US20150170145A1 - Method and system for transmitting interrupted transactions - Google Patents
Method and system for transmitting interrupted transactions Download PDFInfo
- Publication number
- US20150170145A1 US20150170145A1 US14/321,724 US201414321724A US2015170145A1 US 20150170145 A1 US20150170145 A1 US 20150170145A1 US 201414321724 A US201414321724 A US 201414321724A US 2015170145 A1 US2015170145 A1 US 2015170145A1
- Authority
- US
- United States
- Prior art keywords
- payment
- transaction
- information
- user
- mobile device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/405—Establishing or using transaction specific rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/20—Software design
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/35—Creation or generation of source code model driven
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/654—Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/28—Pre-payment schemes, e.g. "pay before"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/356—Aspects of software for card payments
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
Definitions
- the present application relates to the field of payment processing systems, and in particular, to a mobile-device-to-machine payment processing system over a non-persistent network connection.
- vending machines (or “automatic retailing” machines), in the broadest sense, have been around for thousands of years. The first simple mechanical coin operated vending machines were introduced in the 1880s. Modern vending machines stock many different types of products including, but not limited to drinks (e.g., water, juice, coffee, and soda) and edible food products/items (e.g., snacks, candy, fruit, and frozen meals), as well as a wide variety of non-food items. In this fast paced world, vending machines are ubiquitous.
- drinks e.g., water, juice, coffee, and soda
- edible food products/items e.g., snacks, candy, fruit, and frozen meals
- Vending machines are one type of “payment accepting unit” (payment accepting units are also referred to herein generically as “machines”).
- a payment accepting unit (or machine) is equipment that requires payment for the dispensing of products and/or services.
- payment accepting units can also be other machines that require payment for the dispensing of a product and/or services including, but not limited to parking meters, toll booths, laundromat washers and dryers, arcade games, kiosks, photo booths, toll booths, transit ticket dispensing machines, and other known or yet to be discovered payment accepting units.
- a user In using a payment accepting unit, a user will (1) approach the payment accepting unit, (2) determine from the face of the payment accepting unit the product (or service) he/she desires, (3) insert payment (e.g., coins, bills, or payment cards), and (4) input his/her selection into the payment accepting unit using a user interface (e.g., a series of buttons, a key pad, touch screen, or other input mechanism using, for example, the column and row at which a product is located). Based on the user's inputted selection, technology within the payment accepting unit provides the desired product (or service) to the user.
- a user interface e.g., a series of buttons, a key pad, touch screen, or other input mechanism using, for example, the column and row at which a product is located.
- a payment processing system or, more specifically, a mobile-device-to-machine payment processing system over a non-persistent network connection with hands-free and manual (sometimes also herein called “swipe” or “swipe-to-pay” mode) modes.
- a method of payment processing is performed at a device (e.g., the mobile device 150 , FIGS. 5 and 21 ) with one or more processors, memory, and two or more communication capabilities.
- the method includes obtaining, from a payment module (e.g., the adapter module 100 , FIGS. 5 and 20 ), advertised information via a first communication capability (e.g., a short-range communication technology/protocol such as BLE), where the advertised information at least includes an authorization code.
- the method includes sending, to a server (e.g., the server 130 , FIGS.
- the method includes obtaining, from the server, authorization information via the second communication capability, where the authorization information at least includes an authorization grant token.
- the method includes detecting a trigger condition to perform a first transaction with a payment accepting unit (e.g., the payment accepting unit 120 (sometimes also herein called “machine 120 ”) ( FIGS. 5 and 19 ) such as a vending machine or kiosk for dispensing goods and/or services) associated with the payment module.
- the method includes sending, to the payment module, the authorization grant token via the first communication capability.
- a method of transmitting machine status information is performed at a device (e.g., the mobile device 150 , FIGS. 5 and 21 ) with one or more processors, memory, and two or more communication capabilities.
- the method includes obtaining, from a payment module (e.g., the adapter module 100 , FIGS. 5 and 20 ), advertised information via a first communication capability (e.g., the short-range communication technology/protocol such as BLE), where the advertised information at least includes status information indicating one or more states of at least one of a payment module and a payment accepting unit associated with the payment module.
- the method includes sending, to a server (e.g., the server 130 , FIGS. 5 and 22 ), at least the status information from the advertised information via a second communication capability distinct from the first communication capability (e.g., the long-range communication technology/protocol such as GSM, CDMA, or Wi-Fi).
- a method of payment processing acknowledgment information is performed at a payment module (e.g., the adapter module 100 , FIGS. 5 and 20 ) coupled with a payment accepting unit (e.g., the payment accepting unit 120 (sometimes also herein called “machine 120 ”) ( FIGS. 5 and 19 ) such as a vending machine or kiosk for dispensing goods and/or services), the payment module including one or more processors, memory, and one or more first communication capabilities.
- the method includes obtaining, from the payment accepting unit, a first notification indicating completion of a first transaction performed by a first user of a first mobile device (e.g., the mobile device 150 , FIGS. 5 and 21 ) at the payment accepting unit and an amount of the first transaction.
- a first notification indicating completion of a first transaction performed by a first user of a first mobile device (e.g., the mobile device 150 , FIGS. 5 and 21 ) at the payment accepting unit and an amount of the first transaction.
- the method includes: generating first transaction information based at least in part on the first notification; storing the generated first transaction information; and sending the generated first transaction information to the first mobile device via one of the one or more first communication capabilities (e.g., the short-range communication technology/protocol such as BLE).
- first communication capabilities e.g., the short-range communication technology/protocol such as BLE.
- the method After sending the first transaction information to the first mobile device, the method includes: deleting the stored first transaction information generated for the first transaction performed by the first user of the first mobile device in accordance with a determination that first acknowledgement information has been received from the first mobile device within a predetermined time period; and maintaining the stored first transaction information generated for the first transaction performed by the first user of the first mobile device in accordance with a determination that the first acknowledgement information has not been received from the first mobile device within the predetermined time period.
- a method of updating firmware is performed at a first device (e.g., the mobile device 150 , FIGS. 5 and 21 ) with one or more processors, memory, and two or more communication capabilities.
- the method includes obtaining, from a payment module (e.g., the adapter module 100 , FIGS. 5 and 20 ), advertised information via a first communication capability (e.g., the short-range communication technology/protocol such as BLE), where the advertised information at least includes a current firmware version of the payment module.
- a payment module e.g., the adapter module 100 , FIGS. 5 and 20
- advertised information via a first communication capability (e.g., the short-range communication technology/protocol such as BLE), where the advertised information at least includes a current firmware version of the payment module.
- the method includes sending, to the payment module, firmware update information via the first communication capability, where the firmware update information includes one or more data packets for updating the current firmware version of the payment module.
- a device e.g., the adapter module 100 ( FIGS. 5 and 20 ), the mobile device 150 ( FIGS. 5 and 21 ), the server 130 ( FIGS. 5 and 22 ), or a combination thereof
- a device includes one or more processors and memory storing one or more programs for execution by the one or more processors, the one or more programs include instructions for performing, or controlling performance of, the operations of any of the methods described herein.
- a non-transitory computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which, when executed by a device (e.g., the adapter module 100 ( FIG. 20 ), the mobile device 150 ( FIG. 21 ), the server 130 ( FIG.
- a device e.g., the adapter module 100 ( FIG. 20 ), the mobile device 150 ( FIG. 21 ), the server 130 ( FIG. 22 ), or a combination thereof
- a device includes means for performing, or controlling performance of, the operations of any of the methods described herein.
- FIG. 1 is a schematic diagram that shows three zones: a “communication zone” (e.g., Bluetooth range), an “authorization zone,” and a “payment zone” in accordance with some implementations.
- a “communication zone” e.g., Bluetooth range
- an “authorization zone” e.g., an “authorization zone”
- a “payment zone” e.g., a “payment zone”
- FIG. 2 is a schematic diagram that shows the three zones of FIG. 1 with multiple users therein in accordance with some implementations.
- FIG. 3 is a table that illustrates the hands-free credit or alert user principle in accordance with some implementations.
- FIG. 4 is a flow chart showing the logging received signal strength indicator (RSSI) information in accordance with some implementations.
- RSSI received signal strength indicator
- FIG. 5 is a block schematic that shows elements of the payment processing system including, but not limited to, the adapter module, the machine, the mobile device, and servers, as well as communications therebetween in accordance with some implementations.
- FIG. 6 is a block schematic that shows three areas of encryption used (each is bi-directional) between the adapter module, the machine, the mobile device, and/or servers in accordance with some implementations.
- FIG. 7 is a block diagram that shows communications, messaging, vending sequence, and purchase flow between the adapter module, the mobile device, and a system management server in accordance with some implementations.
- FIG. 8A is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) when the user enters the “communication zone” (e.g., Bluetooth range) in accordance with some implementations.
- the payment processing system e.g., communications, messaging, vending sequence, and purchase flow
- the “communication zone” e.g., Bluetooth range
- FIG. 8B is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) when the user enters the “authorization zone” in accordance with some implementations.
- the payment processing system e.g., communications, messaging, vending sequence, and purchase flow
- FIG. 8C is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) when the user enters the “payment zone” and, in particular, detailing a hands-free mode embodiment and a swipe mode embodiment in accordance with some implementations.
- the payment processing system e.g., communications, messaging, vending sequence, and purchase flow
- FIG. 8D is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) in a vending transaction including a loop for multiple transactions in accordance with some implementations.
- the payment processing system e.g., communications, messaging, vending sequence, and purchase flow
- FIG. 8E is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) in the login mode in accordance with some implementations.
- the payment processing system e.g., communications, messaging, vending sequence, and purchase flow
- FIG. 8F is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) during boot-up of the adapter module in accordance with some implementations.
- the payment processing system e.g., communications, messaging, vending sequence, and purchase flow
- FIG. 8G is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) during an account check/update process in accordance with some implementations.
- the payment processing system e.g., communications, messaging, vending sequence, and purchase flow
- FIGS. 9A-9E are flow charts that show example steps and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) in accordance with some implementations.
- the payment processing system e.g., communications, messaging, vending sequence, and purchase flow
- FIGS. 10A-10D show a mobile device with a graphical representation of a mobile application shown thereon, the mobile application being used as part of the mobile-device-to-machine payment processing system in accordance with some implementations.
- FIG. 11 is a perspective view of the in-line dongle adapter module in accordance with some implementations.
- FIG. 12 is a front plan view of the in-line dongle adapter module of FIG. 11 in accordance with some implementations.
- FIG. 13 is a back plan view of the in-line dongle adapter module of FIG. 11 in accordance with some implementations.
- FIG. 14 is a side view of the in-line dongle adapter module of FIG. 11 in accordance with some implementations.
- FIG. 15 is a first end view of a connector receptacle of the in-line dongle adapter module of FIG. 11 in accordance with some implementations.
- FIG. 16 is a second end view of a connector receptacle of the in-line dongle adapter module of FIG. 11 in accordance with some implementations.
- FIG. 17 is a perspective view taken from the first end of the in-line dongle adapter module of FIG. 11 , the connectors and cables between which the in-line dongle adapter module is inserted being shown in broken lines for illustrative purposes in accordance with some implementations.
- FIG. 18 is a perspective view taken from the second end of the in-line dongle adapter module of FIG. 11 , the connectors and cables between which the in-line dongle adapter module is inserted being shown in broken lines for illustrative purposes in accordance with some implementations.
- FIG. 19 is a perspective view of the in-line dongle adapter module of FIG. 11 within a vending machine in accordance with some implementations.
- FIG. 20 is a block diagram of an adapter module in accordance with some implementations.
- FIG. 21 is a block diagram of a mobile device in accordance with some implementations.
- FIG. 22 is a block diagram of a server in accordance with some implementations.
- FIG. 23 is a schematic flow diagram of a process for authenticating a user to perform a transaction in the payment processing system in accordance with some implementations.
- FIG. 24A is a block diagram of a packet of information broadcast by the payment module (sometimes also herein called the “adapter module”) in accordance with some implementations.
- FIG. 24B is a block diagram of an authorization request in accordance with some implementations.
- FIG. 24C is a block diagram of an authorization grant token in accordance with some implementations.
- FIG. 24D is a block diagram of transaction information generated by the payment module in accordance with some implementations.
- FIG. 25A is a schematic flow diagram of a process for processing acknowledgment information in the payment processing system in accordance with some implementations.
- FIG. 25B is a schematic flow diagram of a process for processing interrupted transactions in the payment processing system in accordance with some implementations.
- FIGS. 26A-26C show schematic flow diagrams of processes for updating firmware of the payment module in the payment processing system in accordance with some implementations.
- FIGS. 27A-27C illustrate a flowchart diagram of a method of payment processing in accordance with some implementations.
- FIGS. 28A-28B illustrate a flowchart diagram of a method of transmitting machine status information in accordance with some implementations.
- FIGS. 29A-29C illustrate a flowchart diagram of a method of payment processing acknowledgment in accordance with some implementations.
- FIGS. 30A-30D illustrate a flowchart diagram of a method of updating firmware in accordance with some implementations.
- a payment processing system or, more specifically, a mobile-device-to-machine payment processing system for processing transactions over a non-persistent network connection.
- the mobile-device-to-machine payment processing system disclosed herein focuses on the unattended retail space (e.g., a payment accepting unit 120 , sometimes also herein called a “machine 120 ”). More specifically, the mobile-device-to-machine payment processing system disclosed herein allows a user (having a mobile device 150 with a mobile application 140 thereon) to make a cashless purchase from a payment accepting unit 120 (having an adapter module 100 associated therewith).
- the mobile-device-to-machine payment processing system described herein can be implemented with one or more of the following features: easy installation feature, a non-persistent network connection feature; a manual (swipe to pay) mode feature; a hands-free mode feature; and a multiple vending transactions (multi-vend) feature.
- Easy Installation Installation is very easy, requires no tools, requires no configuration, and takes as little as 30 seconds. This is accomplished by using an adapter module 100 (sometimes also herein called “payment module 100 ”) such as an in-line dongle (a hardware device with software thereon) design for in-line insertion within a multi-drop bus (MDB) of a payment accepting unit 120 (e.g., a vending machine) (sometimes also herein called ‘the machine 120 ′’).
- MDB multi-drop bus
- Installation is as simple as “powering down” (turning off) the machine 120 , identifying the “wire” that connects with a payment receiving mechanism (e.g., the coin mechanism), disconnecting the wire (so that there are two loose ends, such as a male connection end or adapter of an MDB and a female connection end or adapter of an MDB), plugging (inserting) the adapter module 100 in serial (“in-line”) with the wire (e.g., connecting the MDB female adapter to a male adapter of the adapter module 100 and connecting the MDB male adapter to a female adapter of the adapter module 100 ), tucking the wire and the installed adapter module 100 back into position, and “powering up” (turning on) the machine 120 .
- a payment receiving mechanism e.g., the coin mechanism
- plugging inserting
- the adapter module 100 in serial (“in-line”) with the wire e.g., connecting the MDB female adapter to a male adapter of the adapter
- the adapter module 100 can be configured or designed to work with other serial protocols or activate a switch. In essence the adapter module 100 simulates establishing payment on payment accepting unit 120 in much the same manner as other alternative forms of payment (e.g., cash).
- Non-persistent Network Connection Although payment accepting units (or “machines”) that accept only cash (e.g., paper currency and coins) may not require a connection (persistent or non-persistent) to a network, traditional payment accepting units that accept cashless payments (e.g., credit cards, debit cards, and alternative mobile device payment methods using, for example, smart phones) require a persistent connection to a network (wired or wireless) to facilitate the cashless payments. In other words, without a persistent (ongoing or accessible on demand) network connection, traditional payment accepting units cannot accept cashless payments. Most traditional payment accepting units that accept cashless payments include the technology to accomplish this persistent network connection that allows them to connect to a remote server. If the network connection to a traditional machine is temporarily interrupted, cashless payments will be temporarily unavailable.
- cashless payments e.g., credit cards, debit cards, and alternative mobile device payment methods using, for example, smart phones
- the mobile-device-to-machine payment processing system described herein minimizes (i.e., the manual mode) or eliminates (i.e., the hands-free mode) user interaction with the mobile device 150 . Further, in some implementations, the mobile-device-to-machine payment processing system described herein facilitates the acceptance of cashless payments without requiring any network connection near the payment accepting unit 120 . In some implementations, when the mobile-device-to-machine payment processing system described herein is located in a remote location where network connection is unavailable, the mobile-device-to-machine payment processing system, therefore, can still accept cashless payments.
- swipe-to-pay refers to a user's action implemented on his/her mobile device 150 where he/she quickly brushes his/her finger (or other pre-determined interaction) on the mobile device's touch screen 152 ( FIGS. 10A-10D ) or other input devices associated with the mobile device 150 .
- a pre-installed mobile application 140 automatically connects to the payment accepting unit 120 (e.g., a vending machine).
- the mobile application 140 might display (on the touch screen 152 ) a prepaid balance that the user “swipes” to transfer payment to the payment accepting unit 120 .
- the user could observe the transferred funds on the touch screen 152 of the mobile device 150 and/or on the display 122 , 124 ( FIG. 19 ) of the payment accepting unit 120 .
- the transaction is completed just as if cash was inserted in the machine 120 with the user inputting his selection on the payment accepting unit 120 and the payment accepting unit 120 dispensing the product or service. After the selection is made, the change is returned to the mobile device 150 and this may be shown on the touch screen 152 of the mobile device 150 .
- a “hands-free pay” feature (or just “hands-free”) would most likely be used with “favorite” payment accepting units 120 (e.g., a frequently used vending machine at a user's work or school). From the user's perspective, he/she would approach the favorite payment accepting unit 120 and notice that the display 122 , 124 ( FIG. 19 ) of the payment accepting unit 120 shows funds available, he/she would select the product or service using the payment accepting unit's input mechanisms (e.g., buttons 126 or a touch screen display 124 shown in FIG. 19 ), and he/she would retrieve dispensed services or products. It would be that simple.
- a pre-installed mobile application 140 automatically connects to the payment accepting unit 120 (e.g., a vending machine).
- the user may leave the mobile device 150 in a pocket, purse, briefcase, backpack, or other carrier.
- the user could observe the transferred funds on the display 122 , 124 ( FIG. 19 ) of the payment accepting unit 120 .
- the transaction is completed just as if cash was inserted into the payment accepting unit 120 with the user inputting his/her selection on the payment accepting unit 120 and the payment accepting unit 120 dispensing the product or service. After the selection is made, the change is returned to the mobile device 150 .
- FIG. 3 details when the hands-free mode would be available.
- Multi-Vend Both the manual and hands-free modes could be used multiple times in sequence (implemented, for example, as a loop) so that a user may make multiple purchases.
- the user After making his/her first selection and receiving his product (or service), the user would observe that additional funds were available on the display 122 , 124 ( FIG. 19 ) on the payment accepting unit 120 . He/she could make another selection (or multiple selections) and receive additional product(s) (or service(s)). More specifically, the display 122 , 124 ( FIG. 19 ) may reset as if the transaction is complete, but then, because the user is still standing in range, the mobile application 140 would send another credit to the payment accepting unit 120 , allowing for a second purchase. When the user walks away, the system clears (e.g., returns unused funds to the application 140 on the mobile device 150 ).
- the features described above, alone or in combination with other features described herein will revolutionize the hundred billion dollar automated retail industry.
- the hardware is very low cost and there are no reoccurring fees because no cellular connection is required on the machine 120 .
- operators of machines 120 can increase frequency of visits by purchasers and items sold with each visit.
- the mobile-device-to-machine payment processing system described herein may be implemented as an apparatus, system, and/or method for enabling payments to a machine 120 via a mobile device 150 .
- the mobile-device-to-machine payment processing system may be better understood with reference to the drawings, but the shown mobile-device-to-machine payment processing system is not intended to be of a limiting nature.
- the adapter module 100 (sometimes also herein called the “payment module 100 ”) is a physical device that is installed in a machine 120 (a payment accepting unit 120 ).
- the shown adapter module 100 is an in-line dongle (a hardware device with software thereon) device that may be inserted in-line within a multi-drop bus (MDB) of a machine 120 .
- MDB multi-drop bus
- the adapter module 100 bridges the communication between the machine 120 and a mobile device 150 .
- the adapter module 100 could be implemented as a plurality of devices or integrated into other devices (e.g., components of a machine 120 ).
- the adapter module 100 can be easily inserted into a machine 120 so that the machine 120 is able to perform new features with the assistance of the adapter module 100 .
- FIG. 20 shows components associated with the adapter module 100 .
- the communications unit 770 of the adapter module 100 includes short-range communication capability 776 (e.g., Bluetooth mechanisms).
- the shown example may be divided into multiple distinct components that are associated with each other or the example may be incorporated into or drawn from other technology (e.g., a computer or a payment accepting unit) as long as the components are associated with each other.
- a mobile device 150 may be a user's personal mobile device 150 .
- the mobile device 150 (with a mobile application 140 thereon) acts as a communication bridge between the adapter module 100 (associated with a payment accepting unit 120 ) and the server 130 .
- the mobile device 150 and the application 140 are not “trusted” in that the communications (transmissions) it passes are encrypted. Encrypted (secured) communications are undecipherable (unencryptable, unreadable, and/or unuseable) by the mobile device 150 .
- Mobile devices include, but are not limited to smart phones, tablet or laptop computers, or personal digital assistants (PDAs), smart cards, or other technology (e.g., a hardware-software combination) known or yet to be discovered that has structure and/or capabilities similar to the mobile devices described herein.
- the mobile device 150 preferably has an application (e.g., the application 140 ) running on it.
- the term “app” is used broadly to include any software program(s) capable of implementing the features described herein.
- FIGS. 10A-10D show user interfaces for the application 140 displayed by the mobile device 150 . It should be noted that the phrase “mobile device” can be assumed to include the relevant app unless specifically stated otherwise.
- FIG. 21 shows components associated with the mobile device 150 .
- the shown example may be divided into multiple distinct components that are associated with each other or the example may be incorporated into or drawn from other technology (e.g., the cell phone itself) as long as the components are associated with each other.
- Payment Accepting Unit 120 (or Machine 120 ): A payment accepting unit 120 (or the machine 120 ) is equipment that requires payment for the dispensing of an product and/or service. Payment accepting units 120 may be vending machines, parking meters, toll booths, laundromat washers and dryers, arcade games, kiosks, photo booths, toll booths, transit ticket dispensing machines, and other known or yet to be discovered payment accepting units 120 . Some payment accepting units 120 can accept cashless payments (payments other than cash (paper currency and coins)) by accepting payment from, for example, credit cards, debit cards, and mobile devices.
- cashless payments payments other than cash (paper currency and coins)
- a persistent network connection is a wired or wireless communications connection that is ongoing (e.g., a dedicated connection, a dedicated online connection, and/or a hardwired connection) or accessible on demand (e.g., the ability for the machine to make a temporary connection to a server or the ability for the user to contact a server from his mobile device).
- the persistent network connection has been conducted over “long-range communication technology” or “long-range communication protocol” (e.g., hardwired, telephone network technology, cellular technology (e.g., GSM, CDMA, or the like), Wi-Fi technology, wide area network (WAN), local area network (LAN), or any wired or wireless communication technology over the Internet that is known or yet to be discovered).
- long-range communication technology e.g., hardwired, telephone network technology, cellular technology (e.g., GSM, CDMA, or the like), Wi-Fi technology, wide area network (WAN), local area network (LAN), or any wired or wireless communication technology over the Internet that is known or yet to
- the user's mobile device 150 acts as a communication bridge between the adapter module 100 and the server 130 . Communications between user mobile devices 150 and the servers (e.g., a system management server 130 and/or a funding source server 160 ) take place using long-range communication technology.
- Short-range communication technology or “short-range communication protocol”
- Bluetooth such as Bluetooth 4.0, Bluetooth Smart, Bluetooth Low Energy (BLE)
- NFC near-field communication
- UWB Ultra Wideband
- RFID radio frequency identification
- infrared wireless induction wireless, or any wired or wireless technology that could be used to communicate a small distance (approximately a hundred feet or closer) that is known or yet to be discovered). Therefore, neither the adapter module 100 nor the payment accepting unit 120 requires a traditional persistent long-range wireless network connection.
- the communications technology shown in the figures may be replaced with alternative like communications technology and, therefore, specific shown communications technologies are not meant to be limiting. For example, Wi-Fi technology could be replaced with another long-range communication technology.
- a server is the host processing server that may be operated by the company running the payment processing system.
- the server 130 preferably maintains at least one “virtual wallet” having at least one “balance” (which can be $0) of designated funds for which the server 130 keeps an accounting.
- the balance may represent, for example, “cash” or it may be a “promotional value” that represents funds that may be spent under certain circumstances. If these funds begin to be depleted, the user may be notified (e.g., via the application 140 on the mobile device 150 ) that additional funds need to be designated and/or transferred. Alternatively, funds from other sources (e.g., the funding source server 160 ) may be automatically transferred to restore a predetermined balance.
- the balance may also be increased based on a promotion (e.g., points earned or coupons).
- the server includes appropriate processors 950 , memory 960 (which would keep an accounting of the user's balance in a manner similar to a gift card), and communication systems 970 .
- the communications unit 970 of the server 130 includes long-range communication capability 972 (e.g., cellular technology and/or Wi-Fi mechanisms).
- the server 130 also includes a security unit 955 for encrypting and decrypting messages.
- the server 130 receives an authorization request (sometimes also herein called an “AuthRequest”) from the adapter module 100 (via a mobile device 150 ) and, if funds are available, returns an authorization grant (sometimes also herein called an “AuthGrant” or an “authorization grant token”) for funds.
- FIG. 22 shows components associated with the server 130 . The shown example may be divided into multiple distinct components that are associated with each other or the example may be incorporated into or drawn from other technology (e.g., a computer or a main frame) as long as the components are associated with each other.
- Each adapter module 100 advertises its presence by broadcasting signals (advertising broadcast signals) to mobile devices in the zones 102 , 104 , 106 . Each adapter module 100 can listen to other adapter modules' advertisements.
- the adapter module 100 may have a self-calibrating signal strength to determine zone thresholds (e.g., a payment zone threshold and an authentication zone threshold).
- zone thresholds e.g., a payment zone threshold and an authentication zone threshold.
- the Received Signal Strength Indicator (RSSI) is logged.
- arm's-length which may be a predetermined length approximating the distance of a user standing in front of a machine for the purpose of making a purchase
- a mathematical computation i.e., In-Range Heuristics is conducted to derive the optimal RSSI threshold at which point payment should be triggered by an application 140 on a mobile device 150 .
- the threshold may be payment accepting unit specific and can vary over a period of time.
- This optimal zone threshold is preferably reported to the mobile device 150 during an initial handshake.
- In-Range Heuristics A mathematical computation that determines the RSSI threshold to determine when a user is in the authorization zone 104 and/or the payment zone 102 . This computation can take into consideration numerous historical data points as well as transaction specific information such as which the mobile device 150 is being used, payment accepting unit type, among other factors.
- the RSSI is logged while the user is making his selection (this is the one time in the entire process that the user definitely will be “in range” (e.g., they will be arm's length from the machine 120 because they are physically interacting with the machine 120 ).
- the type of user mobile device 150 , accelerometer data (e.g., is the user moving or stationary), and/or other information may also be logged while the user is making his selection.
- the adapter module 100 can give a reference RSSI for the payment zone 102 for the machine 120 , and the application 140 can make a +/ ⁇ adjustment based on the specific mobile device 150 on which it is installed. Over a period of time, the payment processing system continues to improve itself based on additional data points.
- AuthRequest (“AuthRequest:): When a user enters the authorization zone 104 , the mobile device 150 notifies the adapter module 100 and the adapter module 100 sends a secured authorization request (e.g., the encrypted authorization request) as a “message” (also referred to as a communication or transmissions) to the server 130 via the mobile device 150 . Encryption may be performed by a security unit 755 ( FIG. 20 ) with security technology (e.g., encryption and decryption means) that may be associated with the processing unit 750 and/or the memory 760 .
- the AuthRequest is a request for authorization of funds, not a request for authorization of a transaction. The purpose of the funds is irrelevant to the server 130 .
- AuthGrant This is a “message” (also referred to as a communication or transmissions) encrypted by the security unit 955 ( FIG. 22 ) with security technology (e.g., encryption and decryption means) of the server 130 with the unique private key corresponding to the adapter module 100 .
- the secured authorization grant (e.g., the encrypted authorization grant) is passed from the server 130 to the adapter module 100 via the mobile device 150 in the form of a message.
- the mobile device 150 is not able to decrypt and/or read the message.
- the authorization grant is in response to the authorization request.
- the amount of the funds granted by the AuthGrant may be determined by factors including, but not limited to, the amount of funds available (or, if funds are not available, a mini-loan could be granted), a pre-authorized amount (e.g., set by the server, set by the user during set-up, set by the funding source, or a standard amount), limited by time (e.g., only a certain amount per hour, or a predetermined amount at specific times of the day), limited to the maximum amount of an item on the machine (or enough for two or three items in the machine), or one or more of these and other factors.
- the AuthGrant makes the funds available, but does not authorize a transaction.
- the AuthGrant may have an associated expiration period in that it may expire if it is not used in a pre-determined time period.
- the length of time before the AuthGrant expires may be determined by factors including, but not limited to, the trustworthiness of the user (e.g., the user has a long history with the payment processing system or some known provider (e.g., credit card provider, bank, or credit union), the user has a good credit rating, or the user has a large wallet balance), a pre-authorized time period (e.g., set by the server, set by the user during set-up, set by the funding source, or a standard time period), limited by time (e.g., predetermined time periods at specific times of the day such as longer times during breakfast, lunch, and dinner), limited by the machine or the products or services sold in the machine, limited by the number of other users near the machine (e.g., if it is a crowded machine, the AuthGrant may expire faster), or one or more of these and other
- the AuthGrant remains valid until it expires or some other event occurs to end its validity (e.g., the user cancels it). This means that under normal circumstances the mobile device 150 will hold the AuthGrant authorizing use of funds for a pre-determined time period that will allow the user sufficient time to make a purchase.
- the authorized amount may be considered to be the “wallet balance” that is held in a virtual “wallet.”
- Time may be synchronized to the adapter module 100 from the server 130 .
- the server 130 sends time information with encrypted messages and the adapter module 100 uses the time encoded in the messages for synchronization.
- the mobile-device-to-machine payment processing system and components thereof may have associated hardware, software, and/or firmware (a variation, subset, or hybrid of hardware and/or software).
- the term “hardware” includes at least one “processing unit,” “processor,” “computer,” “programmable apparatus,” and/or other known or yet to be discovered technology capable of executing instructions or steps (shown as the processing unit 750 in FIG. 20 , the processing unit 850 in FIG. 21 , and the processing unit 950 in FIG. 22 ).
- the term “software” includes at least one “program,” “subprogram,” “series of instructions,” or other known or yet to be discovered hardware instructions or hardware-readable program code.
- Software may be loaded onto hardware (or firmware) to produce a “machine,” such that the software executes on the hardware to create structures for implementing the functions described herein. Further, the software may be loaded onto the hardware (or firmware) so as to direct the mobile-device-to-machine payment processing system (and components thereof) to function in a particular manner described herein or to perform a series of operational steps as described herein.
- “Hardware” such as the adapter module 100 , the mobile device 150 , and the payment accepting unit 120 may have software (e.g., programs and apps) loaded thereon.
- the phrase “loaded onto the hardware” also includes being loaded into memory (shown as the memory 760 in FIG. 20 , the memory 860 in FIG. 21 , and the memory 960 in FIG.
- the term “memory” is defined to include any type of hardware (or other technology)-readable media (also referred to as computer-readable storage medium) including, but not limited to, attached storage media (e.g., hard disk drives, network disk drives, servers), internal storage media (e.g., RAM, ROM, EPROM, FLASH-EPROM, or any other memory chip or cartridge), removable storage media (e.g., CDs, DVDs, flash drives, memory cards, floppy disks, flexible disks), firmware, and/or other known or yet to be discovered storage media.
- the memory may be transitory and/or non-transitory.
- Appropriate “messages,” “communications,” “signals,” and/or “transmissions” that includes various types of information and/or instructions including, but not limited to, data, commands, bits, symbols, voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, and/or any combination thereof) over appropriate “communication paths,” “transmission paths,” and other means for signal transmission including any type of connection between two elements on the payment processing system (e.g., the adapter module 100 , the mobile device 150 , the payment accepting unit 120 , hardware systems and subsystems, and memory) would be used as appropriate to facilitate controls and communications.
- the payment processing system e.g., the adapter module 100 , the mobile device 150 , the payment accepting unit 120 , hardware systems and subsystems, and memory
- programs and “subprograms” are defined as a series of instructions that may be implemented as software (i.e. computer program instructions or computer-readable program code) that may be loaded onto a computer to produce a “machine,” such that the instructions that execute on the computer create structures for implementing the functions described herein or shown in the figures. Further, these programs and subprograms may be loaded onto a computer so that they can direct the computer to function in a particular manner, such that the instructions produce an article of manufacture including instruction structures that implement the function specified in the flow chart block or blocks.
- the programs and subprograms may also be loaded onto a computer to cause a series of operational steps to be performed on or by the computer to produce a computer implemented process such that the instructions that execute on the computer provide steps for implementing the functions specified in the flow chart block or blocks.
- the phrase “loaded onto a computer” also includes being loaded into the memory of the computer or a memory associated with or accessible by the computer.
- programs and subprograms may be associated with the adapter modules 100 , the server 130 , and the mobile device 150 (including the mobile application 140 ) and these programs and subprograms may be divided into smaller subprograms to perform specific functions.
- messages,” “communications,” “signals,” and/or “transmissions” include various types of information and/or instructions including, but not limited to, data, commands, bits, symbols, voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, and/or any combination thereof.
- Appropriate technology may be used to implement the “communications,” “signals,” and/or “transmissions” including, for example, transmitters, receivers, and transceivers.
- “Communications,” “signals,” and/or “transmissions” described herein would use appropriate technology for their intended purpose.
- hard-wired communications e.g., wired serial communications
- short-range communications e.g., Bluetooth
- long-range communications e.g., GSM, CDMA, Wi-Fi, or the like
- SSL or TLS Secure Sockets Layer
- the security units 755 and 955 include technology for securing messages.
- the security technology may be, for example, encryption/decryption technology (e.g., software or hardware).
- the communications unit 770 (shown in FIG. 20 ) of the adapter module 100 is shown as including appropriate input and output mechanisms 772 , 774 that may be implemented in association (e.g., directly or indirectly in functional communication) with male and female adapters 720 , 730 of the adapter module 100 .
- the communications unit 870 (shown in FIG. 20 ) of the adapter module 100 is shown as including appropriate input and output mechanisms 772 , 774 that may be implemented in association (e.g., directly or indirectly in functional communication) with male and female adapters 720 , 730 of the adapter module 100 .
- the communications unit 870 (shown in FIG.
- the mobile device 150 includes mechanisms for both long-range communications (shown as the long-range communication capability 872 such as cellular and/or Wi-Fi mechanisms) for communicating with the server 130 and short-range communications (shown as the short-range communication capability 876 such as Bluetooth mechanisms) for communicating with the adapter module 100 .
