SE532333C2 - Systems for receiving and transmitting encrypted data between two devices - Google Patents

Description

10 532 333 2 The present invention provides that no modifications are made to existing ones cash register terminals are usually necessary if the cash register terminal has interfaces adapted to receive communication through USB, Rs232 and RsA85 ports or other known communications tionsportar.

A device with cellular telephone capabilities is provided with encryption protocol the scheme according to the present invention as well as the device in the present invention invention. But the encryption of the present invention can be accomplished only in it cellular phone when used for radio communication other than shopping in one cash terminal.

The present invention provides a variety of application embodiments using its encryption protocol / scheme for more secure communication of information and data. An innovative application introduces a replacement of cards used for payment such as credit cards, retail cards, debit cards, smart cards, gas cards, bank cards, customer relationship management grazing cards and the like. Furthermore, all cards are included as bank cards to keep the The writing is simple, but does not limit the present invention to a single type of card.

An application of the present invention comprises that a cellular telephone number more is a unique identifier for the person carrying the phone.

Another application of the present invention provides a cellular telephone includes a barcode generator, which generates barcodes in the telephone display using encryption keys transferred to a database including the same barcode generator and encryption key in a data record carrying said cellular telephone fnummer. Thus, the same bar code is generated in both the cellular telephone and the database. then at any given time to be matched when a purchase in a POS (cash terminal) through the bar code shown in the cellular telephone display, thereby preventing counterfeiting by, for example, taking a photograph of the barcode shown in the display together with the specific phone number of the phone, which has also been saved in the database for matching. In one embodiment, the telephone number always appears in the barcode, but the barcode it is generated differently for each purchase using a key mentioned.

An alternative embodiment comprises that the device according to the present invention fi nning includes a barcode generator that provides a cellular telephone with new barcodes when a purchase has been made via the barcode displayed in the phone display screen.

Additionally, a cellular telephone of the present invention is equipped with an RF ID tag / chip that provides active or passive communication. It is known for one skilled in the art that existing devices with cellular telephone transmissions are equipped with IR and / or Bluetooth communication to send and receive ta data. Thus, it is understood that the encryption protocol / scheme is downloaded to the cellular one 532 333 3 device in accordance with the present invention and stored in one of the devices available league memories.

To achieve what is mentioned and other advantages present in invention a system comprising a first radio driven device and at least a second radio-powered device adapted to at least one of receiving and transmitting encrypted data between each other by establishing a data connection. The innovative system includes: radio frequency identification device (RFID), Blue tooth opportunity, wherein the first device has payment software comprising a unique one identity, wherein the radio frequency identification of the first device has a unique identity arranged for it, whereby the unique identity of the first device is transferred to the second device. and compared in the second device to detect whether they are valid in the first the device, only a first device has a radio frequency identification marking which is recognized by the payment software and vice versa, thereby preventing the payment software from being used as a clone in the second first devices, that the first and at least one second device comprises: an encryption algorithm in a memory, a key exchange protocol to provide a final key, which activates the encryption algorithm for encrypting in said devices, a random value start generator for a plurality of integers, which is continuously integer in a group for this purpose, wherein the continuously enumerated integer is a random start value received of the key exchange protocol at the same time as a transfer is established by one of said devices, used by the key changer as a first key, an interchangeable second key for a device user, entered by the user in the key exchange protocol, a third key is hard-coded and provided with the key exchange protocol, wherein the exchange protocol uses the first, second and third keys to create an end key to start the encryption algorithm, by agreement by handshake of the end key, provided by the key exchange protocol, through said first device and said second device through radio communication, the encryption algorithm begins to encrypt and establish a transmission of data between said first and at least one second device, and 5232 333 4 transmitted data is packaged as a header of a predetermined number of bytes plus encryption data of a predetermined number of bytes, the header being used to synchronize the transmission of data on switching in a communication between devices has been lost or added, and for to minimize delay time between devices involved in a data transmission through received incoming data traffic after the last header and previously received data is canceled, wherein encrypted data always includes the latest complete incoming header plus data, which is stored in a buffer of a predetermined size. In one embodiment of the present invention, an established transfer is terminated if the text CARRIER is part of the incoming data or if a button for closing one transmission is affected on the first and second devices.

Another embodiment comprises that the first device has cellular telecommunications phone capability and the at least one other device has cellular telephone capability.

A further embodiment provides that the first device has cellular telephone possibility and that the second device is a unit connected / included in a cash register satellite terminal, whereby one purchase is made through the telephone and the other device through to use RFlD and / or Bluetooth transmission.

