GB2478712A - Authorisation system - Google Patents

Authorisation system Download PDF

Info

Publication number
GB2478712A
GB2478712A GB1004246A GB201004246A GB2478712A GB 2478712 A GB2478712 A GB 2478712A GB 1004246 A GB1004246 A GB 1004246A GB 201004246 A GB201004246 A GB 201004246A GB 2478712 A GB2478712 A GB 2478712A
Authority
GB
United Kingdom
Prior art keywords
user
transaction
code
terminal
processing terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1004246A
Other versions
GB201004246D0 (en
Inventor
David Jackson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB1004246A priority Critical patent/GB2478712A/en
Publication of GB201004246D0 publication Critical patent/GB201004246D0/en
Publication of GB2478712A publication Critical patent/GB2478712A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3272Short range or proximity payments by means of M-devices using an audio code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3274Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3276Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

An authorisation system 1 which comprises a transaction processing terminal 20 for processing transactions; and a mobile user device 10, the user device 10 comprising means for receiving information relating to a particular transaction from the processing terminal 20, and means for generating a user code to authorise a transaction in dependence upon the received information, wherein the user code is adapted to be received by the processing terminal 20 thereby to enable the processing terminal 20 to process the transaction. The invention extends to a corresponding method, a point-of-sale terminal POS, and a mobile device. The process for card holder present transactions comprises the merchant scanning goods and presenting via a barcode the transaction reference, merchant id and amount. The customer scans the barcode and depending on the amount enters a PIN into the smart phone. The smartphone generates a one time activation code and card number via an on screen barcode and the merchant scans the barcode and processes the transaction. A dynamic activation code may be generated based on a clock signal and a preinstalled random seed key. The system may also be used to control access or authorize provision of service.