- long-range communications shown as the long-range communication capability 872 such as cellular and/or Wi-Fi mechanisms
- short-range communications shown as the short-range communication capability 876 such as Bluetooth mechanisms
- the terms “provide” and “providing” are meant to include standard means of provision including “transmit” and “transmitting,” but can also be used for non-traditional provisions as long as the “communications,” “signals,” and/or “transmissions” are “received” (that can also mean obtained).
- transmit and “transmitting” (and variations thereof) are meant to include standard means of transmission, but can also be used for non-traditional transmissions as long as the “communications,” “signals,” and/or “transmissions” are “sent.”
- receive and “receiving” (and variations thereof) are meant to include standard means of reception, but can also be used for non-traditional methods of obtaining as long as the “communications,” “signals,” and/or “transmissions” are “obtained.”
- the term “associated” is defined to mean integral or original, retrofitted, attached, connected (including functionally connected), positioned near, and/or accessible by.
- the user interface e.g., a traditional display 122 ( FIG. 19 ), a touch screen display 124 ( FIG. 19 ), a key pad 126 ( FIG. 19 ), buttons 126 ( FIG. 19 , shown as part of the key pad 126 ), a keyboard (not shown), and/or other input or output mechanism
- the user interface may be original to the payment accepting unit 120 , retrofitted into the payment accepting unit 120 , attached to the payment accepting unit 120 , and/or a nearby the payment accepting unit 120 .
- adapter modules 100 may be associated with payment accepting units 120 in that the adapter modules 100 may be original to the payment accepting unit 120 , retrofitted into the payment accepting unit 120 , attached to the payment accepting unit 120 , and/or a nearby the payment accepting unit 120 .
- FIGS. 5 , 6 , and 7 together show major components of the mobile-device-to-machine payment system and the interactions there-between.
- the adapter module 100 functionally connected bi-directionally to the payment accepting unit 120 via a wired serial connection such that no security is necessary.
- the adapter module 100 is also functionally connected bi-directionally to the mobile device 150 (and its installed mobile application 140 ) via short-range communication technology (e.g., a Bluetooth connection). Because the mobile device 150 is not a “trusted” link (e.g., it could be hacked by a user), only secured communications (transmissions) are passed between the adapter module 100 and the mobile device 150 . This keeps communications secured and safe from hacking.
- the mobile device 150 (and its installed mobile application 140 ) is also functionally connected bi-directionally to a system management server 130 and/or a funding source server 160 via long-range communication technology (e.g., Wi-Fi or Cellular connection) that preferably has appropriate security (e.g., SSL security).
- Security between the mobile device 150 and the system management server 130 has the advantage of protecting communications from the mobile device 150 to the system management server 130 that may include sensitive data and may not be encrypted.
- the system management server 130 and the funding source server 160 may be connected via a wired Internet connection with SSL security.
- the system management server 130 may be connected via a wired Internet connection with SSL security to an operators' server 170 .
- the operators' server 170 may be connected to the payment accepting unit 120 using a handheld computer sync or a cellular connection.
- a unique private key may be used to securely transmit encrypted messages between the adapter module 100 and the system management server 130 (although the encrypted transmissions would most likely be routed through the mobile device 150 ).
- the server 130 stores a private key for each adapter module 100 , and this key is only known to the adapter module 100 and the server 130 . No intermediary is privy to this key (especially not the mobile device 150 ).
- the security unit 755 of the adapter module 100 encrypts the message with its private key and passes the message to the mobile device 150 .
- the mobile device 150 (which preferably cannot decrypt the message) passes the encrypted message to the server 130 .
- the server 130 is able to decrypt the message using the security unit 955 of the adapter module 100 and the unique private key.
- the security unit 955 of the server 130 uses this same unique private key to encrypt messages to the adapter module 100 and sends the message to the mobile device 150 to relay to the adapter module 100 that is able to decrypt the message using the security unit 755 of the adapter module 100 and the unique private key.
- FIG. 7 shows specific communications and messaging with a vending sequence (the numbers to the left of the communications and messaging) between the adapter module 100 , the mobile device 150 , and the system management server 130 . These communications are discussed in more detail in the discussion pertaining to the schematic flow diagrams ( FIGS. 8A-8G ) and the flow charts ( FIGS. 9A-9E ).
- FIGS. 5 , 6 , and 7 are examples, and are meant to help in the understanding of the mobile-device-to-machine payment system.
- the shown long-range communications technology may be replaced with alternative long-range communications technology known or yet to be discovered
- the shown short-range communication technology may be replaced with alternative short-range communication technology known or yet to be discovered
- the shown security may be replaced with alternative security known or yet to be discovered.
- the shown connections are meant to be examples, and there may be intermediaries that are not shown.
- the shown components have been simplified in that, for example, only one mobile device 150 (or machine 120 , adapter module 100 , or server 130 ) is shown where many may be included. Finally, the order of the steps may be changed and some steps may be eliminated.
- FIGS. 11-18 show views of adapter module 100 a (referred to generally as adapter module 100 ).
- Adapter module 100 is a relatively low cost hardware component that is pre-configured to work with the industry standard multi-drop bus (MDB). On machines without MDB technology, the adapter module 100 can be configured or designed to work with other serial protocols or activate a switch. In essence the adapter module 100 simulates establishing payment on payment accepting unit 120 in much the same manner as other alternative forms of payment (e.g., cash).
- MDB industry standard multi-drop bus
- the shown adapter modules 100 are preferably designed to be used as an in-line dongle for in-line insertion within, for example, a MDB of a machine 120 .
- the wire used in MDB technology uses male and female connection ends or adapters to allow the attachment of peripherals. In the case of a vending machine, the wire with the connection ends or adapters would be present to allow the attachment of a payment receiving mechanism (e.g., a coin mechanism).
- the MDB male and female adapters 700 , 710 may be separated (as shown in FIGS. 17-18 ).
- the adapter module 100 a in FIGS. 11 and 17 - 18 has a male adapter 720 and a female adapter 730 .
- the adapter module 100 a may be plugged (inserted) in serial (“in-line”) with the wire.
- the MDB female adapter 710 may be connected to the male adapter 720 of the adapter module 100 and the MDB male adapter 700 may be connected to the female adapter 730 of the adapter module 100 .
- the resulting in-line configuration is shown in FIG. 19 .
- the adapter modules 100 are designed to allow pass-through communications so that if the mobile-device-to-machine payment processing system is not enabled (e.g., for a particular purchase or simply turned off) the MDB functions as though the adapter module 100 is not there and the machine 120 can function normally.
- a hands-free mode from the user's perspective, would allow the user to approach a favorite payment accepting unit 120 and notice that the display (e.g., the displays 122 or 124 shown in FIG. 19 ) associated with the payment accepting unit 120 shows funds available (e.g., the wallet balance), he would select the product or service using input mechanisms (e.g., buttons 126 or a touch screen display 124 shown in FIG. 19 ) associated with the payment accepting unit 120 , and he would retrieve his dispensed services or products.
- the display e.g., the displays 122 or 124 shown in FIG. 19
- funds available e.g., the wallet balance
- the adapter module 100 reports to the mobile device 150 whether or not hands-free mode is available. If it is available, the installed mobile application 140 automatically connects to the payment accepting unit 120 without the user having to interact with the mobile device 150 . The user observes that funds are available on the display 122 , 124 of the payment accepting unit 120 and completes the purchase transaction as if cash was inserted in the machine 120 by inputting his selection on the payment accepting unit 120 . The payment accepting unit 120 dispenses the product or service. After the selection is made, the change is returned to the mobile device 150 .
- hands-free payment is available is determined by factors including, but not limited to whether if other mobile devices 150 are in range, if other adapter modules 100 are in range, if there are any alerts, if the payment trigger threshold is having wide variances and so deemed unstable, or if the payment accepting unit operator (e.g., a vending machine operator) has opted to disable hands-free mode for the payment accepting unit 120 . In the latter instance, operators can disable via a maintenance mobile device 150 , as well as through the operators' server 170 and/or the system management server 130 .
- FIG. 3 is a table that shows considerations, conditions, or factors that may be used to determine whether the hands-free pay feature is available.
- this indicates whether the payment accepting unit 120 is a favorite machine.
- the hands-free pay feature is only available for use with “favorite” payment accepting units 120 (e.g., a vending machine at work or school).
- the “Alert” column has to do with whether there is some reason (e.g., there are too many users in range) that the hands-free pay feature should not work and, if there is such a reason, the user will be notified (alerted) and may be able to use the manual mode to resolve the alert and/or complete the transaction.
- FIG. 3 shows situations in which a user is or is not able to make hands-free purchases from a machine 120 using a mobile application 140 on his mobile device 150 .
- the shown interface is an example.
- some of the features could be automated or pre-selected.
- the left hand column, the “Tab” column relates to whether the selected tab on the mobile application 140 is “all” or “favorite.”
- FIGS. 10A-10D all show these tabs. Unlike the other columns in FIG. 3 , this column has more to do with the functionality and view of the application 140 than specifically with the hands-free feature.
- the tabs would allow a user to select whether he wanted to be alerted when he was in range of all payment accepting units 120 or just “favorite” payment accepting units 120 and the application 140 would show the appropriate view.
- An optional feature of the mobile-device-to-machine payment system that is particularly helpful in the hands-free mode (although it may be available in the manual mode and/or in a multiple-vend scenarios) is when the user's mobile device 150 sends “credit” to the payment accepting unit 120 (either via hands-free payment or through a manual swipe), the wallet balance is sent to the payment accepting unit 120 that is then displayed to the user on a display 122 , 124 of the machine 120 . This is particularly beneficial during hands-free mode when the user does not retrieve the mobile device 150 and, therefore, may not know the balance. Also, in a multiple-vend scenario the user would not have to calculate a remaining balance.
- An example of a hands-free, multiple-vend scenario where a balance is displayed by the payment accepting unit 120 follows: The user has $5.00 in his/her virtual wallet as that is the amount that has been authorized (the AuthGrant being stored on the mobile device 150 ). The user walks up to the payment accepting unit 120 and $5.00 is displayed on the display 122 , 124 of the payment accepting unit 120 since hands-free mode was enabled and credit was sent (e.g., via the short-range communication capability) to the payment accepting unit 120 . The user makes a selection of $1.50 by interacting (e.g., pressing buttons) with the machine 120 .
- the item (product or service) is dispensed and the “change” is “returned” (e.g., via the short-range communication capability) to the virtual wallet. But since the user is still standing in the payment zone 102 , the remaining wallet balance of $3.50 is sent to the payment accepting unit 120 and displayed so that the user can now see that he/she has a $3.50 balance. (It should be noted that the authorized funds may remain on the machine 120 and not be transferred back to the mobile device 150 between transactions.) The user decides to purchase a $1.50 item, and the transaction is completed as usual (e.g., by interacting with the machine 120 ).
- the user is still standing in the payment zone 102 and he/she sees the wallet balance of $2.00 on the display 122 , 124 of the payment accepting unit 120 .
- the user decides that he/she does not wish to purchase anything else and simply walks away.
- the credit is cleared from the machine 120 , but he/she is left with the knowledge that his wallet balance is $2.00 even though he/she never touched the mobile device 150 .
- Communications between the payment accepting unit 120 and the adapter module 100 handle the accounting incidental to the transaction.
- the remaining balance ($2.00) is technically stored on the server 130 , and may be reflected on the application 140 on the mobile device 150 .
- the functions performed by the adapter module 100 can be divided into distinct zones: a first “communication zone” (e.g., “Bluetooth range” 106 ), a second “authorization zone” 104 , and a third “payment zone” 102 .
- the payment zone 102 is smaller than or equal to (overlapping completely) the authorization zone 104 . Put another way, the payment zone 102 is within or coextensive with the authorization zone 104 .
- the payment zone 102 is a subset of the authorization zone 104 with a ratio of the payment zone 102 to the authorization zone 104 ranging from 0.01:1 to 1:1.
- zones 102 , 104 , 106 are depicted as having a uniform shape, the zones may not necessarily be uniform (or constant over time) in that the shape can vary.
- shape of the Bluetooth range 106 may vary depending on environmental conditions such as obstacles in the room and payment accepting unit 120 door/wall materials.
- Bluetooth Range 106 (sometimes also herein called the “communication zone”): The outermost range is the Bluetooth range 106 (shown in FIGS. 1-2 ). This is the area in which the adapter module 100 is able to broadcast its presence. In most situations, the Bluetooth range 106 is a passive range in that no actual data is exchanged between the mobile device 150 and the adapter module 100 . While in the Bluetooth range 106 , the mobile device 150 monitors the RSSI (Received Signal Strength Indicator).
- RSSI Receiveived Signal Strength Indicator
- the middle region is the authorization zone 104 (shown in FIGS. 1-2 ). This is a computed area based on the RSSI. As mentioned, the mobile device 150 monitors the RSSI while it is in the Bluetooth range 106 . When the RSSI reaches a certain predetermined threshold based on In-Range Heuristics, the mobile device 150 can be considered to be in the authorization zone 104 . In the authorization zone 104 the mobile device 150 establishes a connection to the adapter module 100 (e.g., a Bluetooth connection ( FIG. 5 ) with SSL protection ( FIG. 6 )) and informs the adapter module 100 of its presence.
- the adapter module 100 e.g., a Bluetooth connection ( FIG. 5 ) with SSL protection ( FIG. 6 )
- the mobile device 150 After a successful handshake with the adapter module 100 , the mobile device 150 registers the adapter module 100 and the adapter module 100 requests an authorization to the server 130 via the mobile devices' network connection (e.g., a Wi-Fi or cellular connection ( FIG. 5 ) with SSL protection ( FIG. 6 )). It is important to note the mobile device 150 and the adapter module 100 have a non-exclusive relationship at this point.
- the adapter module 100 may collect registrations for all mobile devices 150 that are within the authorization zone 104 .
- An authorization occurs in preparation for when the user enters the payment zone 102 (shown in FIGS. 1-2 ).
- An authorization expires in a set period of time (for example, five minutes), so if the mobile device 150 is still in the authorization zone 104 at the time of expiration, the adapter module 100 submits for and receives another authorization. This will continue for a set number of times (for example, the limit may be three times to limit cases of numerous authorizations for a mobile device that may remain in the authorization zone 104 for an extended period of time without completing a transaction). Should authorization fail (for instance if the limit had been reached) prior to the user entering the payment zone 102 , the adapter module 100 will request authorization when the mobile device 150 enters the payment zone 102 (which adds a few seconds to the experience).
- Payment Zone 102 As a user enters the payment zone 102 , the mobile device 150 establishes exclusive control of the adapter module 100 . Once established, any other user in the payment zone 102 is put into a “waiting” status.
- the payment can be triggered automatically if the payment processing system has and is in hands-free mode.
- the mobile device 150 is running the application 140 in background mode and will send credit to the payment accepting unit 120 without any explicit user interaction.
- the user completes the transaction on the payment accepting unit 120 in much the same manner as if cash had been inserted into the payment accepting unit 120 to establish credit.
- details of the transaction are preferably returned to the mobile device 150 and server 130 in separate messages.
- the message to the server 130 is preferably encrypted with the adapter module's 100 private key ( FIG. 6 ) to ensure data integrity. As shown in FIG.
- the “private key” coded message (Encrypted VendDetails) is preferably sent via the mobile device 150 .
- the message to the mobile device 150 may be sent solely for the purpose of closing the transaction.
- the transaction history and balance are updated server-side via the encrypted message sent to the server 130 .
- the other mode of operation is manual mode.
- manual mode the user launches the mobile device 150 and is able to swipe to send payment to the payment accepting unit 120 .
- the user can also swipe back to cancel the payment.
- hands-free mode the purchase transaction is completed on the payment accepting unit 120 in the same manner as if cash were inserted into the payment accepting unit 120 .
- the mobile device 150 is only used to send payment. Selection is made directly on the payment accepting unit 120 .
- a key, but optional feature, of the payment processing system is a self-calibrating payment zone RSSI threshold. Because RSSI can vary machine to machine, environment to environment, and device to device, having a fixed threshold at which payment is triggered can be problematic. The approach suggested herein is the creation of a self-calibrating threshold.
- the payment accepting unit 120 When the user is interacting with the payment accepting unit 120 (such as when he makes his selection on the payment accepting unit 120 ), the payment accepting unit 120 notifies the adapter module 100 and the adapter module 100 logs the conditions such as RSSI, type of user mobile device 150 , accelerometer data, and other information.
- FIG. 4 shows a simplified set of steps involved when users enter the payment zone 102 .
- FIG. 4 shows that credit is established 200 (this may have been done in the authorization zone 104 , but if not it would be handled in the payment zone 102 ), that the user makes a selection using the machine 202 , that the machine notifies the adapter module of the selection 204 , that the adapter module (optionally) logs the RSSI 206 , and that the purchase process(es) continues 208 .
- the adapter module 100 uses the historically logged RSSI data, calculates one of several “average” RSSI using various mathematical models. This “average” could be a traditional average, a moving average, a weighted average, a median, or other similar summary function.
- the adapter module 100 could pre-process the historical data before running the function, such as to eliminate top and bottom data points, suspect data points, etc.
- the information transmitted to the adapter module 100 may include, for example, the model of the mobile device 150 .
- the adapter module 100 can create multiple payment thresholds, one for each mobile device model. This allows for variances that may be inherent in different types of Bluetooth radios.
- An alternative to this method is for the adapter module 100 to broadcast a baseline payment zone threshold, and the mobile device 150 can use an offset from this baseline based on its specific model type.
- the payment zone thresholds (or baseline offsets) can be unique to specific types of mobile devices (e.g., by manufacturer, operating system, or component parts), models of mobile devices, or individual mobile devices (unique to each user).
- the adapter module 100 advertises its presence along with the threshold at which it considers any mobile device 150 to be in the authorization zone 104 . This is a one-way communication from adapter module 100 to mobile device 150 . Once the mobile device 150 enters the authorization zone 104 , there is a handshake that is established between the adapter module 100 and the mobile device 150 . During this handshake, the mobile device 150 can share its model information with the adapter module 100 , and the adapter module 100 can return the payment zone 102 threshold for that specific model.
- the adapter module 100 can apply the self-calibrating model to the authorization zone 104 to calibrate the authorization zone threshold.
- the authorization zone thresholds can be unique to specific types of mobile devices, models of mobile devices, or individual mobile devices.
- the adapter module 100 would broadcast multiple thresholds by device type and the mobile device 150 would determine which threshold to apply (or alternatively broadcast a baseline and the mobile device 150 uses an offset based on its device model).
- the authorization zone 104 is a one-way communication.
- a safety margin can be added to minimize scenarios in which a user is within range, but the mobile-device-to-machine payment processing system does not recognize it because the threshold may not have been reached. For example, if the calculated RSSI for an iPhoneTM 5 on machine 4567 is ⁇ 68 db, the mobile-device-to-machine payment processing system may add a safety margin of ⁇ 5 db, and establish the threshold at ⁇ 73 db.
- the mobile-device-to-machine payment processing system will allow the mobile device 150 to credit the payment accepting unit 120 .
- the safety margin can be set on the server 130 and downloaded to the adapter module 100 , or set on the mobile device 150 , or set on the adapter module 100 itself.
- the mobile device 150 can use other data to determine when to cancel the exclusive control of the payment accepting unit 120 , to identify when the user is moving out of the payment zone 102 .
- External data could include accelerometer data from the mobile device 150 . Using that data, the mobile device 150 can determine whether the user is standing relatively still in front of the payment accepting unit 120 , or if the user is in motion—effectively walking away from the payment accepting unit 120 .
- the mobile-device-to-machine payment processing system described herein uses a mobile device's 150 short-range communication technology (e.g., Bluetooth mechanisms) (shown as short-range communication capability 876 in FIG. 21 ) and a mobile device's 150 long-range communications technology (e.g., cellular and/or Wi-Fi mechanisms) (shown as long-range communication capability 872 in FIG. 21 ).
- the short-range communication capability 876 communicates with the adapter module's 100 short-range communication technology (e.g., Bluetooth mechanisms) (shown as short-range communication capability 776 in FIG. 20 ).
- the long-range communication capability 872 communicates with the server's 130 long-range communications technology (e.g., cellular and/or Wi-Fi mechanisms) (shown as long-range communication capability 972 in FIG. 22 ).
- the mobile device 150 (with a mobile application 140 thereon) acts as a communication bridge between the adapter module 100 (associated with a payment accepting unit 120 ) and the server 130 . This process is described herein and works properly if there is cellular or Wi-Fi coverage within the payment zone 102 .
- One option if there is no cellular or Wi-Fi coverage within the payment zone 102 is to determine whether there is cellular or Wi-Fi coverage within the authorization zone 104 or the Bluetooth range 106 . If there is, then the sizes of the zones 102 , 104 , 106 could be adapted and the timing could be adapted. For example, if the mobile devices 150 detected problems with the cellular or Wi-Fi coverage within the payment zone 102 , the user could carry his mobile device 150 into the other zones (or the mobile device 150 could use short-range communication technology to communicate with other mobile devices 150 within the authorization zone 104 or the Bluetooth range 106 ) to determine whether the zones have cellular or Wi-Fi coverage.
- communication between the mobile device 150 and the server 130 can be advanced (conducted earlier when the mobile device 150 is further from the machine 120 ) or delayed (conducted later when the mobile device 150 is further from the machine 120 ). This can be thought of as changing the size or shapes of the zones 102 , 104 , 106 .
- the timing would also have to be adjusted so that the authorization of funds (AuthGrant) does not expire before the user has a chance to make a purchase. It also means that balance updates to the server 130 may happen after the user has moved away from the machine 120 and has cellular or Wi-Fi coverage again.
- Another option if there is no cellular or Wi-Fi coverage within any of the zones 102 , 104 , 106 is for the user to obtain authorization while outside of the zones in a place with cellular or Wi-Fi coverage. This may occur, for example, if a user knows that he will be going to a place with a payment accepting unit 120 equipped with an adapter module 100 (perhaps to a favorite payment accepting unit 120 ) that does not have (or rarely has) cellular or Wi-Fi coverage.
- a user may also use the mobile application 140 to query payment accepting units 120 in a given range (e.g., within 50 miles) or at a given location (e.g., at a campground or in a particular remote city) to determine whether there is cellular or Wi-Fi coverage within the zones 102 , 104 , 106 .
- the user can then obtain pre-authorization from the server 130 using the mobile application 140 .
- the timing would also have to be adjusted so that the authorization of funds (AuthGrant) does not expire before the user has a chance to make a purchase. It also means that balance updates to the server 130 may happen after the user has moved away from the machine 120 and has cellular or Wi-Fi coverage again.
- a mobile-device-to-machine payment system having the ability to implement this option would be able to accept cashless payments without requiring any network connection near the payment accepting unit 120 .
- the mobile-device-to-machine payment processing systems described herein is located in a remote location where no signal is available, therefore, can accept cashless payments.
- the user may be traveling to a remote location to attend summer camp where there is no cellular or Wi-Fi coverage.
- the camp may have several payment accepting units 120 (e.g., a machine that creates a dedicated “hot spot” that requires payment for use, vending machines, or machines for renting equipment such as bikes, kayaks, or basketballs).
- the camp facility might notify parents that the mobile-device-to-machine payment system is available.
- the parents while at home, could obtain authorization for a particular amount (that could be doled out a certain amount per day or limited to type of machine or location) to be authorized and “loaded” into the user's mobile device 150 and specify that the authorization will not expire for a certain period or until a certain date. Thereafter, while at camp, the user could use the mobile application 140 on his mobile device 150 in a manner similar to those discussed elsewhere herein. Short-range communications may be used for communications between the adapter modules 100 (associated with the machines 120 ) and users' mobile devices 150 .
- One subtle but powerful component of the payment processing system described herein is that it requires a long-range communication capability (e.g., an Internet or cellular network connection) only in the authorization zone 104 and only for the time period required to send the AuthRequest and receive the AuthGrant.
- a long-range communication capability e.g., an Internet or cellular network connection
- the long-range communication capability is not required by either the mobile device 150 or the adapter module 100 in the payment zone 102 as long as the AuthGrant is valid (unexpired).
- This mechanism allows the system to seamlessly handle authenticated transactions in (temporary) offline mode, with the deferred acknowledgement and transaction messages performing the bookkeeping and cleanup when network connection is regained.
- the alternatives described above provide a unique way to artificially extend the authorization zone to include any location where the mobile device 150 can communicate with the server 130 .
- multiple users are in the zones 102 , 104 , 106 .
- users 1 , 2 , and 3 are in the payment zone 102 near the machine 120 ;
- users 5 and 6 are shown as positioned between the authorization zone 104 and the Bluetooth range 106 ;
- users 4 and 7 are in the Bluetooth range 106 ,
- user 10 is positioned on the edge of the Bluetooth range 106 ;
- users 8 and 9 are positioned outside of Bluetooth range 106 .
- the mobile-device-to-machine payment processing system manages and resolves issues pertaining to multiple users.
- the adapter module 100 is preferably unaware of the users in the Bluetooth range 106 . All the adapter module 100 is doing is advertising its presence to any multitude of users that may be in Bluetooth range 106 .
- the adapter module 100 begins to log users as the users (and their respective mobile devices 150 ) enter the authorization zone 104 (shown in FIG. 2 as users 5 and 6 ). At this point, there is a non-exclusive connection initiated by the mobile device 150 to the adapter module 100 . It does a handshake (e.g., to exchange information needed to obtain authorization and, optionally, to log information needed for a self-calibrating authorization zone threshold) and the mobile device 150 contacts the server 130 for an authorization (e.g., sending an AuthRequest and receiving an AuthGrant). The adapter module 100 registers all mobile devices 150 that have requested and received AuthGrants. The adapter module 100 continues communicating with any other mobile device 150 that enters the authorization zone 104 . After initial contact, the adapter module 100 may provide the mobile device 150 with a deferral delay of when to check back in with the adapter module 100 allowing opportunity for other mobile devices 150 to communicate with the adapter module 100 .
- a handshake e.g., to exchange information needed to obtain
- a purchase transaction may be performed. If there are multiple users in the payment zone 102 , the mobile-device-to-machine payment system must handle the situation.
- One optional solution for handling the situation of the multiple users in the payment zone 102 is queuing users in the payment zone 102 .
- any mobile device 150 Once any mobile device 150 enters the payment zone 102 , it establishes exclusivity to a particular mobile device 150 (e.g., in a first-come-first-serve manner).
- the adapter module 100 is not establishing an exclusive connection to the mobile device 150 .
- the adapter module 100 can still perform a round-robin poll and communicate with and advertise to other mobile devices 150 . Instead, the adapter module 100 establishes a queue prioritized by RSSI and time (e.g., who was first and whether the authorization has expired) and it notifies (e.g., alerts) other mobile devices 150 to wait.
- the earliest valid (unexpired) authorization takes precedence when there is any tie in the RSSI. Otherwise, for example, the strongest average RSSI takes priority.
- the queue is not a static measure of the RSSI but an averaged measure over the period of time in the queue. This compensates for a scenario in which a user may be walking around in the queue and then shows up at the payment accepting unit 120 just as the previous user is finishing. If another user was also in the payment zone 102 and stood there the entire time, but may have newer authorization, he could win out.
- the adapter module 100 will disable hands-free payment.
- the mobile device 150 will send an alert to the user and he can use swipe to pay (manual mode). All users in payment zone 102 will show “Connected” and the first to swipe payment to the payment accepting unit 120 then locks out other users.
- determining which payment accepting unit 120 a user is in front of can be a challenge.
- the mobile-device-to-machine payment processing system described herein allows adapter modules 100 to communicate to other adapter modules 100 in range via Bluetooth.
- Each user receives authorization grants for specific payment accepting units 120 . This means if there are multiple adapter modules 100 within the same authorization zone 104 , there will be multiple authorization grants for the user.
- it can be difficult to differentiate which payment accepting unit 120 the user is in front of if the payment zones 102 overlap.
- the adapter modules 100 communicate with each other to determine the RSSI for the particular user (based on the signal from his mobile device 150 ) to triangulate which adapter module 100 (and the associated payment accepting unit 120 ) is closer to the user.
- the inter-module communications can restrict the user to establishing an exclusive connection with only one payment accepting unit 120 .
- the mobile device 150 can send a communication to the payment accepting unit 120 for momentary display to the user on the display 122 , 124 of the payment accepting unit 120 .
- the mobile device 150 can send a communication (e.g., “connected” or “Fred's Mobile Device Connected”) to the payment accepting unit's display 122 , 124 for a predetermined period of time (e.g., 1-3 seconds) so when the user is in payment zone 102 , it is clear which payment accepting unit 120 the user is connected to prior to making a purchase (either in hands-free or manual mode).
- a communication e.g., “connected” or “Fred's Mobile Device Connected”
- the mobile device 150 can display (e.g., on the touch screen 152 as shown in FIGS. 10A-10D ) a visual indication of the payment accepting unit 120 (e.g., a picture and/or a payment accepting unit ID of the payment accepting unit 120 ) for visual confirmation. If the user is in manual mode, the user can manually change the payment accepting unit 120 .
- FIG. 7 , FIGS. 8A-8G , and 9 A- 9 E can be used to understand a detailed scenario of the mobile-device-to-machine payment processing system described herein.
- a flow of communications and steps are loosely described below with reference to these (and other figures). It should be noted that alternative scenarios could include, for example, a modified order of the steps performed.
- a user Prior to vending transactions, a user downloads a mobile application 140 onto his mobile device 150 , creates an account, and configures a funding source via, for example, a funding source server 160 .
- a funding source may be, for example, a debit card, a credit card, campus cards, rewards points, bank accounts, payment services (e.g., PayPalTM) or other payment option or combination of payment options known or yet to be discovered.
- the funding sources may be traditional and/or nontraditional payment sources that are integrated into the ecosystem described herein and then used indirectly as a source of funds. Funds from the funding source are preferably held on the server 130 such that when an AuthRequest is received by the server 130 , the server 130 can send an AuthGrant authorizing funds for a purchase.
- the user can specify one or more “favorite” adapter module(s) 100 (that has a one-to-one relationship to the payment accepting unit 120 ) that he may visit regularly, such as a vending machine at school or work.
- Favorite adapter modules 100 appear on a pre-filtered list and allow for additional rich features such as hands-free payment.
- the payment accepting unit 120 may be equipped with an adapter module 100 that is constantly advertising its availability via Bluetooth (or other “signals,” “communications,” and/or “transmissions”). This ongoing advertising and scanning for adapter modules is shown in FIG. 8A . As shown, the mobile device 150 is continuously scanning for any adapter module 100 within Bluetooth (or other “signal,” “communication,” and/or “transmission”) range. When the user is within range of that adapter module 100 , the mobile device 150 tracks and monitors the signal strength until a predetermined “authorization zone” threshold is achieved.
- FIGS. 8B and 9A generally show that when the authorization zone threshold is reached, the mobile device 150 enters the authorization zone (block 302 ) and registers the adapter module 100 .
- the mobile device 150 connects to the server 130 (block 304 ).
- the application 140 on the mobile device 150 creates a request for authorization (AuthRequest) and passes the AuthRequest to the server 130 using appropriate communication technology (e.g., GSM, CDMA, Wi-Fi, or the like) (block 306 ).
- the server 130 responds with an authorization grant (AuthGrant) encrypted with the specific adapter module's private key (block 306 ).
- This authorization token may minimally include the User identifier (ID), Apparatus ID (for the adapter module 100 ), authorization amount, and expiration time.
- the mobile device 150 receives the AuthGrant from the server 130 , and retains it until the mobile device 150 is ready to issue payment to an adapter module 100 .
- the mobile device 150 collects all pending AuthGrants that may be one or more depending on how many adapter modules 100 are in-range. Unused AuthGrants that expire are purged from the mobile device 150 and the server 130 . It is important to note that the mobile device 150 is unable to read the AuthGrant because it is encrypted with the adapter module's unique private key that is only known to server 130 and adapter module 100 .
- Blocks 310 and 312 show the loop steps of waiting for a mobile device 150 from the authorization zone 104 to enter the payment zone 102 . If the user leaves the authorization zone 104 without entering the payment zone 102 , the adapter module 100 returns to advertising its presence (block 300 ).
- FIGS. 8C and 9B generally show the user entering the payment zone.
- the mobile device 150 verifies that it has an unexpired and valid AuthGrant. If the AuthGrant is not good, it may be requested again, repeating the Authorization Request process (block 315 ). If the AuthGrant is good, the mobile device 150 sends the valid AuthGrant (including the wallet balance (block 322 )) to the adapter module 100 to initiate a transaction.
- the mobile device 150 may issue the AuthGrant automatically without specific user interaction if the hands-free mode is supported (and the device is a favorite (block 318 ), there is only one device in the payment zone 102 (block 318 ), and (optionally) there is only one user in the authorization zone 104 (block 320 ). If any of these factors are not present, the mobile device 150 will prompt and/or wait for the user to begin the transaction manually (block 324 ).
- FIGS. 8D , 9 C, and 9 D generally show the transaction process.
- the adapter module 100 runs through a series of questions to determine if there are any issues that would prevent vending including: has the user canceled in-app? (block 326 ), has the user walked away? (block 328 ), is the coin return pressed? (block 330 ), has more than a predetermined period of time elapsed? (block 332 ). If the answer to any of these questions is “yes,” the transaction does not proceed. If the answers to all of these questions is “no,” the user makes a selection (block 334 ) on the payment accepting unit 120 in the same or similar manner as compared to if cash or credit were presented to the payment accepting unit 120 .
- the machine 120 If the machine 120 is able to vend (block 336 ), it attempts to release the product. If the vend fails (block 338 ) it is reported by the machine (block 340 ) and a credit is returned to the virtual wallet (block 342 ). If the vend is successful (block 338 ) it is reported by the machine (block 344 ). Put another way, after the transaction is complete, the adapter module 100 returns to the mobile device 150 the details of the transaction as well as an encrypted packet containing the vend details to be sent to the server 130 via the mobile device 150 . Optionally, the adapter module 100 can pass additional information not directly related to the transaction such as payment accepting unit health, sales data, error codes, etc.
- FIGS. 8D and 9E generally show the multi-vend function. If the machine has enabled multi-vend capabilities (block 350 ) and the multi-vend limit has not been reached, the process returns to the question of whether the user is in the payment zone (block 310 of FIG. 9A ). If the machine does not have enabled multi-vend capabilities (block 350 ) or the multi-vend limit has been reached, the wallet is decremented by the vend amount(s) and “change” is returned to the virtual wallet (block 354 ) and the process ends (block 356 ).
- FIG. 8E is a schematic flow diagram of an example login process.
- FIG. 8F is a schematic flow diagram of an example boot-up process.
- FIG. 8G is a schematic flow diagram of an example account check/update process.
- FIGS. 9A-9E are flow charts (e.g., FIGS. 9A-9E ) illustrating methods and systems. It will be understood that each block of these flow charts, components of all or some of the blocks of these flow charts, and/or combinations of blocks in these flow charts, may be implemented by software (e.g., coding, software, computer program instructions, software programs, subprograms, or other series of computer-executable or processor-executable instructions), by hardware (e.g., processors, memory), by firmware, and/or a combination of these forms.
- software e.g., coding, software, computer program instructions, software programs, subprograms, or other series of computer-executable or processor-executable instructions
- hardware e.g., processors, memory
- firmware e.g., firmware, and/or a combination of these forms.
- computer program instructions may be loaded onto a computer to produce a machine, such that the instructions that execute on the computer create structures for implementing the functions specified in the flow chart block or blocks.