A further embodiment comprises that communication between the first user the order and the second device are initially established with Bluetooth and later with RFID. Yet another embodiment comprises that encryption / encryption software is bound to a cellular telephone's international mobile state equipment identity.

Brief description of drawings y Refer to the accompanying figures in the accompanying description the text for a better understanding of the present invention with its embodiments and given example, wherein: Fig. 1 schematically illustrates an embodiment of a cellular telephone in accordance with the present invention, Fig. 2 schematically illustrates an embodiment of a bank card, F ig. 3 schematically illustrates an embodiment of a system for a cash register in accordance with the present invention, Fig. 4 schematically illustrates a block diagram of a device connected to one POS shown in Fig. 3 and Fig. 5 in accordance with the present invention, Fig. 5 schematically illustrates a block diagram showing the device 1g. 4 ge- barcodes to be displayed on the display screen of a cellular telephone, Fig. 6 schematically illustrates a system l in accordance with fi g. 3, wherein a cellular telephone and a database include the same device / application, which generates barcodes or 2D codes or similar codes on the market, 532 333 Fig. 7 schematically illustrates an embodiment of an internal payment software and an RFID tag in a cellular telephone in accordance with the present invention, Fig. 8 to Fig. 10 schematically illustrate an embodiment 1 in accordance with fl g. 7 using Bluetooth and RFID communication to allow a purchase, and F ig. 11 schematically illustrates an embodiment of how goods are purchased over the internet and a gate barrier passage embodiment in accordance with the present invention.

Detailed description of preferred embodiments The present invention provides an innovative way to avoid cloning of software used by a cellular telephone to perform the tasks of the present RFID communication between the cellular telephone and a device called lad puck or payment module as described below.

An object of the present invention is to provide a new and innovative encryption protocol / scheme included in a cellular telephone, for transmitting data, including they speak when required in order to achieve a secure transfer from and to cellular telephones or between cellular telephones and other devices having receivers and / or transmitter to communicate with Bluetooth and / or RF lD. Also, the present encryption of the present invention that it can be used for radio communication between others devices other than cellular telephones which have such a capability.

Furthermore, the present invention provides a device or payment device module to be connected / enclosed POS equipment for purchase A device with cellular telephone capabilities is provided with encryption protocols. package / scheme in accordance with the present invention as well as device a / puckenl payment module in the present invention. But the encryption of the present invention can be accomplished only in the cellular telephone when used for another radio communication than to shop at a POS.

De facto, when the device / puck / payment module is included in a cellular phone, the phone is capable of acting as a POS terminal. It can also act for money transfer between cellular phones.

The present invention provides a plurality of application embodiments using its encryption protocol / scheme for more secure communication of information and data. An innovative application introduces a replacement of cards used for payment such as credit cards, retail cards, debit cards, smart cards, gas cards, bank cards, customer relationship management grazing cards and the like. Furthermore, all cards are included as bank cards to keep the The writing is simple, but does not limit the present invention to a single type of card.

An application of the present invention comprises that a cellular telephone number more is a unique identifier for the person carrying the phone. 532 333 6 Another application of the present invention provides a cellular telephone includes a barcode generator, which generates barcodes in the telephone display using encryption keys transferred to a database including the same barcode generator and encryption key in a data record carrying said cellular telephone fnummer. Thus, the same bar code is generated in both the cellular telephone and the database. then at any given time to be matched when a purchase in a POS (cash register) through the bar code shown in the cellular telephone display, thereby preventing counterfeiting by, for example, taking a photograph of the barcode shown in the display together with the specific phone number of the phone, which has also been saved in the database for matching. In one embodiment, the telephone number always appears in the barcode, but the barcode it is generated differently for each purchase using a key mentioned. POS- the terminal uses, for example, the commonly used PCI-DSS (Payment Card) standard industry Data Security Standard) for transactions such as purchases.

Thus, the device does not interfere with the puck / payment module with the PC1-DSS standard when transactions are carried out via the POS communication protocol, ie no rings or updating of POS is necessary. The payment module is described by fi g. 4 and the related text.

An alternative embodiment comprises that the device 1puckenl payment module The field of the present invention comprises a bar code generator which supplies a cellular phone with new barcodes when a purchase has been made via the barcode shown in the phone the display screen.

Another embodiment comprises the device / puck / payment module has been equipped with radio transmitting and receiving equipment such as a cellular telephone or similar, whereby it can act as a POS in itself. If the radio equipment is not included in the module, it can be obtained through a PCMCIA (Personal Computer Memory) card Card Association card) through a slot added to the module for this purpose or through a USB device equipped with radio communication capabilities.

