein the encrypted privy data is stored with encrypted decryption confirmation data and unencrypted decryption confirmation data, the encrypted decryption confirmation data being decrypted with the encrypted privy data, and the decrypted decryption confirmation data being compared with the unencrypted decryption confirmation data to thereby determine whether or not the privy data has been decrypted properly.
5. The method according to any one of the preceding claims further comprising operating the second electronic device to encrypt the privy data with a second key created by the second electronic device, the second key being kept by the second electronic device despite erasure of the first key.
6. The method according to any one of the preceding claims further comprising conveying the first device identification data from the first electronic device to another electronic device, the other electronic device being operated by a user of the first electronic device, wherein the first device identification data is a hardware independent token.
7. The method according to any one of the preceding claims, wherein the first device identification data is conveyed from the first electronic device to the second electronic device during a first session and the data packet is conveyed to the second electronic device during a second session, the second session taking place after the first session, the first device identification data being stored in a database with user data pertaining to a user of the first electronic device, the database comprising plural pairs of first device identification data and user data for each of plural first electronic devices, the data packet being conveyed with the first device identification data to the second electronic device during the second session, the privy data comprised in the data packet being stored in the database with one of the plural pairs of first device identification data and user data in dependence on the first device identification data received with the data packet.
8. The method according to claim 7, wherein there is no first session in respect of a further first electronic device, the data packet being conveyed to the second electronic device with first device identification data for the further first electronic device, the first device identification data for the further first electronic device being stored in the database with the privy data comprised in the data packet, the first device identification data for the further first electronic and the privy data comprised in the data packet constituting a new record in the database.
9. The method according to any one of the preceding claims, wherein the second electronic device stores an exclude database, exclude data relating to a first electronic device being stored in the exclude database when the first electronic device is in data communication with the second electronic device for the first time, presence of exclude data in the exclude database being required for use of decrypted privy data, the method further comprising comparing fresh exclude data with the exclude data already stored in the exclude database when the first electronic device requests addition of the fresh exclude data to the exclude database, the second electronic device being operative to cease inclusion of the fresh exclude data in the exclude database and to terminate a session between the first and second electronic devices if the fresh exclude data is the same as the exclude data already comprised in the exclude database.
10. The method according to claim 9 further comprising the first electronic device being operative to send a prevention request to the second electronic device, the prevention request comprising the key and the exclude data, the second electronic device being operative to remove the exclude data from the exclude database in dependence on receipt of the prevention request.
1 1 . The method according to any one of the preceding claims further comprising the second electronic device conveying a test packet to the first electronic device before the step of conveying the key and second device identification data from the first electronic device to the second electronic device, the test packet comprising an encrypted certificate which is encrypted with the key, the encrypted certificate being decrypted with the key by the first electronic device to thereby verify the identity of the second electronic device.
12. The method according to any one of the preceding claims further comprising creating the key, splitting the key into plural parts, storing a part of the key in each of the first electronic device and at least one further electronic device, and subsequent to erasing the key from the second electronic device, each of the first electronic device and the at least one further electronic device conveying its part of the key to the second electronic device, the second electronic device reassembling the key from the received parts of the key before decrypting the privy data with the
reassembled key.
13. The method according to claim 12, wherein the second electronic device creates and splits the key, the parts of the key being conveyed from the second electronic device to the first electronic device, the first electronic device keeping a first part of the key and conveying at least one other part of the key to a respective at least one further electronic device.
14. The method according to claim 12 or 13, wherein each of the first electronic device and the at least one further electronic device conveys its part of the key to the second electronic device with respective device identification data, the second electronic device decrypting the privy data if the device identification data received with each part of the key matches respective stored device identification data.
15. The method according to claim 14, wherein the stored device identification data for the further electronic devices is conveyed from the first electronic device to the second electronic device.
16. The method according to any one of the preceding claims further comprising the second electronic device conveying an amount to be paid to the first electronic device, the first electronic device being operated by a user to either approve or disapprove payment in dependence on receipt of the amount to be paid, the first electronic device carrying out the step of conveying the key and the second device identification data from the first electronic device to the second electronic device if payment is approved, the second electronic device taking payment from the first electronic device following decryption of the privy data.
17. The method according to any one of the preceding claims, wherein the first electronic device is a mobile device and the second electronic device comprises a computer server.
18. A computer program comprising program instructions for causing computer apparatus to perform the method according to any one of the preceding claims.
19. The computer program according to claim 18 being at least one of: embodied on a record medium; embodied in read only memory; stored in a computer memory; and carried on an electrical carrier signal.
20. Apparatus for transferring privy data, the apparatus comprising:
a first electronic device and a second electronic device configured to convey first device identification data from the first electronic device to the second electronic device, the first device identification data identifying the first electronic device or a user of the first electronic device,
the first and second electronic devices being further configured to convey a data packet from the first electronic device to the second electronic device, the data packet comprising privy data,
the second electronic device being configured to encrypt the privy data with a key and to erase the key from the second electronic device,
subsequent to erasing the key, the first and second electronic devices being configured to convey the key and second device identification data, which identifies the first electronic device or a user of the first electronic device, from the first electronic device to the second electronic device, and
the second electronic device being configured to decrypt the privy data in dependence on the key received from the first electronic device and the second device identification data matching the first device identification data, whereby the privy data is accessed by the second electronic device.
EP18800742.1A 2017-10-17 2018-10-17 Data transfer apparatus and method Withdrawn EP3698307A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB1717052.3A GB201717052D0 (en) 2017-10-17 2017-10-17 Data transfer apparatus and method
PCT/GB2018/053007 WO2019077353A1 (en) 2017-10-17 2018-10-17 Data transfer apparatus and method