- These computer program instructions may also be stored in a memory that can direct a computer to function in a particular manner, such that the instructions stored in the memory produce an article of manufacture including instruction structures that implement the function specified in the flow chart block or blocks.
- the computer program instructions may also be loaded onto a computer to cause a series of operational steps to be performed on or by the computer to produce a computer implemented process such that the instructions that execute on the computer provide steps for implementing the functions specified in the flow chart block or blocks.
- blocks of the flow charts support combinations of steps, structures, and/or modules for performing the specified functions. It will also be understood that each block of the flow charts, and combinations of blocks in the flow charts, may be divided and/or joined with other blocks of the flow charts without affecting the scope of the invention. This may result, for example, in computer-readable program code being stored in whole on a single memory, or various components of computer-readable program code being stored on more than one memory.
- FIG. 23 illustrates a schematic flow diagram of a process 1000 of authenticating a user to perform a transaction in the payment processing system in accordance with some implementations.
- the payment processing system includes one or more payment modules 100 (e.g., each associated with a respective payment accepting unit 120 such an automatic retailing machine for dispensing goods and/or services), one or more mobile devices 150 (e.g., each executing the application 140 for the payment processing system either as a foreground or background process), and the server 130 .
- the server 130 manages the payment processing system and, in some cases, is associated with an entity that supplies, operates, and/or manufactures the one or more payment modules 100 .
- the process 1000 will be described with respect to a respective payment module 100 and a respective mobile device 150 in the payment processing system.
- the payment module 100 broadcasts ( 1002 ), via a short-range communication capability (e.g., BLE), a packet of information (sometimes also herein called “advertised information”).
- the packet of information at least includes an authorization code and an identifier associated with the payment module 100 (module ID).
- the packet of information further includes a firmware version of the payment module 100 and one or more status flags corresponding to one or more states of the payment module 100 and/or the payment accepting unit 120 .
- the information included in the packet broadcast by the payment module 100 is further discussed below with reference to FIG. 24A .
- the payment module 100 sends out a unique authorization code every X seconds (e.g., 100 ms, 200 ms, 500 ms, etc.).
- the unique authorization codes are randomly or pseudo-randomly generated numbers.
- the payment module 100 stores broadcasted authorization codes until a received authorization grant token matches one of the stored authorization codes.
- the payment module 100 stores broadcasted authorization codes for a predetermined amount of time (e.g., Y minutes) after which time an authorization code expires and is deleted.
- the authorization code is encrypted with a shared secret key known by the server 130 but unique to the payment module 100 .
- the payment module 100 initializes a random number and then the authorization codes are sequential counts from this random number. In such implementations, the payment module 100 stores the earliest valid (unexpired) counter without a need to store every valid authorization code.
- the authentication code included in the broadcast packet of information is a hash value of the randomly or pseudo-randomly generated number or the sequential number.
- the mobile device 150 receives the broadcasted packet of information, and the mobile device 150 sends ( 1004 ), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), an authorization request to the server 130 .
- a long-range communication capability e.g., GSM, CDMA, Wi-Fi, or the like
- an application 140 that is associated with the payment processing system is executing as a foreground or background process on the mobile device 150 .
- the application 140 receives the broadcasted packet of information when the mobile device 150 is within the communication zone of the payment module 100 (i.e., BLE range) and either automatically sends the authorization request to the server 130 or sends the authorization request to the server 130 when the mobile device 150 is within the authorization zone of the payment module 100 .
- the broadcasted packet of information includes a baseline authorization zone threshold (i.e., an authorization zone criterion) indicating a baseline RSSI that the mobile device 150 (or the application 140 ) is required to observe before being within the authorization zone of the payment module 100 .
- a baseline authorization zone threshold i.e., an authorization zone criterion
- the mobile device 150 (or the application 140 ) offsets the baseline authorization zone threshold based on the strength and/or reception of the short-range communication capability (e.g., BLE radio/transceiver) of the mobile device 150 .
- the authorization request at least includes the authorization code which was included in the broadcasted packet of information, an identifier associated with the user of the mobile device 150 or the user account under which the user of the mobile device 150 is logged into the application 140 (user ID), and the identifier associated with the payment module 100 (module ID).
- the authentication code included in authorization request is the hash value in cleartext. The authorization request is further discussed below with reference to FIG. 24B .
- the server 130 After receiving the authorization request, the server 130 processes ( 1006 ) the authorization request. In some implementations, the server 130 decrypts the authorization code included in the authorization request with the shared secret key corresponding to the payment module 100 . In some implementations, the server 130 determines whether the user associated with the user ID in the authorization request has sufficient funds in his/her account for the payment processing system to perform a transaction at the machine 120 that is associated with the payment module 100 corresponding to the module ID in the authorization request.
- the server 130 sends ( 1008 ), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), an authorization grant token to the mobile device 150 .
- a long-range communication capability e.g., GSM, CDMA, Wi-Fi, or the like
- the server 130 does not send the authorization grant token if the authorization code in the authorization request cannot be decrypted with the shared secret key corresponding to the payment module 100 (e.g., the authorization code is corrupted or hacked).
- the server 130 does not send the authorization grant token if the user associated with the user ID in the authorization request does not have sufficient funds in his/her account.
- the server 130 in addition to the authorization grant token, sends a message directly to the mobile device 150 which is not encrypted with the shared secret key corresponding to the payment module 100 . After receiving the message, the mobile device 150 displays an appropriate message to the user such as insufficient balance or declined authorization. In some implementations, the server 130 sends an authorization grant token for an amount equal to zero; in which case, the payment module 100 interprets this as a declined or failed authorization which can result for any number of reasons including, but not limited to, insufficient balance or credit.
- the mobile device 150 receives the authorization grant token, and, subsequently, the mobile device 150 detects ( 1010 ) a trigger condition.
- the mobile device 150 (or the application 140 ) detects the trigger condition via the hand-free mode (e.g., upon entrance into the payment zone of the payment module 100 ) or manual mode (e.g., interacting with the user interface of the application 140 to initiate a transaction with the payment accepting unit associated with the payment module 100 ).
- unused authorization grants are canceled by the mobile device 150 by sending a cancellation message to the server 130 corresponding to the unused authorization grant.
- the server 130 denies or limits the number of authorization grants sent to the mobile device 150 until it has received transaction information or cancellation of authorization outstanding authorization grants sent to the mobile device 150 .
- the mobile device 150 sends ( 1012 ), via a short-range communication capability (e.g., BLE), the authorization grant token to the payment module 100 .
- the machine 120 displays credit to the user (e.g., via one of the displays 122 or 124 shown in FIG. 19 ) and the user interacts with the input mechanisms of the machine 120 (e.g., via the buttons 126 or a touch screen display 124 shown in FIG. 19 ) to purchase products and/or services.
- a short-range communication capability e.g., BLE
- FIG. 24A illustrates a block diagram of a packet 1100 of information broadcast by the payment module 100 (e.g., in step 1002 of the process 1000 in FIG. 23 ) in accordance with some implementations.
- the packet 1100 at least includes: module ID 1102 and authorization code 1104 .
- the packet 110 additional includes: a firmware version 1106 and one or more status flags 1108 .
- the module ID 1102 is a unique identifier corresponding to the payment module 100 (sometimes also herein called the “adapter module 100 ”) that broadcast the packet 1100 .
- the authorization code 1104 is a hash value in cleartext.
- the payment module 100 randomly or pseudo-randomly generates a number or determines a sequential number (See step 1002 of process 1000 in FIG. 23 ) and performs a predetermined hash function (e.g., SHA-256) on the number to produce the hash value as the authorization code 1104 .
- the authorization code 1104 is a unique code that is encrypted with a secret encryption key corresponding to the payment module 100 .
- the secret encryption key is shared with the server 130 , which enables the server 130 to decrypt the authorization code 1104 and encrypt the authorization grant token but not the mobile device 150 .
- the encryption between server 130 and payment module 100 is accomplished by two pairs of public/private keys.
- the firmware version information 1106 identifies a current firmware version 1112 of the payment module 100 .
- the firmware version information 1106 also includes update status information 1114 indicating one or more packets received by the payment module 100 to update the firmware or one or more packets needed by the payment module 100 to update the firmware. See FIGS. 26A-26B and 30 A- 30 D and the accompanying text for further discussion regarding updating the firmware of the payment module 100 .
- the one or more status flags 1108 indicate a state of the payment module 100 and/or the payment accepting unit 120 associated with the payment module 100 .
- the one or more status flags 1108 indicate a state of the payment module 100 such upload information indicator 1116 indicating that that the payment module 100 has information to be uploaded to the server 130 (e.g., transaction information for one or more interrupted transactions).
- upload information indicator 1116 triggers the mobile device 150 to connect to payment module 100 immediately (e.g., if it has interrupted transaction information to be uploaded to the server 130 ). See FIGS. 25A-25B and 29 A- 29 C and the accompanying text for further discussion regarding interrupted transactions.
- the one or more status flags 1108 indicate a state of the payment accepting unit 120 including one or more of an error indicator 1118 (e.g., indicating that a bill and/or coin acceptor of the payment accepting unit 120 is experiencing a jam, error code, or malfunction), a currency level indicator 1120 (e.g., indicating that the level of the bill and/or coin acceptor reservoir of the payment accepting unit 120 is full or empty), and/or inventory level(s) indicator 1122 (e.g., indicating that one or more products of the payment accepting unit 120 .
- the one or more status flags 1108 are error codes issued by payment accepting unit 120 over the MDB.
- the zone criteria information 1110 specifies an authorization zone criterion 1124 (e.g., a baseline authorization zone threshold indicating a baseline RSSI that the mobile device 150 (or the application 140 ) is required to observe before being within the authorization zone of the payment module 100 ) and/or a payment zone criterion 1126 (e.g., a baseline payment zone threshold indicating a baseline RSSI that the mobile device 150 (or the application 140 ) is required to observe before being within the payment zone of the payment module 100 ).
- an authorization zone criterion 1124 e.g., a baseline authorization zone threshold indicating a baseline RSSI that the mobile device 150 (or the application 140 ) is required to observe before being within the authorization zone of the payment module 100
- a payment zone criterion 1126 e.g., a baseline payment zone threshold indicating a baseline RSSI that the mobile device 150 (or the application 140 ) is required to observe before being within the payment zone of the payment module 100 .
- the baseline authorization zone threshold and the baseline payment zone threshold are default values determined by the server 130 or stored as variables by the application 140 , in which case the authorization zone criterion 1124 and payment zone criterion 1126 are offsets to compensate for the strength and/or reception of the short-range communication capability (e.g., BLE radio/transceiver) of the payment module 100 .
- zone criteria information 1110 includes a spread between the baseline authorization zone threshold and the baseline payment zone threshold.
- the mobile device 150 determines the baseline authorization zone threshold and the baseline payment zone threshold based on the spread value and a default value for either the baseline authorization zone threshold or the baseline payment zone threshold.
- the spread indicates ⁇ 10 db and the default baseline payment zone threshold is ⁇ 90 db; thus, the baseline authorization zone threshold is ⁇ 80 db.
- the mobile device 150 may further adjust the authorization zone threshold and/or the payment zone threshold based on the strength and/or reception of its short-range communication capability (i.e., BLE radio/transceiver).
- FIG. 24B is a block diagram of an authorization request 1130 sent by the mobile device 150 to the server 130 (e.g., in step 1004 of the process 1000 in FIG. 23 ) in accordance with some implementations.
- the authorization request 1130 at least includes: a module ID 1102 , a user ID 1134 , and an authorization code 1104 .
- the module ID 1102 is a unique identifier corresponding to the payment module 100 that broadcast the 1100 that included the authorization code 1104 .
- the user ID 1134 is an identifier associated with the user of the mobile device 150 sending the authorization request 1130 to the server 130 . In some implementations, the user ID 1134 is associated with the user account under which the user of the mobile device 150 is logged into the application 140 .
- the authorization code 1130 includes the authorization code 1104 included in the packet 1100 of information that was broadcast by the payment module 100 .
- FIG. 24C is a block diagram of an authorization grant token 1140 sent by the server 130 to the mobile device 150 (e.g., in step 1008 of the process 1000 in FIG. 23 ) in accordance with some implementations.
- the server 130 in accordance with a determination that the authorization code 1136 included in the authorization request 1130 from the mobile device 150 is valid and that the user associated with the mobile device 150 has sufficient funds in his/her account for the payment processing system, the server 130 generates the authorization grant token 1140 .
- the authorization grant token 1140 at least includes: a module ID 1102 , a user ID 1134 , an authorized amount 1146 , (optionally) an expiration period offset 1148 , and (optionally) the authorization code 1104 .
- the module ID 1102 is a unique identifier corresponding to the payment module 100 that broadcast the packet 1100 that included the authorization code 1104 .
- the user ID 1134 is an identifier associated with the user of the mobile device 150 that sent the authorization request 1130 to the server 130 .
- the authorized amount 1146 indicates a maximum amount for which the user of the mobile device 150 is authorized for a transaction using the authorization grant token 1140 .
- the authorized amount 1146 is predefined by the user of the mobile device 150 or by the server 130 based on a daily limit or based on the user's total account balance or based on a risk profile of the user correspond to the user ID 1134 .
- the expiration period 1148 offset indicates an offset to the amount of time that the payment module 100 holds the authorization grant token 1140 valid for initiation of a transaction with the machine 120 associated with the payment module 100 .
- the expiration period offset 1148 depends on the history and credit of the user of mobile device 150 or a period predefined by the user of mobile device 150 .
- the authorization grant token 1140 further includes the authorization code 1104 that was included in the authorization request 1130 .
- the server 130 encrypts the authorization grant token 1140 including the hashed value with the shared secret encryption key associated with payment module 100 .
- the payment module 100 decrypts the authorization grant token 1140 using the secret key known only to server 130 and payment module 100 (which authenticates the message and the authorization grant), and then matches the hash value included in the decrypted authorization grant token 1140 to previously broadcast valid (unexpired) hash values (i.e., auth codes) to determine validity of the (which was known only by payment module 100 ).
- FIG. 24D illustrates a block diagram of transaction information 1150 generated by the payment module 100 (e.g., in step 1204 of the process 1200 in FIG. 25A ) in accordance with some implementations.
- the transaction information 1150 includes: a transaction ID 1152 for the respective transaction, a module ID 1154 , a user ID 1156 , (optionally) the authorization code 1158 , transaction status information 1160 , the transaction amount 1162 , and other information 1164 .
- the transaction ID 1152 is a unique identifier corresponding to the respective transaction. In some implementations, the transaction ID 1152 is encoded based on or associated with the time and/or date on which and the location at which the respective transaction took place.
- the module ID 1154 is a unique identifier corresponding to the payment module 100 that performed the respective transaction.
- the user ID 1156 is an identifier associated with the user of the mobile device 150 that initiated the respective transaction.
- the authorization code 1158 corresponds to the original authorization code (e.g., auth code 1104 , FIGS. 24 A- 24 C) and/or authorization grant token (e.g., auth grant token 1140 , FIG. 24C ) that was used to initiate the respective transaction.
- the authorization code 1156 is encrypted with a unique encryption key corresponding to the payment module 100 .
- the transaction status information 1160 includes an indication whether the respective transaction was completed, not-completed, or aborted.
- the respective transaction is incomplete if a jam occurred at the payment accepting unit 120 and the user did not receive the product associated with the respective transaction.
- the respective transaction is aborted.
- respective transaction times out after a predetermined time period because the user failed to select a product at the payment accepting unit 120 the respective transaction is aborted.
- the respective transaction is aborted.
- the respective transaction is aborted.
- the transaction amount 1162 indicates the amount of the respective transaction or the amount of each of multiple transactions (e.g., in a multi-vend scenario). In some implementations, the transaction amount 1162 is encrypted with a unique encryption key corresponding to the payment module 100 .
- the other information 1164 includes other information related to the respective transaction such as the items dispensed by the payment accepting unit 120 and the type of transaction (e.g., coins, bills, credit card, manual mode, hands-free mode, etc.).
- the other information 1164 includes other information related to the payment module 100 and/or the payment accepting unit 120 associated with the payment module 100 .
- the other information 1164 includes a verification request to the server 130 in order to implement new firmware. See FIGS. 26A-26B and the accompanying text for further discussion of the verification request.
- the other information 1164 includes transaction information from one or more previous interrupted transactions.
- the other information 1164 includes transaction information for one or more transactions paid via bills and/or coins.
- the other information 1164 includes inventory information as to one or more products of the payment accepting unit 120 .
- FIG. 25A illustrates a schematic flow diagram of a process 1200 of processing acknowledgement information in accordance with some implementations.
- the payment processing system includes one or more payment modules 100 (e.g., each associated with a respective payment accepting unit 120 such an automatic retailing machine for dispensing goods and/or services), one or more mobile devices 150 (e.g., each executing the application 140 for the payment processing system either as a foreground or background process), and the server 130 .
- the server 130 manages the payment processing system and, in some cases, supplies, operates, and/or manufactures the one or more payment modules 100 .
- the process 1200 will be described with respect to a respective payment module 100 associated with a respective payment accepting unit 120 (machine 120 ) and a respective mobile device 150 in the payment processing system.
- the payment module 100 receives first acknowledgment information for a first transaction via the mobile device 150 that initiated the first transaction.
- the payment module 100 obtains ( 1202 ) a first notification indicating completion of a first transaction from the machine 120 .
- a first notification indicating completion of a first transaction from the machine 120 .
- the user of the mobile device 150 selects a product to purchase from the machine 120 by interacting with one or more input mechanisms of the machine 120 (e.g., buttons 126 or a touch screen display 124 shown in FIG. 19 ), and the machine 120 dispenses the selected product.
- the transaction is complete and the payment module 100 obtains a notification from the machine of the completed transaction.
- the notification includes the amount of the transaction and (optionally) machine status information associated with the machine 120 such as inventory information as to one or more products of the payment accepting unit 120 and/or the like.
- the payment module 100 After obtaining the first notification, the payment module 100 generates ( 1204 ) first transaction information based on the first notification, and the payment module 100 stores the first transaction information.
- the transaction information includes a transaction ID for the first transaction, a module ID corresponding to payment module 100 , a user ID corresponding to the mobile device 150 , transaction status information indicating that the first transaction is complete, and the transaction amount indicated by the first notification.
- the payment module 100 retains the authorization code included in the original broadcasted packet and/or the authorization grant token and includes the authorization code in the first transaction information.
- the authorization code is encrypted with a secret key corresponding to the payment module 100 , which is shared with the server 130 but not the mobile device 150 .
- the first transaction information further includes other information such as the machine status information included in the first notification or transaction information corresponding to previous interrupted transaction(s). See FIG. 24D and the accompanying text for further discussion regarding transaction information 1150 .
- the payment module 100 sends ( 1206 ), via a short-range communication capability (e.g., BLE), the first transaction information to the mobile device 150 .
- a short-range communication capability e.g., BLE
- the mobile device 150 sends ( 1208 ), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), the first transaction information to the server 130 .
- a long-range communication capability e.g., GSM, CDMA, Wi-Fi, or the like
- the server 130 processes ( 1210 ) the first transaction information. For example, the server 130 debits the account of the user associated with the user ID in the first transaction information in the amount indicated by the first transaction information.
- the server 130 sends ( 1212 ), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), first acknowledgment information to the mobile device 150 .
- the first acknowledgment information acknowledges that the server 130 received the first transaction information.
- the first acknowledgment information includes the user ID, the module ID, the transaction ID, and (optionally) the authorization grant included in the transaction information (e.g., auth grant 1158 , FIG. 24D ).
- the mobile device 150 After receiving the first acknowledgement information, the mobile device 150 sends ( 1214 ), via a short-range communication capability (e.g., BLE), the first acknowledgment information to the payment module 100 .
- a short-range communication capability e.g., BLE
- the payment module 100 After receiving the first acknowledgment information, the payment module 100 deletes ( 1216 ) the stored first transaction information.
- FIG. 25B illustrates a schematic flow diagram of a process 1250 of processing interrupted transactions in accordance with some implementations.
- the payment processing system includes one or more payment modules 100 (e.g., each associated with a respective payment accepting unit 120 such an automatic retailing machine for dispensing goods and/or services), one or more mobile devices 150 (e.g., each executing the application 140 for the payment processing system either as a foreground or background process), and the server 130 .
- the server 130 manages the payment processing system and, in some cases, supplies, operates, and/or manufactures the one or more payment modules 100 .
- the process 1250 will be described with respect to a respective payment module 100 associated with a respective payment accepting unit 120 (machine 120 ) and a respective mobile device 150 in the payment processing system.
- the payment module 100 receives first acknowledgment information for a first transaction via a second mobile device 150 - 2 that did not initiate the first transaction.
- the server 130 After receiving a first authorization request associated with a first authorization code from a first mobile device 150 - 1 , the server 130 sends ( 1252 ), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), a first authorization grant token to the first mobile device 150 - 1 associated with a first user 1251 - 1 .
- a long-range communication capability e.g., GSM, CDMA, Wi-Fi, or the like
- the first mobile device 150 - 1 After receiving the first authorization grant token and in response to detecting a trigger condition (e.g., via the hand-free mode or the manual mode), the first mobile device 150 - 1 sends ( 1254 ), via a short-range communication capability (e.g., BLE), the first authorization grant token to the payment module 100 associated with the machine 120 in order to initiate a first transaction.
- a trigger condition e.g., via the hand-free mode or the manual mode
- BLE short-range communication capability
- the payment module 100 processes ( 1256 ) the first transaction associated with the first authorization grant token and generates first transaction information when the first transaction is completed.
- the first transaction information includes a transaction ID for the first transaction, a module ID corresponding to payment module 100 , a user ID corresponding to the first mobile device 150 - 1 , transaction status information indicating that the first transaction is complete, and the transaction amount for the first transaction.
- the payment module 100 stores the first transaction information with a timestamp indicating the time and date that the first transaction information was generated.
- the payment module 100 sends ( 1258 ), via a short-range communication capability (e.g., BLE), the first transaction information to the first mobile device 150 - 1 to send to the server 130 in order to acknowledge the first transaction.
- a short-range communication capability e.g., BLE
- the payment module 100 times-out ( 1260 ) the first transaction and maintains the first transaction information.
- a transaction times-out when the connection between the mobile device and the payment module is interrupted and transaction information is not acknowledged within a predefined time period.
- the connection between the first mobile device 150 - 1 and the payment module 100 is interrupted when the first user 1251 - 1 turns off the first mobile device 150 - 1 , the first user 1251 - 1 turns the first mobile device 150 - 1 into airplane mode, the first user 1251 - 1 walks away out of the communication zone (i.e., BLE range) of the payment module 100 , the first mobile device 150 - 1 otherwise loses its long-range communication connection, or the first mobile device 150 - 1 otherwise loses power.
- the communication zone i.e., BLE range
- the first user 1251 - 1 maliciously interrupted the connection to prevent the acknowledgement information from being received by the payment module 100 by powering down the first mobile device 150 - 1 , or the connection was involuntarily or unintentionally interrupted by the first mobile device 150 - 1 's battery running out or a losing cellular signal.
- the first user 1251 - 1 is be blocked by the payment module 100 from performing any additional transactions until the payment module 100 receives an acknowledgement from the server 130 via any connection (e.g., from the second user 1251 - 2 ).
- unused authorization grants e.g., if there was no trigger condition or it expired
- the server 130 denies or limits the number of authorization grants sent to the first mobile device 150 - 1 until it has received transaction information or cancellation of authorization outstanding authorization grants sent to the first mobile device 150 - 1 .
- server 130 denies approval of, or limit the number of, additional authorization grants from user 1251 - 1 for transacting with a second payment module (not shown) until the server 130 receives transaction information, cancellation of authorization, or a predefined time period has expired for outstanding authorization grants sent to the first mobile device 150 - 1 for transacting with a first payment module.
- a user may be limited to only 1 authorization grant for the first payment module 100 and no more than 3 outstanding authorization grants in a predetermined number of hours regardless of the number of payment modules the user may be attempting to use.
- the server 130 After receiving a second authorization request associated with a second authorization code from a second mobile device 150 - 2 subsequent to receiving the first authorization request from the first mobile device 150 - 1 , the server 130 sends ( 1262 ), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), a second authorization grant token to the second mobile device 150 - 2 associated with a second user 1251 - 2 .
- a long-range communication capability e.g., GSM, CDMA, Wi-Fi, or the like
- the second mobile device 150 - 2 After receiving the second authorization grant token and in response to detecting a trigger condition (e.g., via the hand-free mode or the manual mode), the second mobile device 150 - 2 sends ( 1264 ), via a short-range communication capability (e.g., BLE), the second authorization grant token to the payment module 100 associated with the machine 120 in order to initiate a second transaction.
- a trigger condition e.g., via the hand-free mode or the manual mode
- BLE short-range communication capability
- the payment module 100 processes ( 1266 ) the second transaction associated with the second authorization grant token and generates second transaction information when the second transaction is completed.
- the second transaction information includes a transaction ID for the second transaction, a module ID corresponding to payment module 100 , a user ID corresponding to the second mobile device 150 - 2 , transaction status information indicating that the second transaction is complete, and the transaction amount for the second transaction.
- the payment module 100 stores the second transaction information with a timestamp indicating the time and date that the second transaction information was generated.
- the payment module 100 sends ( 1268 ), via a short-range communication capability (e.g., BLE), the first transaction information associated with the interrupted first transaction and the second transaction information associated with the second transaction to the second mobile device 150 - 1 to send to the server 130 in order to acknowledge the first and second transactions.
- a short-range communication capability e.g., BLE
- the first transaction information associated with the previous, interrupted first transaction initiated by the first mobile device 150 - 1 is appended to the second transaction information for the second transaction initiated by the second mobile device 150 - 2 .
- the second mobile device 150 sends ( 1270 ), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), the first transaction information and the second transaction information to the server 130 .
- a long-range communication capability e.g., GSM, CDMA, Wi-Fi, or the like
- the server 130 After receiving the first transaction information and the second transaction information, the server 130 processes the first transaction information and the second transaction information. For example, the server 130 debits the account of the first user 1251 - 1 associated with the user ID for first mobile device 150 - 1 in the first transaction information in the amount indicated by the first transaction information. Continuing with this example, the server 130 also debits the account of the second user 1251 - 2 associated with the user ID for second mobile device 150 - 2 in the second transaction information in the amount indicated in the second transaction information.
- the server 130 sends ( 1272 ), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), first and second acknowledgment information to the second mobile device 150 - 2 acknowledging the first and second transactions.
- a long-range communication capability e.g., GSM, CDMA, Wi-Fi, or the like
- the first acknowledgment information includes the user ID of the first mobile device 150 - 1 that imitated the first transaction, the module ID of the payment module 100 that processed the first transaction, the transaction ID of the first transaction, and (optionally) the authorization code associated with the first transaction.
- the second acknowledgment information includes the user ID of the second mobile device 150 - 2 that imitated the second transaction, the module ID of the payment module 100 that processed the second transaction, the transaction ID of the second transaction, and (optionally) the authorization code associated with the second transaction.
- the mobile device 150 After receiving the first and second acknowledgment information, the mobile device 150 sends ( 1274 ), via a short-range communication capability (e.g., BLE), the first acknowledgment information to the payment module 100 .
- a short-range communication capability e.g., BLE
- the payment module 100 After receiving the first and second acknowledgment information, the payment module 100 deletes ( 1276 ) the stored first transaction information and also the stored second transaction information. In some implementations, the payment module 100 marks the first and second transaction as complete.
- FIG. 26A is a schematic flow diagram of a process 1300 of updating firmware of the payment module 100 in the payment processing system in accordance with some implementations.
- the payment processing system includes one or more payment modules 100 (e.g., each associated with a respective payment accepting unit 120 ), one or more mobile devices 150 (e.g., each executing the app 140 for the payment processing system either as a foreground or background process), and the server 130 .
- the server 130 manages the payment processing system and, in some cases, supplies, operates, and/or manufactures the one or more payment modules 100 .
- the process 1300 will be described with respect to a respective payment module 100 and a respective mobile device 150 in the payment processing system.
- the payment module 100 broadcasts ( 1302 ), via a short-range communication capability (e.g., BLE), a packet of information (e.g., broadcast packet 1100 , FIG. 24A ).
- the packet of information at least includes a firmware version (e.g., current firmware version 1112 , FIG. 24A ) of the payment module 100 .
- the information included in the packet broadcasted by the payment module 100 is further discussed herein with reference to FIG. 24A .
- the mobile device 150 determines ( 1304 ) that the current firmware version of the payment module 100 satisfies firmware criteria (e.g., predates a firmware version stored by the mobile device 150 ).
- firmware criteria e.g., predates a firmware version stored by the mobile device 150 .
- Various other firmware criteria are further discussed below with reference to the method 1700 in FIGS. 30A-30D .
- the mobile device 150 sends ( 1306 ) firmware update information (e.g., data packets corresponding to the firmware of the mobile device 150 ) to the payment module 100 .
- firmware update information e.g., data packets corresponding to the firmware of the mobile device 150
- the payment module 100 broadcasts ( 1308 ) update status information (e.g., update status information 1114 in FIG. 24A , identifying remaining data packets needed for the firmware update) included in the advertised information to the one or more mobile devices in the payment processing system (e.g., at least including the respective mobile device 150 ).
- update status information e.g., update status information 1114 in FIG. 24A , identifying remaining data packets needed for the firmware update
- the process 1300 sometimes includes a second mobile device, which sends firmware update information that includes additional data packets distinct from the data packets sent by the respective mobile device 150 .
- the update status information includes a verification request, which the mobile device 150 then sends ( 1310 ) to the server 130 via a long-range communication capability (e.g., GSM).
- a long-range communication capability e.g., GSM
- the server 130 processes ( 1312 ) the verification request. For example, the server 130 processes the verification request by verifying that the received data packets are not corrupt, form a complete set, and correspond to a latest firmware version.
- the server 130 After processing the verification request, the server 130 sends ( 1314 ) to the mobile device 150 a firmware command (e.g., implement the firmware update at the payment module 100 ) via the long-range communication capability, which the mobile device 150 then sends ( 1316 ) to the payment module 100 via the short-range communication capability.
- a firmware command e.g., implement the firmware update at the payment module 100
- the mobile device 150 then sends ( 1316 ) to the payment module 100 via the short-range communication capability.
- the payment module 100 then executes ( 1318 ) the firmware command.
- the payment module implements the firmware update using the received data packets corresponding to a latest firmware version.
- FIG. 26B is a schematic flow diagram of a process 1320 of updating firmware of the payment module 100 in the payment processing system in accordance with some implementations.
- the payment processing system includes one or more payment modules 100 (e.g., each associated with a respective payment accepting unit 120 ), one or more mobile devices 150 (e.g., each executing the app 140 for the payment processing system either as a foreground or background process), and the server 130 .
- the server 130 manages the payment processing system and, in some cases, supplies, operates, and/or manufactures the one or more payment modules 100 .
- the process 1320 will be described with respect to a respective payment module 100 and a respective mobile device 150 in the payment processing system.
- the payment module 100 broadcasts ( 1322 ), via a short-range communication capability (e.g., BLE), a packet of information (e.g., broadcast packet 1100 , FIG. 24A ).
- the packet of information at least includes a firmware version (e.g., current firmware version 1112 , FIG. 24A ) of the payment module 100 .
- the information included in the packet broadcasted by the payment module 100 is further discussed herein with reference to FIG. 24A .
- the mobile device 150 then sends ( 1324 ) to the server 130 , via a long-range communication capability (e.g., GSM), the packet of information that at least includes the firmware version of the payment module 100 .
- a long-range communication capability e.g., GSM
- the server 130 determines ( 1326 ) that current firmware version of the payment module 100 satisfies firmware criteria (e.g., predates a firmware version stored by the mobile device 150 ).
- firmware criteria e.g., predates a firmware version stored by the mobile device 150 .
- Various other firmware criteria are further discussed below with reference to the method 1700 in FIGS. 30A-30D .
- the server 130 sends ( 1328 ) to the mobile device 150 firmware update information (e.g., data packets corresponding to the firmware of the mobile device 150 ), which the mobile device 150 then sends ( 1330 ) to the payment module 100 .
- firmware update information e.g., data packets corresponding to the firmware of the mobile device 150
- the payment module 100 broadcasts ( 1332 ) update status information (e.g., identification of remaining data packets needed for the firmware update) included in the advertised information to the one or more mobile devices in the payment processing system (e.g., at least including the respective mobile device 150 ), which the one or more mobile devices 150 then send ( 1334 ) to the server 130 .
- update status information e.g., identification of remaining data packets needed for the firmware update
- the update status information includes a verification request.
- the server 130 processes ( 1336 ) the verification request. For example, the server 130 processes the verification request by verifying that the received data packets are not corrupt, form a complete set, and correspond to a latest firmware version.
- the server 130 After processing the verification request, the server 130 sends ( 1338 ) to the mobile device 150 a firmware command (e.g., implement the firmware update at the payment module 100 ) via the long-range communication capability, which the mobile device 150 then sends ( 1340 ) to the payment module 100 via the short-range communication capability.
- a firmware command e.g., implement the firmware update at the payment module 100
- the mobile device 150 then sends ( 1340 ) to the payment module 100 via the short-range communication capability.
- the payment module then executes ( 1342 ) the firmware command. For example, the payment module implements the firmware update using the received data packets corresponding to a latest firmware version.
- FIG. 26C is a schematic flow diagram of a process 1350 of updating firmware of the payment module 100 in the payment processing system in accordance with some implementations.
- the payment processing system includes one or more payment modules 100 (e.g., each associated with a respective payment accepting unit 120 ), one or more mobile devices 150 (e.g., each executing the app 140 for the payment processing system either as a foreground or background process), and the server 130 .
- the server 130 manages the payment processing system and, in some cases, supplies, operates, and/or manufactures the one or more payment modules 100 .
- the process 1350 will be described with respect to a respective payment module 100 and a respective mobile device 150 in the payment processing system.
- the payment module 100 broadcasts ( 1352 ), via a short-range communication capability (e.g., BLE), a packet of information (e.g., broadcast packet 1100 , FIG. 24A ).
- the packet of information at least includes a firmware version (e.g., current firmware version 1112 , FIG. 24A ) of the payment module 100 .
- the information included in the packet broadcast by the payment module 100 is further discussed herein with reference to FIG. 24A .
- the mobile device 150 determines ( 1354 ) that the current firmware version of the payment module 100 satisfies firmware criteria (e.g., predates a firmware version stored by the mobile device 150 ). Various other firmware criteria are further discussed below with reference to the method 1700 in FIGS. 30A-30D .
- the mobile device 150 stores a firmware image for the payment module 100 .
- the firmware image was previously downloaded by the mobile device 150 from the server 130 as part of an update for application 140 .
- the firmware image downloaded by the mobile device 150 is encrypted with a common encryption key known to all payment modules 100 in the payment processing system (as opposed to the unique encryption key corresponding to each payment module 100 in the payment processing system).
- the firmware image downloaded by the mobile device 150 is encrypted with an encryption key that is later sent as part of the firmware approval message in steps 1360 and 1362 , where the firmware approval message is encrypted with a unique encryption key corresponding to the payment module 100 .