Description

Authorisation system The present invention relates to an authorisation system. This invention also relates to a method of authorising a transaction, and to a mobile device and a point-of-sale (POS) terminal.
Authorisation systems for enabling users to carry out transactions that make use of tokens (such as credit cards) containing RFID tags are known, for example, the MasterCard TM PayPass TM system. Such systems enable a user to swipe a credit card equipped with an RFID tag over a reader located at a point-of-sale (POS) terminal in order to effect a payment transaction. However, such systems may be vulnerable to eavesdropping, and the information contained on the RFID tag cannot be altered dynamically, for example, in an effort to improve security. Furthermore, since no user authentication is required, such transactions are limited in value so as to limit the financial exposure to a user and the card issuer should a card be lost or stolen.
For larger value transactions, chip and pin systems are frequently employed. However, there may be security flaws in chip and pin systems. It is known to use separate card readers, into which a credit card is inserted, to generate dynamic pass codes, such as the Visa TM Dynamic Passcode Authentication Scheme. These systems do enhance the security of existing chip and pin systems. However, the requirement for a user to carry around a card reader, in addition to their credit card, may be inconvenient in certain circumstances.
The present invention aims to alleviate at least some of these problems.
According to one aspect of the invention, there is provided an authorisation system which comprises a transaction processing terminal for processing transactions; and a mobile user device, the user device comprising means for receiving information relating to a particular transaction from the processing terminal, and means for generating a user code to authorise a transaction in dependence upon the received information, wherein the user code is adapted to be received by the processing terminal thereby to enable the processing terminal to process the transaction.
The generation of a user code on the basis of the received transaction information may enhance the security of the system.
Preferably, the user code generating means is adapted to generate a user code which is in the form of a machine readable code.
Preferably, the user code generating means is further adapted to generate a user code which is in the form of an optical indicator. More preferably, the code is in the form of a bar code, and yet more preferably a two-dimensional bar code.
Preferably, the terminal comprises means for reading the code.
Preferably, the reading means comprises an optical scanner.
Alternatively, or in addition, the user code generating means is further adapted to generate the user code in the form of a series of audible tones, and preferably a series of dual-tone multi-frequency (DTMF) signalling tones. In this case, the terminal may be adapted to receive audible tones.
Preferably, the user code generating means is adapted to generate a unique code for each transaction. Hence, the user code is referred to herein as a one-time authorisation code (OTAC).
Preferably, the user code generating means is adapted to incorporate the information relating to a particular transaction within the user code.
Preferably, the user code generating means is adapted to incorporate at least one of the following pieces of information relating to the transaction within the user code: an identity of the terminal (a merchant identifier); the amount of the transaction; detail relating to the item(s); and a time stamp.
Preferably, the user code generating means is adapted to incorporate bank details relating to the user of the mobile device into said code.
Preferably, the bank details are stored on the mobile device, preferably in encrypted form.
Alternatively, or in addition, the bank details may be stored on a remote server, preferably a secure server connectable to the internet. Preferably, the mobile device further comprises means for accessing the server thereby to obtain the bank details from the remote server. Preferably, the mobile device comprises means for connecting the mobile device to the internet.
Alternatively, or in addition, the bank details may be provided in a physical form on an outer surface of the mobile phone. Preferably, the bank details are displayed on an outer surface of the mobile device. More preferably, the bank details are etched onto the outer surface and/or cover of the mobile device. In one example, a card number may be etched onto the rear cover of the mobile device. In an alternative example, an optical indictor, preferably in the form of a bar code, may be provided on the outer surface of the device.
Preferably, the bank details comprise at least one of the following: a credit card number; a bank account number; a Card Verification Value (CVV) code; bank and/or credit card validity dates; and a bank and/or credit card issue number.
Preferably, the user code generating means is adapted to incorporate a dynamically generated authentication code within the user code.
Preferably, the mobile device comprises means for generating a dynamic authentication code based on a clock signal of the user device and a preinstalled random seed key.
Preferably, the means for generating the dynamic authentication code is adapted to generate the code on the basis of the bank details stored on the mobile device.
In the case where the bank details are stored on a remote server, the user code generating means may be adapted to request a dynamically generated authentication code from the server, in which case the server further comprises means for generating a dynamic authentication code.
Preferably, the mobile device further comprises means for encrypting the user code.
Preferably, the mobile device further comprised means for storing a log of all generated user codes.
Preferably, the mobile device further comprises means for authenticating a user prior to generating the user code.
Preferably, the authentication means comprises means for interrogating a user.
Preferably, the interrogating means comprises means for presenting a user with an authentication screen adapted to be displayed on a display means of the mobile device.
Preferably, the authenticating means is adapted to make use of a Personal Identification Number (PIN) code corresponding to the user's bank account and/or credit card to authenticate the user.
Preferably, the PIN code is stored in an encrypted form on the mobile device.
Preferably, the authentication means is adapted to authenticate the user using a set of images.
Preferably, the set of images includes a selection of random images and at least one image that is known to the user.
Preferably, the authentication means is adapted to authenticate a user on the basis of information relating to the user available via the user's online profile.
Preferably, the authentication means is adapted to access the online profile of a user thereby to obtain information relating to the user to form the basis of the authentication.
Preferably, the processing terminal comprises means for decoding the user code to extract information relating to the user authorisation of the transaction.
Preferably, the terminal comprises means for decrypting the user code.
Preferably, the terminal is connectable to a transaction approval system for approving transactions Preferably, the terminal is adapted to transmit information relating to the user authorisation of the transaction to the approval system.
Preferably, the approval system includes a banking institution.
Preferably, the processing terminal further comprises means for displaying transaction information to a user thereby to enable a user to input manually the transaction information relating to a particular transaction into the mobile device.
Preferably, the transaction information comprises at least one of the following: an identity of the terminal (a merchant identifier); the amount of the transaction; detail relating to the item(s); and a time stamp.
Preferably, the processing terminal comprises means for generating a transaction code relating to a particular transaction, said code being adapted to be read by the mobile user device thereby to enable a user to authorise the transaction via the mobile user device.
According to a further aspect of the invention, there is provided an authorisation system which comprises a processing terminal for processing transactions; and a mobile user device, wherein the processing terminal comprising means for generating a transaction code relating to a particular transaction, said code being adapted to be read by the mobile user device thereby to enable a user to authorise the transaction via the mobile user device.
Preferably, the processing terminal further comprises means for displaying the transaction code.
Preferably, the processing terminal is adapted to display the transaction code in the form of an optical indictor.
Preferably, the transaction code generating means is adapted to generate the transaction code in the form of an optical indictor, and preferably in the form of a bar code.
Alternatively, or in addition, the transaction code generating means is further adapted to generate the user code in the form of a series of audible tones, and preferably a series of dual-tone multi-frequency (DTMF) signalling tones. In this case, the mobile device may be adapted to receive audible tones.