Additionally, a cellular telephone of the present invention is equipped with an RF ID tag / chip that provides active or passive communication. It is known for one skilled in the art that existing devices with cellular telephone transmissions are equipped with IR and / or Bluetooth communication to send and receive ta data. Thus, it is understood that the encryption protocol / scheme is downloaded to the cellular one device in accordance with the present invention and stored in one of the devices available silent memories.

When the term cellular telephone is used throughout the description according to lying up, it should be perceived as a pocket-sized handheld device that has cellular telephone capabilities, which also includes a PDA (Personal Digital Assistant) which 532 333 7 works in any cellular network or the like such as GSM (Global System for Mobile car Communication) using TDMA (Time Division Multiple Access), CDMA (Code Divi- Multiple Access), WCDMA (Wideband Code Division Multiple Access, FDMA) cy Division Multiple Access), GSM / 3G (third generation) or anything else on market suitable mobile or cellular system.

Throughout the description of the present invention, they should be set forth embodiments and given examples are understood to include the innovation described below. tiva encryption protocoll schema. The encryption includes the well-known cryptographic / the encryption algorithms named Blowfish, TwoFish, RSA (Rivest-Shamir-Adleman), Ghost and the like. Blovvfish is a symmetrical key block slate designed by Bruce Schneier and Dif fi e-Hellman Key-Agreement / Key-Exchange Protocol, RSA, Ghost and the like, which allow two users to exchange a privacy key over an unsecured kert medium without any predetermined confidentiality. Diffie-Hellman creates keys from predetermined the key devices of the present invention. RSA and Ghost can be used both such as encryption algorithms and key encryption protocols. All the mentioned encryption algorithms rhythms and key encryption protocols are well known to those skilled in the art.

It will be appreciated, although known algorithms and protocols are used, that they are modi- in accordance with innovative features for its use, and that Blow fi sh and Dif fi e- Hellman is used to exemplify the embodiments of the present invention, without necessarily limit the uptake to these.

When the term POS is used, this includes any cash terminal such as as found in shops, malls, and ticket machines at bus stations, metro stations, train stations, train stations, car parks and the like. It is also realized that a conversation and / or data in the context of the present invention include speech and / or data transmission by establishing a data connection. Access and electronic purchases via the Internet can also be introduced by the POS properties described by the present invention. finding.

Thus, the present invention provides a system comprising a device a radio-powered device such as a cellular telephone or a device as shown in fig. 4, adapted to at least one of receiving and transmitting encrypted data between each other.

Both the first and the second device comprise in one embodiment of the invention one 448 bit Blowfish encryption algorithm in an electronic memory of the devices as well as one Dif fi e-Hellman key agreement protocol, 512/1024 bits, to achieve a final key that activates the Blowfish encryption in the devices. This key is transferred from the the arrangement initiating a transmission to a receiving device, which accepts the key through a handshake procedure. When the handshake procedure is successful triggers the Blowfish algorithm to start encrypting data to be transmitted and the Blowfish 532 333 8 the algorithm of the receiving side of the transmission is triggered to decode the received data because the two Blowfish algorithms use the same agreed key transmitted through the Diffie-Hellman Protocol.

The key that has been accepted through the handshake is in an embodiment created as follows, whereby through the Diffie-Hellman protocol a multiple 16 bit integer random starting value is given. This initial value is calculated continuously through a dedicated software loop for this purpose. Thus, the continuously enumerated integer is added as a random start. value, as a first 16-bit key, received by the Dif fi e-Hellman protocol at the moment a transmission has been established by one of the devices.

Another value entered in Dif fi e-Hellman is a user key that is entered is modifiable by the user through, for example, a menu or a cellular telephone display here called the second key. Furthermore, a third is added to the Dif fi e-Hellman protocol key predetermined and hard-coded in the devices as well as the 512-bit hard-coded prime let. This third key identifies the card (\ / isa, MasterCard, American Express or similar cards) or a specific predetermined company, organization by a card number or nisationsnr.

The Dif fi e-Hellman protocol uses the first, second and third keys and the hard-coded prime number to create a common end key used by the device communicating to trigger Blowfish encryption and / or encryption. Thus, after ac- handshake acceptance of the end key, effected by the Diffie-Hellman Protocol, by means of the first and second devices by radio communication, the Blow algorithm encryption and establishes the transfer of data between the first and at least one the second device through a so-called tunnel described below. Transmitted data is packaged as a header of a predetermined number of bytes such as for example a 1-bit header plus encrypted data in a predetermined number of bytes such as 24 bytes.