- the mobile device 150 sends ( 1356 ), via a second communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), a firmware update request (e.g., a request for permission to update the firmware of the payment module 100 ) to the server 130 .
- a firmware update request e.g., a request for permission to update the firmware of the payment module 100
- the firmware update request includes a module ID corresponding to the payment module 100 , a user ID associated with a user of the mobile device 150 , the current firmware version 1112 of the payment module 100 , and the firmware version stored by the mobile device 150 .
- the server 130 processes ( 1358 ) the firmware update request.
- the server 130 determines whether to permit or decline the firmware update request. If the server 130 permits the firmware update request, the mobile device 150 updates the firmware version of the payment module 100 with the firmware version stored by the mobile device. For example, the server 130 declines the firmware update request if the firmware version stored by the mobile device 150 is out of date (i.e., a firmware version C, distinct from a firmware version A of the payment module 100 and a firmware version B stored by the mobile device 150 , is the latest firmware image).
- the server 130 declines the firmware update request if the firmware version stored by the mobile device 150 (e.g., firmware version B) is determined to be faulty and/or blacklisted, even if a latest firmware (e.g., firmware version C, distinct from firmware version A and firmware version B) is not yet available.
- firmware version B the firmware version stored by the mobile device 150
- firmware version C the firmware version stored by the mobile device 150
- the server 130 sends ( 1360 ) to the mobile device 150 , via the second communication capability, a firmware update approval message (e.g., permission to update the firmware of the payment module 100 ), which the mobile device 150 then sends ( 1362 ) to the payment module 100 via the short-range communication capability.
- a firmware update approval message e.g., permission to update the firmware of the payment module 100
- the server 130 responds to the application 140 of the mobile device 150 with an affirmative firmware update approval message (e.g., approval to update firmware of payment module 100 ) to be sent to the payment module 100 .
- the firmware update approval message contains one or more verification values (e.g., a list of checksum values for each 4 KB block of encrypted firmware image stored by the mobile device 150 ) and a hash value (e.g., SHA-256 hash of the complete, decrypted firmware image) for data packets corresponding to the approved firmware update version.
- the firmware update approval message includes a firmware decryption key (e.g., for decrypting received data packets corresponding to the approved firmware update version).
- the firmware update approval message is encrypted using a unique encryption key corresponding to the payment module 100 .
- the payment module 100 if the payment module 100 is already updating its firmware when it receives the firmware update approval message (e.g., a process which may have been started by a different mobile device 150 at an earlier time), then the payment module 100 simply verifies the validity of the firmware update approval message and resumes the firmware update. However, if the payment module 100 was not already updating its firmware, it will verify the validity of the firmware update approval message, store to the memory 760 ( FIG. 20 ) (e.g., EEPROM) the one or more verification values and the hash value (e.g., list of checksums and a SHA-256 hash), and erase the firmware-update area of the memory 760 (e.g., where the one or data packets for the firmware update will be stored).
- the memory 760 FIG. 20
- the memory 760 e.g., EEPROM
- the hash value e.g., list of checksums and a SHA-256 hash
- the payment module 100 subsequently receives firmware update formation (e.g., one or more data packets) from the mobile device 150 which are stored in the firmware-update area of the memory 760 . Furthermore, in some implementations, if the payment module 100 already has a stored firmware update to the specified firmware version ready to be processed, but it has not yet rebooted to install it, the firmware update request is ignored.
- firmware update formation e.g., one or more data packets
- the mobile device 150 sends ( 1364 ) to the payment module 100 , via the short-range communication capability, firmware update information (e.g., data packets corresponding to the firmware stored by the mobile device 150 ). As long as the payment module 100 is connected to the mobile device 150 , the payment module 100 will identify one or more data blocks (i.e., corresponding to the approved firmware update version) that are still needed, which are sent by the mobile device 150 as the one or more data packets. In some implementations, after receiving the firmware update approval message, the payment module 100 sends to the mobile device 150 update status information identifying and requesting one or more data blocks still needed for the firmware update (e.g., a specific 256 B block/chunk of firmware).
- firmware update information e.g., data packets corresponding to the firmware stored by the mobile device 150 .
- the packet of information (e.g., broadcast packet 1100 , FIG. 24A ) broadcast by the payment module 100 includes information identifying one or more data blocks still needed by the payment module 100 for the firmware update or one or more data blocks already received by the payment module 100 .
- the firmware update information is stored by the payment module 100 into memory (e.g., the memory 760 , FIG. 20 ).
- the payment module 100 verifies ( 1366 ) the firmware update information.
- a complete data block e.g., a 4 KB block
- the payment module 100 will compare a generated verification value (e.g., a checksum of the 4 KB block) against a corresponding verification value for the block that was included in the update approval message (e.g., a checksum from the list included in the firmware update approval message). If the verification values do not match, the corresponding data block is erased, and the update process resumes from that point (e.g., the particular 4 KB block that did not pass verification).
- the payment module 100 executes ( 1368 ) the firmware update information. After all data blocks have been received by the payment module 100 , and their verification values (e.g., checksums) have been successfully verified, in some implementations, the payment module 100 sets an internal flag indicating that it should reboot itself when it determines it is a safe time to do so. In some implementations, a safe time for rebooting is based on the current time of day (e.g., 2:00 AM), or observed activity of the payment accepting unit 120 (e.g., when no user has connected in the past 10 minutes).
- the payment module 100 when the payment module 100 decides to reboot, it sets an install-firmware flag in memory (e.g., EEPROM) and resets itself.
- a bootloader Upon reboot of the payment module 100 , a bootloader observes the set install-firmware flag and executes an associated firmware installation handler.
- the firmware installation handler double checks all of the block checksums of the firmware update information (e.g., a firmware update image). If the checksums do not match, an error has occurred (e.g., corrupted data) and the update is aborted, with the currently installed firmware then booting up.
- the bootloader erases the currently installed firmware and then decrypts the firmware update information (e.g., a firmware update image) into the installed firmware area of memory (e.g., memory 760 , FIG. 20 ).
- firmware update information e.g., a firmware update image
- the bootloader After the firmware update information has been decrypted, the bootloader computes a hash value (e.g., a SHA-256 hash) of the firmware update information (e.g., of a firmware update image) and compares it to the hash value received from the server 130 that was included in the update approval message. If the hash values do not match, an error has occurred, causing the bootloader to erase the installed firmware and re-install a default (i.e., gold master) firmware image, as that is the only image available to install at that point. Finally, the bootloader loads and runs the installed firmware (either the updated firmware version or the gold master).
- a hash value e.g., a SHA-256 hash
- the firmware update information e.g., of a firmware update image
- FIGS. 27A-27C illustrate a flowchart diagram of a method 1400 of payment processing in accordance with some implementations.
- the method 1400 is performed by a device with one or more processors, memory, and two or more communication capabilities.
- the method 1400 is performed by the mobile device 150 ( FIGS. 5 and 21 ) or a component thereof (e.g., application 140 ).
- the method 1400 is governed by instructions that are stored in a non-transitory computer readable storage medium (e.g., the memory 860 , FIG. 21 ) and the instructions are executed by one or more processors (e.g., the processing unit 840 , FIG. 21 ) of the device.
- Optional operations are indicated by dashed lines (e.g., boxes with dashed-line borders).
- the device obtains ( 1402 ), from a payment module, advertised information via a first communication capability, where the advertised information at least includes an authorization code.
- the payment module 100 broadcasts/advertises a packet of information (i.e., the advertised information such as the packet 1100 , FIG. 24A ) via one or more short-range communication protocols such as BLE, NFC, and/or the like (i.e., a non-persistent communication channel). As such, the payment module 100 is not tied up in handshakes with each mobile device 150 within its communication zone.
- the application 140 associated with the payment processing system which is executed on the mobile device 150 (e.g., a mobile phone), receives the packet when the mobile device 150 is within the communication zone (i.e., BLE range) of the payment module 100 .
- the advertised information is a packet with a module identifier (ID) associated with the payment module 100 , an authorization code, the payment module 100 's current firmware version, and a plurality of status flags associated with a state of the payment accepting unit 120 and/or the payment module 100 .
- ID module identifier
- FIG. 24A illustrates the packet 1100 of information that is broadcast by the payment module 100 .
- the authorization code is a cleartext hash value.
- the authorization code is encrypted with a unique encryption key corresponding to the payment module 100 .
- the packet also includes customized or baseline thresholds for the authorization and payment zones (e.g., RSSI values such as ⁇ 80 db and ⁇ 90 db, respectively).
- the packet also includes a request (e.g., a status flag) for mobile device 150 to connect to it immediately so as to upload information to the server 130 (e.g., transaction information for one or more interrupted transaction).
- a request e.g., a status flag
- the payment module 100 broadcasts the advertised information every X second with a unique authorization code.
- the first communication capability corresponds ( 1404 ) to a short-range communication protocol.
- the first communication capability of the mobile device 150 is a radio/transceiver means for communicating via one or more short-range communication protocols such as BLE, NFC, and/or the like (i.e., a non-persistent communication channel).
- the device sends ( 1406 ), to a server, at least the authorization code from the advertised information via a second communication capability distinct from the first communication capability.
- the mobile device 150 sends an authorization request to the server 130 that at least includes the authorization code from the obtained advertised information, the user ID corresponding to the user of the mobile device 150 , and the module ID corresponding to the payment module 100 . For example, see authorization request 1130 in FIG. 24B .
- the second communication capability corresponds ( 1408 ) to a long-range communication protocol.
- the second communication capability of the mobile device 150 is a radio/transceiver means for communicating via one or more long-range communication protocols such as Wi-Fi, CDMA, GSM, and/or the like (i.e., a non-persistent communication channel).
- the advertised information further includes ( 1410 ) an authorization zone threshold criterion
- the device sends at least the authorization request code comprises sending, to the server, at least the authorization request code via the second communication capability in accordance with a determination that the authorization zone threshold criterion is satisfied.
- the advertised information includes a baseline authorization zone threshold (i.e., an authorization zone criterion) indicating a baseline RSSI that the mobile device 150 (or the application 140 ) is required to observe before being within the authorization zone of the payment module 100 .
- the mobile device 150 (or the application 140 ) offsets the baseline authorization zone threshold based on the strength and/or reception of the short-range communication capability (e.g., BLE radio/transceiver) of the mobile device 150 .
- the mobile device 150 forwards the authorization code to the server 130 when the authorization zone criterion is satisfied (i.e., the mobile device 150 observes an RSSI equal to or exceeding the baseline authorization zone threshold).
- baseline authorization zone threshold for a payment module associated with module ID 0xA23 is ⁇ 70 db.
- the mobile device 150 (or the application 140 ) offsets the baseline authorization zone threshold by ⁇ 5 db because the mobile device 150 's BLE radio/transceiver is weak.
- the mobile device 150 observes an RSSI equal to or exceeding ⁇ 75 db from payment module 100 associated with module ID 0xA23, the mobile device 150 forwards the authorization code to the server 130 .
- the advertised information further includes status information indicating one or more states of at least one of the payment module and the payment accepting unit, and the device sends ( 1412 ), to the server, the status information from the advertised information via the second communication capability.
- FIG. 24A shows the packet 1100 with one or more status flags 1108 .
- the one or more status flags 1108 included in the packet 1100 are encoded with a predetermined code known by the server 130 .
- the status information indicates that the payment module 100 has information to be uploaded to the server (e.g., transaction information for one or more interrupted transactions).
- the status information indicates information for the attention of the payment accepting machine 120 's operator.
- the status information indicates that a particular item is low or out of stock. In another example, the status information indicates that the payment accepting unit 120 is experiencing a bill and/or coin jam. In another example, the status information indicates that the payment accepting unit 120 's bill and/or coin reservoir is empty, nearly empty, full, or nearly full.
- the device obtains ( 1414 ), from the server, authorization information via the second communication capability, where the authorization information at least includes an authorization grant token.
- FIG. 24B shows the authorization grant token 1140 .
- the mobile device 150 receives the authorization grant token when the authorization code is valid and the first user has sufficient funds in his/her account for the payment processing system to perform a transaction at the payment accepting unit 120 .
- the authorization grant token or a portion thereof is encrypted with the encryption key corresponding to the payment module 100 .
- the authorization grant token includes an authorized amount, an expiration offset period, a user ID associated with the user of the mobile device 150 , and a module ID associated with the payment module 100 .
- the expiration offset period depends on the first user's history and credit or a period predefined by the first user.
- the authorized amount is predefined by the first user, based on a daily limit, based on the first user's total balance, or based on a risk profile associated with the user identified by the user ID.
- the authorization grant token or a portion thereof e.g., the authorized amount or the auth code
- the authorization request code is ( 1416 ) encrypted with a shared secret key corresponding to the payment module, and at least a portion of the authorization grant token is encrypted with the shared secret key corresponding to the payment module. For example, at least the authorized amount or the authorization code included in the authorization grant token is encrypted with the shared secret key.
- the shared secret key is known by the payment module 100 and the server 130 .
- the server 130 manages transactions for a plurality of payment modules and the server 130 stores a table of encryption keys for each of the payment modules. In this example, the server 130 selects an encryption key that corresponds to the respective payment module 100 and encrypts the authorized amount with the selected encryption key.
- the shared secret key is one of a public or private key in an asymmetrical cryptography scheme.
- the mobile device 150 is an un-trusted party in the payment processing system; thus, the mobile device 150 cannot decrypt the authorization code or at least a portion of the authorization grant token.
- the device After obtaining the authorization information, the device detects ( 1418 ) a trigger condition to perform a first transaction with a payment accepting unit (e.g., an automatic retailing machine such as a vending machine for dispensing goods and/or services) associated with the payment module.
- a payment accepting unit e.g., an automatic retailing machine such as a vending machine for dispensing goods and/or services
- the trigger condition is detected when the mobile device 150 enters the payment zone of the payment module 100 which occurs upon satisfaction of a payment zone criterion.
- trigger condition is detected when the user of the mobile device 150 interacts with the user interface of the application 140 for the payment processing system while the application 140 is executed in as a foreground process on the mobile device 150 .
- the advertised information further includes ( 1420 ) a payment zone threshold criterion, and the device the trigger condition by: determining whether the payment zone threshold criterion is satisfied; and, in accordance with a determination that the payment zone threshold criterion is satisfied, detecting the trigger condition.
- the advertised information includes payment zone threshold criterion indicating a baseline RSSI that the mobile device 150 (or the application 140 ) is required to observe before being within the payment zone of payment module 100 .
- the payment zone threshold criterion is a default RSSI value (e.g., ⁇ 80 db) and the advertised information includes an offset (e.g., ⁇ 5 db) to account for the strength and/or reception quality of the short-range radio/transceiver (e.g., BLE) of the payment module 100 .
- the trigger condition is detected when the mobile device 150 enters the payment zone of the payment module 100 which occurs upon satisfaction of a payment zone criterion. For example, when the RSSI observed by the mobile device 150 from the payment module 100 exceeds a predetermined payment zone threshold the payment zone threshold criterion is satisfied.
- the mobile device 150 provides an indication on the user interface of the application 140 for the payment processing system indicating whether the user is within the payment zone of payment module 100 and/or how close he/she is to the payment zone of payment module 100 .
- the device detects ( 1422 ) the trigger condition by: detecting a user input from a user of the device; and, in response to detecting the user input, detecting the trigger condition to perform a transaction with the payment accepting unit.
- the application 140 associated with the payment processing system is executed as a foreground process on the mobile device 150
- the user of the mobile device interacts with the user interface of the application 140 to initiate a transaction with the payment accepting unit 120 .
- the user performs a touch gesture with the touch screen of the mobile device 150 , vocally commands the application 150 to initiate the transaction, or the like.
- the mobile device 150 (or the application 140 ) sends the payment module 100 the authorization grant token and the user is credited with the amount authorized in the authorization grant token in order to select goods and/or services provided by payment accepting unit 120 for purchase with the credit.
- the authorization information further includes ( 1424 ) an expiration period for the authorization grant token, and the device sends, to the payment module, the authorization grant token via the first communication capability in response to detecting the trigger condition and in accordance with a determination that the expiration period has not elapsed.
- the mobile device after detecting the trigger condition, the mobile device (or the application 140 ) determines whether an expiration period indicated by the authorization grant token has elapsed before sending the authorization grant token to the payment module 100 .
- the mobile device after determining that an expired authorization grant token is expired, the mobile device (or the application 140 ) determines automatically deletes the expired authorization grant token and requests a replacement authorization grant token by sending, to the server 130 , the authorization request code included in current advertised information broadcasted by the payment module 100 .
- the device In response to detecting the trigger condition, the device sends ( 1426 ), to the payment module, the authorization grant token via the first communication capability.
- the mobile device 150 (or the application 140 ) sends the payment module 100 the authorization grant token and the user is credited with the amount authorized in the authorization grant token in order to select goods and/or services provided by payment accepting unit 120 for purchase with the credit.
- authorization code 12345 was issued in the packet (e.g., a new authorization code is issued every 100 ms), and a user uses that code to make a payment (when it comes back to the payment module 100 in the authorization grant token), the payment module 100 knows that authorization code 12345 has been used. Continuing with this example, if another subsequent user attempts to make a payment using the same authorization code 12345 , the payment module 100 does not allow the subsequent user to use authorization code 12345 in order to prevent replay attacks. Additionally, in some implementations, the advertised authorization code expires after M minutes (e.g., 3, 5, 10, etc. minutes).
- the authorization code is a unique randomly or pseudo-randomly generated number that is stored by the payment module for M minutes after the authorization code is advertised, at which time it expires.
- the advertised authorization codes are unique incremental numbers that are advertised every X seconds.
- the payment module 100 determines whether an authorization code in an authorization grant token is valid by identifying a current advertised authorization code and determining whether the advertised authorization is newer than the oldest valid authorization code based on the current advertised authorization code, the advertisement frequency (e.g., every X seconds), and the expiration period (e.g., M minutes).
- the device after sending the authorization grant token, obtains ( 1428 ), from the payment module, first transaction information indicating a status of the first transaction with the payment accepting unit the first communication capability, and the device sends, to the server, the first transaction information corresponding to the status of the first transaction the second communication capability.
- the first transaction information indicates the status of the transaction initiated with an authorization grant token such as a complete, incomplete, or aborted transaction.
- the first transaction is incomplete when the payment accepting unit 120 experiences a malfunction (e.g., a vending mechanism jams and the user of the mobile device 150 fails to receive a selected product) or the first transaction times-out by the user of the mobile device 150 waiting Z seconds without selecting goods and/or services from the payment accepting unit 120 .
- the first transaction is aborted when the user of the mobile device 150 actuates the coin return of the payment accepting unit 120 or walks away from the payment accepting unit 120 without selecting goods and/or service.
- the first transaction information includes the amount of the first transaction, current inventory state of products in payment accepting unit 120 , other machine status information, and the like.
- FIGS. 27A-27C have been described is merely exemplary and is not intended to indicate that the described order is the only order in which the operations could be performed.
- One of ordinary skill in the art would recognize various ways to reorder the operations described herein.
- details of other processes described herein with respect to other methods described herein e.g., the method 1500 in FIGS. 28A-28B , the method 1600 in FIGS. 29A-29C , the and method 1700 in FIGS. 30A-30D ) are also applicable in an analogous manner to the method 1400 described above with respect to FIGS. 27A-27C .
- FIGS. 28A-28B illustrate a flowchart diagram of a method 1500 of transmitting machine status information in accordance with some implementations.
- the method 1500 is performed by a device with one or more processors, memory, and two or more communication capabilities.
- the method 1500 is performed by the mobile device 150 ( FIGS. 5 and 21 ) or a component thereof (e.g., application 140 ).
- the method 1500 is governed by instructions that are stored in a non-transitory computer readable storage medium (e.g., the memory 860 , FIG. 21 ) and the instructions are executed by one or more processors (e.g., the processing unit 840 , FIG. 21 ) of the device.
- Optional operations are indicated by dashed lines (e.g., boxes with dashed-line borders).
- the device obtains ( 1502 ), from a payment module, advertised information via a first communication capability, where the advertised information at least includes status information indicating one or more states of at least one of a payment module and a payment accepting unit associated with the payment module.
- the payment module 100 broadcasts the packet 1100 ( FIG. 24A ) which includes the one or more status flags 1108 .
- the first communication capability corresponds ( 1504 ) to a short-range communication protocol.
- short-range communication protocols include BLE, NFC, and/or other protocols utilizing non-persistent communication channels.
- the status information indicates ( 1506 ) that the payment module is storing one or more interrupted transactions.
- interrupted transactions (sometimes referred to as “incomplete transactions”) arise from the loss of a connection (e.g., the mobile device 150 has no cellular reception) or power.
- the status flags 1108 e.g., in packet 1100 , FIG. 24A
- the status flags 1108 include upload information indicator 1116 , which indicates that the payment module is storing one or more interrupted transactions, and/or also includes transaction information (e.g., transaction information 1150 , FIG.
- upload information indicator 1116 triggers the mobile device 150 to connect to payment module 100 immediately (e.g., if it has interrupted transaction information to be uploaded to the server 130 ).
- the transaction information 1150 is generated and sent separately from the status flags 1108 .
- the status information indicates ( 1508 ) that the payment accepting unit requires servicing.
- the status flags 1108 include the bill/coin jam indicator 1118 , which indicates that a blockage is detected in the payment feeding mechanism (e.g., bill or coin jam).
- the status flags 1108 include the full bill/coin reservoir indicator 1120 , which indicates that currency stored in the payment accepting unit requires collection by an operator of the machine.
- the status information indicates that the payment accepting unit requires servicing after a predefined period of time has elapsed since a prior servicing.
- the payment module 100 is configured to send status information indicating that the payment accepting unit 120 requires servicing after one month has elapsed since a last servicing.
- the status information indicates ( 1510 ) a count of at least one product in the payment accepting unit.
- the status flags 1108 e.g., in packet 1100 , FIG. 24A
- the inventory levels indicator 1122 which indicates that the remaining inventory of an item (e.g., an inventory levels indicator 1122 having a value of 1 indicates one corresponding item remaining for a particular product).
- the status information is ( 1512 ) encoded with a predefined code.
- the status information is encrypted and/or encoded with a predefined code and/or key.
- the status flags 1108 e.g., in packet 1100 , FIG. 24A
- the server 130 which indicates a plurality of states of the payment module and/or the payment accepting unit 120 associated with the payment module 100 .
- the advertised information further includes ( 1514 ) an authorization code for authorizing a user of the device to perform a cashless transaction with the payment accepting unit.
- Authorization codes are described in greater detail above with respect to FIGS. 24 C and 27 A- 27 C and the accompanying text.
- the device sends ( 1516 ), to a server, at least the status information from the advertised information via a second communication capability distinct from the first communication capability.
- the mobile device 150 sends an authorization request to the server 130 that includes the authorization code included in the broadcasted packet, the user ID associated with the mobile device 150 , the module ID associated with the payment module 100 , and also the status information.
- the second communication capability corresponds ( 1518 ) to a long-range communication protocol.
- the long-range communication protocol is one of GSM, Wi-Fi, CDMA, LTE, and/or the like.
- the device after sending the status information to the server, receives ( 1520 ) a request, from the server, via the second communication capability to obtain one or more interrupted transactions from the payment module; obtains, from the payment module, transaction information via the first communication capability, where the transaction information corresponds to the one or more interrupted transactions performed by one or more previous users at the payment accepting unit; and sends, to the server, the transaction information via the second communication capability.
- the server 130 in response to the status flags indicating one or more interrupted transactions, the server 130 requests that the mobile device 150 connect to the payment module 100 to upload the one or more interrupted transactions. This may occur even when the user of the mobile device 150 does not initiate a transaction with the payment module 100 .
- the mobile device 150 obtains the transaction information upon entering an authorization zone (e.g., the authorization zone 104 ). See FIGS. 29A-29C and the accompanying text for further discussion of interrupted transactions. For example, interrupted transactions arise from the loss of a network connection (e.g., the mobile device 150 has no cellular reception) or power.
- an authorization zone e.g., the authorization zone 104
- interrupted transactions arise from the loss of a network connection (e.g., the mobile device 150 has no cellular reception) or power.
- FIGS. 28A-28B have been described is merely exemplary and is not intended to indicate that the described order is the only order in which the operations could be performed.
- One of ordinary skill in the art would recognize various ways to reorder the operations described herein.
- details of other processes described herein with respect to other methods described herein e.g., the method 1400 in FIGS. 27A-27C , the method 1600 in FIGS. 29A-29C , and the method 1700 in FIGS. 30A-30D ) are also applicable in an analogous manner to the method 1500 described above with respect to FIGS. 28A-28B .
- FIGS. 29A-29C illustrate a flowchart diagram of a method 1600 of pay payment processing acknowledgment in accordance with some implementations.
- the method 1600 is performed by a payment module with one or more processors, memory, and one or more first communication capabilities, which is coupled with a payment accepting unit (e.g., the payment accepting unit 120 (sometimes also herein called “machine 120 ”) ( FIGS. 5 and 19 ) such as a vending machine or kiosk for dispensing goods and/or services).
- the method 1600 is performed by the adapter module 100 , ( FIGS. 5 and 20 ).
- the method 1600 is governed by instructions that are stored in a non-transitory computer readable storage medium (e.g., the memory 760 , FIG. 20 ) and the instructions are executed by one or more processors (e.g., the processing unit 750 , FIG. 20 ) of the payment module.
- processors e.g., the processing unit 750 , FIG. 20
- Optional operations are indicated by dashed lines (e.g., boxes with dashed-line borders).
- the payment module obtains ( 1602 ), from the payment accepting unit, a first notification indicating completion of a first transaction performed by a first user of a first device at the payment accepting unit and an amount of the first transaction. For example, in step 1202 of the process 1200 in FIG. 25A , the payment module 100 obtains a first notification from the payment accepting unit 120 after a first transaction is completed at the payment accepting unit 120 .
- the payment module ( 1604 ): generates first transaction information based at least in part on the first notification; stores the generated first transaction information; and sends the generated first transaction information to the first device via one of the one or more first communication capabilities.
- the payment module 100 generates the transaction information 1150 ( FIG.
- the 24D which includes the transaction ID 1152 (e.g., which sequentially increases after each completed transaction), the module ID 1154 (e.g., a unique ID for the payment module 100 ), the user ID 1156 (e.g., a unique user ID of the mobile device 150 such as a MAC address), the authorization grant 1158 , the transaction status 1160 (e.g., complete, incomplete, or aborted), the transaction amount 1162 (e.g., $1.00), and/or other information 1164 .
- the other information 1164 includes, in some implementations, information included in the packet 1100 ( FIG.
- the first transaction information is also stored until reception of an acknowledgement from the first device (e.g., the mobile device 150 ).
- the transaction information 1150 is stored in the memory 760 ( FIG. 20 ) of the payment module 100 .
- the one or more first communication capabilities correspond to a short-range communication protocol.
- short-range communication protocols include BLE, NFC, and/or other protocols utilizing non-persistent communication channels.
- the first device forwards the first transaction information to a server (e.g., the server 130 ) via a second communication capability (e.g., a long-range communication protocol such as CDMA, GSM, Wi-Fi, or the like), and the server 130 debits the account of the first user of the first device based on the amount of the first transaction, which is indicated in the first transaction information.
- a server e.g., the server 130
- the server 130 sends encrypted acknowledgment information via the second communication capability to the first device, and the first device forwards the encrypted acknowledgment information to the payment module via the first communication capability.
- the payment module After sending the first transaction information to the first device and in accordance with a determination that first acknowledgement information is received from the first device within a predetermined time period, the payment module deletes ( 1606 ) the stored first transaction information generated for the first transaction performed by the first user of the first device.
- the payment module 100 marks the first and second transaction as complete (in addition to or instead of deleting the first and second transaction information). For example, when the predetermined time period is 30 seconds, the payment module 100 deletes the first transaction information stored in the memory 760 ( FIG. 20 ) if the first acknowledgment information is received within 30 seconds of sending the first transaction information.
- the payment module 100 determines whether the first acknowledgement information is received within a predetermined time period by comparing a timestamp of the stored first transaction information and the current time when (or if) the first acknowledgement is received.
- the payment module encrypts ( 1608 ) the generated first transaction information, and the first acknowledgement information is encrypted.
- the first transaction information is encrypted with a key corresponding to the payment module 100
- the first acknowledgement information is encrypted with a key selected by the server 130 that corresponds to the payment module 100 .
- the keys are distinct, the same, or mutually known.
- the payment module After sending the first transaction information to the first device and in accordance with a determination that the first acknowledgement information is not received from the first device within the predetermined time period, the payment module maintains ( 1610 ) the stored first transaction information generated for the first transaction performed by the first user of the first device.
- an acknowledgement is not received because the first device (e.g., the mobile device 150 ) loses power.
- the first device loses its long-range communication connection to the server 130 , and is therefore unable to forward the first transaction information to a server for debiting the first user's account, or receiving an acknowledgement from the server 130 .
- the user of the first device maliciously severs the long-range communication connection to interrupt the transaction information from being sent to the server 130 , or to interrupt the acknowledgement information from being received by the payment module 100 .
- the payment module 100 if the payment module 100 does not receive the acknowledgment information within the predetermined time period, or if the acknowledgment information cannot be decrypted (e.g., it has been fraudulently modified or accessed), the payment module 100 maintains the first transaction information (e.g., keeps transactions information 1150 stored in the memory 760 , FIG. 20 ) and attempts to send the first transaction information to the server 130 via another device (e.g., a second mobile device 150 ).
- the payment module leverages a subsequent second transaction involving a second device, and the first transaction information is sent to the second device with second transaction information that corresponds to a second transaction initiated by the user of the second device.
- the payment module in accordance with the determination that the first acknowledgement information is not received from the first device within a predetermined time period, the payment module disables ( 1612 ) usage rights for the first user at the payment accepting unit. For example, the first user or user ID associated with the first device is suspended from performing cashless transactions, and further authorization grant tokens received from the first user or user ID are ignored by the payment module 100 . Thus, for example, the first user cannot initiate another transaction cashless transaction with the payment module 100 .
- the server 130 and/or payment module 100 records a history of incomplete transactions.
- the server 130 and/or payment module 100 blacklists the user only after a predefined number of incomplete transactions (e.g., 20 incomplete transactions), accounting for incomplete transactions that arise from non-malicious actions, such as a loss of cellular connection or power.
- a predefined number of incomplete transactions e.g. 20 incomplete transactions
- accounting for incomplete transactions that arise from non-malicious actions such as a loss of cellular connection or power.
- the payment module broadcasts ( 1614 ) an information packet via one of the one or more first communication capabilities, where the information packet includes one or more status flags indicating one or more unacknowledged first transactions including the first transaction performed by the first user of the first device.
- the payment module 100 broadcasts packets (e.g., the packet 1100 , FIG. 24A ) which include the status flags 1108 that indicate (e.g., upload information indicator 1116 ) that the payment module 100 has information that needs to be uploaded to the server 130 (e.g., transaction information for the interrupted/unacknowledged first transaction).
- the transaction information 1150 FIG. 24D
- the transaction information 1150 corresponding to an incomplete transaction is appended to the advertised information instead of merely setting the upload information indicator 1116 in the broadcast advertised information.
- the payment module after determining that the first acknowledgement information is not received from the first device within the predetermined time period, obtains ( 1616 ), from the payment accepting unit, a second notification indicating completion of a second first transaction performed by a second user of a second device at the payment accepting unit and an amount of the first transaction.
- the payment module 100 In response to receiving the second notification, the payment module 100 generates second transaction information based at least in part on the second notification, stores the generated second transaction information, and sends the generated first transaction information and the generated second transaction information to the second device via one of the one or more first communication capabilities.
- the payment module 100 leverages the subsequent second transaction by sending the first transaction information with the second transaction information.
- an authorization zone e.g., authorization zone 104 , FIG. 1
- transaction information corresponding to the first user's incomplete first transaction is transmitted to the second device.
- the payment modules deletes ( 1618 ) the stored first transaction information generated for the first transaction performed by the first user of the first device and the stored second transaction information generated for the second transaction performed by the second user of the second device.
- the server 130 sends acknowledgement information to the payment module 100 via the second device 150 - 2 , which acknowledges reception of the first transaction information and the second transaction information.
- the payment module 100 deletes the first transaction information and the second transaction information.
- the payment module in accordance with a determination that the second acknowledgement information is not received from the second device within a predetermined time period, the payment module maintains ( 1620 ) the stored first transaction information generated for the first transaction performed by the first user of the first device and the stored second transaction information generated for the second transaction performed by the second user of the second device.
- the payment module 100 leverages a subsequent transaction involving a third device, and both the first and second transaction information are sent to the third device with third transaction information that corresponds to a third transaction initiated by the user of the third device.
- FIGS. 29A-29C have been described is merely exemplary and is not intended to indicate that the described order is the only order in which the operations could be performed.
- One of ordinary skill in the art would recognize various ways to reorder the operations described herein.
- details of other processes described herein with respect to other methods described herein e.g., the method 1400 in FIGS. 27A-27C , the method 1500 in FIGS. 28A-28B , and the method 1700 in FIGS. 30A-30D ) are also applicable in an analogous manner to the method 1600 described above with respect to FIGS. 29A-29C .
- FIGS. 30A-30D illustrate a flowchart diagram of a method 1700 of updating firmware of the payment module in the payment processing system in accordance with some embodiments.
- the method 1700 is performed by a device (e.g., the mobile device 150 ) with one or more processors, memory, and two or more communication capabilities.
- the method 1700 is governed by instructions that are stored in a non-transitory computer readable storage medium (e.g., the memory 860 , FIG. 21 ) and the instructions are executed by one or more processors of the mobile device 150 (e.g., the processing unit 850 , FIG. 21 ).
- Optional operations are indicated by dashed lines (e.g., boxes with dashed-line borders).
- a payment module e.g., the payment module 100 , FIG. 26A
- a server e.g., the server 130 , FIG. 26A
- firmware version is out-of-date
- one or more devices e.g., the mobile device 150
- the device serves as a communications bridge between the payment module and the server, whereby the device obtains a verification request from the payment module, which the device then sends to the server for processing (e.g., the server 130 verifies that the data packets are non-corrupted and complete). After processing the verification request, the server sends a firmware command to the device, which the device then sends to the payment module for execution.
- a device obtains ( 1702 ), from a payment module (e.g., the payment module 100 ), advertised information via a first communication capability, where the advertised information at least includes a current firmware version of the payment module.
- the current firmware version corresponds to a timestamp (e.g., Feb. 5, 2014), while in other implementations, the current firmware version is denoted by a version number (e.g., v1.4). Advertised information is described in greater detail herein with respect to FIG. 24A .
- the first communication capability corresponds ( 1704 ) to a short-range communication protocol.
- short-range communication protocols include BLE, NFC, and/or other protocols utilizing non-persistent communication channels.
- the device determines ( 1708 ) that the current firmware version of the payment module satisfies one or more predefined firmware criteria.
- the current firmware version of the payment module is compared ( 1710 ) with a firmware version stored by the device, and the one or more predefined firmware criteria are satisfied ( 1712 ) if the current firmware version of the payment module does not match the firmware version stored by the device.
- the device obtains an indication (e.g., from the server 130 , FIG. 26A ) that the firmware version it stores is the latest firmware version.
- the latest firmware version is determined from a timestamp associated with the firmware. Alternatively, in some implementations, it is presumed that the firmware version stored by the device is the latest version.