Preferably, the truncation code incorporates at least one of the following: an identity of the terminal (a merchant identifier); the amount of the transaction; detail relating to the item(s); and a time stamp.
Preferably, the mobile device further comprises means for reading the transaction code.
Preferably, the reading means is adapted to scan the transaction code.
Preferably, the mobile device further comprises a camera adapted to photograph the transaction code. More preferably, the camera is adapted to operate as an optical scanner.
Preferably, the mobile device further comprises means for decoding the transaction code thereby to extract transaction information from the transaction code.
Preferably, the processing terminal comprises means for displaying a confirmation receipt relating to a completed transaction.
Preferably, the processing terminal comprises a user interface for enabling a user to manually enter a user code into the terminal.
Preferably, the mobile user device is in the form of a mobile telephone and/or a personal digital assistant, and preferably a smartphone.
Preferably, the processing terminal is in the form of a point-of-sale (POS) terminal.
Preferably, the processing terminal is in the form of an internet-based or online merchant.
Preferably, the system is in the form of a payment system.
According to a further aspect of the invention, there is provided a mobile device which is adapted to form part of the system as herein described.
According to another aspect of the invention, there is provided a point-of-sale (POS) device adapted to form part of the system as herein described.
According to another aspect of the invention, there is provided a method of authorising a transaction using a mobile device, the method comprising: receiving information relating to a particular transaction from a transaction processing terminal; and generating a user code on the mobile device to authorise a transaction in dependence upon the received information, wherein the user code is adapted to be received by the processing terminal thereby to enable the processing terminal to process the transaction.
According to yet another aspect of the invention, there is provided a method of processing a transaction using a point-of-sale (POS) terminal, which comprises: generating a transaction code relating to a particular transaction, said code being adapted to be read by a mobile user device thereby to enable a user to authorise the transaction via the mobile user device.
According to a further aspect of the invention, there is provided a mobile device (preferably in the form of a mobile telephone) which comprises software code adapted to carry out the various method steps as described herein.
According to a further aspect of the invention, there is provided a point-of-sale terminal which comprises software code adapted to carry out the various method steps as described herein.
According to another aspect of the invention, there is provided a mobile device, which comprises means for receiving information relating to a particular transaction from a transaction processing terminal; and means for generating a user code on the mobile device to authorise a transaction in dependence upon the received information, wherein the user code is adapted to be received by the processing terminal thereby to enable the processing terminal to process the transaction.
According to a further aspect of the invention, there is provided a point-of-sale (POS) terminal, which comprises means for generating a transaction code relating to a particular transaction, said code being adapted to be read by a mobile user device thereby to enable a user to authorise the transaction via the mobile user device.
In another aspect the invention provides a method of authorising payment transactions by exchanging dynamically generated optical indicators, preferably in the form of bar codes, between a mobile user device and a transaction processing terminal.
The invention also provides a computer program and a computer program product comprising software code adapted, when executed on a data processing apparatus, such as the processing terminal and/or mobile device to perform any of the methods described herein, including any or all of their component steps.
The invention also provides a computer program and a computer program product comprising software code which, when executed on a data processing apparatus, such as the processing terminal and/or mobile device, comprises any of the apparatus features described herein.
The invention also provides a computer program and a computer program product having an operating system which supports a computer program for carrying out any of the methods described herein and/or for embodying any of the apparatus features described herein.
The invention also provides a computer readable medium having stored thereon the computer program as aforesaid.
The invention also provides a signal carrying the computer program as aforesaid, and a method of transmitting such a signal.
The invention extends to methods and/or apparatus substantially as herein described with reference to the accompanying drawings.
Any feature in one aspect of the invention may be applied to other aspects of the invention, in any appropriate combination. In particular, method aspects may be applied to apparatus aspects, and vice versa.
Furthermore, features implemented in hardware may be implemented in software, and vice versa. Any reference to software and hardware features herein should be construed accordingly.
Each feature disclosed in the description, and (where appropriate) the claims and drawings may be provided independently or in any appropriate combination.
The invention is now described, purely by way of example, with reference to the accompanying drawings, in which:-Figure 1 shows an authorisation system; Figure 2 is a block diagram of a smartphone; Figure 3 is a block diagram of a point-of-sale (POS) terminal; Figure 4 shows a time-sequence chart of the information exchange steps involved in making a payment for an item using the system of Figure 1; and Figure 5 shows another embodiment of the authorisation system of Figure 1.
Figure 1 shows an authorisation system, in the form of a smartphone-based payment system 1, as may be located in a department store or shopping mall (or, in principle, in many other commercial premises). The system I includes a mobile user device in the form of a smartphone handset or PDA 10 which interacts with a transaction processing terminal in the form of a point-of-sale (POS) terminal 20 by means of an exchange of machine-readable codes 50, 60. The exchange of these codes 50, 60 allows the user of the smartphone 10 to authorise the purchase of an item in the department store; the authorisation is subsequently passed by the POS terminal 20 to a merchant information system (MIS) 30 and thereby used to approve the transaction and effect the appropriate transfer of funds at the bank 40 to make the payment for the item.
The exchanged codes 50, 60 comprise a transaction reference code (TRef) 50 and a one-time authorisation code (OTAC) 60.
Transaction reference code (TRef) 50 is generated dynamically by the POS terminal 20 to be read by the smartphone 10 and comprises information on the product being purchased. TRef 50 includes one or more of the following: an item description, the item price, a merchant identifier, and a time stamp. In this example, TRef 50 is in the form of an optical indicator such as a barcode, which can be readily captured by a built-in camera 100 of the smartphone 10.
The one-time authorisation code (OTAC) 60 is generated by the smartphone 10 in dependence on the received transaction reference code (TRef) 50 and also in dependence on the user's bank account and/or credit card details (which may be stored on the smartphone 10). The user of the smartphone 10 must first be authenticated thereby to authorise the transaction, for example, by entering a security PIN associated with their bank account and/or credit card, before the OTAC 60 is generated for sending on to the POS terminal 20. In this embodiment, the OTAC 60 is also an optical indicator such as a 2D barcode (ID barcodes are possible alternatives). -Il -
Also shown in Figure 1 are the transaction approval I confirmation messages 70 (exchanged by the POS terminal 20 and the merchant information system 30) and 80 (exchanged by the merchant information system 30 and the bank 40) to approve, complete, and provide feedback regarding the transaction.
Figure 2 is a block diagram of the smartphone 10, comprising a user interface 130 such as a touchscreen (for example, the Apple iPhone and various models made by Nokia, Samsung, LG and HTC amongst others) or a keypad / keyboard (for example, the Blackberry made by Research In Motion, and various models by Nokia and Sony, amongst others), a display 160 and a camera 100.
The smartphone 10 has been adapted by software to capture or scan (by means of the camera 100) and process (by means of the software modules described below) optical indicators such as barcodes used to represent transaction reference codes (TRef) 50.
In operation, random-access memory (RAM) 110 of the smartphone 10 comprises a number of software modules including a reader/decoder module 120, an authentication module 140, an authorisation module 145 and a one-time authorisation code (OTAC) generator 150. Together these modules form a smartphone purchasing application.
The software modules are written in a suitable programming language for the suitable software platform for the particular smartphone operating system, for example Java MIDP, C++ or Python on the S60 platform for smartphones running Symbian OS.