The header is used to synchronize data transmission, if switching in a communication is delayed. race or added during transfer. In order to minimize the delay time between devices are involved in a data transfer, data traffic is scanned for the latest header and previously received data is abandoned, whereby encrypted data always contains the most recently received complete the head plus data, which is stored in a buffer of a predetermined size, for example with four packet head plus data. This builds up the so-called tunnel for transmission as mentioned above.

An established transfer is released if the text CARRIER is part of the received data or when a communication release button is pressed on the first and second the arrangements, such a button may be, for example, the shut-off button of a cellular telephone phone or "hands free" button.

Now a summary of the encryption and key exchange in steps: 532 333 Establish a data communication between devices A to B Check the initialization keys. If OK, continue with step 3.

Device A generates a new key and transfers it to device B.

Connection has been established if the key is recognized by device B.

Encryption in progress.

WPWNT * In accordance with one embodiment, the first device has cellular telephone capabilities and the at least one other device also has cellular telephone capabilities. Alter- natively, the first device has cellular telephone capabilities and the second device is a device, see fi g. 4, connected / included in a POS terminal, whereby a purchase is made by phone and device using RFID or Bluetooth transmission. In this case, the cellular learn the phone and the other device provided with RF ID labels / chips between which one data transfer is established. Communication between the first and second devices can also established through Bluetooth.

Fig. 1 illustrates an embodiment of the prior art with a cellular telephone 10 according to the present invention. The telephone 10 has a unique telephone subscriber number associated with it, herein fictitious +4670123456789, which identifies the person and / or company that has the subscriber many. Shown in fi g. 1 is a label 12, which may be of any soft type such as one barcode, RF ID tag (these are not shown), but they include the telephone number of the cellular the telephone 10 shown by the reference numeral 14. The label 12 is intended to scan read at a cash register terminal to connect the telephone number to a purchase. If not a label 12 used, a cash register terminal (POS) including a keypad can be used to enter the phone number, +4670123456789, and the PIN code, or a barcode, 2D code or similar be stored in the memory of the cellular telephone 10 and called to be displayed in the telephone 10 screen (not shown). An alternative is to call the POS with, +4670123456789, to store and connect the phone number to a purchase. This requires that the POS is equipped with a telephone call recipients for this purpose.

The PIN code is in a biometric embodiment such as a fingerprint transmitted to the telephone 10 by radiation to a receiver of the POS, or by it appears on the phone screen and scans at the POS.

Because the telephone number, +4670123456789, is a unique identifier of a person who subscribes to it, for example the connecting address of the person through the subscription it can be used to connect all the bank data that the person holds together with one personal identity code (PIN code). A person's bank data is schematically illustrated as an cards 16 such as smart cards, petrol cards, debit cards, credit cards, bank cards, shopping cards and other similar cards. In this case, the person's / company's bank data for authentication of 532 333 transmission according to data, for example included in the cards 16 is stored in a database of a bank server under the database record +4670123456789 in an embodiment of the present invention finning such as: Post: 4-4670123456789 Bank authenticity data PlN code One idea involves that a cellular telephone number, +4670123456789, is one unique identifier of the person / company holding the phone 10. Hereby, by calling up a predetermined number leading to a broker node application (broker mode), and store the cellular number in an intermediary database in a cash register terminal and at the same time enter it the same number in the cash register terminal, whereby the number dialed and the one entered chas with the acquirer, it is ensured that the telephone owner is identified and approved to make one buy. This is described in more detail with reference to Fig. 3. The mediator mode application acts as a communication device and possesses software for providing telephone A number identification callback, Controlling telephone number, equipment for reception of telephone calls and other necessary information known to a person skilled in the art to act as a redeemer.

In Fig. 2, schematically illustrated, an embodiment of a bank card 20 is in accordance with the present invention and its identity authentication data.

The ANSI standard X4.13-1983 is used by many credit card systems. Here follows what some of the numbers on the card stand for.

The first digit of a credit card number indicates the system, S-travel / entertainment card (such as American Express and Diners Club), 4 - Visa, 5 - MasterCard, 6 - Discover Card.

The structure of the card number, 4 - - - - - - - - - - - - - - - 4, as shown in Fig. 2 on the card varies with system. For example, American Express card numbers start with 37; Carte Blanche and Di- ners Club with 38. American Express - numbers three and four are variety and currency, the numbers five more 11 are check digits, digits 12 or seven to 15 are the account number and digits 13 or 16 are a check digit. MasterCard - the numbers two and three, two to four, two to five or two to six are the bank number (depending on whether number two is 1, 2, 3 or another). The numbers after the bank number up to digit 15 is the account number and digit 16 is a check digit, here a 4.

The strip on the back of the credit card is a magnetic strip, often called a gastric strip.