- the predefined firmware criteria are satisfied if the current firmware version of the payment module predates the firmware version stored by the device (e.g., the firmware of payment module 100 has a timestamp of Feb. 5, 2014, compared to the firmware of mobile device 150 which has a timestamp of Apr. 4, 2014), or has a version number less than the firmware version stored by the device (e.g., firmware v1.4 of the payment module 100 compared to firmware v1.5 of the mobile device 150 , where the firmware version numbers are assigned in monotonically ascending order by the server 130 ).
- the predefined firmware criteria are satisfied if the current firmware version of the payment module is newer than the firmware version stored by the device. This arises, for example, if a firmware rollback procedure is initiated, where the newer firmware version of the payment module is overwritten with an older firmware version of the device.
- the device receives, from a server, the determination that the current firmware version of the payment module satisfies one or more predefined firmware criteria.
- the device sends the current firmware version of the payment module to the server (e.g., the server 130 , FIG. 26A ) via a second communication capability (e.g., GSM), where the server determines (e.g., by comparing the current firmware version of the payment module and a latest version of the firmware) if the current firmware version satisfies predefined firmware criteria (as described in greater detail above).
- the server e.g., the server 130 , FIG. 26A
- the server determines (e.g., by comparing the current firmware version of the payment module and a latest version of the firmware) if the current firmware version satisfies predefined firmware criteria (as described in greater detail above).
- the device prior to sending firmware update information and in accordance with a determination that the current firmware version of the payment module does not match the firmware version stored by the first device ( 1714 ), the device sends ( 1716 ), to a server, a firmware update request so as to update the firmware of the payment module via a second communication capability.
- the second communication capability corresponds ( 1718 ) to a long-range communication protocol.
- the long-range communication protocol is one of GSM, Wi-Fi, CDMA, LTE, and/or the like.
- the device in response to sending the firmware update request, receives ( 1720 ) from the server, a firmware update approval message, and in response to receiving the firmware update approval message, the device sends ( 1724 ), to the payment module, the firmware update approval message.
- the server e.g., server 130
- the server permits or declines the firmware update request for any of a number of reasons (e.g., firmware stored by the mobile device 150 is out of date).
- firmware update approval message includes ( 1722 ) a verification value for each of the one or more data packets and a hash value for the firmware update information.
- sending the firmware update information via the first communication capability includes ( 1726 ), in response to receiving the firmware update approval message from the server, sending, to the payment module, the firmware update information via the first communication capability.
- the device obtains ( 1728 ) update status information from the payment module, wherein the update status information indicates remaining packets for updating the current firmware version of the payment module.
- the update status information indicating remaining packets e.g., packets 50 - 100
- the update status information is sent by the payment module 100 after receiving a firmware update approval message
- the update status information is included in broadcasted packet 1100 that is broadcast by the payment module 100 .
- the update status information indicates one or more data packets received for updating the current firmware version of the payment module to the most recent firmware version.
- the update status information identifies the firmware version to which the remaining and/or received data packets correspond.
- sending the firmware update information via the first communication capability is based on the update status information.
- the device sends ( 1730 ), to the payment module, firmware update information via the first communication capability, where the firmware update information includes one or more data packets for updating the current firmware version of the payment module.
- the firmware update information is stored by the device, and was included in a latest update to the application 140 associated with the payment processing system.
- the firmware update information is obtained from a server (e.g., the server 130 , FIG. 26A ) via a second communication capability (e.g., GSM), and sent to the payment module via the first communication capability.
- a server e.g., the server 130 , FIG. 26A
- a second communication capability e.g., GSM
- advertised information further includes ( 1706 ) an authorization zone threshold criterion, and the device determines ( 1732 ) that the authorization zone threshold criterion is satisfied. For example, in some implementations, the device starts transmitting data packets to update the payment module firmware upon entering the authorization zone (e.g., the authorization zone 140 , FIG. 1 ) of the payment module. In some implementations, once the device has started transmitting data packets, if the device later leaves the authorization zone, the device continues to transmit data packets as long as the device remains with the communication zone of the payment module (e.g., BLE range), or, alternatively, the device ceases transmission of data packets.
- the device starts transmitting data packets to update the payment module firmware upon entering the authorization zone (e.g., the authorization zone 140 , FIG. 1 ) of the payment module.
- the device once the device has started transmitting data packets, if the device later leaves the authorization zone, the device continues to transmit data packets as long as the device remains with the communication zone of the payment module (e
- the device obtains ( 1734 ) additional advertised information, where the additional advertised information at least includes update status information.
- the additional advertised information further includes a new authorization code and/or status flags.
- the update status information identifies ( 1738 ) one or more remaining data packets (e.g., packets 50 - 100 ) for updating the current firmware version of the payment module to the most recent firmware version.
- the update status information identifies ( 1740 ) one or more data packets received for updating the current firmware version of the payment module to the most recent firmware version.
- the update status information identifies the firmware version to which the remaining and/or received data packets correspond.
- the update status information is included in transaction information (e.g., the transaction information 1150 , after completing a transaction).
- the update status information includes ( 1736 ) a verification request.
- a verification request is generated and included in update status information when the payment module 100 has received all data packets necessary for completing the firmware update.
- a verification request is generally associated with a request to implement the received data packets in order to update the firmware of the payment module 100 .
- a verification request is a request for a server (e.g., the server 130 , FIG. 26A ) to determine if any received data packets are corrupted, if the received data packets form a complete set sufficient to initiate a firmware update, and/or if the received data packets correspond to a latest firmware version.
- a verification request is a checksum performed by the payment module on the received data packets for the firmware update according to a predefined checksum algorithm. Furthermore, in some implementations, the verification request is sent to the server with transaction status information (e.g., transaction information 1150 , FIG. 24D ) after a user completes a transaction (e.g., the step 1260 in process 1250 of FIG. 25B ).
- transaction status information e.g., transaction information 1150 , FIG. 24D
- the device sends ( 1742 ), to a server, at least the current firmware version and a verification request via a second communication capability.
- the second communication capability corresponds ( 1744 ) to a long-range communication protocol (e.g., GSM, Wi-Fi, CDMA, LTE, and/or the like).
- the verification request is sent by the payment module directly to the server via a secure communications channel (e.g., an encrypted channel).
- the device obtains ( 1746 ), from the server, a firmware command via the second communication capability, and sends ( 1748 ), to the payment module, the firmware command via the first communication capability.
- the server processes the verification request prior to issuing a firmware command to the device to send to the payment module.
- the server determines if any received data packets are corrupt (e.g., by using a checksum), if the received data packets form a complete set sufficient to initiate a firmware update, and/or if the received data packets correspond to a latest firmware version.
- the server issues an approval code and/or a firmware command to initiate an update of the payment module's firmware.
- the server determines whether a checksum included in the verification request matches a checksum value determined by the server for the firmware update indicated by the verification request (e.g., a version number). For example, if the checksum included in the verification request does not match the server's checksum, the server issues a firmware command to not implement the firmware update and to delete the data packets corresponding to the firmware update associated with the verification request was sent. In this example, the checksums may not match if one or more of the data packets for the firmware update are corrupted or have been altered.
- the firmware command is a rollback command (e.g., ignore firmware update and keep current firmware version of the payment module 100 ), a delete command (e.g., deleting either all or a portion of the data packets for the firmware update), or an initialization command (e.g., initializing the firmware update in the payment module 100 ).
- a rollback command e.g., ignore firmware update and keep current firmware version of the payment module 100
- a delete command e.g., deleting either all or a portion of the data packets for the firmware update
- an initialization command e.g., initializing the firmware update in the payment module 100 .
- the firmware command is encrypted with an encryption key that corresponds to the payment module (e.g., a shared secret key or a public key in an asymmetric cryptography scheme).
- an encryption key that corresponds to the payment module (e.g., a shared secret key or a public key in an asymmetric cryptography scheme).
- a second device with one or more processors, memory, and two or more communication capabilities, obtain ( 1750 ), from the payment module, advertised information via the first communication capability, where the advertised information at least includes a current firmware version of the payment module and the update status information.
- the second device determines ( 1752 ) whether the current firmware version of the payment module predates a most recent firmware version. In accordance with a determination that the current firmware version of the payment module satisfies one or more predefined firmware criteria, the second device sends ( 1754 ), to the payment module, firmware update information via the first communication capability, where the firmware update information one or more additional data packets for updating the current firmware version based at least in part on the update status information.
- multiple devices send to the payment module portions of a complete set of data packets needed for a firmware update, where the data packets sent by one device are distinct from the data packets sent by another device.
- a firmware update includes data packets 1 through 100
- a first device e.g. the mobile device 150
- a second device a different mobile device 150 , not shown
- FIGS. 30A-30D have been described is merely exemplary and is not intended to indicate that the described order is the only order in which the operations could be performed.
- One of ordinary skill in the art would recognize various ways to reorder the operations described herein.
- details of other processes described herein with respect to other methods described herein e.g., the method 1400 in FIGS. 27A-27C , the method 1500 in FIGS. 28A-28B , and the method 1600 in FIGS. 29A-29C ) are also applicable in an analogous manner to the method 1600 described above with respect to FIGS. 30A-30D .
- the term “or” is used in its nonexclusive form (e.g., “A or B” includes A, B, A and B, or any combination thereof, but it would not have to include all of these possibilities). It should be noted that, unless otherwise specified, “and/or” is used similarly (e.g., “A and/or B” includes A, B, A and B, or any combination thereof, but it would not have to include all of these possibilities). It should be noted that, unless otherwise specified, the terms “includes” and “has” mean “comprises” (e.g., a device that includes, has, or comprises A and B contains A and B, but optionally may contain C or additional components other than A and B). It should be noted that, unless otherwise specified, the singular forms “a,” “an,” and “the” refer to one or more than one, unless the context clearly dictates otherwise.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Telephonic Communication Services (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
Abstract
A payment module with one or more processors, memory, and a first communication capability is coupled with a payment accepting unit (e.g., an automatic retailing machine for dispensing goods and/or services). The payment module obtains a notification indicating completion of a transaction, and an amount thereof, performed by user of a device at the payment accepting unit. In response to receiving the notification, the payment module generates and stores transaction information based on the notification; and sends the transaction information to the device via the first communication capability (e.g., BLE). After sending the transaction information to the device, the payment module: deletes the stored transaction information if acknowledgement information is received from the device within a predetermined time period; and maintains the stored transaction information if the acknowledgement information is not received from the device within the predetermined time period.
Description
- The present application is a continuation of U.S. patent application Ser. No. 14/320,534, filed Jun. 30, 2014, which is a continuation-in-part of U.S. patent application Ser. No. 14/214,644, filed Mar. 14, 2014, which claims priority to U.S. Provisional Patent Application No. 61/917,936, filed Dec. 18, 2013 and is a continuation-in-part of U.S. Design patent application No. 29/477,025, filed Dec. 18, 2013. The present application is based on and claims priority from these applications, the disclosures of which are hereby expressly incorporated herein by reference.
- The present application is related to U.S. patent application Ser. No. ______, Attorney Docket Number 104402-5007-US, entitled “METHOD AND SYSTEM FOR TRANSMITTING MACHINE STATE INFORMATION,” filed ______, and U.S. patent application Ser. No. ______, Attorney Docket Number 104402-5009-US, entitled “METHOD AND SYSTEM FOR UPDATING FIRMWARE USING A MOBILE DEVICE AS A COMMUNICATIONS BRIDGE,” filed ______.
- The present application relates to the field of payment processing systems, and in particular, to a mobile-device-to-machine payment processing system over a non-persistent network connection.
- Vending machines (or “automatic retailing” machines), in the broadest sense, have been around for thousands of years. The first simple mechanical coin operated vending machines were introduced in the 1880s. Modern vending machines stock many different types of products including, but not limited to drinks (e.g., water, juice, coffee, and soda) and edible food products/items (e.g., snacks, candy, fruit, and frozen meals), as well as a wide variety of non-food items. In this fast paced world, vending machines are ubiquitous.
- Vending machines are one type of “payment accepting unit” (payment accepting units are also referred to herein generically as “machines”). A payment accepting unit (or machine) is equipment that requires payment for the dispensing of products and/or services. In addition to vending machines, payment accepting units can also be other machines that require payment for the dispensing of a product and/or services including, but not limited to parking meters, toll booths, laundromat washers and dryers, arcade games, kiosks, photo booths, toll booths, transit ticket dispensing machines, and other known or yet to be discovered payment accepting units.
- In using a payment accepting unit, a user will (1) approach the payment accepting unit, (2) determine from the face of the payment accepting unit the product (or service) he/she desires, (3) insert payment (e.g., coins, bills, or payment cards), and (4) input his/her selection into the payment accepting unit using a user interface (e.g., a series of buttons, a key pad, touch screen, or other input mechanism using, for example, the column and row at which a product is located). Based on the user's inputted selection, technology within the payment accepting unit provides the desired product (or service) to the user.
- As the number of people with Internet-connected mobile devices proliferates, so does the variety of uses for such devices. Mobile payment is a logical extension. There is a large development effort around bringing mobile payment to the retail sector in an effort to not only provide options to the user, but also increased convenience.
- Disclosed herein is a payment processing system or, more specifically, a mobile-device-to-machine payment processing system over a non-persistent network connection with hands-free and manual (sometimes also herein called “swipe” or “swipe-to-pay” mode) modes.
- In some implementations, a method of payment processing is performed at a device (e.g., the
mobile device 150,FIGS. 5 and 21 ) with one or more processors, memory, and two or more communication capabilities. The method includes obtaining, from a payment module (e.g., theadapter module 100,FIGS. 5 and 20 ), advertised information via a first communication capability (e.g., a short-range communication technology/protocol such as BLE), where the advertised information at least includes an authorization code. The method includes sending, to a server (e.g., theserver 130,FIGS. 5 and 22 ), at least the authorization code from the advertised information via a second communication capability distinct from the first communication capability (e.g., a long-range communication technology/protocol such as GSM, CDMA, or Wi-Fi). In response to sending at least the authorization code, the method includes obtaining, from the server, authorization information via the second communication capability, where the authorization information at least includes an authorization grant token. After obtaining the authorization information, the method includes detecting a trigger condition to perform a first transaction with a payment accepting unit (e.g., the payment accepting unit 120 (sometimes also herein called “machine 120”) (FIGS. 5 and 19 ) such as a vending machine or kiosk for dispensing goods and/or services) associated with the payment module. In response to detecting the trigger condition, the method includes sending, to the payment module, the authorization grant token via the first communication capability. - In some implementations, a method of transmitting machine status information is performed at a device (e.g., the
mobile device 150,FIGS. 5 and 21 ) with one or more processors, memory, and two or more communication capabilities. The method includes obtaining, from a payment module (e.g., theadapter module 100,FIGS. 5 and 20 ), advertised information via a first communication capability (e.g., the short-range communication technology/protocol such as BLE), where the advertised information at least includes status information indicating one or more states of at least one of a payment module and a payment accepting unit associated with the payment module. The method includes sending, to a server (e.g., theserver 130,FIGS. 5 and 22 ), at least the status information from the advertised information via a second communication capability distinct from the first communication capability (e.g., the long-range communication technology/protocol such as GSM, CDMA, or Wi-Fi). - In some implementations, a method of payment processing acknowledgment information is performed at a payment module (e.g., the
adapter module 100,FIGS. 5 and 20 ) coupled with a payment accepting unit (e.g., the payment accepting unit 120 (sometimes also herein called “machine 120”) (FIGS. 5 and 19 ) such as a vending machine or kiosk for dispensing goods and/or services), the payment module including one or more processors, memory, and one or more first communication capabilities. The method includes obtaining, from the payment accepting unit, a first notification indicating completion of a first transaction performed by a first user of a first mobile device (e.g., themobile device 150,FIGS. 5 and 21 ) at the payment accepting unit and an amount of the first transaction. In response to receiving the notification, the method includes: generating first transaction information based at least in part on the first notification; storing the generated first transaction information; and sending the generated first transaction information to the first mobile device via one of the one or more first communication capabilities (e.g., the short-range communication technology/protocol such as BLE). After sending the first transaction information to the first mobile device, the method includes: deleting the stored first transaction information generated for the first transaction performed by the first user of the first mobile device in accordance with a determination that first acknowledgement information has been received from the first mobile device within a predetermined time period; and maintaining the stored first transaction information generated for the first transaction performed by the first user of the first mobile device in accordance with a determination that the first acknowledgement information has not been received from the first mobile device within the predetermined time period. - In some implementations, a method of updating firmware is performed at a first device (e.g., the
mobile device 150,FIGS. 5 and 21 ) with one or more processors, memory, and two or more communication capabilities. The method includes obtaining, from a payment module (e.g., theadapter module 100,FIGS. 5 and 20 ), advertised information via a first communication capability (e.g., the short-range communication technology/protocol such as BLE), where the advertised information at least includes a current firmware version of the payment module. In accordance with a determination that the current firmware version of the payment module satisfies one or more predefined firmware criteria (i.e., indicating that the payment module's firmware needs updating), the method includes sending, to the payment module, firmware update information via the first communication capability, where the firmware update information includes one or more data packets for updating the current firmware version of the payment module. - In some implementations, a device (e.g., the adapter module 100 (
FIGS. 5 and 20 ), the mobile device 150 (FIGS. 5 and 21 ), the server 130 (FIGS. 5 and 22 ), or a combination thereof) includes one or more processors and memory storing one or more programs for execution by the one or more processors, the one or more programs include instructions for performing, or controlling performance of, the operations of any of the methods described herein. In some implementations, a non-transitory computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which, when executed by a device (e.g., the adapter module 100 (FIG. 20 ), the mobile device 150 (FIG. 21 ), the server 130 (FIG. 22 ), or a combination thereof) with one or more processors, cause the computer system to perform, or control performance of, the operations of any of the methods described herein. In some implementations, a device (e.g., the adapter module 100 (FIG. 20 ), the mobile device 150 (FIG. 21 ), the server 130 (FIG. 22 ), or a combination thereof) includes means for performing, or controlling performance of, the operations of any of the methods described herein. - The subject matter described herein is particularly pointed out and distinctly claimed in the concluding portion of this specification. Objectives, features, combinations, and advantages described and implied herein will be more readily understood upon consideration of the following detailed description of the invention, taken in conjunction with the accompanying drawings.
-
FIG. 1 is a schematic diagram that shows three zones: a “communication zone” (e.g., Bluetooth range), an “authorization zone,” and a “payment zone” in accordance with some implementations. -
FIG. 2 is a schematic diagram that shows the three zones ofFIG. 1 with multiple users therein in accordance with some implementations. -
FIG. 3 is a table that illustrates the hands-free credit or alert user principle in accordance with some implementations. -
FIG. 4 is a flow chart showing the logging received signal strength indicator (RSSI) information in accordance with some implementations. -
FIG. 5 is a block schematic that shows elements of the payment processing system including, but not limited to, the adapter module, the machine, the mobile device, and servers, as well as communications therebetween in accordance with some implementations. -
FIG. 6 is a block schematic that shows three areas of encryption used (each is bi-directional) between the adapter module, the machine, the mobile device, and/or servers in accordance with some implementations. -
FIG. 7 is a block diagram that shows communications, messaging, vending sequence, and purchase flow between the adapter module, the mobile device, and a system management server in accordance with some implementations. -
FIG. 8A is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) when the user enters the “communication zone” (e.g., Bluetooth range) in accordance with some implementations. -
FIG. 8B is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) when the user enters the “authorization zone” in accordance with some implementations. -
FIG. 8C is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) when the user enters the “payment zone” and, in particular, detailing a hands-free mode embodiment and a swipe mode embodiment in accordance with some implementations. -
FIG. 8D is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) in a vending transaction including a loop for multiple transactions in accordance with some implementations. -
FIG. 8E is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) in the login mode in accordance with some implementations. -
FIG. 8F is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) during boot-up of the adapter module in accordance with some implementations. -
FIG. 8G is a schematic process flow diagram that shows additional elements and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) during an account check/update process in accordance with some implementations. -
FIGS. 9A-9E are flow charts that show example steps and features of the payment processing system (e.g., communications, messaging, vending sequence, and purchase flow) in accordance with some implementations. -
FIGS. 10A-10D show a mobile device with a graphical representation of a mobile application shown thereon, the mobile application being used as part of the mobile-device-to-machine payment processing system in accordance with some implementations. -
FIG. 11 is a perspective view of the in-line dongle adapter module in accordance with some implementations. -
FIG. 12 is a front plan view of the in-line dongle adapter module ofFIG. 11 in accordance with some implementations. -
FIG. 13 is a back plan view of the in-line dongle adapter module ofFIG. 11 in accordance with some implementations. -
FIG. 14 is a side view of the in-line dongle adapter module ofFIG. 11 in accordance with some implementations. -
FIG. 15 is a first end view of a connector receptacle of the in-line dongle adapter module ofFIG. 11 in accordance with some implementations. -
FIG. 16 is a second end view of a connector receptacle of the in-line dongle adapter module ofFIG. 11 in accordance with some implementations. -
FIG. 17 is a perspective view taken from the first end of the in-line dongle adapter module ofFIG. 11 , the connectors and cables between which the in-line dongle adapter module is inserted being shown in broken lines for illustrative purposes in accordance with some implementations. -
FIG. 18 is a perspective view taken from the second end of the in-line dongle adapter module ofFIG. 11 , the connectors and cables between which the in-line dongle adapter module is inserted being shown in broken lines for illustrative purposes in accordance with some implementations. -
FIG. 19 is a perspective view of the in-line dongle adapter module ofFIG. 11 within a vending machine in accordance with some implementations. -
FIG. 20 is a block diagram of an adapter module in accordance with some implementations. -
FIG. 21 is a block diagram of a mobile device in accordance with some implementations. -
FIG. 22 is a block diagram of a server in accordance with some implementations. -
FIG. 23 is a schematic flow diagram of a process for authenticating a user to perform a transaction in the payment processing system in accordance with some implementations. -
FIG. 24A is a block diagram of a packet of information broadcast by the payment module (sometimes also herein called the “adapter module”) in accordance with some implementations. -
FIG. 24B is a block diagram of an authorization request in accordance with some implementations. -
FIG. 24C is a block diagram of an authorization grant token in accordance with some implementations. -
FIG. 24D is a block diagram of transaction information generated by the payment module in accordance with some implementations. -
FIG. 25A is a schematic flow diagram of a process for processing acknowledgment information in the payment processing system in accordance with some implementations. -
FIG. 25B is a schematic flow diagram of a process for processing interrupted transactions in the payment processing system in accordance with some implementations. -
FIGS. 26A-26C show schematic flow diagrams of processes for updating firmware of the payment module in the payment processing system in accordance with some implementations. -
FIGS. 27A-27C illustrate a flowchart diagram of a method of payment processing in accordance with some implementations. -
FIGS. 28A-28B illustrate a flowchart diagram of a method of transmitting machine status information in accordance with some implementations. -
FIGS. 29A-29C illustrate a flowchart diagram of a method of payment processing acknowledgment in accordance with some implementations. -
FIGS. 30A-30D illustrate a flowchart diagram of a method of updating firmware in accordance with some implementations. - Like reference numerals refer to corresponding parts throughout the several views of the drawings.
- Disclosed herein is a payment processing system or, more specifically, a mobile-device-to-machine payment processing system for processing transactions over a non-persistent network connection. The mobile-device-to-machine payment processing system disclosed herein focuses on the unattended retail space (e.g., a
payment accepting unit 120, sometimes also herein called a “machine 120”). More specifically, the mobile-device-to-machine payment processing system disclosed herein allows a user (having amobile device 150 with amobile application 140 thereon) to make a cashless purchase from a payment accepting unit 120 (having anadapter module 100 associated therewith). - The mobile-device-to-machine payment processing system described herein can be implemented with one or more of the following features: easy installation feature, a non-persistent network connection feature; a manual (swipe to pay) mode feature; a hands-free mode feature; and a multiple vending transactions (multi-vend) feature.
- Easy Installation: Installation is very easy, requires no tools, requires no configuration, and takes as little as 30 seconds. This is accomplished by using an adapter module 100 (sometimes also herein called “
payment module 100”) such as an in-line dongle (a hardware device with software thereon) design for in-line insertion within a multi-drop bus (MDB) of a payment accepting unit 120 (e.g., a vending machine) (sometimes also herein called ‘themachine 120′’). Installation is as simple as “powering down” (turning off) themachine 120, identifying the “wire” that connects with a payment receiving mechanism (e.g., the coin mechanism), disconnecting the wire (so that there are two loose ends, such as a male connection end or adapter of an MDB and a female connection end or adapter of an MDB), plugging (inserting) theadapter module 100 in serial (“in-line”) with the wire (e.g., connecting the MDB female adapter to a male adapter of theadapter module 100 and connecting the MDB male adapter to a female adapter of the adapter module 100), tucking the wire and the installedadapter module 100 back into position, and “powering up” (turning on) themachine 120. Most vending machines made since 1995 have this industry standard MDB technology that would allow this easy 30-second installation. On machines without MDB technology, theadapter module 100 can be configured or designed to work with other serial protocols or activate a switch. In essence theadapter module 100 simulates establishing payment onpayment accepting unit 120 in much the same manner as other alternative forms of payment (e.g., cash). - Non-persistent Network Connection: Although payment accepting units (or “machines”) that accept only cash (e.g., paper currency and coins) may not require a connection (persistent or non-persistent) to a network, traditional payment accepting units that accept cashless payments (e.g., credit cards, debit cards, and alternative mobile device payment methods using, for example, smart phones) require a persistent connection to a network (wired or wireless) to facilitate the cashless payments. In other words, without a persistent (ongoing or accessible on demand) network connection, traditional payment accepting units cannot accept cashless payments. Most traditional payment accepting units that accept cashless payments include the technology to accomplish this persistent network connection that allows them to connect to a remote server. If the network connection to a traditional machine is temporarily interrupted, cashless payments will be temporarily unavailable. If the machine is located in a location where no network connection is available, cashless payments is not possible. In addition to using a
mobile device 150 as an intermediary between thepayment accepting units 120 and theserver 130, the mobile-device-to-machine payment processing system described herein minimizes (i.e., the manual mode) or eliminates (i.e., the hands-free mode) user interaction with themobile device 150. Further, in some implementations, the mobile-device-to-machine payment processing system described herein facilitates the acceptance of cashless payments without requiring any network connection near thepayment accepting unit 120. In some implementations, when the mobile-device-to-machine payment processing system described herein is located in a remote location where network connection is unavailable, the mobile-device-to-machine payment processing system, therefore, can still accept cashless payments. - Manual (Swipe-to-Pay) Mode: Using a “swipe-to-pay” feature (or just “swipe”) refers to a user's action implemented on his/her
mobile device 150 where he/she quickly brushes his/her finger (or other pre-determined interaction) on the mobile device's touch screen 152 (FIGS. 10A-10D ) or other input devices associated with themobile device 150. From the user's perspective, when the user is within range, a pre-installedmobile application 140 automatically connects to the payment accepting unit 120 (e.g., a vending machine). Themobile application 140 might display (on the touch screen 152) a prepaid balance that the user “swipes” to transfer payment to thepayment accepting unit 120. The user could observe the transferred funds on thetouch screen 152 of themobile device 150 and/or on thedisplay 122, 124 (FIG. 19 ) of thepayment accepting unit 120. The transaction is completed just as if cash was inserted in themachine 120 with the user inputting his selection on thepayment accepting unit 120 and thepayment accepting unit 120 dispensing the product or service. After the selection is made, the change is returned to themobile device 150 and this may be shown on thetouch screen 152 of themobile device 150. - Hands-Free Mode: A “hands-free pay” feature (or just “hands-free”) would most likely be used with “favorite” payment accepting units 120 (e.g., a frequently used vending machine at a user's work or school). From the user's perspective, he/she would approach the favorite
payment accepting unit 120 and notice that thedisplay 122, 124 (FIG. 19 ) of thepayment accepting unit 120 shows funds available, he/she would select the product or service using the payment accepting unit's input mechanisms (e.g.,buttons 126 or atouch screen display 124 shown inFIG. 19 ), and he/she would retrieve dispensed services or products. It would be that simple. More specifically, when the user is within range, a pre-installedmobile application 140 automatically connects to the payment accepting unit 120 (e.g., a vending machine). The user may leave themobile device 150 in a pocket, purse, briefcase, backpack, or other carrier. As the user approaches thepayment accepting unit 120 and is in approximately “arm's-length” distance (e.g., 3 to 5 feet) of thepayment accepting unit 120, the user could observe the transferred funds on thedisplay 122, 124 (FIG. 19 ) of thepayment accepting unit 120. The transaction is completed just as if cash was inserted into thepayment accepting unit 120 with the user inputting his/her selection on thepayment accepting unit 120 and thepayment accepting unit 120 dispensing the product or service. After the selection is made, the change is returned to themobile device 150.FIG. 3 details when the hands-free mode would be available. - Multiple Vending Transactions (Multi-Vend): Both the manual and hands-free modes could be used multiple times in sequence (implemented, for example, as a loop) so that a user may make multiple purchases. After making his/her first selection and receiving his product (or service), the user would observe that additional funds were available on the
display 122, 124 (FIG. 19 ) on thepayment accepting unit 120. He/she could make another selection (or multiple selections) and receive additional product(s) (or service(s)). More specifically, thedisplay 122, 124 (FIG. 19 ) may reset as if the transaction is complete, but then, because the user is still standing in range, themobile application 140 would send another credit to thepayment accepting unit 120, allowing for a second purchase. When the user walks away, the system clears (e.g., returns unused funds to theapplication 140 on the mobile device 150). - The features described above, alone or in combination with other features described herein will revolutionize the hundred billion dollar automated retail industry. The hardware is very low cost and there are no reoccurring fees because no cellular connection is required on the
machine 120. Using the mobile-device-to-machine payment processing system described herein, operators ofmachines 120 can increase frequency of visits by purchasers and items sold with each visit. - The mobile-device-to-machine payment processing system described herein may be implemented as an apparatus, system, and/or method for enabling payments to a
machine 120 via amobile device 150. The mobile-device-to-machine payment processing system may be better understood with reference to the drawings, but the shown mobile-device-to-machine payment processing system is not intended to be of a limiting nature. - Before describing the mobile-device-to-machine payment processing system and the figures, some of the terminology should be clarified. Please note that the terms and phrases may have additional definitions and/or examples throughout the specification. Where otherwise not specifically defined, words, phrases, and acronyms are given their ordinary meaning in the art. The following paragraphs provide some of the definitions for terms and phrases used herein.
- Adapter Module 100: As shown in
FIGS. 1 and 2 , the adapter module 100 (sometimes also herein called the “payment module 100”) is a physical device that is installed in a machine 120 (a payment accepting unit 120). The shownadapter module 100 is an in-line dongle (a hardware device with software thereon) device that may be inserted in-line within a multi-drop bus (MDB) of amachine 120. Theadapter module 100 bridges the communication between themachine 120 and amobile device 150. Although described as a unique component, it should be noted that theadapter module 100 could be implemented as a plurality of devices or integrated into other devices (e.g., components of a machine 120). In its unique component form, theadapter module 100 can be easily inserted into amachine 120 so that themachine 120 is able to perform new features with the assistance of theadapter module 100.FIG. 20 shows components associated with theadapter module 100. As shown inFIG. 20 , thecommunications unit 770 of theadapter module 100 includes short-range communication capability 776 (e.g., Bluetooth mechanisms). The shown example may be divided into multiple distinct components that are associated with each other or the example may be incorporated into or drawn from other technology (e.g., a computer or a payment accepting unit) as long as the components are associated with each other. -
Mobile Device 150 and Application 140 (also referred to as a “mobile application,” “mobile app,” or “app”): In general, amobile device 150 may be a user's personalmobile device 150. The mobile device 150 (with amobile application 140 thereon) acts as a communication bridge between the adapter module 100 (associated with a payment accepting unit 120) and theserver 130. Themobile device 150 and theapplication 140, however, are not “trusted” in that the communications (transmissions) it passes are encrypted. Encrypted (secured) communications are undecipherable (unencryptable, unreadable, and/or unuseable) by themobile device 150. This keeps the communications passed between theadapter module 100 and theserver 130 secured and safe from hacking Mobile devices include, but are not limited to smart phones, tablet or laptop computers, or personal digital assistants (PDAs), smart cards, or other technology (e.g., a hardware-software combination) known or yet to be discovered that has structure and/or capabilities similar to the mobile devices described herein. Themobile device 150 preferably has an application (e.g., the application 140) running on it. The term “app” is used broadly to include any software program(s) capable of implementing the features described herein.FIGS. 10A-10D show user interfaces for theapplication 140 displayed by themobile device 150. It should be noted that the phrase “mobile device” can be assumed to include the relevant app unless specifically stated otherwise. Similarly, it should be noted that an “app” can be assumed to be running on an associated mobile device unless specifically stated otherwise.FIG. 21 shows components associated with themobile device 150. The shown example may be divided into multiple distinct components that are associated with each other or the example may be incorporated into or drawn from other technology (e.g., the cell phone itself) as long as the components are associated with each other. - Payment Accepting Unit 120 (or Machine 120): A payment accepting unit 120 (or the machine 120) is equipment that requires payment for the dispensing of an product and/or service.