The reader/decoder module 120 processes optical indicator details (such as barcodes) captured by the smartphone camera 100 and representing transaction reference codes (TRef) 50. The reader/decoder module 120 decodes the captured TRef 50 into its constituent pieces of information, such as the item description, the item price, and a merchant identifier, and passes this information on to the authorisation module 145.
The reader/decoder module 120 sends feedback regarding progress in capturing the TRef data and information regarding the item to the user via display 160.
The authentication module 140 assesses whether the correct security PIN has been entered by the user via the user interface 130 to authenticate the user to allow -12-authorisation of the purchase of the item. In this embodiment, details of the user's bank (or for example credit or debit card details) and corresponding PIN are stored (in encrypted form) within the authentication module 140. The PIN entered by the user via user interface 130 is compared to the stored PIN and if the values match, a positive authentication is sent to the authorisation module 145; if the values do not match, standard security measures are employed (for example, only a limited number of re-tries are permitted before the smartphone purchasing application is locked). The authentication module 140 sends feedback regarding PIN input and authentication to the user via the display 160.
The authorisation module 145 correlates the item information received from the reader/decoder module 120 with the result of the authentication received from the authentication module 140, recording in log 180 whether the purchase of the item has been approved by the user, providing feedback to the user via the display 160 and instructing the OTAC generator 160 to generate a OTAC to send to the POS terminal 20.
OTAC generator 150 generates a one-time authorisation code (OTAC) 60 to send to the POS terminal 20 to authorise the purchase of the item.
The One-Time Authorisation Code (OTAC) 60 is generated in dependence on data which includes information obtained from the received transaction reference code (TRef) 50 (which, as described previously, may comprise a item description, item price, and a merchant identifier) and the user's bank account details (for example, the user's account number, credit/debit card number, card valid-from/expiry date, issue number and card verification value CVV) stored on the smartphone by the authentication module 140. Additional details encoded in the OTAC may include data specific to the smartphone 10, such as the IMEI (International Mobile Equipment Identity) number, or to the user such as the IMSI (international mobile subscriber identity) stored on the SIM (subscriber identity module) card. A time-stamp is also included.
A hashing algorithm is used to combine the data (or the appropriate subset, as acceptable to authorise payment transactions by the merchant information system 30 and bank 40) and generate the OTAC 60 in the form of an optical indicator such as a 2D barcode (for example, according to an open-standard such as Data Matrix or Semacode) which is displayed on the screen 160, and is readable by the POS terminal 20.
The uniqueness of the OTAC therefore results from the particular data used in its generation. The system therefore allows for the use of a combination of "something you have" (the smartphone 10, which has encoded data specific to a user's bank account and/or credit card) with "something you know" (the PIN) as required by a two-factor authentication scheme.
The "one-time" or unique aspect of the one-time authorisation code (OTAC) 60 is further enhanced by providing the smartphone 10 with a dynamic authentication code generating means, in the form of a soft token 155, which is used to generate dynamic authentication codes which are then embedded within the OTAC 60. In one example, the system uses an authentication scheme based on RSA SecurlD, which can be used to generate a series of secretly-seeded random numbers at regular time intervals. In this case, the secret seed will have been previously securely transmitted (potentially encrypted by a public-key of the user or assigned to the smartphone 10) or installed directly at the smartphone 10, and is otherwise known only to the bank 40 (or a certification authority) which therefore knows what authentication code to expect at any given time. RSA SecurlD is available as a software module and executes from the smartphone 10 RAM 110.
Figure 3 is a block diagram of a point-of-sale (POS) terminal 20, comprising an optical scanner 200, a processor 215, an input / output (i/o) port 235 (to connect the POS terminal 20 to the merchant information system 30, for example by a network connection or telephone line) and a display 260.
Figure 4 shows a time-sequence chart of the information exchange steps involved in making a payment for an item using the smartphone-based payment system 1.
In a preliminary step (SO), the customer / smartphone user having taken the item to be -14-purchased to the POS terminal 20, the POS terminal 20 determines the item details by, for example, reading the price-tag attached to the item (this may be a barcode, a magnetic strip an RFID tag or some other form of price tag) by means of scanner 200, processing the resulting data using processor 215 (optionally, if the POS terminal 20 does not have this information stored, enquiring via the i/o port 235 of the merchant information system (MIS) 30 as to the item details, shown as exchange Q-A) and displaying on display 260 a machine-readable transaction code 50. Optionally, POS terminal 20 may also display human-readable details regarding the item on the display 260 for the convenience of (and as feedback for) the customer.
In step SI, the user scans transaction code 50 displayed by POS terminal 20 with the camera 100 of smartphone 10, that is, the camera 100 of the smartphone 10 is used as a barcode scanner.
In step S2, the user authorises the transaction by entering the PIN associated with the bank account or credit card. If the entered PIN is correct (as determined by the authentication module 140), smartphone 10 generates (by means of the OTAC generator module 150) a one-time authorisation code (OTAC) 60.
In step S3, smartphone 10 sends the OTAC code 60 authorising payment to the POS terminal 20. In practice, this means smartphone 10 displays the 2D barcode representing the OTAC code 60 on its display screen 160, and the POS terminal 20 scans the code with its scanner 200. As mentioned above, the OTAC 60 typically includes the user's bank card data (possibly including a dynamic authentication code) together with certain transaction information.
In step S4, POS terminal 20 sends the transaction approval message to merchant information system 30. Depending on the encryption scheme in use (if any), processor 215 of the POS terminal 20 may be able to decode the OTAC 60 and send pertinent transaction details to the merchant information system 30; alternatively, if processor 215 of the POS terminal 20 cannot decode the OTAC 60, POS terminal 20 acts merely as a relay and forwards the OTAC 60 to the merchant information system 30.
In step S5, merchant information system 30 (potentially having first decoded the OTAC 60) sends a transaction approval message and user bank details to bank 40. Bank 40 makes the payment, transferring money from the user's bank account to that of the merchant.
In step S6, bank 40 sends a confirmation message to merchant information system 30, confirming the payment has been made.
In step S7, merchant information system 30 sends a confirmation message to POS terminal 20, which then displays a confirmation message to the customer I smartphone user.
Optionally, in step S8, POS terminal 20 issues a receipt 90 in the form of further optical indicator, such as barcode. This is scanned by the user with the camera 100 of smartphone 10, which then stores the receipt as evidence of the purchase having been made. Alternatively, a traditional paper receipt may be issued.
Figure 5 shows another embodiment of the smartphone-based payment system 1, showing the process for card-holder present transactions, comprising the steps of: 1. Merchant scans good(s) and presents via barcode the transaction reference, merchant ID and amount; 2. Customer scans barcode with a smartphone or handset and depending on amount enters their PIN in to smartphone (low value transactions may be processed and authorised without the need to enter a pin); 3. Smartphone generates a one-time transaction authorisation code and card number via an onscreen barcode; and 4. Merchant scans barcode and then processes payment.
Further features -Additional security For additional security, the data may be encrypted before or during generation of the OTAC to prevent user information being obtained surreptitiously by those obtaining the unencrypted OTAC (for example by intercepting its transmission to the POS terminal 20) and reversing the hashing algorithm. An encryption key is stored as a further software token on the smartphone handset 10. In a symmetric-key scheme, the further software token is one of identical shared secret keys; the other shared secret key is stored at the bank 40. In an asymmetric-key (or public-key) scheme, the further software token is the public key issued by the bank; the bank's private key is stored at the bank 40.