There are three tracks on the magnetic strip. Each groove is one tenth of an inch wide. ISO / IEC standard 7811, which is used by banks, specifies that track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity bit read-only characters. Track three is 210 bpi, and holds 107 4-bit plus parity bit sign. A credit card 20 typically uses only slots one and two. Track three is a read / write pair (which includes an encrypted PlN code, country code, currency units, and the amount allowed), but its use is not standardized between banks. 532 333 ll The information in track one is contained in two formats: A, which is reserved for use of the card issuer, and B, which includes the following: start-mail - a character, format code = "B" - one character (alpha only), master account number - up to 19 characters, separation - one character, country code -three characters, name - two to 26 characters, separation - one character, output expiration date or separation - four characters or one character, discretion data - sufficient numbers to fill in the maximum registration length (79 characters in total), end entry - one character, and longitudinal redundancy check (LRC) - a sign. LRC is a »form of control sign.

The format for track two, developed by the banking industry, is as follows: starting item - one characters, master account number - up to 19 characters, separation - one character, country code -three characters- one, expiration date or separation - four characters or one character, discretion data - sufficient with characters to fill in the maximum registration length (40 characters in total), and LRC - a character one.

For information in the slot format, see ISO Magnetic Card Standards.

There are three basic procedures to determine (authentication) about the credit card will pay for what is charged: traders with few transactions each month use voice identification using a tone signal telephone, electronic data capture (EDC) magnetic card scan terminals are becoming more common - even scan cards at check-out, virtual terminals on Internet.

After, for example, the cashier or the person sweeping the credit card 20 through a readers call the EDC software at the cash register terminal (POS), see fig. 3, which partly shows the prior art technology, up a stored number, using a modem, broadband connection, wireless or other network and equipment known to a person skilled in the art to call one redeemer. A acquirer is an organization that collects credit authentication requests from merchant and provides the merchant with a payment guarantee. When an intermediary company receives The credit card authentication request checks the validity request and the registration on magnetic strip after: merchant ID, valid card number, expiration date, credit card limit, card turn.

The "smart" credit card (smart card) is an innovative application that involves all aspects of cryptography (privacy codes), and not just the authentication required is written. A smart card 20 has a microprocessor 22 built into the card itself. Cryptographic is es- essential for the function of these cards. A user must prove their identity in the card each once a transaction is made, in much the same way as a PlN is used in an ATM (bank food). The card and card reader execute a sequence of encrypted signing / counter-signing exchanges to verify that everyone is dealing with a legitimate counterparty. Once this has established, the transaction itself is executed in encrypted form to prevent anyone, including the person holding the card or the merchant whose cardholder is involved, from that eavesdrop on the exchange and later pretend to be one of the parties to cheat the system. 532 333 12 This complicated protocol is implemented in such a way that it is invisible to the user, except for the need to enter a PIN to initiate the transaction.

The chip in these cards is capable of many types of transactions. For example, for to make a purchase from a cardholder's credit account, debit account or from a stored account value that is rechargeable. The increased memory and processing capacity of the smart take the card is many times larger than that of a traditional magnetic card and can accommodate fl era different applications on a single card. It can also contain identification information, hold find out about affiliate programs (loyalty programs) or allow access to naden The information described above is held by a bank card 20, or smart cards 20, 22 are similar to those expected to be stored in the database record or telephone number, +4670123456789, as bank authentication data together with a PlN code or a smart card 20, 22, which information / data is also stored in a memory, for example SIM card or internal telephone memory of the cellular telephone 10 to be transferred from a POS to the database holding the record, +4670123456789, for conformity comparison. In a preferred embodiment, encrypted / encrypted software is bound / associated with an International Mobile Station Equipment Identity (IME1), which is a term in wireless communication to identify each individual cellular telephone or mobile station.

Furthermore, the present invention introduces a further security or by dialing the database with its telephone number, here fictitious, 9876543210, holding the data record with telephone number through telephone 10, with phone number, +4670123456789, similar to making a card purchase at the POS. It is checked then that the scanned or otherwise transmitted telephone number of the POS is +4670123456789, the same person who called the database, and if so, a purchase and the intermediary mode sends a signal to POS that the purchase has been approved. This is described through the system of Fig. 3 showing an embodiment of several possible according to what is taught to the present invention.