Payment accepting units 120 may be vending machines, parking meters, toll booths, laundromat washers and dryers, arcade games, kiosks, photo booths, toll booths, transit ticket dispensing machines, and other known or yet to be discoveredpayment accepting units 120. Somepayment accepting units 120 can accept cashless payments (payments other than cash (paper currency and coins)) by accepting payment from, for example, credit cards, debit cards, and mobile devices. - Network Connections: For purposes of this discussion, a persistent network connection is a wired or wireless communications connection that is ongoing (e.g., a dedicated connection, a dedicated online connection, and/or a hardwired connection) or accessible on demand (e.g., the ability for the machine to make a temporary connection to a server or the ability for the user to contact a server from his mobile device). Typically the persistent network connection has been conducted over “long-range communication technology” or “long-range communication protocol” (e.g., hardwired, telephone network technology, cellular technology (e.g., GSM, CDMA, or the like), Wi-Fi technology, wide area network (WAN), local area network (LAN), or any wired or wireless communication technology over the Internet that is known or yet to be discovered). Traditionally, machines that accept payment other than cash require a persistent (ongoing or accessible on demand) connection to a network to facilitate payment. This is true for machines that accept, for example, credit cards and debit cards. The
payment accepting units 120 described herein do not require a traditional persistent network connection. The user'smobile device 150 acts as a communication bridge between theadapter module 100 and theserver 130. Communications between usermobile devices 150 and the servers (e.g., asystem management server 130 and/or a funding source server 160) take place using long-range communication technology. Communications between usermobile devices 150 and theadapter module 100 of thepayment accepting unit 120 take place using “short-range communication technology” or “short-range communication protocol” (e.g., Bluetooth (such as Bluetooth 4.0, Bluetooth Smart, Bluetooth Low Energy (BLE)), near-field communication (NFC), Ultra Wideband (UWB), radio frequency identification (RFID), infrared wireless, induction wireless, or any wired or wireless technology that could be used to communicate a small distance (approximately a hundred feet or closer) that is known or yet to be discovered). Therefore, neither theadapter module 100 nor thepayment accepting unit 120 requires a traditional persistent long-range wireless network connection. The communications technology shown in the figures may be replaced with alternative like communications technology and, therefore, specific shown communications technologies are not meant to be limiting. For example, Wi-Fi technology could be replaced with another long-range communication technology. - Server: A server is the host processing server that may be operated by the company running the payment processing system. For each user, the
server 130 preferably maintains at least one “virtual wallet” having at least one “balance” (which can be $0) of designated funds for which theserver 130 keeps an accounting. The balance may represent, for example, “cash” or it may be a “promotional value” that represents funds that may be spent under certain circumstances. If these funds begin to be depleted, the user may be notified (e.g., via theapplication 140 on the mobile device 150) that additional funds need to be designated and/or transferred. Alternatively, funds from other sources (e.g., the funding source server 160) may be automatically transferred to restore a predetermined balance. The balance may also be increased based on a promotion (e.g., points earned or coupons). As shown inFIG. 22 , the server includesappropriate processors 950, memory 960 (which would keep an accounting of the user's balance in a manner similar to a gift card), andcommunication systems 970. As shown inFIG. 22 , thecommunications unit 970 of theserver 130 includes long-range communication capability 972 (e.g., cellular technology and/or Wi-Fi mechanisms). Theserver 130 also includes asecurity unit 955 for encrypting and decrypting messages. Theserver 130 receives an authorization request (sometimes also herein called an “AuthRequest”) from the adapter module 100 (via a mobile device 150) and, if funds are available, returns an authorization grant (sometimes also herein called an “AuthGrant” or an “authorization grant token”) for funds.FIG. 22 shows components associated with theserver 130. The shown example may be divided into multiple distinct components that are associated with each other or the example may be incorporated into or drawn from other technology (e.g., a computer or a main frame) as long as the components are associated with each other. - Advertise Presence: Each
adapter module 100 advertises its presence by broadcasting signals (advertising broadcast signals) to mobile devices in thezones adapter module 100 can listen to other adapter modules' advertisements. - Received Signal Strength Indicator (RSSI): The
adapter module 100 may have a self-calibrating signal strength to determine zone thresholds (e.g., a payment zone threshold and an authentication zone threshold). At the time the user selects an item (product or service) from thepayment accepting unit 120, the Received Signal Strength Indicator (RSSI) is logged. At this moment, it is presumed the user is within “arm's-length” (which may be a predetermined length approximating the distance of a user standing in front of a machine for the purpose of making a purchase) from thepayment accepting unit 120. A mathematical computation (i.e., In-Range Heuristics) is conducted to derive the optimal RSSI threshold at which point payment should be triggered by anapplication 140 on amobile device 150. The threshold may be payment accepting unit specific and can vary over a period of time. This optimal zone threshold is preferably reported to themobile device 150 during an initial handshake. - In-Range Heuristics: A mathematical computation that determines the RSSI threshold to determine when a user is in the
authorization zone 104 and/or thepayment zone 102. This computation can take into consideration numerous historical data points as well as transaction specific information such as which themobile device 150 is being used, payment accepting unit type, among other factors. Preferably the RSSI is logged while the user is making his selection (this is the one time in the entire process that the user definitely will be “in range” (e.g., they will be arm's length from themachine 120 because they are physically interacting with the machine 120). The type of usermobile device 150, accelerometer data (e.g., is the user moving or stationary), and/or other information may also be logged while the user is making his selection. Theadapter module 100 can give a reference RSSI for thepayment zone 102 for themachine 120, and theapplication 140 can make a +/−adjustment based on the specificmobile device 150 on which it is installed. Over a period of time, the payment processing system continues to improve itself based on additional data points. - Authorization Request (“AuthRequest:): When a user enters the
authorization zone 104, themobile device 150 notifies theadapter module 100 and theadapter module 100 sends a secured authorization request (e.g., the encrypted authorization request) as a “message” (also referred to as a communication or transmissions) to theserver 130 via themobile device 150. Encryption may be performed by a security unit 755 (FIG. 20 ) with security technology (e.g., encryption and decryption means) that may be associated with theprocessing unit 750 and/or thememory 760. Significantly, the AuthRequest is a request for authorization of funds, not a request for authorization of a transaction. The purpose of the funds is irrelevant to theserver 130. - Authorization Grant Token (“AuthGrant”): This is a “message” (also referred to as a communication or transmissions) encrypted by the security unit 955 (
FIG. 22 ) with security technology (e.g., encryption and decryption means) of theserver 130 with the unique private key corresponding to theadapter module 100. The secured authorization grant (e.g., the encrypted authorization grant) is passed from theserver 130 to theadapter module 100 via themobile device 150 in the form of a message. Themobile device 150, however, is not able to decrypt and/or read the message. The authorization grant is in response to the authorization request. The amount of the funds granted by the AuthGrant may be determined by factors including, but not limited to, the amount of funds available (or, if funds are not available, a mini-loan could be granted), a pre-authorized amount (e.g., set by the server, set by the user during set-up, set by the funding source, or a standard amount), limited by time (e.g., only a certain amount per hour, or a predetermined amount at specific times of the day), limited to the maximum amount of an item on the machine (or enough for two or three items in the machine), or one or more of these and other factors. Significantly, the AuthGrant makes the funds available, but does not authorize a transaction. The AuthGrant may have an associated expiration period in that it may expire if it is not used in a pre-determined time period. The length of time before the AuthGrant expires may be determined by factors including, but not limited to, the trustworthiness of the user (e.g., the user has a long history with the payment processing system or some known provider (e.g., credit card provider, bank, or credit union), the user has a good credit rating, or the user has a large wallet balance), a pre-authorized time period (e.g., set by the server, set by the user during set-up, set by the funding source, or a standard time period), limited by time (e.g., predetermined time periods at specific times of the day such as longer times during breakfast, lunch, and dinner), limited by the machine or the products or services sold in the machine, limited by the number of other users near the machine (e.g., if it is a crowded machine, the AuthGrant may expire faster), or one or more of these and other factors. The AuthGrant remains valid until it expires or some other event occurs to end its validity (e.g., the user cancels it). This means that under normal circumstances themobile device 150 will hold the AuthGrant authorizing use of funds for a pre-determined time period that will allow the user sufficient time to make a purchase. The authorized amount may be considered to be the “wallet balance” that is held in a virtual “wallet.” - Synchronization: Time may be synchronized to the
adapter module 100 from theserver 130. Theserver 130 sends time information with encrypted messages and theadapter module 100 uses the time encoded in the messages for synchronization. - The mobile-device-to-machine payment processing system and components thereof may have associated hardware, software, and/or firmware (a variation, subset, or hybrid of hardware and/or software). The term “hardware” includes at least one “processing unit,” “processor,” “computer,” “programmable apparatus,” and/or other known or yet to be discovered technology capable of executing instructions or steps (shown as the
processing unit 750 inFIG. 20 , theprocessing unit 850 inFIG. 21 , and theprocessing unit 950 inFIG. 22 ). The term “software” includes at least one “program,” “subprogram,” “series of instructions,” or other known or yet to be discovered hardware instructions or hardware-readable program code. Software may be loaded onto hardware (or firmware) to produce a “machine,” such that the software executes on the hardware to create structures for implementing the functions described herein. Further, the software may be loaded onto the hardware (or firmware) so as to direct the mobile-device-to-machine payment processing system (and components thereof) to function in a particular manner described herein or to perform a series of operational steps as described herein. “Hardware” such as theadapter module 100, themobile device 150, and thepayment accepting unit 120 may have software (e.g., programs and apps) loaded thereon. The phrase “loaded onto the hardware” also includes being loaded into memory (shown as thememory 760 inFIG. 20 , thememory 860 inFIG. 21 , and thememory 960 inFIG. 22 ) associated with or accessible by the hardware. The term “memory” is defined to include any type of hardware (or other technology)-readable media (also referred to as computer-readable storage medium) including, but not limited to, attached storage media (e.g., hard disk drives, network disk drives, servers), internal storage media (e.g., RAM, ROM, EPROM, FLASH-EPROM, or any other memory chip or cartridge), removable storage media (e.g., CDs, DVDs, flash drives, memory cards, floppy disks, flexible disks), firmware, and/or other known or yet to be discovered storage media. Depending on its purpose, the memory may be transitory and/or non-transitory. Appropriate “messages,” “communications,” “signals,” and/or “transmissions” (that includes various types of information and/or instructions including, but not limited to, data, commands, bits, symbols, voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, and/or any combination thereof) over appropriate “communication paths,” “transmission paths,” and other means for signal transmission including any type of connection between two elements on the payment processing system (e.g., theadapter module 100, themobile device 150, thepayment accepting unit 120, hardware systems and subsystems, and memory) would be used as appropriate to facilitate controls and communications. - It should be noted that the terms “programs” and “subprograms” are defined as a series of instructions that may be implemented as software (i.e. computer program instructions or computer-readable program code) that may be loaded onto a computer to produce a “machine,” such that the instructions that execute on the computer create structures for implementing the functions described herein or shown in the figures. Further, these programs and subprograms may be loaded onto a computer so that they can direct the computer to function in a particular manner, such that the instructions produce an article of manufacture including instruction structures that implement the function specified in the flow chart block or blocks. The programs and subprograms may also be loaded onto a computer to cause a series of operational steps to be performed on or by the computer to produce a computer implemented process such that the instructions that execute on the computer provide steps for implementing the functions specified in the flow chart block or blocks. The phrase “loaded onto a computer” also includes being loaded into the memory of the computer or a memory associated with or accessible by the computer. Separate, albeit interacting, programs and subprograms may be associated with the
adapter modules 100, theserver 130, and the mobile device 150 (including the mobile application 140) and these programs and subprograms may be divided into smaller subprograms to perform specific functions. - The terms “messages,” “communications,” “signals,” and/or “transmissions” include various types of information and/or instructions including, but not limited to, data, commands, bits, symbols, voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, and/or any combination thereof. Appropriate technology may be used to implement the “communications,” “signals,” and/or “transmissions” including, for example, transmitters, receivers, and transceivers. “Communications,” “signals,” and/or “transmissions” described herein would use appropriate technology for their intended purpose. For example, hard-wired communications (e.g., wired serial communications) would use technology appropriate for hard-wired communications, short-range communications (e.g., Bluetooth) would use technology appropriate for close communications, and long-range communications (e.g., GSM, CDMA, Wi-Fi, or the like) would use technology appropriate for remote communications over a distance. Appropriate security (e.g., SSL or TLS) for each type of communication is included herein. The
security units FIG. 20 ) of theadapter module 100 is shown as including appropriate input and output mechanisms 772, 774 that may be implemented in association (e.g., directly or indirectly in functional communication) with male andfemale adapters adapter module 100. The communications unit 870 (shown inFIG. 21 ) of themobile device 150 includes mechanisms for both long-range communications (shown as the long-range communication capability 872 such as cellular and/or Wi-Fi mechanisms) for communicating with theserver 130 and short-range communications (shown as the short-range communication capability 876 such as Bluetooth mechanisms) for communicating with theadapter module 100. - When used in relation to “communications,” “signals,” and/or “transmissions,” the terms “provide” and “providing” (and variations thereof) are meant to include standard means of provision including “transmit” and “transmitting,” but can also be used for non-traditional provisions as long as the “communications,” “signals,” and/or “transmissions” are “received” (that can also mean obtained). The terms “transmit” and “transmitting” (and variations thereof) are meant to include standard means of transmission, but can also be used for non-traditional transmissions as long as the “communications,” “signals,” and/or “transmissions” are “sent.” The terms “receive” and “receiving” (and variations thereof) are meant to include standard means of reception, but can also be used for non-traditional methods of obtaining as long as the “communications,” “signals,” and/or “transmissions” are “obtained.”
- The term “associated” is defined to mean integral or original, retrofitted, attached, connected (including functionally connected), positioned near, and/or accessible by. For example, if the user interface (e.g., a traditional display 122 (
FIG. 19 ), a touch screen display 124 (FIG. 19 ), a key pad 126 (FIG. 19 ), buttons 126 (FIG. 19 , shown as part of the key pad 126), a keyboard (not shown), and/or other input or output mechanism) is associated with apayment accepting unit 120, the user interface may be original to thepayment accepting unit 120, retrofitted into thepayment accepting unit 120, attached to thepayment accepting unit 120, and/or a nearby thepayment accepting unit 120. Similarly,adapter modules 100 may be associated withpayment accepting units 120 in that theadapter modules 100 may be original to thepayment accepting unit 120, retrofitted into thepayment accepting unit 120, attached to thepayment accepting unit 120, and/or a nearby thepayment accepting unit 120. -
FIGS. 5 , 6, and 7 together show major components of the mobile-device-to-machine payment system and the interactions there-between. - As shown, the
adapter module 100 functionally connected bi-directionally to thepayment accepting unit 120 via a wired serial connection such that no security is necessary. Theadapter module 100 is also functionally connected bi-directionally to the mobile device 150 (and its installed mobile application 140) via short-range communication technology (e.g., a Bluetooth connection). Because themobile device 150 is not a “trusted” link (e.g., it could be hacked by a user), only secured communications (transmissions) are passed between theadapter module 100 and themobile device 150. This keeps communications secured and safe from hacking. The mobile device 150 (and its installed mobile application 140) is also functionally connected bi-directionally to asystem management server 130 and/or afunding source server 160 via long-range communication technology (e.g., Wi-Fi or Cellular connection) that preferably has appropriate security (e.g., SSL security). Security between themobile device 150 and thesystem management server 130 has the advantage of protecting communications from themobile device 150 to thesystem management server 130 that may include sensitive data and may not be encrypted. Thesystem management server 130 and thefunding source server 160 may be connected via a wired Internet connection with SSL security. Thesystem management server 130 may be connected via a wired Internet connection with SSL security to an operators'server 170. Although not necessary to implement a purchase transaction, for other purposes (e.g., inventory), the operators'server 170 may be connected to thepayment accepting unit 120 using a handheld computer sync or a cellular connection. - Also, a unique private key may be used to securely transmit encrypted messages between the
adapter module 100 and the system management server 130 (although the encrypted transmissions would most likely be routed through the mobile device 150). Theserver 130 stores a private key for eachadapter module 100, and this key is only known to theadapter module 100 and theserver 130. No intermediary is privy to this key (especially not the mobile device 150). When theadapter module 100 and theserver 130 communicate messages (e.g., AuthRequest and AuthGrant), thesecurity unit 755 of theadapter module 100 encrypts the message with its private key and passes the message to themobile device 150. The mobile device 150 (which preferably cannot decrypt the message) passes the encrypted message to theserver 130. Theserver 130 is able to decrypt the message using thesecurity unit 955 of theadapter module 100 and the unique private key. Thesecurity unit 955 of theserver 130 uses this same unique private key to encrypt messages to theadapter module 100 and sends the message to themobile device 150 to relay to theadapter module 100 that is able to decrypt the message using thesecurity unit 755 of theadapter module 100 and the unique private key. -
FIG. 7 shows specific communications and messaging with a vending sequence (the numbers to the left of the communications and messaging) between theadapter module 100, themobile device 150, and thesystem management server 130. These communications are discussed in more detail in the discussion pertaining to the schematic flow diagrams (FIGS. 8A-8G ) and the flow charts (FIGS. 9A-9E ). - It should be noted that
FIGS. 5 , 6, and 7 are examples, and are meant to help in the understanding of the mobile-device-to-machine payment system. For example, the shown long-range communications technology may be replaced with alternative long-range communications technology known or yet to be discovered, the shown short-range communication technology may be replaced with alternative short-range communication technology known or yet to be discovered, and the shown security may be replaced with alternative security known or yet to be discovered. The shown connections are meant to be examples, and there may be intermediaries that are not shown. The shown components have been simplified in that, for example, only one mobile device 150 (ormachine 120,adapter module 100, or server 130) is shown where many may be included. Finally, the order of the steps may be changed and some steps may be eliminated. -
FIGS. 11-18 show views ofadapter module 100 a (referred to generally as adapter module 100).Adapter module 100 is a relatively low cost hardware component that is pre-configured to work with the industry standard multi-drop bus (MDB). On machines without MDB technology, theadapter module 100 can be configured or designed to work with other serial protocols or activate a switch. In essence theadapter module 100 simulates establishing payment onpayment accepting unit 120 in much the same manner as other alternative forms of payment (e.g., cash). - The shown
adapter modules 100 are preferably designed to be used as an in-line dongle for in-line insertion within, for example, a MDB of amachine 120. The wire used in MDB technology uses male and female connection ends or adapters to allow the attachment of peripherals. In the case of a vending machine, the wire with the connection ends or adapters would be present to allow the attachment of a payment receiving mechanism (e.g., a coin mechanism). The MDB male andfemale adapters FIGS. 17-18 ). Theadapter module 100 a in FIGS. 11 and 17-18 has amale adapter 720 and afemale adapter 730. Theadapter module 100 a may be plugged (inserted) in serial (“in-line”) with the wire. For example, the MDBfemale adapter 710 may be connected to themale adapter 720 of theadapter module 100 and theMDB male adapter 700 may be connected to thefemale adapter 730 of theadapter module 100. The resulting in-line configuration is shown inFIG. 19 . It should be noted that theadapter modules 100 are designed to allow pass-through communications so that if the mobile-device-to-machine payment processing system is not enabled (e.g., for a particular purchase or simply turned off) the MDB functions as though theadapter module 100 is not there and themachine 120 can function normally. - Summarily, if it is available, a hands-free mode, from the user's perspective, would allow the user to approach a favorite
payment accepting unit 120 and notice that the display (e.g., thedisplays FIG. 19 ) associated with thepayment accepting unit 120 shows funds available (e.g., the wallet balance), he would select the product or service using input mechanisms (e.g.,buttons 126 or atouch screen display 124 shown inFIG. 19 ) associated with thepayment accepting unit 120, and he would retrieve his dispensed services or products. - During an initial handshake with the mobile device 150 (when the user is within range), the
adapter module 100 reports to themobile device 150 whether or not hands-free mode is available. If it is available, the installedmobile application 140 automatically connects to thepayment accepting unit 120 without the user having to interact with themobile device 150. The user observes that funds are available on thedisplay payment accepting unit 120 and completes the purchase transaction as if cash was inserted in themachine 120 by inputting his selection on thepayment accepting unit 120. Thepayment accepting unit 120 dispenses the product or service. After the selection is made, the change is returned to themobile device 150. - Whether hands-free payment is available is determined by factors including, but not limited to whether if other
mobile devices 150 are in range, ifother adapter modules 100 are in range, if there are any alerts, if the payment trigger threshold is having wide variances and so deemed unstable, or if the payment accepting unit operator (e.g., a vending machine operator) has opted to disable hands-free mode for thepayment accepting unit 120. In the latter instance, operators can disable via a maintenancemobile device 150, as well as through the operators'server 170 and/or thesystem management server 130. -
FIG. 3 is a table that shows considerations, conditions, or factors that may be used to determine whether the hands-free pay feature is available. Starting at the “Favorite?” column, this indicates whether thepayment accepting unit 120 is a favorite machine. Preferably the hands-free pay feature is only available for use with “favorite” payment accepting units 120 (e.g., a vending machine at work or school). The “Alert” column has to do with whether there is some reason (e.g., there are too many users in range) that the hands-free pay feature should not work and, if there is such a reason, the user will be notified (alerted) and may be able to use the manual mode to resolve the alert and/or complete the transaction.FIG. 3 shows situations in which a user is or is not able to make hands-free purchases from amachine 120 using amobile application 140 on hismobile device 150. It should be noted that the shown interface is an example. For example, some of the features could be automated or pre-selected. (It should be noted that the left hand column, the “Tab” column, relates to whether the selected tab on themobile application 140 is “all” or “favorite.”FIGS. 10A-10D all show these tabs. Unlike the other columns inFIG. 3 , this column has more to do with the functionality and view of theapplication 140 than specifically with the hands-free feature. The tabs would allow a user to select whether he wanted to be alerted when he was in range of allpayment accepting units 120 or just “favorite”payment accepting units 120 and theapplication 140 would show the appropriate view.) - Balance Display: An optional feature of the mobile-device-to-machine payment system that is particularly helpful in the hands-free mode (although it may be available in the manual mode and/or in a multiple-vend scenarios) is when the user's
mobile device 150 sends “credit” to the payment accepting unit 120 (either via hands-free payment or through a manual swipe), the wallet balance is sent to thepayment accepting unit 120 that is then displayed to the user on adisplay machine 120. This is particularly beneficial during hands-free mode when the user does not retrieve themobile device 150 and, therefore, may not know the balance. Also, in a multiple-vend scenario the user would not have to calculate a remaining balance. - An example of a hands-free, multiple-vend scenario where a balance is displayed by the
payment accepting unit 120, follows: The user has $5.00 in his/her virtual wallet as that is the amount that has been authorized (the AuthGrant being stored on the mobile device 150). The user walks up to thepayment accepting unit 120 and $5.00 is displayed on thedisplay payment accepting unit 120 since hands-free mode was enabled and credit was sent (e.g., via the short-range communication capability) to thepayment accepting unit 120. The user makes a selection of $1.50 by interacting (e.g., pressing buttons) with themachine 120. The item (product or service) is dispensed and the “change” is “returned” (e.g., via the short-range communication capability) to the virtual wallet. But since the user is still standing in thepayment zone 102, the remaining wallet balance of $3.50 is sent to thepayment accepting unit 120 and displayed so that the user can now see that he/she has a $3.50 balance. (It should be noted that the authorized funds may remain on themachine 120 and not be transferred back to themobile device 150 between transactions.) The user decides to purchase a $1.50 item, and the transaction is completed as usual (e.g., by interacting with the machine 120). Now the user is still standing in thepayment zone 102 and he/she sees the wallet balance of $2.00 on thedisplay payment accepting unit 120. The user decides that he/she does not wish to purchase anything else and simply walks away. As he/she walks out of thepayment zone 102, the credit is cleared from themachine 120, but he/she is left with the knowledge that his wallet balance is $2.00 even though he/she never touched themobile device 150. Communications between thepayment accepting unit 120 and the adapter module 100 (via the mobile device 150) handle the accounting incidental to the transaction. The remaining balance ($2.00) is technically stored on theserver 130, and may be reflected on theapplication 140 on themobile device 150. - As shown in
FIGS. 1-2 , the functions performed by theadapter module 100 can be divided into distinct zones: a first “communication zone” (e.g., “Bluetooth range” 106), a second “authorization zone” 104, and a third “payment zone” 102. Thepayment zone 102 is smaller than or equal to (overlapping completely) theauthorization zone 104. Put another way, thepayment zone 102 is within or coextensive with theauthorization zone 104. Thepayment zone 102 is a subset of theauthorization zone 104 with a ratio of thepayment zone 102 to theauthorization zone 104 ranging from 0.01:1 to 1:1. It is not necessarily a fixed ratio and can vary between differentpayment accepting units 120, differentmobile devices 150, different users, and over time. While thezones Bluetooth range 106 may vary depending on environmental conditions such as obstacles in the room andpayment accepting unit 120 door/wall materials. - Bluetooth Range 106 (sometimes also herein called the “communication zone”): The outermost range is the Bluetooth range 106 (shown in
FIGS. 1-2 ). This is the area in which theadapter module 100 is able to broadcast its presence. In most situations, theBluetooth range 106 is a passive range in that no actual data is exchanged between themobile device 150 and theadapter module 100. While in theBluetooth range 106, themobile device 150 monitors the RSSI (Received Signal Strength Indicator). - Authorization Zone 104: The middle region is the authorization zone 104 (shown in
FIGS. 1-2 ). This is a computed area based on the RSSI. As mentioned, themobile device 150 monitors the RSSI while it is in theBluetooth range 106. When the RSSI reaches a certain predetermined threshold based on In-Range Heuristics, themobile device 150 can be considered to be in theauthorization zone 104. In theauthorization zone 104 themobile device 150 establishes a connection to the adapter module 100 (e.g., a Bluetooth connection (FIG. 5 ) with SSL protection (FIG. 6 )) and informs theadapter module 100 of its presence. After a successful handshake with theadapter module 100, themobile device 150 registers theadapter module 100 and theadapter module 100 requests an authorization to theserver 130 via the mobile devices' network connection (e.g., a Wi-Fi or cellular connection (FIG. 5 ) with SSL protection (FIG. 6 )). It is important to note themobile device 150 and theadapter module 100 have a non-exclusive relationship at this point. Theadapter module 100 may collect registrations for allmobile devices 150 that are within theauthorization zone 104. - An authorization occurs in preparation for when the user enters the payment zone 102 (shown in
FIGS. 1-2 ). An authorization expires in a set period of time (for example, five minutes), so if themobile device 150 is still in theauthorization zone 104 at the time of expiration, theadapter module 100 submits for and receives another authorization. This will continue for a set number of times (for example, the limit may be three times to limit cases of numerous authorizations for a mobile device that may remain in theauthorization zone 104 for an extended period of time without completing a transaction). Should authorization fail (for instance if the limit had been reached) prior to the user entering thepayment zone 102, theadapter module 100 will request authorization when themobile device 150 enters the payment zone 102 (which adds a few seconds to the experience). - Payment Zone 102: As a user enters the
payment zone 102, themobile device 150 establishes exclusive control of theadapter module 100. Once established, any other user in thepayment zone 102 is put into a “waiting” status. - In the
payment zone 102, the payment can be triggered automatically if the payment processing system has and is in hands-free mode. In such instances, themobile device 150 is running theapplication 140 in background mode and will send credit to thepayment accepting unit 120 without any explicit user interaction. The user completes the transaction on thepayment accepting unit 120 in much the same manner as if cash had been inserted into thepayment accepting unit 120 to establish credit. After the user completes the transaction (that may include one or more purchases), details of the transaction are preferably returned to themobile device 150 andserver 130 in separate messages. The message to theserver 130 is preferably encrypted with the adapter module's 100 private key (FIG. 6 ) to ensure data integrity. As shown inFIG. 7 , the “private key” coded message (Encrypted VendDetails) is preferably sent via themobile device 150. The message to themobile device 150 may be sent solely for the purpose of closing the transaction. The transaction history and balance are updated server-side via the encrypted message sent to theserver 130. - The other mode of operation is manual mode. In manual mode, the user launches the
mobile device 150 and is able to swipe to send payment to thepayment accepting unit 120. The user can also swipe back to cancel the payment. Like in hands-free mode, the purchase transaction is completed on thepayment accepting unit 120 in the same manner as if cash were inserted into thepayment accepting unit 120. Themobile device 150 is only used to send payment. Selection is made directly on thepayment accepting unit 120. - Self-Calibrating Zone Threshold: A key, but optional feature, of the payment processing system is a self-calibrating payment zone RSSI threshold. Because RSSI can vary machine to machine, environment to environment, and device to device, having a fixed threshold at which payment is triggered can be problematic. The approach suggested herein is the creation of a self-calibrating threshold. When the user is interacting with the payment accepting unit 120 (such as when he makes his selection on the payment accepting unit 120), the
payment accepting unit 120 notifies theadapter module 100 and theadapter module 100 logs the conditions such as RSSI, type of usermobile device 150, accelerometer data, and other information. It is at this point that it can be ascertained safely that the user is within arm's-length from the payment accepting unit 120 (by necessity the user is arm's-length because he is making some physical interaction with the payment accepting unit 120). This is the only point in the entire transaction in which it can be certain that the user is within arm's-length from thepayment accepting unit 120. -
FIG. 4 shows a simplified set of steps involved when users enter thepayment zone 102. Specifically,FIG. 4 shows that credit is established 200 (this may have been done in theauthorization zone 104, but if not it would be handled in the payment zone 102), that the user makes a selection using themachine 202, that the machine notifies the adapter module of theselection 204, that the adapter module (optionally) logs theRSSI 206, and that the purchase process(es) continues 208. Using the historically logged RSSI data, theadapter module 100 calculates one of several “average” RSSI using various mathematical models. This “average” could be a traditional average, a moving average, a weighted average, a median, or other similar summary function. Theadapter module 100 could pre-process the historical data before running the function, such as to eliminate top and bottom data points, suspect data points, etc. - Optionally, during the handshake between the
mobile device 150 and theadapter module 100, the information transmitted to theadapter module 100 may include, for example, the model of themobile device 150. Using the received information pertaining to the mobile device models, theadapter module 100 can create multiple payment thresholds, one for each mobile device model. This allows for variances that may be inherent in different types of Bluetooth radios. An alternative to this method is for theadapter module 100 to broadcast a baseline payment zone threshold, and themobile device 150 can use an offset from this baseline based on its specific model type. The payment zone thresholds (or baseline offsets) can be unique to specific types of mobile devices (e.g., by manufacturer, operating system, or component parts), models of mobile devices, or individual mobile devices (unique to each user). - In a typical scenario in which the payment zone threshold has been calibrated, the
adapter module 100 advertises its presence along with the threshold at which it considers anymobile device 150 to be in theauthorization zone 104. This is a one-way communication fromadapter module 100 tomobile device 150. Once themobile device 150 enters theauthorization zone 104, there is a handshake that is established between theadapter module 100 and themobile device 150. During this handshake, themobile device 150 can share its model information with theadapter module 100, and theadapter module 100 can return thepayment zone 102 threshold for that specific model. - Optionally, in addition to calibrating the payment zone threshold, the
adapter module 100 can apply the self-calibrating model to theauthorization zone 104 to calibrate the authorization zone threshold. As with the payment zone thresholds, the authorization zone thresholds can be unique to specific types of mobile devices, models of mobile devices, or individual mobile devices. In this scenario, theadapter module 100 would broadcast multiple thresholds by device type and themobile device 150 would determine which threshold to apply (or alternatively broadcast a baseline and themobile device 150 uses an offset based on its device model). Even in this scenario, theauthorization zone 104 is a one-way communication. - Optionally, along with the threshold that is calculated (in the payment and/or the authorization zone(s)), a safety margin can be added to minimize scenarios in which a user is within range, but the mobile-device-to-machine payment processing system does not recognize it because the threshold may not have been reached. For example, if the calculated RSSI for an
iPhone™ 5 on machine 4567 is −68 db, the mobile-device-to-machine payment processing system may add a safety margin of −5 db, and establish the threshold at −73 db. So when a user's phone is communicating with theadapter module 100 at an RSSI of −73 db or better, the mobile-device-to-machine payment processing system will allow themobile device 150 to credit thepayment accepting unit 120. The safety margin can be set on theserver 130 and downloaded to theadapter module 100, or set on themobile device 150, or set on theadapter module 100 itself. - Optionally, in the payment zone threshold, the
mobile device 150 can use other data to determine when to cancel the exclusive control of thepayment accepting unit 120, to identify when the user is moving out of thepayment zone 102. External data could include accelerometer data from themobile device 150. Using that data, themobile device 150 can determine whether the user is standing relatively still in front of thepayment accepting unit 120, or if the user is in motion—effectively walking away from thepayment accepting unit 120. - The mobile-device-to-machine payment processing system described herein uses a mobile device's 150 short-range communication technology (e.g., Bluetooth mechanisms) (shown as short-
range communication capability 876 inFIG. 21 ) and a mobile device's 150 long-range communications technology (e.g., cellular and/or Wi-Fi mechanisms) (shown as long-range communication capability 872 inFIG. 21 ). The short-range communication capability 876 communicates with the adapter module's 100 short-range communication technology (e.g., Bluetooth mechanisms) (shown as short-range communication capability 776 inFIG. 20 ). The long-range communication capability 872 communicates with the server's 130 long-range communications technology (e.g., cellular and/or Wi-Fi mechanisms) (shown as long-range communication capability 972 inFIG. 22 ). The mobile device 150 (with amobile application 140 thereon) acts as a communication bridge between the adapter module 100 (associated with a payment accepting unit 120) and theserver 130. This process is described herein and works properly if there is cellular or Wi-Fi coverage within thepayment zone 102. - One option if there is no cellular or Wi-Fi coverage within the
payment zone 102 is to determine whether there is cellular or Wi-Fi coverage within theauthorization zone 104 or theBluetooth range 106. If there is, then the sizes of thezones mobile devices 150 detected problems with the cellular or Wi-Fi coverage within thepayment zone 102, the user could carry hismobile device 150 into the other zones (or themobile device 150 could use short-range communication technology to communicate with othermobile devices 150 within theauthorization zone 104 or the Bluetooth range 106) to determine whether the zones have cellular or Wi-Fi coverage. If they do have coverage, communication between themobile device 150 and theserver 130 can be advanced (conducted earlier when themobile device 150 is further from the machine 120) or delayed (conducted later when themobile device 150 is further from the machine 120). This can be thought of as changing the size or shapes of thezones server 130 may happen after the user has moved away from themachine 120 and has cellular or Wi-Fi coverage again. - Another option if there is no cellular or Wi-Fi coverage within any of the
zones payment accepting unit 120 equipped with an adapter module 100 (perhaps to a favorite payment accepting unit 120) that does not have (or rarely has) cellular or Wi-Fi coverage. A user may also use themobile application 140 to querypayment accepting units 120 in a given range (e.g., within 50 miles) or at a given location (e.g., at a campground or in a particular remote city) to determine whether there is cellular or Wi-Fi coverage within thezones server 130 using themobile application 140. Again, the timing would also have to be adjusted so that the authorization of funds (AuthGrant) does not expire before the user has a chance to make a purchase. It also means that balance updates to theserver 130 may happen after the user has moved away from themachine 120 and has cellular or Wi-Fi coverage again. A mobile-device-to-machine payment system having the ability to implement this option would be able to accept cashless payments without requiring any network connection near thepayment accepting unit 120. In some implementations, the mobile-device-to-machine payment processing systems described herein is located in a remote location where no signal is available, therefore, can accept cashless payments. - As an example of a situation in which there might be no cellular or Wi-Fi coverage within any of the
zones payment accepting unit 120, the user (a teenager) may be traveling to a remote location to attend summer camp where there is no cellular or Wi-Fi coverage. The camp may have several payment accepting units 120 (e.g., a machine that creates a dedicated “hot spot” that requires payment for use, vending machines, or machines for renting equipment such as bikes, kayaks, or basketballs). The camp facility might notify parents that the mobile-device-to-machine payment system is available. The parents, while at home, could obtain authorization for a particular amount (that could be doled out a certain amount per day or limited to type of machine or location) to be authorized and “loaded” into the user'smobile device 150 and specify that the authorization will not expire for a certain period or until a certain date. Thereafter, while at camp, the user could use themobile application 140 on hismobile device 150 in a manner similar to those discussed elsewhere herein. Short-range communications may be used for communications between the adapter modules 100 (associated with the machines 120) and users'mobile devices 150. - One subtle but powerful component of the payment processing system described herein is that it requires a long-range communication capability (e.g., an Internet or cellular network connection) only in the
authorization zone 104 and only for the time period required to send the AuthRequest and receive the AuthGrant. Once a valid AuthGrant is received by themobile device 150, the long-range communication capability (e.g., an Internet or cellular network connection) is not required by either themobile device 150 or theadapter module 100 in thepayment zone 102 as long as the AuthGrant is valid (unexpired). This mechanism allows the system to seamlessly handle authenticated transactions in (temporary) offline mode, with the deferred acknowledgement and transaction messages performing the bookkeeping and cleanup when network connection is regained. The alternatives described above provide a unique way to artificially extend the authorization zone to include any location where themobile device 150 can communicate with theserver 130. - As shown in
FIG. 2 , in one practical scenario, multiple users are in thezones FIG. 2 ,users payment zone 102 near themachine 120;users authorization zone 104 and theBluetooth range 106;users Bluetooth range 106,user 10 is positioned on the edge of theBluetooth range 106; andusers Bluetooth range 106. In some implementations, the mobile-device-to-machine payment processing system manages and resolves issues pertaining to multiple users. -
Users Bluetooth range 106 and theuser 10 is either entering or leaving theBluetooth range 106. Within the Bluetooth range 106 the users'mobile devices 150 are able to see the adapter module's 100 advertisement. In this zone, themobile device 150 preferably does not initiate a connection. Theadapter module 100 is preferably unaware of the users in theBluetooth range 106. All theadapter module 100 is doing is advertising its presence to any multitude of users that may be inBluetooth range 106. - The
adapter module 100 begins to log users as the users (and their respective mobile devices 150) enter the authorization zone 104 (shown inFIG. 2 asusers 5 and 6). At this point, there is a non-exclusive connection initiated by themobile device 150 to theadapter module 100. It does a handshake (e.g., to exchange information needed to obtain authorization and, optionally, to log information needed for a self-calibrating authorization zone threshold) and themobile device 150 contacts theserver 130 for an authorization (e.g., sending an AuthRequest and receiving an AuthGrant). Theadapter module 100 registers allmobile devices 150 that have requested and received AuthGrants. Theadapter module 100 continues communicating with any othermobile device 150 that enters theauthorization zone 104. After initial contact, theadapter module 100 may provide themobile device 150 with a deferral delay of when to check back in with theadapter module 100 allowing opportunity for othermobile devices 150 to communicate with theadapter module 100. - If there is only one user in the
payment zone 102, a purchase transaction may be performed. If there are multiple users in thepayment zone 102, the mobile-device-to-machine payment system must handle the situation. - One optional solution for handling the situation of the multiple users in the
payment zone 102 is queuing users in thepayment zone 102. Once anymobile device 150 enters thepayment zone 102, it establishes exclusivity to a particular mobile device 150 (e.g., in a first-come-first-serve manner). Technically, however, theadapter module 100 is not establishing an exclusive connection to themobile device 150. Theadapter module 100 can still perform a round-robin poll and communicate with and advertise to othermobile devices 150. Instead, theadapter module 100 establishes a queue prioritized by RSSI and time (e.g., who was first and whether the authorization has expired) and it notifies (e.g., alerts) othermobile devices 150 to wait. The earliest valid (unexpired) authorization takes precedence when there is any tie in the RSSI. Otherwise, for example, the strongest average RSSI takes priority. Preferably the queue is not a static measure of the RSSI but an averaged measure over the period of time in the queue. This compensates for a scenario in which a user may be walking around in the queue and then shows up at thepayment accepting unit 120 just as the previous user is finishing. If another user was also in thepayment zone 102 and stood there the entire time, but may have newer authorization, he could win out. - Anytime that the
adapter module 100 cannot determine exactly which user is in thepayment zone 102 in front of thepayment accepting unit 120, theadapter module 100 will disable hands-free payment. Themobile device 150 will send an alert to the user and he can use swipe to pay (manual mode). All users inpayment zone 102 will show “Connected” and the first to swipe payment to thepayment accepting unit 120 then locks out other users. - In the scenario where there are multiple modules present, determining which payment accepting unit 120 a user is in front of can be a challenge. In some implementations, the mobile-device-to-machine payment processing system described herein allows
adapter modules 100 to communicate toother adapter modules 100 in range via Bluetooth. Each user receives authorization grants for specificpayment accepting units 120. This means if there aremultiple adapter modules 100 within thesame authorization zone 104, there will be multiple authorization grants for the user. When the user enters thepayment zone 102, it can be difficult to differentiate whichpayment accepting unit 120 the user is in front of if thepayment zones 102 overlap. - To solve this problem, when the user enters the
payment zone 102, theadapter modules 100 communicate with each other to determine the RSSI for the particular user (based on the signal from his mobile device 150) to triangulate which adapter module 100 (and the associated payment accepting unit 120) is closer to the user. Optionally, the inter-module communications can restrict the user to establishing an exclusive connection with only onepayment accepting unit 120. - Optionally, when the user connects to a
payment accepting unit 120, themobile device 150 can send a communication to thepayment accepting unit 120 for momentary display to the user on thedisplay payment accepting unit 120. For example, themobile device 150 can send a communication (e.g., “connected” or “Fred's Mobile Device Connected”) to the payment accepting unit'sdisplay payment zone 102, it is clear whichpayment accepting unit 120 the user is connected to prior to making a purchase (either in hands-free or manual mode). - In addition, when the user is in manual mode, the
mobile device 150 can display (e.g., on thetouch screen 152 as shown inFIGS. 10A-10D ) a visual indication of the payment accepting unit 120 (e.g., a picture and/or a payment accepting unit ID of the payment accepting unit 120) for visual confirmation. If the user is in manual mode, the user can manually change thepayment accepting unit 120. -
FIG. 7 ,FIGS. 8A-8G , and 9A-9E (as well as other figures) can be used to understand a detailed scenario of the mobile-device-to-machine payment processing system described herein. A flow of communications and steps are loosely described below with reference to these (and other figures). It should be noted that alternative scenarios could include, for example, a modified order of the steps performed. - Prior to vending transactions, a user downloads a
mobile application 140 onto hismobile device 150, creates an account, and configures a funding source via, for example, afunding source server 160. A funding source may be, for example, a debit card, a credit card, campus cards, rewards points, bank accounts, payment services (e.g., PayPal™) or other payment option or combination of payment options known or yet to be discovered. The funding sources may be traditional and/or nontraditional payment sources that are integrated into the ecosystem described herein and then used indirectly as a source of funds. Funds from the funding source are preferably held on theserver 130 such that when an AuthRequest is received by theserver 130, theserver 130 can send an AuthGrant authorizing funds for a purchase. - The user can specify one or more “favorite” adapter module(s) 100 (that has a one-to-one relationship to the payment accepting unit 120) that he may visit regularly, such as a vending machine at school or work.