As a further alternative, the PIN needing to be entered by the user need not be the same one as used to access the user's bank account directly, but merely one to access the smartphone payment system on that particular smartphone 10.
-Remote storage of bank account details In an example, instead of storing the user bank account details, such as a credit card number, on the smartphone 10, the bank account details are instead stored on a secure remote server that is typically connected to the banking institution's communication network infrastructure. In this case, the smartphone 10 is adapted to access the bank account details by establishing a secure connection to this server, for example via a Secure Sockets Layer (SSL) internet connection. In particular, after the user has been authenticated, for example by entering the correct security PIN, the authorisation module 145 then establishes a secure communications channel with the remote server to extract the user's bank account details from the remote server. These details are then used by the OTAC generator 150 to generate the OTAC 60.
In another example, the remote server is capable of generating a dynamic authentication code, for example, based on the user bank account details which are stored on the remote server, and when the authorisation module connects to the remote server, instead of extracting or downloading the full user bank account details or card number, the server instead generates a dynamic authentication code which is then transmitted to the smartphone for use by the OTAC generator 150 in creating the OTAC 60.
-PIN-less payments For the convenient purchase of items of low monetary value, such as newspapers, step S2, in which the user authorises the transaction by entering the security PIN associated with the user's bank account, is optional and the payment may be termed PIN-less'. In this case, the user would merely click an "accept button" to authorise the transaction.
In order to limit the financial exposure were the smartphone to be stolen, PIN-less payments are restricted in that they may only be made for individual purchases not exceeding a predetermined maximum monetary value per purchase. Optionally, the total value for PIN-less payments made in total and/or during a predetermined time period may also be restricted to a predetermined maximum monetary value (reaching this value then requires the user to re-set the PIN-less payment system, which necessitates entering the requisite PIN).
-Manual entry systems In certain examples, instead of the POS terminal 20 presenting the user with a barcode for scanning with the camera 100 of smartphone handset 10, POS terminal 20 presents transaction reference code (TRef) 50 in the form of an alphanumeric string which the user keys into the smartphone 10 manually via user interface 130. The subsequent steps S2 to S8 proceed as described above. Step S3, wherein POS terminal 20 scans the OTAC 60 displayed on the display screen 160 of smartphone 10 may also be replaced by the manual entry of an alphanumeric string by the user on the POS terminal 20. In this case the OTAC is presented in the form of an alphanumeric string which the user then enters into a keypad of the POS terminal 20.
-Telephone based transactions The described payment system may also be adapted for the payment of goods or services over a telephone communications system. In this case, the transaction reference code (TRef) 50 and/or the OTAC 60 are generated in the form of a series of audible DTMF signalling tones. In particular, the POS terminal 20 generates the TRef code 50 in the form of a sequence of DTMF tones, which are then received by the smartphone 10, for example, via a microphone of the smartphone 10. The smartphone then extracts the transaction information from the sequence of DTMF tones and then generates the OTAC 60 in dependence on the received transaction information. In this case, the generated OTAC 60 is also in the form of a sequence of DTMF tones, which are then played to the POS terminal 20, which then receives and decodes these tones to process the transaction.
In certain examples, the payment system might use a combination of audible, visual or other OTAC 60 and TRef 50 codes. Thus, for example, the smartphone 10 might receive a TRef code 50 in the form of a sequence of DTMF tones, and then generate the OTAC 60 in the form of a 2D barcode.
-Internet based transactions The described smartphone payment system may also be adapted for payment of goods and services over the internet. In one example, the merchant information system 30 provides a web-site which displays optical indicators such as barcodes to relate information such as item descriptions, item prices, and a merchant identifier. In an analogous way to that of the above-described POS-based embodiment, the user scans the requisite barcode with the smartphone handset 10 and enters a PIN to authorise the transaction (steps SI and S2).
In one example, based on the manual entry systems described above, the OTAC 60 generated by smartphone 10 is in the form of an alphanumerical string which the user enters manually into a text box on the website to approve payment.
In an alternative embodiment, the user generates an OTAC 60 via smartphone 10 and merchant information system 30 uses the user's webcam to read the OTAC 60.
-Further authentication schemes Instead of authenticating the user by having them input a PIN directly via the user interface 130 (which may require bank account or credit card information and PIN being stored on the smartphone handset 10), alternative authentication schemes may be used.
* Picture password authentication In one example, the user is shown a selection of random photographs, one of which is a key' photograph for the user, for example, a photograph of a person that is related to user. The user is then authenticated by selecting the correct key' photograph. The user might also be required to select more than one photograph displayed on the screen, or might be required to select particular photographs from successively displayed selections of photographs. Key' photographs are typically preselected by the user or authorising system.
* Online profile authentication In another example, items specific to the user and obtainable from the user's recent on-line activity (for example, a recent posting to a social networking website or a twitter tweet') are presented amongst other items of a similar form; the user authenticates by correcting identifying their own contributions.
This form of authentication might be used in combination with the above described picture password authentication, since key' photographs might be sourced from a user's online profile, for example, the system might make use of an image that has recently been uploaded to a user's page on a social networking site.
* Voice authentication Another possible authentication scheme is to use a speech recognition system to identify the user.
-Dynamic credit card numbers In an example, the smartphone 10 is provided with a series of credit card numbers to be used for a successive series of transactions. In this case, each credit card number is only valid for a particular time period (for example for one day or one week) or for a particular number of transactions. After the specified time period, or after a particular number of transactions, the card number expires and the next card number in the sequence is then used for subsequent transactions. The series of credit card numbers are securely delivered to the smartphone in a similar manner to that described above -20 -with respect to the delivery of a secret seed code. In this case, when the user carries out a payment transaction using the smartphone 10, the OTAC 60 would be generated based on the currently valid credit card number in a particular series.
-Physical card details In one example, the user's bank account details are provided on an outer surface of the smartphone 10 itself. In particular, the user's card number, or a coded representation of the user's card number (such as a barcode), is etched onto the rear surface of the smartphone 10. In an example, the card number or barcode is etched or displayed on a removable cover of the smartphone 10. Alternatively, the card number or barcode could be provided in the form of a (removable) sticker which is stuck onto the rear surface of the smartphone 10. In this case, the OTAC generator is used to generate an OTAC which includes a dynamic authentication code, but which does not include the user's card number. The user's card number is then either manually inputted by the user into the POS terminal 20, or scanned by the POS terminal 20 from the rear surface of the smartphone 10 at the time that the user scans the transaction reference code (TRef) 50 from the POS terminal 20. In the case where the user's card number itself is provided on the surface of the smartphone, the card would be of the type that would only operate if it is used in combination with a dynamic authentication code.
While, the authorisation system has been described above mainly with reference to a payment system 1, it is also envisaged that the present authorisation system could be used in many other similar situations in which it is necessary to control access and/or authorise the provision of goods or services. For example, the system could be employed to control access to a particular controlled area, like a music concert or a public transportation system.
It will be understood that the present invention has been described above purely by way of example, and modifications of detail can be made within the scope of the invention. -21 -