Fig. 3 schematically illustrates an embodiment of a POS 30 in accordance with FIG. religious invention, herein including a billing device, which is common. POS- the system 30 is equipped with a device / puck / payment module 32 (not prior art) in in accordance with the present invention comprising a scanner 73 and a terminal 34 for enter PlN codes with and other characters with a keypad 35. It can also be equipped with and connected to a short sweep opening 31. In an embodiment of the present invention a buyer shopping in a POS holds his cellular phone 10, with label 12, which should scanned with the scanner 73 included in the device 32, shown in fi g. 4 or use one of procedure above to connect the telephone number, +46701234567890, to the purchase, almost simultaneously, 36 calls the buyer, schematically indicated by a GSM base station 38, with the telephone 10 as 532 333 13 holds the number, +46701234567890, a database server 46 using a predetermined number more, here ,ctively, 9876543210, in a acquirer node application 44, where the database server 46 stores the record that holds telephone numbers that are connected and approved to make purchases such as t ex +4670123456789 which points to bank data which allows a purchase of merchants' goods, services and the like. The call is registered with the telephone number, +4670123456789, in the database 46.

The call can be saved for a limited time, for example two to five minutes, with another Purchase in another store is possible. The POS 30 connects to the acquirer node application through one of networks 40, 42. The connection to the redemption mode 44 could be established by POS 30 which sweeps a special card for the business or POS 30 in question, which opens the communication for a purchase as it is currently carried out for purchases using a banking card, thereby emulating a connection as if the purchase was made through a card.

If the phone 10 has stored bank data that emulates a smart card has data transferred, for example, when the acquirer who has the telephone number 9876543210 is called.

At the redemption node 44 it is checked by dedicated software for this purpose that the number +4670123456789 from POS is the same as that stored when the phone is used turned to call +4670123456789 to register the phone number +4670123456789 for a purchase and if so, the database checks that the phone that holds the number +4670123456789 is a registered telephone number that is allowed to be used for purchases. PlN- the code is checked together with bank authentication data. If the purchase is approved by the acquirer a message / signal is sent to POS 30 and the purchase is terminated as being correct and approved.

The purchase is made more or less as a purchase with a bank card 20, 22 for local ongoing and very Iite upgrade of equipment needs to be carried out at POS 30 to be able to make a purchase. If POS 30 uses the feature to receive a call from the the phone 10 to connect the purchase with a telephone number, +4670123456789, as described above, equipment such as receivers must be installed for that purpose.

It will be appreciated that it is known to one skilled in the art how a telephone number, +4670123456789, is detected by A-number identification and number recognition ning. It is also understood that the telephone numbers used in the present description are effective and that an almost unlimited number of telephones can be registered in the database 46 as database items for utilizing the teachings of the present invention.

To correct the accounts between the buyer and the POS 30 merchant, the 44 through a network 40 to a settlement authority 48, which corrects accounts by debit the buyer's account with his / her bank and credit the merchant with his / her bank through their bank server 50.

Fig. 4 schematically illustrates a block diagram of a device puck / payment module 32 connected to a POS shown in fig. 3 and fi g. 5 in accordance with 532 333 14 the present invention. The device 32 comprises a microprocessor unit 60, which controls the device 42 tasks of the Commission. A flash memory 62 is used to store the source code needed to driving the device 32. Further, the device 32 comprises at least one of an Rs232, Rs485 interface and a universal bus interface (USB) for connection to extreme devices such as a POS 30, which has ports for such a connection. It communicates ge- by at least one of a Bluetooth receiver and / or transmitter 68 and an RF ID receiver and / or transmitter 70. An RFID 70 may be of passive or active type.

The device 32 also comprises a switch 74, for example a dip switches, the switch provides easy access to changing software for external communication with, for example, POS terminals stored in the flash memory 62.

Any purchase through a POS 30 in accordance with the present invention uses the same protocol currently used for backbone communication, ie communication used behind the device 32 according to the present invention for verify so-called card data by, for example, using the PC1-DSS standard. Hereby is it is usually not necessary to make modifications to existing POS if the POS has interface for receiving communication through USB, Rs232 Rs485 ports or similar da communication ports.

Thus, the radio-powered device 32 is the second device in the appendix claims 1 to 6, adapted to at least one of receiving and sending data from and / or to a cellular telephone 10, 11 comprising an RFID tag or chip and / or Bluetooth chip. Insect- coding and / or coding is accomplished and supported by having Blow fi sh and Dif fi e technology Hellman stored in flash memory 64, operated in accordance with the innovative procedure described joke above. The RFID chip in the cellular telephone 10, 11 may be of the strip type, like a chip arranged in the cellular telephone or as a chip integrated with the cellular telephone SIM card (Subscriber identity Module).