Favorite adapter modules 100 appear on a pre-filtered list and allow for additional rich features such as hands-free payment. - The
payment accepting unit 120 may be equipped with anadapter module 100 that is constantly advertising its availability via Bluetooth (or other “signals,” “communications,” and/or “transmissions”). This ongoing advertising and scanning for adapter modules is shown inFIG. 8A . As shown, themobile device 150 is continuously scanning for anyadapter module 100 within Bluetooth (or other “signal,” “communication,” and/or “transmission”) range. When the user is within range of thatadapter module 100, themobile device 150 tracks and monitors the signal strength until a predetermined “authorization zone” threshold is achieved. -
FIGS. 8B and 9A generally show that when the authorization zone threshold is reached, themobile device 150 enters the authorization zone (block 302) and registers theadapter module 100. Themobile device 150 connects to the server 130 (block 304). Theapplication 140 on themobile device 150 creates a request for authorization (AuthRequest) and passes the AuthRequest to theserver 130 using appropriate communication technology (e.g., GSM, CDMA, Wi-Fi, or the like) (block 306). Theserver 130 responds with an authorization grant (AuthGrant) encrypted with the specific adapter module's private key (block 306). This authorization token may minimally include the User identifier (ID), Apparatus ID (for the adapter module 100), authorization amount, and expiration time. Themobile device 150 receives the AuthGrant from theserver 130, and retains it until themobile device 150 is ready to issue payment to anadapter module 100. Themobile device 150 collects all pending AuthGrants that may be one or more depending on howmany adapter modules 100 are in-range. Unused AuthGrants that expire are purged from themobile device 150 and theserver 130. It is important to note that themobile device 150 is unable to read the AuthGrant because it is encrypted with the adapter module's unique private key that is only known toserver 130 andadapter module 100. This provides a preferred key element of security in the system as theadapter module 100 only trusts AuthGrants that are issued by theserver 130, and the AuthGrants cannot be read or modified by themobile device 150 or any other party in between the server and theadapter module 100. Additionalmobile devices 150 may enter the authorization zone 104 (block 308). - As the user approaches a
specific adapter module 100, the user enters thepayment zone 102 and an event threshold is triggered based on heuristics performed by themobile device 150.Blocks mobile device 150 from theauthorization zone 104 to enter thepayment zone 102. If the user leaves theauthorization zone 104 without entering thepayment zone 102, theadapter module 100 returns to advertising its presence (block 300). -
FIGS. 8C and 9B generally show the user entering the payment zone. Themobile device 150 verifies that it has an unexpired and valid AuthGrant. If the AuthGrant is not good, it may be requested again, repeating the Authorization Request process (block 315). If the AuthGrant is good, themobile device 150 sends the valid AuthGrant (including the wallet balance (block 322)) to theadapter module 100 to initiate a transaction. Themobile device 150 may issue the AuthGrant automatically without specific user interaction if the hands-free mode is supported (and the device is a favorite (block 318), there is only one device in the payment zone 102 (block 318), and (optionally) there is only one user in the authorization zone 104 (block 320). If any of these factors are not present, themobile device 150 will prompt and/or wait for the user to begin the transaction manually (block 324). -
FIGS. 8D , 9C, and 9D generally show the transaction process. As shown inFIG. 9C , theadapter module 100 runs through a series of questions to determine if there are any issues that would prevent vending including: has the user canceled in-app? (block 326), has the user walked away? (block 328), is the coin return pressed? (block 330), has more than a predetermined period of time elapsed? (block 332). If the answer to any of these questions is “yes,” the transaction does not proceed. If the answers to all of these questions is “no,” the user makes a selection (block 334) on thepayment accepting unit 120 in the same or similar manner as compared to if cash or credit were presented to thepayment accepting unit 120. If themachine 120 is able to vend (block 336), it attempts to release the product. If the vend fails (block 338) it is reported by the machine (block 340) and a credit is returned to the virtual wallet (block 342). If the vend is successful (block 338) it is reported by the machine (block 344). Put another way, after the transaction is complete, theadapter module 100 returns to themobile device 150 the details of the transaction as well as an encrypted packet containing the vend details to be sent to theserver 130 via themobile device 150. Optionally, theadapter module 100 can pass additional information not directly related to the transaction such as payment accepting unit health, sales data, error codes, etc. -
FIGS. 8D and 9E generally show the multi-vend function. If the machine has enabled multi-vend capabilities (block 350) and the multi-vend limit has not been reached, the process returns to the question of whether the user is in the payment zone (block 310 ofFIG. 9A ). If the machine does not have enabled multi-vend capabilities (block 350) or the multi-vend limit has been reached, the wallet is decremented by the vend amount(s) and “change” is returned to the virtual wallet (block 354) and the process ends (block 356). -
FIG. 8E is a schematic flow diagram of an example login process.FIG. 8F is a schematic flow diagram of an example boot-up process.FIG. 8G is a schematic flow diagram of an example account check/update process. - Several of the figures are flow charts (e.g.,
FIGS. 9A-9E ) illustrating methods and systems. It will be understood that each block of these flow charts, components of all or some of the blocks of these flow charts, and/or combinations of blocks in these flow charts, may be implemented by software (e.g., coding, software, computer program instructions, software programs, subprograms, or other series of computer-executable or processor-executable instructions), by hardware (e.g., processors, memory), by firmware, and/or a combination of these forms. As an example, in the case of software, computer program instructions (computer-readable program code) may be loaded onto a computer to produce a machine, such that the instructions that execute on the computer create structures for implementing the functions specified in the flow chart block or blocks. These computer program instructions may also be stored in a memory that can direct a computer to function in a particular manner, such that the instructions stored in the memory produce an article of manufacture including instruction structures that implement the function specified in the flow chart block or blocks. The computer program instructions may also be loaded onto a computer to cause a series of operational steps to be performed on or by the computer to produce a computer implemented process such that the instructions that execute on the computer provide steps for implementing the functions specified in the flow chart block or blocks. Accordingly, blocks of the flow charts support combinations of steps, structures, and/or modules for performing the specified functions. It will also be understood that each block of the flow charts, and combinations of blocks in the flow charts, may be divided and/or joined with other blocks of the flow charts without affecting the scope of the invention. This may result, for example, in computer-readable program code being stored in whole on a single memory, or various components of computer-readable program code being stored on more than one memory. -
FIG. 23 illustrates a schematic flow diagram of aprocess 1000 of authenticating a user to perform a transaction in the payment processing system in accordance with some implementations. In some implementations, the payment processing system includes one or more payment modules 100 (e.g., each associated with a respectivepayment accepting unit 120 such an automatic retailing machine for dispensing goods and/or services), one or more mobile devices 150 (e.g., each executing theapplication 140 for the payment processing system either as a foreground or background process), and theserver 130. Theserver 130 manages the payment processing system and, in some cases, is associated with an entity that supplies, operates, and/or manufactures the one ormore payment modules 100. For brevity, theprocess 1000 will be described with respect to arespective payment module 100 and a respectivemobile device 150 in the payment processing system. - The
payment module 100 broadcasts (1002), via a short-range communication capability (e.g., BLE), a packet of information (sometimes also herein called “advertised information”). The packet of information at least includes an authorization code and an identifier associated with the payment module 100 (module ID). In some implementations, the packet of information further includes a firmware version of thepayment module 100 and one or more status flags corresponding to one or more states of thepayment module 100 and/or thepayment accepting unit 120. The information included in the packet broadcast by thepayment module 100 is further discussed below with reference toFIG. 24A . - In some implementations, the
payment module 100 sends out a unique authorization code every X seconds (e.g., 100 ms, 200 ms, 500 ms, etc.). In some implementations, the unique authorization codes are randomly or pseudo-randomly generated numbers. In some implementations, thepayment module 100 stores broadcasted authorization codes until a received authorization grant token matches one of the stored authorization codes. In some implementations, thepayment module 100 stores broadcasted authorization codes for a predetermined amount of time (e.g., Y minutes) after which time an authorization code expires and is deleted. In some implementations, the authorization code is encrypted with a shared secret key known by theserver 130 but unique to thepayment module 100. In some implementations, thepayment module 100 initializes a random number and then the authorization codes are sequential counts from this random number. In such implementations, thepayment module 100 stores the earliest valid (unexpired) counter without a need to store every valid authorization code. In some implementations, the authentication code included in the broadcast packet of information is a hash value of the randomly or pseudo-randomly generated number or the sequential number. - The
mobile device 150 receives the broadcasted packet of information, and themobile device 150 sends (1004), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), an authorization request to theserver 130. For example, anapplication 140 that is associated with the payment processing system is executing as a foreground or background process on themobile device 150. In this example, theapplication 140 receives the broadcasted packet of information when themobile device 150 is within the communication zone of the payment module 100 (i.e., BLE range) and either automatically sends the authorization request to theserver 130 or sends the authorization request to theserver 130 when themobile device 150 is within the authorization zone of thepayment module 100. In some implementations, the broadcasted packet of information includes a baseline authorization zone threshold (i.e., an authorization zone criterion) indicating a baseline RSSI that the mobile device 150 (or the application 140) is required to observe before being within the authorization zone of thepayment module 100. In some implementations, the mobile device 150 (or the application 140) offsets the baseline authorization zone threshold based on the strength and/or reception of the short-range communication capability (e.g., BLE radio/transceiver) of themobile device 150. In some implementations, the authorization request at least includes the authorization code which was included in the broadcasted packet of information, an identifier associated with the user of themobile device 150 or the user account under which the user of themobile device 150 is logged into the application 140 (user ID), and the identifier associated with the payment module 100 (module ID). In some implementations, the authentication code included in authorization request is the hash value in cleartext. The authorization request is further discussed below with reference toFIG. 24B . - After receiving the authorization request, the
server 130 processes (1006) the authorization request. In some implementations, theserver 130 decrypts the authorization code included in the authorization request with the shared secret key corresponding to thepayment module 100. In some implementations, theserver 130 determines whether the user associated with the user ID in the authorization request has sufficient funds in his/her account for the payment processing system to perform a transaction at themachine 120 that is associated with thepayment module 100 corresponding to the module ID in the authorization request. - The
server 130 sends (1008), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), an authorization grant token to themobile device 150. In some implementations, theserver 130 does not send the authorization grant token if the authorization code in the authorization request cannot be decrypted with the shared secret key corresponding to the payment module 100 (e.g., the authorization code is corrupted or hacked). In some implementations, theserver 130 does not send the authorization grant token if the user associated with the user ID in the authorization request does not have sufficient funds in his/her account. In some implementations, in addition to the authorization grant token, theserver 130 sends a message directly to themobile device 150 which is not encrypted with the shared secret key corresponding to thepayment module 100. After receiving the message, themobile device 150 displays an appropriate message to the user such as insufficient balance or declined authorization. In some implementations, theserver 130 sends an authorization grant token for an amount equal to zero; in which case, thepayment module 100 interprets this as a declined or failed authorization which can result for any number of reasons including, but not limited to, insufficient balance or credit. - The
mobile device 150 receives the authorization grant token, and, subsequently, themobile device 150 detects (1010) a trigger condition. In some implementations, the mobile device 150 (or the application 140) detects the trigger condition via the hand-free mode (e.g., upon entrance into the payment zone of the payment module 100) or manual mode (e.g., interacting with the user interface of theapplication 140 to initiate a transaction with the payment accepting unit associated with the payment module 100). - In some implementations, unused authorization grants (e.g., if there was no trigger condition or it expired) are canceled by the
mobile device 150 by sending a cancellation message to theserver 130 corresponding to the unused authorization grant. In some implementations, theserver 130 denies or limits the number of authorization grants sent to themobile device 150 until it has received transaction information or cancellation of authorization outstanding authorization grants sent to themobile device 150. - In response to detecting the trigger condition, the
mobile device 150 sends (1012), via a short-range communication capability (e.g., BLE), the authorization grant token to thepayment module 100. Subsequently, themachine 120 displays credit to the user (e.g., via one of thedisplays FIG. 19 ) and the user interacts with the input mechanisms of the machine 120 (e.g., via thebuttons 126 or atouch screen display 124 shown inFIG. 19 ) to purchase products and/or services. -
FIG. 24A illustrates a block diagram of apacket 1100 of information broadcast by the payment module 100 (e.g., instep 1002 of theprocess 1000 inFIG. 23 ) in accordance with some implementations. In some implementations, thepacket 1100 at least includes:module ID 1102 andauthorization code 1104. In some implementations, the packet 110 additional includes: afirmware version 1106 and one or more status flags 1108. - In some implementations, the
module ID 1102 is a unique identifier corresponding to the payment module 100 (sometimes also herein called the “adapter module 100”) that broadcast thepacket 1100. - In some implementations, the
authorization code 1104 is a hash value in cleartext. In some implementations, thepayment module 100 randomly or pseudo-randomly generates a number or determines a sequential number (Seestep 1002 ofprocess 1000 inFIG. 23 ) and performs a predetermined hash function (e.g., SHA-256) on the number to produce the hash value as theauthorization code 1104. In some implementations, theauthorization code 1104 is a unique code that is encrypted with a secret encryption key corresponding to thepayment module 100. The secret encryption key is shared with theserver 130, which enables theserver 130 to decrypt theauthorization code 1104 and encrypt the authorization grant token but not themobile device 150. In some implementations, the encryption betweenserver 130 andpayment module 100 is accomplished by two pairs of public/private keys. - In some implementations, the
firmware version information 1106 identifies acurrent firmware version 1112 of thepayment module 100. In some implementations, thefirmware version information 1106 also includes update status information 1114 indicating one or more packets received by thepayment module 100 to update the firmware or one or more packets needed by thepayment module 100 to update the firmware. SeeFIGS. 26A-26B and 30A-30D and the accompanying text for further discussion regarding updating the firmware of thepayment module 100. - In some implementations, the one or more status flags 1108 indicate a state of the
payment module 100 and/or thepayment accepting unit 120 associated with thepayment module 100. In some implementations, the one or more status flags 1108 indicate a state of thepayment module 100 such uploadinformation indicator 1116 indicating that that thepayment module 100 has information to be uploaded to the server 130 (e.g., transaction information for one or more interrupted transactions). In some implementations, uploadinformation indicator 1116 triggers themobile device 150 to connect topayment module 100 immediately (e.g., if it has interrupted transaction information to be uploaded to the server 130). SeeFIGS. 25A-25B and 29A-29C and the accompanying text for further discussion regarding interrupted transactions. In some implementations, the one or more status flags 1108 indicate a state of thepayment accepting unit 120 including one or more of an error indicator 1118 (e.g., indicating that a bill and/or coin acceptor of thepayment accepting unit 120 is experiencing a jam, error code, or malfunction), a currency level indicator 1120 (e.g., indicating that the level of the bill and/or coin acceptor reservoir of thepayment accepting unit 120 is full or empty), and/or inventory level(s) indicator 1122 (e.g., indicating that one or more products of thepayment accepting unit 120. In some implementations, the one or more status flags 1108 are error codes issued bypayment accepting unit 120 over the MDB. - In some implementations, the
zone criteria information 1110 specifies an authorization zone criterion 1124 (e.g., a baseline authorization zone threshold indicating a baseline RSSI that the mobile device 150 (or the application 140) is required to observe before being within the authorization zone of the payment module 100) and/or a payment zone criterion 1126 (e.g., a baseline payment zone threshold indicating a baseline RSSI that the mobile device 150 (or the application 140) is required to observe before being within the payment zone of the payment module 100). In some implementations, the baseline authorization zone threshold and the baseline payment zone threshold are default values determined by theserver 130 or stored as variables by theapplication 140, in which case theauthorization zone criterion 1124 andpayment zone criterion 1126 are offsets to compensate for the strength and/or reception of the short-range communication capability (e.g., BLE radio/transceiver) of thepayment module 100. Alternatively,zone criteria information 1110 includes a spread between the baseline authorization zone threshold and the baseline payment zone threshold. Thus, the mobile device 150 (or the application 140) determines the baseline authorization zone threshold and the baseline payment zone threshold based on the spread value and a default value for either the baseline authorization zone threshold or the baseline payment zone threshold. For example, the spread indicates −10 db and the default baseline payment zone threshold is −90 db; thus, the baseline authorization zone threshold is −80 db. Continuing with this example, after determining the baseline authorization zone threshold and the baseline payment zone threshold, the mobile device 150 (or the application 140) may further adjust the authorization zone threshold and/or the payment zone threshold based on the strength and/or reception of its short-range communication capability (i.e., BLE radio/transceiver). -
FIG. 24B is a block diagram of anauthorization request 1130 sent by themobile device 150 to the server 130 (e.g., in step 1004 of theprocess 1000 inFIG. 23 ) in accordance with some implementations. In some implementations, theauthorization request 1130 at least includes: amodule ID 1102, a user ID 1134, and anauthorization code 1104. - In some implementations, the
module ID 1102 is a unique identifier corresponding to thepayment module 100 that broadcast the 1100 that included theauthorization code 1104. - In some implementations, the user ID 1134 is an identifier associated with the user of the
mobile device 150 sending theauthorization request 1130 to theserver 130. In some implementations, the user ID 1134 is associated with the user account under which the user of themobile device 150 is logged into theapplication 140. - In some implementations, the
authorization code 1130 includes theauthorization code 1104 included in thepacket 1100 of information that was broadcast by thepayment module 100. -
FIG. 24C is a block diagram of an authorization grant token 1140 sent by theserver 130 to the mobile device 150 (e.g., instep 1008 of theprocess 1000 inFIG. 23 ) in accordance with some implementations. In some implementations, in accordance with a determination that the authorization code 1136 included in theauthorization request 1130 from themobile device 150 is valid and that the user associated with themobile device 150 has sufficient funds in his/her account for the payment processing system, theserver 130 generates theauthorization grant token 1140. In some implementations, the authorization grant token 1140 at least includes: amodule ID 1102, a user ID 1134, an authorizedamount 1146, (optionally) an expiration period offset 1148, and (optionally) theauthorization code 1104. - In some implementations, the
module ID 1102 is a unique identifier corresponding to thepayment module 100 that broadcast thepacket 1100 that included theauthorization code 1104. - In some implementations, the user ID 1134 is an identifier associated with the user of the
mobile device 150 that sent theauthorization request 1130 to theserver 130. - In some implementations, the authorized
amount 1146 indicates a maximum amount for which the user of themobile device 150 is authorized for a transaction using theauthorization grant token 1140. For example, the authorizedamount 1146 is predefined by the user of themobile device 150 or by theserver 130 based on a daily limit or based on the user's total account balance or based on a risk profile of the user correspond to the user ID 1134. - In some implementations, the
expiration period 1148 offset indicates an offset to the amount of time that thepayment module 100 holds the authorization grant token 1140 valid for initiation of a transaction with themachine 120 associated with thepayment module 100. For example, the expiration period offset 1148 depends on the history and credit of the user ofmobile device 150 or a period predefined by the user ofmobile device 150. - In some implementations, the authorization grant token 1140 further includes the
authorization code 1104 that was included in theauthorization request 1130. In some implementations, when theauthorization code 1104 is the hash value, theserver 130 encrypts the authorization grant token 1140 including the hashed value with the shared secret encryption key associated withpayment module 100. Subsequently, whenmobile device 150 sends the authorization grant token 1140 topayment module 100 after detecting a trigger condition, thepayment module 100 decrypts the authorization grant token 1140 using the secret key known only toserver 130 and payment module 100 (which authenticates the message and the authorization grant), and then matches the hash value included in the decrypted authorization grant token 1140 to previously broadcast valid (unexpired) hash values (i.e., auth codes) to determine validity of the (which was known only by payment module 100). -
FIG. 24D illustrates a block diagram oftransaction information 1150 generated by the payment module 100 (e.g., instep 1204 of theprocess 1200 inFIG. 25A ) in accordance with some implementations. In some implementations, thetransaction information 1150 includes: atransaction ID 1152 for the respective transaction, amodule ID 1154, auser ID 1156, (optionally) theauthorization code 1158, transaction status information 1160, thetransaction amount 1162, andother information 1164. - In some implementations, the
transaction ID 1152 is a unique identifier corresponding to the respective transaction. In some implementations, thetransaction ID 1152 is encoded based on or associated with the time and/or date on which and the location at which the respective transaction took place. - In some implementations, the
module ID 1154 is a unique identifier corresponding to thepayment module 100 that performed the respective transaction. - In some implementations, the
user ID 1156 is an identifier associated with the user of themobile device 150 that initiated the respective transaction. - In some implementations, the
authorization code 1158 corresponds to the original authorization code (e.g.,auth code 1104,FIGS. 24 A-24C) and/or authorization grant token (e.g.,auth grant token 1140,FIG. 24C ) that was used to initiate the respective transaction. In some implementations, theauthorization code 1156 is encrypted with a unique encryption key corresponding to thepayment module 100. - In some implementations, the transaction status information 1160 includes an indication whether the respective transaction was completed, not-completed, or aborted. For example, the respective transaction is incomplete if a jam occurred at the
payment accepting unit 120 and the user did not receive the product associated with the respective transaction. For example, if the user walks away from thepayment accepting unit 120 after money was credited for the respective transaction, the respective transaction is aborted. In another example, if respective transaction times out after a predetermined time period because the user failed to select a product at thepayment accepting unit 120, the respective transaction is aborted. In another example, if the user actuates a bill or coin return mechanism of thepayment accepting unit 120, the respective transaction is aborted. - In some implementations, the
transaction amount 1162 indicates the amount of the respective transaction or the amount of each of multiple transactions (e.g., in a multi-vend scenario). In some implementations, thetransaction amount 1162 is encrypted with a unique encryption key corresponding to thepayment module 100. - In some implementations, the
other information 1164 includes other information related to the respective transaction such as the items dispensed by thepayment accepting unit 120 and the type of transaction (e.g., coins, bills, credit card, manual mode, hands-free mode, etc.). In some implementations, theother information 1164 includes other information related to thepayment module 100 and/or thepayment accepting unit 120 associated with thepayment module 100. For example, theother information 1164 includes a verification request to theserver 130 in order to implement new firmware. SeeFIGS. 26A-26B and the accompanying text for further discussion of the verification request. In another example, theother information 1164 includes transaction information from one or more previous interrupted transactions. In another example, theother information 1164 includes transaction information for one or more transactions paid via bills and/or coins. In another example, theother information 1164 includes inventory information as to one or more products of thepayment accepting unit 120. -
FIG. 25A illustrates a schematic flow diagram of aprocess 1200 of processing acknowledgement information in accordance with some implementations. In some implementations, the payment processing system includes one or more payment modules 100 (e.g., each associated with a respectivepayment accepting unit 120 such an automatic retailing machine for dispensing goods and/or services), one or more mobile devices 150 (e.g., each executing theapplication 140 for the payment processing system either as a foreground or background process), and theserver 130. Theserver 130 manages the payment processing system and, in some cases, supplies, operates, and/or manufactures the one ormore payment modules 100. For brevity, theprocess 1200 will be described with respect to arespective payment module 100 associated with a respective payment accepting unit 120 (machine 120) and a respectivemobile device 150 in the payment processing system. In theprocess 1200, thepayment module 100 receives first acknowledgment information for a first transaction via themobile device 150 that initiated the first transaction. - The
payment module 100 obtains (1202) a first notification indicating completion of a first transaction from themachine 120. For example, after theprocess 1000 inFIG. 23 , the user of themobile device 150 selects a product to purchase from themachine 120 by interacting with one or more input mechanisms of the machine 120 (e.g.,buttons 126 or atouch screen display 124 shown inFIG. 19 ), and themachine 120 dispenses the selected product. Continuing with this example, after the product is dispensed, the transaction is complete and thepayment module 100 obtains a notification from the machine of the completed transaction. In some implementations, the notification includes the amount of the transaction and (optionally) machine status information associated with themachine 120 such as inventory information as to one or more products of thepayment accepting unit 120 and/or the like. - After obtaining the first notification, the
payment module 100 generates (1204) first transaction information based on the first notification, and thepayment module 100 stores the first transaction information. In some implementations, the transaction information includes a transaction ID for the first transaction, a module ID corresponding topayment module 100, a user ID corresponding to themobile device 150, transaction status information indicating that the first transaction is complete, and the transaction amount indicated by the first notification. In some implementations, thepayment module 100 retains the authorization code included in the original broadcasted packet and/or the authorization grant token and includes the authorization code in the first transaction information. In some implementations, the authorization code is encrypted with a secret key corresponding to thepayment module 100, which is shared with theserver 130 but not themobile device 150. In some implementations, the first transaction information further includes other information such as the machine status information included in the first notification or transaction information corresponding to previous interrupted transaction(s). SeeFIG. 24D and the accompanying text for further discussion regardingtransaction information 1150. - The
payment module 100 sends (1206), via a short-range communication capability (e.g., BLE), the first transaction information to themobile device 150. - The
mobile device 150 sends (1208), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), the first transaction information to theserver 130. - The
server 130 processes (1210) the first transaction information. For example, theserver 130 debits the account of the user associated with the user ID in the first transaction information in the amount indicated by the first transaction information. - The
server 130 sends (1212), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), first acknowledgment information to themobile device 150. In some implementations, the first acknowledgment information acknowledges that theserver 130 received the first transaction information. In some implementations, the first acknowledgment information includes the user ID, the module ID, the transaction ID, and (optionally) the authorization grant included in the transaction information (e.g.,auth grant 1158,FIG. 24D ). - After receiving the first acknowledgement information, the
mobile device 150 sends (1214), via a short-range communication capability (e.g., BLE), the first acknowledgment information to thepayment module 100. - After receiving the first acknowledgment information, the
payment module 100 deletes (1216) the stored first transaction information. -
FIG. 25B illustrates a schematic flow diagram of aprocess 1250 of processing interrupted transactions in accordance with some implementations. In some implementations, the payment processing system includes one or more payment modules 100 (e.g., each associated with a respectivepayment accepting unit 120 such an automatic retailing machine for dispensing goods and/or services), one or more mobile devices 150 (e.g., each executing theapplication 140 for the payment processing system either as a foreground or background process), and theserver 130. Theserver 130 manages the payment processing system and, in some cases, supplies, operates, and/or manufactures the one ormore payment modules 100. For brevity, theprocess 1250 will be described with respect to arespective payment module 100 associated with a respective payment accepting unit 120 (machine 120) and a respectivemobile device 150 in the payment processing system. In theprocess 1250, thepayment module 100 receives first acknowledgment information for a first transaction via a second mobile device 150-2 that did not initiate the first transaction. - After receiving a first authorization request associated with a first authorization code from a first mobile device 150-1, the
server 130 sends (1252), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), a first authorization grant token to the first mobile device 150-1 associated with a first user 1251-1. - After receiving the first authorization grant token and in response to detecting a trigger condition (e.g., via the hand-free mode or the manual mode), the first mobile device 150-1 sends (1254), via a short-range communication capability (e.g., BLE), the first authorization grant token to the
payment module 100 associated with themachine 120 in order to initiate a first transaction. - The
payment module 100 processes (1256) the first transaction associated with the first authorization grant token and generates first transaction information when the first transaction is completed. In some implementations, the first transaction information includes a transaction ID for the first transaction, a module ID corresponding topayment module 100, a user ID corresponding to the first mobile device 150-1, transaction status information indicating that the first transaction is complete, and the transaction amount for the first transaction. Thepayment module 100 stores the first transaction information with a timestamp indicating the time and date that the first transaction information was generated. - The
payment module 100 sends (1258), via a short-range communication capability (e.g., BLE), the first transaction information to the first mobile device 150-1 to send to theserver 130 in order to acknowledge the first transaction. - In accordance with a determination that first acknowledgement information is not received for the first transaction within a predefined time period, the
payment module 100 times-out (1260) the first transaction and maintains the first transaction information. In some implementations, a transaction times-out when the connection between the mobile device and the payment module is interrupted and transaction information is not acknowledged within a predefined time period. - For example, the connection between the first mobile device 150-1 and the
payment module 100 is interrupted when the first user 1251-1 turns off the first mobile device 150-1, the first user 1251-1 turns the first mobile device 150-1 into airplane mode, the first user 1251-1 walks away out of the communication zone (i.e., BLE range) of thepayment module 100, the first mobile device 150-1 otherwise loses its long-range communication connection, or the first mobile device 150-1 otherwise loses power. In this example, either the first user 1251-1 maliciously interrupted the connection to prevent the acknowledgement information from being received by thepayment module 100 by powering down the first mobile device 150-1, or the connection was involuntarily or unintentionally interrupted by the first mobile device 150-1's battery running out or a losing cellular signal. - In some implementations, the first user 1251-1 is be blocked by the
payment module 100 from performing any additional transactions until thepayment module 100 receives an acknowledgement from theserver 130 via any connection (e.g., from the second user 1251-2). In some implementations, unused authorization grants (e.g., if there was no trigger condition or it expired) are canceled by the first mobile device 150-1 by sending a cancellation message to theserver 130 corresponding to the unused authorization grant. In some implementations, theserver 130 denies or limits the number of authorization grants sent to the first mobile device 150-1 until it has received transaction information or cancellation of authorization outstanding authorization grants sent to the first mobile device 150-1. In some implementations,server 130 denies approval of, or limit the number of, additional authorization grants from user 1251-1 for transacting with a second payment module (not shown) until theserver 130 receives transaction information, cancellation of authorization, or a predefined time period has expired for outstanding authorization grants sent to the first mobile device 150-1 for transacting with a first payment module. In this example, a user may be limited to only 1 authorization grant for thefirst payment module 100 and no more than 3 outstanding authorization grants in a predetermined number of hours regardless of the number of payment modules the user may be attempting to use. - After receiving a second authorization request associated with a second authorization code from a second mobile device 150-2 subsequent to receiving the first authorization request from the first mobile device 150-1, the
server 130 sends (1262), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), a second authorization grant token to the second mobile device 150-2 associated with a second user 1251-2. - After receiving the second authorization grant token and in response to detecting a trigger condition (e.g., via the hand-free mode or the manual mode), the second mobile device 150-2 sends (1264), via a short-range communication capability (e.g., BLE), the second authorization grant token to the
payment module 100 associated with themachine 120 in order to initiate a second transaction. - The
payment module 100 processes (1266) the second transaction associated with the second authorization grant token and generates second transaction information when the second transaction is completed. In some implementations, the second transaction information includes a transaction ID for the second transaction, a module ID corresponding topayment module 100, a user ID corresponding to the second mobile device 150-2, transaction status information indicating that the second transaction is complete, and the transaction amount for the second transaction. Thepayment module 100 stores the second transaction information with a timestamp indicating the time and date that the second transaction information was generated. - The
payment module 100 sends (1268), via a short-range communication capability (e.g., BLE), the first transaction information associated with the interrupted first transaction and the second transaction information associated with the second transaction to the second mobile device 150-1 to send to theserver 130 in order to acknowledge the first and second transactions. In this way, the first transaction information associated with the previous, interrupted first transaction initiated by the first mobile device 150-1 is appended to the second transaction information for the second transaction initiated by the second mobile device 150-2. - The second
mobile device 150 sends (1270), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), the first transaction information and the second transaction information to theserver 130. - After receiving the first transaction information and the second transaction information, the
server 130 processes the first transaction information and the second transaction information. For example, theserver 130 debits the account of the first user 1251-1 associated with the user ID for first mobile device 150-1 in the first transaction information in the amount indicated by the first transaction information. Continuing with this example, theserver 130 also debits the account of the second user 1251-2 associated with the user ID for second mobile device 150-2 in the second transaction information in the amount indicated in the second transaction information. - The
server 130 sends (1272), via a long-range communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), first and second acknowledgment information to the second mobile device 150-2 acknowledging the first and second transactions. In some implementations, the first acknowledgment information includes the user ID of the first mobile device 150-1 that imitated the first transaction, the module ID of thepayment module 100 that processed the first transaction, the transaction ID of the first transaction, and (optionally) the authorization code associated with the first transaction. In some implementations, the second acknowledgment information includes the user ID of the second mobile device 150-2 that imitated the second transaction, the module ID of thepayment module 100 that processed the second transaction, the transaction ID of the second transaction, and (optionally) the authorization code associated with the second transaction. - After receiving the first and second acknowledgment information, the
mobile device 150 sends (1274), via a short-range communication capability (e.g., BLE), the first acknowledgment information to thepayment module 100. - After receiving the first and second acknowledgment information, the
payment module 100 deletes (1276) the stored first transaction information and also the stored second transaction information. In some implementations, thepayment module 100 marks the first and second transaction as complete. -
FIG. 26A is a schematic flow diagram of aprocess 1300 of updating firmware of thepayment module 100 in the payment processing system in accordance with some implementations. In some implementations, the payment processing system includes one or more payment modules 100 (e.g., each associated with a respective payment accepting unit 120), one or more mobile devices 150 (e.g., each executing theapp 140 for the payment processing system either as a foreground or background process), and theserver 130. Theserver 130 manages the payment processing system and, in some cases, supplies, operates, and/or manufactures the one ormore payment modules 100. For brevity, theprocess 1300 will be described with respect to arespective payment module 100 and a respectivemobile device 150 in the payment processing system. - The
payment module 100 broadcasts (1302), via a short-range communication capability (e.g., BLE), a packet of information (e.g.,broadcast packet 1100,FIG. 24A ). The packet of information at least includes a firmware version (e.g.,current firmware version 1112,FIG. 24A ) of thepayment module 100. The information included in the packet broadcasted by thepayment module 100 is further discussed herein with reference toFIG. 24A . - The
mobile device 150 determines (1304) that the current firmware version of thepayment module 100 satisfies firmware criteria (e.g., predates a firmware version stored by the mobile device 150). Various other firmware criteria are further discussed below with reference to themethod 1700 inFIGS. 30A-30D . - In accordance with a determination that the firmware criteria are satisfied, the
mobile device 150 sends (1306) firmware update information (e.g., data packets corresponding to the firmware of the mobile device 150) to thepayment module 100. - The
payment module 100 broadcasts (1308) update status information (e.g., update status information 1114 inFIG. 24A , identifying remaining data packets needed for the firmware update) included in the advertised information to the one or more mobile devices in the payment processing system (e.g., at least including the respective mobile device 150). Although not illustrated, theprocess 1300 sometimes includes a second mobile device, which sends firmware update information that includes additional data packets distinct from the data packets sent by the respectivemobile device 150. - When all needed data packets have been received by the
payment module 100, the update status information includes a verification request, which themobile device 150 then sends (1310) to theserver 130 via a long-range communication capability (e.g., GSM). - The
server 130 processes (1312) the verification request. For example, theserver 130 processes the verification request by verifying that the received data packets are not corrupt, form a complete set, and correspond to a latest firmware version. - After processing the verification request, the
server 130 sends (1314) to the mobile device 150 a firmware command (e.g., implement the firmware update at the payment module 100) via the long-range communication capability, which themobile device 150 then sends (1316) to thepayment module 100 via the short-range communication capability. - The
payment module 100 then executes (1318) the firmware command. For example, the payment module implements the firmware update using the received data packets corresponding to a latest firmware version. -
FIG. 26B is a schematic flow diagram of aprocess 1320 of updating firmware of thepayment module 100 in the payment processing system in accordance with some implementations. In some implementations, the payment processing system includes one or more payment modules 100 (e.g., each associated with a respective payment accepting unit 120), one or more mobile devices 150 (e.g., each executing theapp 140 for the payment processing system either as a foreground or background process), and theserver 130. Theserver 130 manages the payment processing system and, in some cases, supplies, operates, and/or manufactures the one ormore payment modules 100. For brevity, theprocess 1320 will be described with respect to arespective payment module 100 and a respectivemobile device 150 in the payment processing system. - The
payment module 100 broadcasts (1322), via a short-range communication capability (e.g., BLE), a packet of information (e.g.,broadcast packet 1100,FIG. 24A ). The packet of information at least includes a firmware version (e.g.,current firmware version 1112,FIG. 24A ) of thepayment module 100. The information included in the packet broadcasted by thepayment module 100 is further discussed herein with reference toFIG. 24A . - The
mobile device 150 then sends (1324) to theserver 130, via a long-range communication capability (e.g., GSM), the packet of information that at least includes the firmware version of thepayment module 100. - The
server 130 determines (1326) that current firmware version of thepayment module 100 satisfies firmware criteria (e.g., predates a firmware version stored by the mobile device 150). Various other firmware criteria are further discussed below with reference to themethod 1700 inFIGS. 30A-30D . - In accordance with a determination that the firmware criteria are satisfied, the
server 130 sends (1328) to themobile device 150 firmware update information (e.g., data packets corresponding to the firmware of the mobile device 150), which themobile device 150 then sends (1330) to thepayment module 100. - The
payment module 100 broadcasts (1332) update status information (e.g., identification of remaining data packets needed for the firmware update) included in the advertised information to the one or more mobile devices in the payment processing system (e.g., at least including the respective mobile device 150), which the one or moremobile devices 150 then send (1334) to theserver 130. When all needed data packets have been received by thepayment module 100, the update status information includes a verification request. - The
server 130 processes (1336) the verification request. For example, theserver 130 processes the verification request by verifying that the received data packets are not corrupt, form a complete set, and correspond to a latest firmware version. - After processing the verification request, the
server 130 sends (1338) to the mobile device 150 a firmware command (e.g., implement the firmware update at the payment module 100) via the long-range communication capability, which themobile device 150 then sends (1340) to thepayment module 100 via the short-range communication capability. - The payment module then executes (1342) the firmware command. For example, the payment module implements the firmware update using the received data packets corresponding to a latest firmware version.