Claims (61)

  1. Claims: 1. An authorisation system which comprises a transaction processing terminal for processing transactions; and a mobile user device, the user device comprising means for receiving information relating to a particular transaction from the processing terminal, and means for generating a user code to authorise a transaction in dependence upon the received information, wherein the user code is adapted to be received by the processing terminal thereby to enable the processing terminal to process the transaction.
  2. 2. The system of Claim 1, wherein the user code is in the form of a machine readable code.
  3. 3. The system of Claim I or 2, wherein the user code is in the form of an optical indicator.
  4. 4. The system of Claim 3, wherein the code is in the form of a bar code, and more preferably a two-dimensional bar code.
  5. 5. The system according to any of the preceding claims, wherein the terminal comprises means for reading the code.
  6. 6. The system according to Claim 5, wherein the reading means comprises an optical scanner.
  7. 7. The system according to any of the preceding claims, wherein the user code generating means is adapted to generate a unique code for each transaction.
  8. 8. The system according to Claim 7, wherein the user code generating means is adapted to incorporate the information relating to a particular transaction within the user code.
  9. 9. The system according to Claim 8, wherein the user code generating means is -22 -adapted to incorporate at least one of the following pieces of information relating to the transaction within the user code: an identity of the terminal (a merchant identifier); the amount of the transaction; detail relating to the item(s); and a time stamp.
  10. 10. The system according to any of the preceding claims, wherein the user code generating means is adapted to incorporate bank details relating to the user of the mobile device into said code.
  11. 11. The system according to Claim 10, wherein the bank details are stored on the mobile device.
  12. 12. The system according to Claim 10 or 11, wherein the bank details comprise at least one of the following: a credit card number; a bank account number; a Card Verification Value (CVV) code; bank and/or credit card validity dates; and a bank and/or credit card issue number.
  13. 13. The system according to any of the preceding claims, wherein the user code generating means is adapted to incorporate a dynamically generated authentication code within the user code.
  14. 14. The system according to Claim 13, further comprising means for generating a dynamic authentication code based on a clock signal of the user device and a preinstalled random seed key.
  15. 15. The system according to any of the preceding claims, further comprising means for encrypting the user code.
  16. 16. The system according to any of the preceding claims, further comprising means for storing a log of all generated user codes.
  17. 17. The system according to any of the preceding claims, wherein the mobile device further comprises means for authenticating a user prior to generating the user code.
    -23 -
  18. 18. The system according to Claim 17, wherein the authentication means comprises means for interrogating a user.
  19. 19. The system according to Claim 18, wherein the interrogating means comprises means for presenting a user with an authentication screen adapted to be displayed on a display means of the mobile device.
  20. 20. The system according to any of the preceding Claims 17 to 19, wherein the authenticating means is adapted to make use of a Personal Identification Number (PIN) code corresponding to the user's bank account and/or credit card to authenticate the user.
  21. 21. The system according to Claim 20, wherein the PIN code is stored in an encrypted form on the mobile device.
  22. 22. The system according to any of the preceding Claims 17 to 19, wherein the authentication means is adapted to authenticate the user using a set of images.
  23. 23. The system according to Claim 22, wherein the set of images includes a selection of random images and at least one image that is known to the user.
  24. 24. The system according to any of the preceding Claims 17 to 19 and 22 or 23, wherein the authentication means is adapted to authenticate a user on the basis of information relating to the user available via the user's online profile.
  25. 25. The system according to Claim 24, wherein the authentication means is adapted to access the online profile of a user thereby to obtain information relating to the user to form the basis of the authentication.
  26. 26. The system according to any of the preceding claims, wherein the terminal comprises means for decoding the user code to extract information relating to the user authorisation of the transaction.
    -24 -
  27. 27. The system according to any of the preceding claims, wherein the terminal comprises means for decrypting the user code.
  28. 28. The system according to any of the preceding claims, wherein the terminal is connectable to a transaction approval system for approving transactions.
  29. 29. The system according to Claim 28, wherein the terminal is adapted to transmit information relating to the user authorisation of the transaction to the approval system.
  30. 30. The system according to Claim 28 or 29, wherein the approval system includes a banking institution.
  31. 31. The system according to any of the preceding claims, wherein the processing terminal further comprises means for displaying transaction information to a user thereby to enable a user to input manually the transaction information relating to a particular transaction into the mobile device.
  32. 32. The system according to Claim 31, wherein the transaction information comprises at least one of the following: an identity of the terminal (a merchant identifier); the amount of the transaction; detail relating to the item(s); and a time stamp.
  33. 33. The system according to any of the preceding claims, wherein the processing terminal comprises means for generating a transaction code relating to a particular transaction, said code being adapted to be read by the mobile user device thereby to enable a user to authorise the transaction via the mobile user device.
  34. 34. An authorisation system which comprises a processing terminal for processing transactions; and a mobile user device, wherein the processing terminal comprising means for generating a transaction code relating to a particular transaction, said code being adapted to be read by the mobile user device thereby to enable a user to authorise the transaction via the mobile user device.
  35. 35. A system according to Claim 33 or 34, wherein the processing terminal further -25 -comprises means for displaying the transaction code.
  36. 36. A system according to Claim 35, wherein the processing terminal is adapted to display the transaction code in the form of an optical indictor.
  37. 37. A system according to Claim 35 or 36, wherein the transaction code generating means is adapted to generate the transaction code in the form of an optical indictor, and preferably in the form of a bar code.
  38. 38. A system according to any of the preceding Claims 33 to 37, wherein the truncation code incorporates at least one of the following: an identity of the terminal (a merchant identifier); the amount of the transaction; detail relating to the item(s); and a time stamp.
  39. 39. A system according to any of the preceding Claims 35 to 38, wherein the mobile device further comprises means for reading the transaction code.
  40. 40. A system according to Claim 39, wherein the reading means is adapted to scan the transaction code.
  41. 41. A system according to Claim 39 or 40, wherein the mobile device further comprises a camera adapted to photograph the transaction code.
  42. 42. A system according to any of the preceding Claims 35 to 41, wherein the mobile device further comprises means for decoding the transaction code thereby to extract transaction information from the transaction code.
  43. 43. A system according to any of the preceding claims, wherein the processing terminal comprises means for displaying a confirmation receipt relating to a completed transaction.
  44. 44. A system according to any of the preceding claims, wherein the processing terminal comprises a user interface for enabling a user to manually enter a user code -26 -into the terminal.
  45. 45. A system according to any of the preceding claims, wherein the mobile user device is in the form of a mobile telephone and/or a personal digital assistant, and preferably a smartphone.
  46. 46. A system according to any of the preceding claims, wherein the processing terminal is in the form of a point-of-sale (POS) terminal.
  47. 47. A system according to any of the preceding Claims I to 45, wherein the processing terminal is in the form of an internet-based or online merchant.
  48. 48. A system according to any of the preceding claims, wherein the system is in the form of a payment system.
  49. 49. A mobile device which is adapted to form part of the system according to any of the preceding claims.
  50. 50. A point-of-sale (POS) device adapted to form part of the system according to any of the preceding Claims I to 49.
  51. 51. A method of authorising a transaction using a mobile device, the method comprising: receiving information relating to a particular transaction from a transaction processing terminal; and generating a user code on the mobile device to authorise a transaction in dependence upon the received information, wherein the user code is adapted to be received by the processing terminal thereby to enable the processing terminal to process the transaction.
  52. 52. A method of processing a transaction using a point-of-sale (POS) terminal, which comprises: generating a transaction code relating to a particular transaction, said code being adapted to be read by a mobile user device thereby to enable a user to authorise the transaction via the mobile user device.
    -27 -
  53. 53. A mobile device (preferably in the form of a mobile telephone) which comprises software code adapted to carry out the method of Claim 51.
  54. 54. A point-of-sale terminal which comprises software code adapted to carry out the method of Claim 52.
  55. 55. A mobile device, which comprises means for receiving information relating to a particular transaction from a transaction processing terminal; and means for generating a user code on the mobile device to authorise a transaction in dependence upon the received information, wherein the user code is adapted to be received by the processing terminal thereby to enable the processing terminal to process the transaction.
  56. 56. A point-of-sale (POS) terminal, which comprises means for generating a transaction code relating to a particular transaction, said code being adapted to be read by a mobile user device thereby to enable a user to authorise the transaction via the mobile user device.
  57. 57. A method of authorising payment transactions by exchanging dynamically generated optical indicators, preferably in the form of bar codes, between a mobile user device and a transaction processing terminal.
  58. 58. A system substantially as herein described and/or as illustrated with reference to the accompanying drawings.
  59. 59. A method substantially as herein described and/or as illustrated with reference to the accompanying drawings.
  60. 60. A mobile device substantially as herein described and/or as illustrated with reference to the accompanying drawings.
  61. 61. A point-of-sale (POS) terminal substantially as herein described and/or as illustrated with reference to the accompanying drawings.
GB1004246A 2010-03-15 2010-03-15 Authorisation system Withdrawn GB2478712A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1004246A GB2478712A (en) 2010-03-15 2010-03-15 Authorisation system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1004246A GB2478712A (en) 2010-03-15 2010-03-15 Authorisation system