Publications (1)

Publication Number Publication Date
EP3698307A1 true EP3698307A1 (en) 2020-08-26

Family

ID=60419259

Family Applications (1)

Application Number Title Priority Date Filing Date
EP18800742.1A Withdrawn EP3698307A1 (en) 2017-10-17 2018-10-17 Data transfer apparatus and method

Country Status (3)

Country Link
EP (1) EP3698307A1 (en)
GB (1) GB201717052D0 (en)
WO (1) WO2019077353A1 (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2606604A1 (en) * 2010-08-17 2013-06-26 Hewlett-Packard Development Company, L.P. Encryption key management
CN104506483A (en) * 2014-10-21 2015-04-08 中兴通讯股份有限公司 Method for encrypting and decrypting information and managing secret key as well as terminal and network server
GB201601796D0 (en) * 2016-02-01 2016-03-16 Comcarde Ltd Payment handling apparatus and method

Also Published As

Publication number Publication date
GB201717052D0 (en) 2017-11-29
WO2019077353A1 (en) 2019-04-25

Similar Documents

Publication Publication Date Title
US20210142312A1 (en) Authentication systems and methods using location matching
US10404461B2 (en) Token security on a communication device
US11720893B2 (en) Systems and methods for code display and use
US11170379B2 (en) Peer forward authorization of digital requests
US10424171B2 (en) Systems and methods for transferring resource access
CA2851895C (en) Person-to-person electronic payment processing
US9317704B2 (en) System and method for initially establishing and periodically confirming trust in a software application
US20180285875A1 (en) Static token systems and methods for representing dynamic real credentials
US10979404B2 (en) Systems and methods for inspecting communication within an encrypted session
US11095450B2 (en) Blockchain based alias interaction processing
US11068881B2 (en) System for resource distribution within an offline environment
US20200151707A1 (en) Card storage handler for tracking of card data storage across service provider platforms
US10108937B2 (en) Method of registering a membership for an electronic payment, system for same, and apparatus and terminal thereof
US20190043046A1 (en) Payment handling apparatus and method
US20220138760A1 (en) Dynamic Ledger Address Masking
WO2019077353A1 (en) Data transfer apparatus and method
WO2019203982A2 (en) Server and method for sending a transaction receipt via a push notification
KR20150092731A (en) Method for Providing Service by using User’s Handheld Phone
JP2012138812A (en) Content management system and content management method

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20200509

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: COMCARDE LIMITED

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20220221

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20220827