In an alternative embodiment shown by fi g. 6, the device 32 comprises a barcode and / or 2D code generator, which generates a new code every time a purchase from one POS 30 is performed, which is transmitted to the cellular telephone 10, 11 to be displayed and scanned by a code scanner connected or included in the device 32 at the next purchase as shown in fi g. 6. A purchase made through a cellular telephone 10, 11 can be confirmed by entering one PIN code in POS 30 through a keypad 34 as is currently done when purchasing or registering ring with card 16. In another embodiment, the device 32 is equipped with cellular radio capabilities. such as GSM, GSMI3G or the like. If the device 32 is equipped with a PCMCIA slots and cards 76, such radio communication can be accomplished by PCMCIA card 76 or alternatively with a USB device that provides radio communication (not 532 333 shown). Cellular communication can also be accomplished by integrating it into the device 32 (not shown).

Figs. 5 and 6 schematically illustrate a system according to Fig. 3, wherein a cellular 10 and a database 46 includes the same unit / program 52, which generates barcodes 13 or 2D codes or similar codes known to those skilled in the art. An implementation form of the present invention hereby provides that a cellular telephone 10 comprises a barcode generator generating barcodes 13 using the telephone display 12 of encryption keys supplied with a database 46 and the telephone memory unit 52, which includes the same barcode generator and encryption key in a data record that holds the telephone number, +4670123456789 or refer to it for the cellular telephone 10 mentioned. Thus the same bar code 13 is generated in both the cellular telephone 10 and the database 46 (indicated through a broken line in fi g. 4) at any predetermined time period for matching at purchase in a POS 30 equipped with a card sweep compartment 31 through the bar code 13 shown in it cellular telephone display 12, thereby preventing counterfeiting by, for example, taking a photo fi of the bar code 13 which is only valid for a POS purchase, which is shown in the display 12 together man with the specific phone number of the phone, which is also stored in the database for matching as described above. In one embodiment, the telephone number is +4670123456789, always in the barcode 13, but the barcode 13 is generated differently for all purchases at a POS 30 or similar to using a key such as 1280 shown in Fig. 6, as mentioned, or other known encryption technology known to a person skilled in the art. In another embodiment, they could be generated by encryption software. in the database when the cellular telephone registers the cellular telephone number 10, +4670123456789 in accordance with the present invention and sent to the telephone for 10 minutes. nose unit 52, which produces the same bar code 13 as the matching database such as described above by the key. In a further embodiment, the key can be entered into the database at any any time, ie consent changes to the key as well as the fact that it is registered in the memory unit 52 to allow the memory unit 52 and the database 46 to produce the memory ma barcode 13.

The memory unit 52 of the cellular telephone 10 may be present in the card or in an internal phone memory.

As mentioned, the bar code 13 can be generated simultaneously in the bar code of the telephone. code generator software and the database 46, thereby matching each other to enable one buy. This generation of a barcode can be synchronized to take place with each purchase or at any time, determined by, for example, a timer, not shown, to further prevent counterfeiting. of the bar code 13 since the time for generating the bar code can be carried out arbitrarily ligt. 532 333 16 In one embodiment, the bar code generator and / or key may be transmitted to the telephone. phone memory unit 52 when the telephone number, +4670123456789, is registered for purchase in a POS as described above.

Fig. 7 shows a cellular telephone 10, which has an RF 1D label 12 arranged inside the cover of the phone 10 or its outer body. The phone 10 has software stored in one of its memories (not shown), which is used to make purchases in accordance with the present as described. The RFID tag 12 is active in this embodiment and programmable.

This embodiment of a telephone 10 will illustrate, by fl g. 8-10, how to prevent to enable the cloning of the software existing in the phone's memories used to make payment in accordance with the present invention.

Each label 12 has a unique identifier such as the number or the like arranged which identifies the label 12, as well as the software has a unique identification according to landscape recovery.

In doing so, fl g illustrates. 8 when a cellular telephone 10 accesses the payment module 32.

The telephone 10 contacts the module 32 through its Bluetooth capabilities transmitting the unique the software payment identification number, schematically symbolized by the telephone 10 tin 81 and the signaling 80 received by the module 32, through the antenna 83. Finally, the the telephone 10 to be so close to the module 32 and the RFID tag 12 transmits its unique identity. identification number of the module 32 and the RFlD receiver / transmitter 70 schematically illustrated through the signaling 82.

Now with reference to fl g. 9, compare the module through software to the unique the identifier of the label 12 is uniquely / alone connected to the unique software identifier and vice versa. If this is the case, the module 32, schematically illustrated by the Bluetooth signaling 84 to the payment software, that the payment software and the label identifier are equivalent compatible or related. In accordance with the present invention there is only one label approved to connect to a payment software existing in the phone 10. Thus, if a payment software is cloned and used in another telephone 10 a communication is added module 32 to fail because the correct 12 label identifier is missing and a comparator behavior in module 32 will be negative.