Publications (2)

Publication Number Publication Date
GB201004246D0 GB201004246D0 (en) 2010-04-28
GB2478712A true GB2478712A (en) 2011-09-21

Family

ID=42261566

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1004246A Withdrawn GB2478712A (en) 2010-03-15 2010-03-15 Authorisation system

Country Status (1)

Country Link
GB (1) GB2478712A (en)

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2484391A (en) * 2010-10-04 2012-04-11 2Ergo Ltd Authenticating a transaction
EP2573705A1 (en) * 2011-09-26 2013-03-27 Metrologic Instruments, Inc. Method of and apparatus for managing and redeeming bar-coded coupons displayed from the light emitting display surfaces of information display devices
ITRM20120048A1 (en) * 2012-02-14 2013-08-15 Gaetano Salvo SAFE PAYMENT SYSTEM SIMPLE TO USE AND AT LOW COST
DE102012003859A1 (en) 2012-02-27 2013-08-29 Giesecke & Devrient Gmbh Method for safely performing transaction using mobile user terminal, involves transmitting transaction number to user terminal, assigning user terminal to transaction by cash box, and carrying out transaction by account settlement system
DE102012005693A1 (en) * 2012-03-20 2013-09-26 Giesecke & Devrient Gmbh Method for performing cash transaction between point-of-sale (POS) terminal and mobile terminal, used in store, involves detecting and processing transaction code to perform transaction by POS terminal
GB2502182A (en) * 2012-03-05 2013-11-20 Vodafone Ip Licensing Ltd Including an object in a video game
GB2502140A (en) * 2012-05-18 2013-11-20 Omlis Ltd System and method for transmitting data
EP2725536A1 (en) * 2012-10-26 2014-04-30 Lee S. Weinblatt Mobile device-based electronic payment systems and methods
WO2014086972A1 (en) * 2012-12-06 2014-06-12 Nec Europe Ltd. Method and system for mobile money
US20140195428A1 (en) * 2013-01-10 2014-07-10 Mg Systems Consultoria E Sistemas Ltda Audio-based electronic transaction authorization system and method
GB2512944A (en) * 2013-04-12 2014-10-15 Mastercard International Inc Systems and methods for outputting information on a display of a mobile device
EP2869254A1 (en) * 2013-11-04 2015-05-06 Vitisco nv Method of approving a transaction
DE102014002602A1 (en) * 2014-02-24 2015-08-27 Giesecke & Devrient Gmbh Procedure for authorizing a transaction
EP2828812A4 (en) * 2012-03-19 2015-11-25 Royal Canadian Mint Monnaie Royale Canadienne Using bar-codes in an asset storage and transfer system
CN106296186A (en) * 2015-05-25 2017-01-04 阿里巴巴集团控股有限公司 Information interacting method, Apparatus and system
EP3179429A1 (en) * 2015-12-07 2017-06-14 Leadot Innovation, Inc. Method of exchanging currencies using an offline point of sale third party payment system and internet-connected mobile computing device
EP3246866A1 (en) * 2016-05-18 2017-11-22 Amadeus S.A.S. Secure exchange of a sensitive data over a network based on barcodes and tokens
FR3051613A1 (en) * 2016-05-18 2017-11-24 Amadeus Sas
EP3276555A1 (en) * 2016-07-28 2018-01-31 Mastercard International Incorporated Mobile payment method and system
AU2012360969B2 (en) * 2011-12-30 2018-06-28 In-Idt Method and system for securing a payment carried out with the aid of a payment card
IT201700014359A1 (en) * 2017-02-09 2018-08-09 Aitek S P A Anti-counterfeiting bar code, system and method for generating and authenticating a security based on this code
EP3502993A1 (en) * 2017-12-22 2019-06-26 Mastercard International Incorporated A method and system for conducting a transaction
EP3540669A4 (en) * 2016-11-30 2019-11-06 Huawei Technologies Co., Ltd. Transaction processing method and device
EP3543933A4 (en) * 2016-11-18 2019-11-13 Alibaba Group Holding Limited Communication method and device based on bar codes, and method and device for realizing payment
CN110651292A (en) * 2017-10-25 2020-01-03 万事达卡国际公司 Method and system for transmitting machine-readable code data via a payment network
EP3624039A4 (en) * 2017-06-13 2020-06-03 Sony Corporation Information processing device and information processing system
WO2020187448A1 (en) * 2019-03-20 2020-09-24 Giesecke+Devrient Mobile Security Gmbh Method for making financial transactions
US11620634B2 (en) 2013-03-15 2023-04-04 Cardware, Inc. Multi-function smart tokenizing electronic payment device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050211771A1 (en) * 2004-03-26 2005-09-29 Fujitsu Limited Shop settlement method, system and program
US20080210754A1 (en) * 2005-06-13 2008-09-04 Robert Lovett Account payment using barcode information exchange
US20080222048A1 (en) * 2007-03-07 2008-09-11 Higgins Kevin L Distributed Payment System and Method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050211771A1 (en) * 2004-03-26 2005-09-29 Fujitsu Limited Shop settlement method, system and program
US20080210754A1 (en) * 2005-06-13 2008-09-04 Robert Lovett Account payment using barcode information exchange
US20080222048A1 (en) * 2007-03-07 2008-09-11 Higgins Kevin L Distributed Payment System and Method

Cited By (62)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2484391B (en) * 2010-10-04 2013-04-24 2Ergo Ltd Electronic transaction method and system
GB2484391A (en) * 2010-10-04 2012-04-11 2Ergo Ltd Authenticating a transaction
US8807432B2 (en) 2011-09-26 2014-08-19 Metrologic Instruments, Inc. Apparatus for displaying bar codes from light emitting display surfaces
EP2573705A1 (en) * 2011-09-26 2013-03-27 Metrologic Instruments, Inc. Method of and apparatus for managing and redeeming bar-coded coupons displayed from the light emitting display surfaces of information display devices
US8556176B2 (en) 2011-09-26 2013-10-15 Metrologic Instruments, Inc. Method of and apparatus for managing and redeeming bar-coded coupons displayed from the light emitting display surfaces of information display devices
US9245219B2 (en) 2011-09-26 2016-01-26 Metrologic Instruments, Inc. Apparatus for displaying bar codes from light emitting display surfaces
AU2012360969B2 (en) * 2011-12-30 2018-06-28 In-Idt Method and system for securing a payment carried out with the aid of a payment card
ITRM20120048A1 (en) * 2012-02-14 2013-08-15 Gaetano Salvo SAFE PAYMENT SYSTEM SIMPLE TO USE AND AT LOW COST
DE102012003859A1 (en) 2012-02-27 2013-08-29 Giesecke & Devrient Gmbh Method for safely performing transaction using mobile user terminal, involves transmitting transaction number to user terminal, assigning user terminal to transaction by cash box, and carrying out transaction by account settlement system
GB2502182A (en) * 2012-03-05 2013-11-20 Vodafone Ip Licensing Ltd Including an object in a video game
GB2502182B (en) * 2012-03-05 2016-08-31 Vodafone Ip Licensing Ltd Method for introducing a physical object in a virtual world
US8814702B2 (en) 2012-03-05 2014-08-26 Vodafone Ip Licensing Limited Method for introducing a physical object in a virtual world
EP2828812A4 (en) * 2012-03-19 2015-11-25 Royal Canadian Mint Monnaie Royale Canadienne Using bar-codes in an asset storage and transfer system
DE102012005693A1 (en) * 2012-03-20 2013-09-26 Giesecke & Devrient Gmbh Method for performing cash transaction between point-of-sale (POS) terminal and mobile terminal, used in store, involves detecting and processing transaction code to perform transaction by POS terminal
US9509498B2 (en) 2012-05-18 2016-11-29 Omlis Limited System and method for transmitting data
GB2502140A (en) * 2012-05-18 2013-11-20 Omlis Ltd System and method for transmitting data
US9608805B2 (en) 2012-05-18 2017-03-28 Omlis Limited Encryption key generation
WO2013171506A1 (en) * 2012-05-18 2013-11-21 Omlis Limited System and method for transmitting data
EP2725536A1 (en) * 2012-10-26 2014-04-30 Lee S. Weinblatt Mobile device-based electronic payment systems and methods
WO2014086972A1 (en) * 2012-12-06 2014-06-12 Nec Europe Ltd. Method and system for mobile money
US20140195428A1 (en) * 2013-01-10 2014-07-10 Mg Systems Consultoria E Sistemas Ltda Audio-based electronic transaction authorization system and method
US9911122B2 (en) 2013-01-10 2018-03-06 Mg Systems Consulting Services Llc Audio-based electronic transaction authorization system and method
WO2014108794A1 (en) 2013-01-10 2014-07-17 Mg Systems Consultoria E Sistemas Ltda Audio-based electronic transaction authorization system and method
EP2943944A4 (en) * 2013-01-10 2016-09-07 Mg Systems Consulting Services Llc Audio-based electronic transaction authorization system and method
US11620634B2 (en) 2013-03-15 2023-04-04 Cardware, Inc. Multi-function smart tokenizing electronic payment device
GB2512944A (en) * 2013-04-12 2014-10-15 Mastercard International Inc Systems and methods for outputting information on a display of a mobile device
BE1025817B1 (en) * 2013-11-04 2019-11-18 Vitisco Nv METHOD FOR APPROVING A TRANSACTION
WO2015063278A1 (en) * 2013-11-04 2015-05-07 Vitisco Nv Method of approving a transaction
EP2869254A1 (en) * 2013-11-04 2015-05-06 Vitisco nv Method of approving a transaction
US10943238B2 (en) 2014-02-24 2021-03-09 Giesecke+Devrient Mobile Security Gmbh Transaction authorization method
DE102014002602B4 (en) 2014-02-24 2021-10-21 Giesecke+Devrient Mobile Security Gmbh Method for authorizing a transaction and the use of a clock and a cash register system in this method
DE102014002602A1 (en) * 2014-02-24 2015-08-27 Giesecke & Devrient Gmbh Procedure for authorizing a transaction
CN106296186A (en) * 2015-05-25 2017-01-04 阿里巴巴集团控股有限公司 Information interacting method, Apparatus and system
KR102474462B1 (en) * 2015-05-25 2022-12-05 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. Information interaction method, device and system
JP2018522333A (en) * 2015-05-25 2018-08-09 アリババ グループ ホウルディング リミテッド Information interaction method, apparatus and system
US11250404B2 (en) 2015-05-25 2022-02-15 Advanced New Technologies Co., Ltd. Transaction scheme for offline payment
EP3306548A4 (en) * 2015-05-25 2018-11-14 Alibaba Group Holding Limited Information interaction method, device and system
KR20210061469A (en) * 2015-05-25 2021-05-27 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. Information interaction method, device and system
CN106296186B (en) * 2015-05-25 2020-07-03 阿里巴巴集团控股有限公司 Information interaction method, device and system
EP3179429A1 (en) * 2015-12-07 2017-06-14 Leadot Innovation, Inc. Method of exchanging currencies using an offline point of sale third party payment system and internet-connected mobile computing device
FR3051613A1 (en) * 2016-05-18 2017-11-24 Amadeus Sas
EP3246866A1 (en) * 2016-05-18 2017-11-22 Amadeus S.A.S. Secure exchange of a sensitive data over a network based on barcodes and tokens
EP3276555A1 (en) * 2016-07-28 2018-01-31 Mastercard International Incorporated Mobile payment method and system
CN109416793A (en) * 2016-07-28 2019-03-01 万事达卡国际公司 Method of mobile payment and system
WO2018022412A1 (en) * 2016-07-28 2018-02-01 Mastercard International Incorporated Mobile payment method and system
JP2020512603A (en) * 2016-07-28 2020-04-23 マスターカード インターナシヨナル インコーポレーテツド Mobile payment method and system
US20180039968A1 (en) * 2016-07-28 2018-02-08 Mastercard International Incorporated Mobile payment method and system
CN109416793B (en) * 2016-07-28 2022-11-08 万事达卡国际公司 Mobile payment method and system
RU2735093C2 (en) * 2016-07-28 2020-10-28 Мастеркард Интернэшнл Инкорпорейтед Method and system of mobile payment
EP3543933A4 (en) * 2016-11-18 2019-11-13 Alibaba Group Holding Limited Communication method and device based on bar codes, and method and device for realizing payment
US10706408B2 (en) 2016-11-18 2020-07-07 Alibaba Group Holding Limited Methods and devices for barcode based communication and payment implementation
US10885511B2 (en) 2016-11-18 2021-01-05 Advanced New Technologies Co., Ltd. Methods and devices for barcode based communication and payment implementation
EP3540669A4 (en) * 2016-11-30 2019-11-06 Huawei Technologies Co., Ltd. Transaction processing method and device
EP3361419A1 (en) * 2017-02-09 2018-08-15 Aitek S.P.A. Tamper-proof barcode, system and method for generating and authenticating credentials on the basis of said code
IT201700014359A1 (en) * 2017-02-09 2018-08-09 Aitek S P A Anti-counterfeiting bar code, system and method for generating and authenticating a security based on this code
US11301826B2 (en) 2017-06-13 2022-04-12 Sony Corporation Information processing apparatus and information processing system
EP3624039A4 (en) * 2017-06-13 2020-06-03 Sony Corporation Information processing device and information processing system
US11468440B2 (en) 2017-10-25 2022-10-11 Mastercard International Incorporated Method and system for conveyance of machine readable code data via payment network
CN110651292B (en) * 2017-10-25 2022-12-30 万事达卡国际公司 Method and system for transmitting machine-readable code data via a payment network
CN110651292A (en) * 2017-10-25 2020-01-03 万事达卡国际公司 Method and system for transmitting machine-readable code data via a payment network
EP3502993A1 (en) * 2017-12-22 2019-06-26 Mastercard International Incorporated A method and system for conducting a transaction
WO2020187448A1 (en) * 2019-03-20 2020-09-24 Giesecke+Devrient Mobile Security Gmbh Method for making financial transactions

Also Published As

Publication number Publication date
GB201004246D0 (en) 2010-04-28

Similar Documents

Publication Publication Date Title
GB2478712A (en) Authorisation system
EP3039627B1 (en) Method for authenticating transactions
US9846866B2 (en) Processing of financial transactions using debit networks
EP2693687B1 (en) Method for generating a code, authorization method and authorization system for authorizing an operation
AU2019236733A1 (en) Transaction Processing System and Method
US10270587B1 (en) Methods and systems for electronic transactions using multifactor authentication
US20140100973A1 (en) Smartphone virtual payment card
US20130282588A1 (en) Consumer, Merchant and Mobile Device Specific, Real-Time Dynamic Tokenization Activation within a Secure Mobile-Wallet Financial Transaction System
US20120028609A1 (en) Secure financial transaction system using a registered mobile device
CN107209889B (en) Multi-protocol transaction encryption
WO2011130422A2 (en) Mobile phone as a switch
US11625713B2 (en) Method for securing transactional data processing, corresponding terminal and computer program
US20150248676A1 (en) Touchless signature
US20200275267A1 (en) Hands free interaction system and method
EP4010865A1 (en) Mobile application integration
EP4142216A1 (en) Digital identity authentication system and method
US20220391896A1 (en) Hosted point-of-sale service
WO2015167671A1 (en) Secure system and method of virtually making payments at a point of sale
CN114424202A (en) System and method for using dynamically tagged content
KR20060131322A (en) System and method for payment, payment devices and recording medium and information storing medium
KR20160003785U (en) An identification system using dynamic barcode
WO2016057559A1 (en) Transaction verification systems
KR20160135409A (en) System and method for issuing electronic receipts
AU2014202432A1 (en) Payment Transaction Techniques

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)