Fig. 10 shows that the payment software matches the label identification, schematically illustrated by the Bluetooth confirmation signal 86 to the module 32 and a payment transaction can be established or established.

Fig. 11 schematically shows another embodiment of the use of a device. speech module 32. A buyer uses the cellular phone / PC 90, with a display screen 92 to buy goods 94 from a broker of goods (not shown) via the Internet. As an example a TV has been selected to be purchased. In a field 96 connected to the item 94, the user enters the telephone number, hereinafter referred to as 0123456789, for telephone 90 or other cellular telephone 532 333 17 more when a PC is used for the purchase (not shown) and transfers 97 the indicated purchase of a TV to the intermediary, here for example via GSM / 3G.

Now, for example, the intermediary 97 transmits an SMS / MMS to the telephone 90 including one code / password to be entered in a field on the phone screen 92 used to complete the purchase (not shown). Once entered, the 97 user transmits the password to the intermediary, which exits the purchase. Alternatively, a personal PlN code known by the user may be entered in another field (no shown), which further secures the purchase.

The payment module 32 transfers the cash to be paid for the TV set such as described according to the embodiments above through a schematically shown backbone network for transactions as is known to a person skilled in the art.

Furthermore, the invention according to fi g. 11 be used for entry and instead of purchase goods, an access broker receives the telephone number, 0123456789, and returns a SMS / MMS or similar with a password and the user continues with what is described in connection with fi g. 11.

Such an entry could be through a door, ticket gate at a tunnel subway, train station and almost everywhere where an access password is required. Also, the present invention is not limited to telephone numbers such as code. Other suitable codes can be used to recognize RFlD and Biâtand identification.

The present invention is not limited to given examples and embodiments. more, but to what a person skilled in the art can read from the attached set of patent claims.

Claims (6)

10 15 20 25 30 35 532 333 18 Patent claims A system comprising a first radio-powered device (10, 11), and at least a second radio-powered device (10, 11, 32) adapted to at least one of receiving and transmitting encrypted data between each other by establishing a data connection, characterized comprising: radio frequency identification means RFID, Bluetooth capability, wherein the first device (10) has payment software comprising a unique identity, the radio frequency identification of the first device (10) having a unique identity arranged to it, wherein the first device (10) unique identities are transmitted to the second device (32) and compared in the second device (32) to detect if they are valid in the first device, only a first device has a radio frequency identification tag recognized by the payment software and vice versa, in this case preventing the payment software from being used as a clone in other first devices, that the first device and at least one second device (10, 11, 32) comprises: an encryption algorithm in a memory (72), a key exchange protocol for providing a final key, which activates the encryption algorithm for encrypting in said devices (10, 11, 32), a random start value generator for a fl number of integers continuously counting integers in a loop for this purpose, the continuously incremented integer being a random start value received by the key exchange protocol at the same time as a transmission is established by one of said devices (10, 11, 32), used by the key exchanger as a first key, an interchangeable second key for a device user, entered by the user in the key exchange protocol, a third key is hard-coded and provided to the key exchange protocol, the exchange protocol using the first, second and third keys to create a key , by agreement by handshake of the end key, provided by the key holder the exchange protocol, through said first device (10, 11) and said second device (10, 11, 32) by radio communication, the encryption algorithm begins to encrypt and establish a transmission of data between said first (10, 11) and at least one other device (10, 11, 32), transmitted data is packaged as a header of a predetermined number of bytes plus encrypted data of a predetermined number of bytes, the header being used to synchronize the transmission of data about bytes in a communication between devices (10, 11, 32) has been lost or added, and in order to minimize the delay time between devices (10, 11, 32) participating in a data transfer, the received data track is searched for the last header and previously received data is canceled, whereby encrypted data always includes the latest complete incoming header plus data. The system of claim 1, wherein an established transmission is terminated if the text CARRlER is part of incoming data or if a button for terminating a transmission is touched on the first and second devices (10, 11, 32). The system of claim 1, wherein the first device (10, 11) has non-cellular telephone capability and said at least one second device has cellular telephone capability (10, 11). The system of claim 1, wherein the first device has cellular telephone capability (10, 11) and the second device (32) is a unit connected / included in a cash terminal (30), a purchase being made through the telephone ( 10, 11) and the second device (32) using RFID and / or Bluetooth transmission. The system of claim 1, wherein communication between the first device (10, 11) and the second device (32) is initially established with Bluetooth and later with radio frequency identification means. The system of claim 1, wherein the encryption / encryption software is linked / bound to the international mobile station equipment identity of a cellular telephone (10, 11).