-
FIG. 26C is a schematic flow diagram of aprocess 1350 of updating firmware of thepayment module 100 in the payment processing system in accordance with some implementations. In some implementations, the payment processing system includes one or more payment modules 100 (e.g., each associated with a respective payment accepting unit 120), one or more mobile devices 150 (e.g., each executing theapp 140 for the payment processing system either as a foreground or background process), and theserver 130. Theserver 130 manages the payment processing system and, in some cases, supplies, operates, and/or manufactures the one ormore payment modules 100. For brevity, theprocess 1350 will be described with respect to arespective payment module 100 and a respectivemobile device 150 in the payment processing system. - The
payment module 100 broadcasts (1352), via a short-range communication capability (e.g., BLE), a packet of information (e.g.,broadcast packet 1100,FIG. 24A ). The packet of information at least includes a firmware version (e.g.,current firmware version 1112,FIG. 24A ) of thepayment module 100. The information included in the packet broadcast by thepayment module 100 is further discussed herein with reference toFIG. 24A . - The
mobile device 150 determines (1354) that the current firmware version of thepayment module 100 satisfies firmware criteria (e.g., predates a firmware version stored by the mobile device 150). Various other firmware criteria are further discussed below with reference to themethod 1700 inFIGS. 30A-30D . In some implementations, themobile device 150 stores a firmware image for thepayment module 100. For example, the firmware image was previously downloaded by themobile device 150 from theserver 130 as part of an update forapplication 140. In some implementations, the firmware image downloaded by themobile device 150 is encrypted with a common encryption key known to allpayment modules 100 in the payment processing system (as opposed to the unique encryption key corresponding to eachpayment module 100 in the payment processing system). In some implementations, the firmware image downloaded by themobile device 150 is encrypted with an encryption key that is later sent as part of the firmware approval message insteps payment module 100. - In accordance with a determination that the firmware criteria are satisfied, the
mobile device 150 sends (1356), via a second communication capability (e.g., GSM, CDMA, Wi-Fi, or the like), a firmware update request (e.g., a request for permission to update the firmware of the payment module 100) to theserver 130. In some embodiments, the firmware update request includes a module ID corresponding to thepayment module 100, a user ID associated with a user of themobile device 150, thecurrent firmware version 1112 of thepayment module 100, and the firmware version stored by themobile device 150. - The
server 130 processes (1358) the firmware update request. Theserver 130 determines whether to permit or decline the firmware update request. If theserver 130 permits the firmware update request, themobile device 150 updates the firmware version of thepayment module 100 with the firmware version stored by the mobile device. For example, theserver 130 declines the firmware update request if the firmware version stored by themobile device 150 is out of date (i.e., a firmware version C, distinct from a firmware version A of thepayment module 100 and a firmware version B stored by themobile device 150, is the latest firmware image). In another example, theserver 130 declines the firmware update request if the firmware version stored by the mobile device 150 (e.g., firmware version B) is determined to be faulty and/or blacklisted, even if a latest firmware (e.g., firmware version C, distinct from firmware version A and firmware version B) is not yet available. - In accordance with a determination that the firmware version stored by the
mobile device 150 is approved by theserver 130, theserver 130 sends (1360) to themobile device 150, via the second communication capability, a firmware update approval message (e.g., permission to update the firmware of the payment module 100), which themobile device 150 then sends (1362) to thepayment module 100 via the short-range communication capability. In some implementations, in accordance with a determination that theserver 130 permits the firmware update request, theserver 130 responds to theapplication 140 of themobile device 150 with an affirmative firmware update approval message (e.g., approval to update firmware of payment module 100) to be sent to thepayment module 100. In some implementations, the firmware update approval message contains one or more verification values (e.g., a list of checksum values for each 4 KB block of encrypted firmware image stored by the mobile device 150) and a hash value (e.g., SHA-256 hash of the complete, decrypted firmware image) for data packets corresponding to the approved firmware update version. Furthermore, in some implementations, the firmware update approval message includes a firmware decryption key (e.g., for decrypting received data packets corresponding to the approved firmware update version). In some implementations, the firmware update approval message is encrypted using a unique encryption key corresponding to thepayment module 100. - In some implementations, if the
payment module 100 is already updating its firmware when it receives the firmware update approval message (e.g., a process which may have been started by a differentmobile device 150 at an earlier time), then thepayment module 100 simply verifies the validity of the firmware update approval message and resumes the firmware update. However, if thepayment module 100 was not already updating its firmware, it will verify the validity of the firmware update approval message, store to the memory 760 (FIG. 20 ) (e.g., EEPROM) the one or more verification values and the hash value (e.g., list of checksums and a SHA-256 hash), and erase the firmware-update area of the memory 760 (e.g., where the one or data packets for the firmware update will be stored). In these cases, thepayment module 100 subsequently receives firmware update formation (e.g., one or more data packets) from themobile device 150 which are stored in the firmware-update area of thememory 760. Furthermore, in some implementations, if thepayment module 100 already has a stored firmware update to the specified firmware version ready to be processed, but it has not yet rebooted to install it, the firmware update request is ignored. - After the
server 130 approves the firmware update request, themobile device 150 sends (1364) to thepayment module 100, via the short-range communication capability, firmware update information (e.g., data packets corresponding to the firmware stored by the mobile device 150). As long as thepayment module 100 is connected to themobile device 150, thepayment module 100 will identify one or more data blocks (i.e., corresponding to the approved firmware update version) that are still needed, which are sent by themobile device 150 as the one or more data packets. In some implementations, after receiving the firmware update approval message, thepayment module 100 sends to themobile device 150 update status information identifying and requesting one or more data blocks still needed for the firmware update (e.g., a specific 256 B block/chunk of firmware). Additionally and/or alternatively, the packet of information (e.g.,broadcast packet 1100,FIG. 24A ) broadcast by thepayment module 100 includes information identifying one or more data blocks still needed by thepayment module 100 for the firmware update or one or more data blocks already received by thepayment module 100. After receipt of the one or more data packets, the firmware update information is stored by thepayment module 100 into memory (e.g., thememory 760,FIG. 20 ). - The
payment module 100 verifies (1366) the firmware update information. In some implementations, each time a data packet is received from themobile device 150 corresponding to a complete data block (e.g., a 4 KB block) of the firmware update, thepayment module 100 will compare a generated verification value (e.g., a checksum of the 4 KB block) against a corresponding verification value for the block that was included in the update approval message (e.g., a checksum from the list included in the firmware update approval message). If the verification values do not match, the corresponding data block is erased, and the update process resumes from that point (e.g., the particular 4 KB block that did not pass verification). - After verifying the firmware update information, the
payment module 100 executes (1368) the firmware update information. After all data blocks have been received by thepayment module 100, and their verification values (e.g., checksums) have been successfully verified, in some implementations, thepayment module 100 sets an internal flag indicating that it should reboot itself when it determines it is a safe time to do so. In some implementations, a safe time for rebooting is based on the current time of day (e.g., 2:00 AM), or observed activity of the payment accepting unit 120 (e.g., when no user has connected in the past 10 minutes). - In some implementations, when the
payment module 100 decides to reboot, it sets an install-firmware flag in memory (e.g., EEPROM) and resets itself. Upon reboot of thepayment module 100, a bootloader observes the set install-firmware flag and executes an associated firmware installation handler. In some implementations, the firmware installation handler double checks all of the block checksums of the firmware update information (e.g., a firmware update image). If the checksums do not match, an error has occurred (e.g., corrupted data) and the update is aborted, with the currently installed firmware then booting up. If the checksums do match, however, the bootloader erases the currently installed firmware and then decrypts the firmware update information (e.g., a firmware update image) into the installed firmware area of memory (e.g.,memory 760,FIG. 20 ). - After the firmware update information has been decrypted, the bootloader computes a hash value (e.g., a SHA-256 hash) of the firmware update information (e.g., of a firmware update image) and compares it to the hash value received from the
server 130 that was included in the update approval message. If the hash values do not match, an error has occurred, causing the bootloader to erase the installed firmware and re-install a default (i.e., gold master) firmware image, as that is the only image available to install at that point. Finally, the bootloader loads and runs the installed firmware (either the updated firmware version or the gold master). -
FIGS. 27A-27C illustrate a flowchart diagram of amethod 1400 of payment processing in accordance with some implementations. In some implementations, themethod 1400 is performed by a device with one or more processors, memory, and two or more communication capabilities. For example, in some implementations, themethod 1400 is performed by the mobile device 150 (FIGS. 5 and 21 ) or a component thereof (e.g., application 140). In some implementations, themethod 1400 is governed by instructions that are stored in a non-transitory computer readable storage medium (e.g., thememory 860,FIG. 21 ) and the instructions are executed by one or more processors (e.g., the processing unit 840,FIG. 21 ) of the device. Optional operations are indicated by dashed lines (e.g., boxes with dashed-line borders). - The device obtains (1402), from a payment module, advertised information via a first communication capability, where the advertised information at least includes an authorization code. In some implementations, the
payment module 100 broadcasts/advertises a packet of information (i.e., the advertised information such as thepacket 1100,FIG. 24A ) via one or more short-range communication protocols such as BLE, NFC, and/or the like (i.e., a non-persistent communication channel). As such, thepayment module 100 is not tied up in handshakes with eachmobile device 150 within its communication zone. In some implementations, theapplication 140 associated with the payment processing system, which is executed on the mobile device 150 (e.g., a mobile phone), receives the packet when themobile device 150 is within the communication zone (i.e., BLE range) of thepayment module 100. - In some implementations, the advertised information is a packet with a module identifier (ID) associated with the
payment module 100, an authorization code, thepayment module 100's current firmware version, and a plurality of status flags associated with a state of thepayment accepting unit 120 and/or thepayment module 100. For example,FIG. 24A illustrates thepacket 1100 of information that is broadcast by thepayment module 100. In some implementations, the authorization code is a cleartext hash value. In some implementations, the authorization code is encrypted with a unique encryption key corresponding to thepayment module 100. In some implementations, the packet also includes customized or baseline thresholds for the authorization and payment zones (e.g., RSSI values such as −80 db and −90 db, respectively). In some implementations, the packet also includes a request (e.g., a status flag) formobile device 150 to connect to it immediately so as to upload information to the server 130 (e.g., transaction information for one or more interrupted transaction). In some implementations, thepayment module 100 broadcasts the advertised information every X second with a unique authorization code. - In some implementations, the first communication capability corresponds (1404) to a short-range communication protocol. For example, the first communication capability of the
mobile device 150 is a radio/transceiver means for communicating via one or more short-range communication protocols such as BLE, NFC, and/or the like (i.e., a non-persistent communication channel). - The device sends (1406), to a server, at least the authorization code from the advertised information via a second communication capability distinct from the first communication capability. In some implementations, the
mobile device 150 sends an authorization request to theserver 130 that at least includes the authorization code from the obtained advertised information, the user ID corresponding to the user of themobile device 150, and the module ID corresponding to thepayment module 100. For example, seeauthorization request 1130 inFIG. 24B . - In some implementations, the second communication capability corresponds (1408) to a long-range communication protocol. For example, the second communication capability of the
mobile device 150 is a radio/transceiver means for communicating via one or more long-range communication protocols such as Wi-Fi, CDMA, GSM, and/or the like (i.e., a non-persistent communication channel). - In some implementations, the advertised information further includes (1410) an authorization zone threshold criterion, and the device sends at least the authorization request code comprises sending, to the server, at least the authorization request code via the second communication capability in accordance with a determination that the authorization zone threshold criterion is satisfied. In some implementations, the advertised information includes a baseline authorization zone threshold (i.e., an authorization zone criterion) indicating a baseline RSSI that the mobile device 150 (or the application 140) is required to observe before being within the authorization zone of the
payment module 100. In some implementations, the mobile device 150 (or the application 140) offsets the baseline authorization zone threshold based on the strength and/or reception of the short-range communication capability (e.g., BLE radio/transceiver) of themobile device 150. In some implementations, themobile device 150 forwards the authorization code to theserver 130 when the authorization zone criterion is satisfied (i.e., themobile device 150 observes an RSSI equal to or exceeding the baseline authorization zone threshold). For example, baseline authorization zone threshold for a payment module associated with module ID 0xA23 is −70 db. Continuing with this example, the mobile device 150 (or the application 140) offsets the baseline authorization zone threshold by −5 db because themobile device 150's BLE radio/transceiver is weak. Continuing with this example, when themobile device 150 observes an RSSI equal to or exceeding −75 db frompayment module 100 associated with module ID 0xA23, themobile device 150 forwards the authorization code to theserver 130. - In some implementations, the advertised information further includes status information indicating one or more states of at least one of the payment module and the payment accepting unit, and the device sends (1412), to the server, the status information from the advertised information via the second communication capability.
FIG. 24A , for example, shows thepacket 1100 with one or more status flags 1108. For example, the one or more status flags 1108 included in thepacket 1100 are encoded with a predetermined code known by theserver 130. In some implementations, the status information indicates that thepayment module 100 has information to be uploaded to the server (e.g., transaction information for one or more interrupted transactions). In some implementations, the status information indicates information for the attention of thepayment accepting machine 120's operator. For example, when thepayment accepting unit 120 is a vending machine, the status information indicates that a particular item is low or out of stock. In another example, the status information indicates that thepayment accepting unit 120 is experiencing a bill and/or coin jam. In another example, the status information indicates that thepayment accepting unit 120's bill and/or coin reservoir is empty, nearly empty, full, or nearly full. - In response to sending at least the authorization code, the device obtains (1414), from the server, authorization information via the second communication capability, where the authorization information at least includes an authorization grant token.
FIG. 24B , for example, shows theauthorization grant token 1140. In some implementations, themobile device 150 receives the authorization grant token when the authorization code is valid and the first user has sufficient funds in his/her account for the payment processing system to perform a transaction at thepayment accepting unit 120. In some implementations, the authorization grant token or a portion thereof is encrypted with the encryption key corresponding to thepayment module 100. In some implementations, the authorization grant token includes an authorized amount, an expiration offset period, a user ID associated with the user of themobile device 150, and a module ID associated with thepayment module 100. For example, the expiration offset period depends on the first user's history and credit or a period predefined by the first user. For example, the authorized amount is predefined by the first user, based on a daily limit, based on the first user's total balance, or based on a risk profile associated with the user identified by the user ID. In some implementations, the authorization grant token or a portion thereof (e.g., the authorized amount or the auth code) is encrypted with an encryption key corresponding to thepayment module 100 identified by the module ID. - In some implementations, the authorization request code is (1416) encrypted with a shared secret key corresponding to the payment module, and at least a portion of the authorization grant token is encrypted with the shared secret key corresponding to the payment module. For example, at least the authorized amount or the authorization code included in the authorization grant token is encrypted with the shared secret key. In some implementations, the shared secret key is known by the
payment module 100 and theserver 130. For example, theserver 130 manages transactions for a plurality of payment modules and theserver 130 stores a table of encryption keys for each of the payment modules. In this example, theserver 130 selects an encryption key that corresponds to therespective payment module 100 and encrypts the authorized amount with the selected encryption key. In some implementations, the shared secret key is one of a public or private key in an asymmetrical cryptography scheme. Thus, in the above example, themobile device 150 is an un-trusted party in the payment processing system; thus, themobile device 150 cannot decrypt the authorization code or at least a portion of the authorization grant token. - After obtaining the authorization information, the device detects (1418) a trigger condition to perform a first transaction with a payment accepting unit (e.g., an automatic retailing machine such as a vending machine for dispensing goods and/or services) associated with the payment module. In the hands-free mode, the trigger condition is detected when the
mobile device 150 enters the payment zone of thepayment module 100 which occurs upon satisfaction of a payment zone criterion. In the manual mode, trigger condition is detected when the user of themobile device 150 interacts with the user interface of theapplication 140 for the payment processing system while theapplication 140 is executed in as a foreground process on themobile device 150. - In some implementations, the advertised information further includes (1420) a payment zone threshold criterion, and the device the trigger condition by: determining whether the payment zone threshold criterion is satisfied; and, in accordance with a determination that the payment zone threshold criterion is satisfied, detecting the trigger condition. In some implementations, the advertised information includes payment zone threshold criterion indicating a baseline RSSI that the mobile device 150 (or the application 140) is required to observe before being within the payment zone of
payment module 100. In some implementations, the payment zone threshold criterion is a default RSSI value (e.g., −80 db) and the advertised information includes an offset (e.g., −5 db) to account for the strength and/or reception quality of the short-range radio/transceiver (e.g., BLE) of thepayment module 100. In some implementations, the trigger condition is detected when themobile device 150 enters the payment zone of thepayment module 100 which occurs upon satisfaction of a payment zone criterion. For example, when the RSSI observed by themobile device 150 from thepayment module 100 exceeds a predetermined payment zone threshold the payment zone threshold criterion is satisfied. In some implementations, themobile device 150 provides an indication on the user interface of theapplication 140 for the payment processing system indicating whether the user is within the payment zone ofpayment module 100 and/or how close he/she is to the payment zone ofpayment module 100. - In some implementations, the device detects (1422) the trigger condition by: detecting a user input from a user of the device; and, in response to detecting the user input, detecting the trigger condition to perform a transaction with the payment accepting unit. For example, while the
application 140 associated with the payment processing system is executed as a foreground process on themobile device 150, the user of the mobile device interacts with the user interface of theapplication 140 to initiate a transaction with thepayment accepting unit 120. In this example, the user performs a touch gesture with the touch screen of themobile device 150, vocally commands theapplication 150 to initiate the transaction, or the like. Continuing with this example, after detecting the user interaction, the mobile device 150 (or the application 140) sends thepayment module 100 the authorization grant token and the user is credited with the amount authorized in the authorization grant token in order to select goods and/or services provided bypayment accepting unit 120 for purchase with the credit. - In some implementations, the authorization information further includes (1424) an expiration period for the authorization grant token, and the device sends, to the payment module, the authorization grant token via the first communication capability in response to detecting the trigger condition and in accordance with a determination that the expiration period has not elapsed. In some implementations, after detecting the trigger condition, the mobile device (or the application 140) determines whether an expiration period indicated by the authorization grant token has elapsed before sending the authorization grant token to the
payment module 100. In some implementations, after determining that an expired authorization grant token is expired, the mobile device (or the application 140) determines automatically deletes the expired authorization grant token and requests a replacement authorization grant token by sending, to theserver 130, the authorization request code included in current advertised information broadcasted by thepayment module 100. - In response to detecting the trigger condition, the device sends (1426), to the payment module, the authorization grant token via the first communication capability. Continuing with the example in
operation 1422, after detecting the user interaction, the mobile device 150 (or the application 140) sends thepayment module 100 the authorization grant token and the user is credited with the amount authorized in the authorization grant token in order to select goods and/or services provided bypayment accepting unit 120 for purchase with the credit. - For example, when the
payment module 100 broadcasts the packet of information, if authorization code 12345 was issued in the packet (e.g., a new authorization code is issued every 100 ms), and a user uses that code to make a payment (when it comes back to thepayment module 100 in the authorization grant token), thepayment module 100 knows that authorization code 12345 has been used. Continuing with this example, if another subsequent user attempts to make a payment using the same authorization code 12345, thepayment module 100 does not allow the subsequent user to use authorization code 12345 in order to prevent replay attacks. Additionally, in some implementations, the advertised authorization code expires after M minutes (e.g., 3, 5, 10, etc. minutes). In some implementations, the authorization code is a unique randomly or pseudo-randomly generated number that is stored by the payment module for M minutes after the authorization code is advertised, at which time it expires. In some implementations, the advertised authorization codes are unique incremental numbers that are advertised every X seconds. In this embodiment, thepayment module 100 determines whether an authorization code in an authorization grant token is valid by identifying a current advertised authorization code and determining whether the advertised authorization is newer than the oldest valid authorization code based on the current advertised authorization code, the advertisement frequency (e.g., every X seconds), and the expiration period (e.g., M minutes). - In some implementations, after sending the authorization grant token, the device obtains (1428), from the payment module, first transaction information indicating a status of the first transaction with the payment accepting unit the first communication capability, and the device sends, to the server, the first transaction information corresponding to the status of the first transaction the second communication capability. In some implementations, the first transaction information indicates the status of the transaction initiated with an authorization grant token such as a complete, incomplete, or aborted transaction. For example, the first transaction is incomplete when the
payment accepting unit 120 experiences a malfunction (e.g., a vending mechanism jams and the user of themobile device 150 fails to receive a selected product) or the first transaction times-out by the user of themobile device 150 waiting Z seconds without selecting goods and/or services from thepayment accepting unit 120. For example, the first transaction is aborted when the user of themobile device 150 actuates the coin return of thepayment accepting unit 120 or walks away from thepayment accepting unit 120 without selecting goods and/or service. In some implementations, the first transaction information includes the amount of the first transaction, current inventory state of products inpayment accepting unit 120, other machine status information, and the like. - It should be understood that the particular order in which the operations in
FIGS. 27A-27C have been described is merely exemplary and is not intended to indicate that the described order is the only order in which the operations could be performed. One of ordinary skill in the art would recognize various ways to reorder the operations described herein. Additionally, it should be noted that details of other processes described herein with respect to other methods described herein (e.g., themethod 1500 inFIGS. 28A-28B , themethod 1600 inFIGS. 29A-29C , the andmethod 1700 inFIGS. 30A-30D ) are also applicable in an analogous manner to themethod 1400 described above with respect toFIGS. 27A-27C . -
FIGS. 28A-28B illustrate a flowchart diagram of amethod 1500 of transmitting machine status information in accordance with some implementations. In some implementations, themethod 1500 is performed by a device with one or more processors, memory, and two or more communication capabilities. For example, in some implementations, themethod 1500 is performed by the mobile device 150 (FIGS. 5 and 21 ) or a component thereof (e.g., application 140). In some implementations, themethod 1500 is governed by instructions that are stored in a non-transitory computer readable storage medium (e.g., thememory 860,FIG. 21 ) and the instructions are executed by one or more processors (e.g., the processing unit 840,FIG. 21 ) of the device. Optional operations are indicated by dashed lines (e.g., boxes with dashed-line borders). - The device obtains (1502), from a payment module, advertised information via a first communication capability, where the advertised information at least includes status information indicating one or more states of at least one of a payment module and a payment accepting unit associated with the payment module. For example, in some implementations, the
payment module 100 broadcasts the packet 1100 (FIG. 24A ) which includes the one or more status flags 1108. - In some implementations, the first communication capability corresponds (1504) to a short-range communication protocol. As described above, short-range communication protocols include BLE, NFC, and/or other protocols utilizing non-persistent communication channels.
- In some implementations, the status information indicates (1506) that the payment module is storing one or more interrupted transactions. As described in greater detail below with respect to
FIGS. 29A-29C , in some implementations, interrupted transactions (sometimes referred to as “incomplete transactions”) arise from the loss of a connection (e.g., themobile device 150 has no cellular reception) or power. In some implementations, for example, the status flags 1108 (e.g., inpacket 1100,FIG. 24A ) include uploadinformation indicator 1116, which indicates that the payment module is storing one or more interrupted transactions, and/or also includes transaction information (e.g.,transaction information 1150,FIG. 24D ) corresponding to the one or more incomplete transactions (e.g., an amount of the first transaction, a user ID, etc.). In some implementations, uploadinformation indicator 1116 triggers themobile device 150 to connect topayment module 100 immediately (e.g., if it has interrupted transaction information to be uploaded to the server 130). Alternatively, as described in greater detail below, thetransaction information 1150 is generated and sent separately from the status flags 1108. - In some implementations, the status information indicates (1508) that the payment accepting unit requires servicing. For example, the status flags 1108 (e.g., in
packet 1100,FIG. 24A ) include the bill/coin jam indicator 1118, which indicates that a blockage is detected in the payment feeding mechanism (e.g., bill or coin jam). Furthermore, in some implementations, the status flags 1108 (e.g., inpacket 1100,FIG. 24A ) include the full bill/coin reservoir indicator 1120, which indicates that currency stored in the payment accepting unit requires collection by an operator of the machine. In some implementations, the status information indicates that the payment accepting unit requires servicing after a predefined period of time has elapsed since a prior servicing. In an example, thepayment module 100 is configured to send status information indicating that thepayment accepting unit 120 requires servicing after one month has elapsed since a last servicing. - In some implementations, the status information indicates (1510) a count of at least one product in the payment accepting unit. For example, the status flags 1108 (e.g., in
packet 1100,FIG. 24A ) includes the inventory levels indicator 1122, which indicates that the remaining inventory of an item (e.g., an inventory levels indicator 1122 having a value of 1 indicates one corresponding item remaining for a particular product). - In some implementations, the status information is (1512) encoded with a predefined code. In some implementations, the status information is encrypted and/or encoded with a predefined code and/or key. For example, the status flags 1108 (e.g., in
packet 1100,FIG. 24A ) include 4 Bytes of information which is encoded according to a predefined encoding scheme known by theserver 130 which indicates a plurality of states of the payment module and/or thepayment accepting unit 120 associated with thepayment module 100. - In some implementations, the advertised information further includes (1514) an authorization code for authorizing a user of the device to perform a cashless transaction with the payment accepting unit. Authorization codes are described in greater detail above with respect to FIGS. 24C and 27A-27C and the accompanying text.
- The device sends (1516), to a server, at least the status information from the advertised information via a second communication capability distinct from the first communication capability. For example, in step 1004 of
method 1000 inFIG. 23 , themobile device 150 sends an authorization request to theserver 130 that includes the authorization code included in the broadcasted packet, the user ID associated with themobile device 150, the module ID associated with thepayment module 100, and also the status information. - In some implementations, the second communication capability corresponds (1518) to a long-range communication protocol. For example, in some implementations, the long-range communication protocol is one of GSM, Wi-Fi, CDMA, LTE, and/or the like.
- In some implementations, after sending the status information to the server, the device receives (1520) a request, from the server, via the second communication capability to obtain one or more interrupted transactions from the payment module; obtains, from the payment module, transaction information via the first communication capability, where the transaction information corresponds to the one or more interrupted transactions performed by one or more previous users at the payment accepting unit; and sends, to the server, the transaction information via the second communication capability. In some implementations, in response to the status flags indicating one or more interrupted transactions, the
server 130 requests that themobile device 150 connect to thepayment module 100 to upload the one or more interrupted transactions. This may occur even when the user of themobile device 150 does not initiate a transaction with thepayment module 100. In some implementations, themobile device 150 obtains the transaction information upon entering an authorization zone (e.g., the authorization zone 104). SeeFIGS. 29A-29C and the accompanying text for further discussion of interrupted transactions. For example, interrupted transactions arise from the loss of a network connection (e.g., themobile device 150 has no cellular reception) or power. - It should be understood that the particular order in which the operations in
FIGS. 28A-28B have been described is merely exemplary and is not intended to indicate that the described order is the only order in which the operations could be performed. One of ordinary skill in the art would recognize various ways to reorder the operations described herein. Additionally, it should be noted that details of other processes described herein with respect to other methods described herein (e.g., themethod 1400 inFIGS. 27A-27C , themethod 1600 inFIGS. 29A-29C , and themethod 1700 inFIGS. 30A-30D ) are also applicable in an analogous manner to themethod 1500 described above with respect toFIGS. 28A-28B . -
FIGS. 29A-29C illustrate a flowchart diagram of amethod 1600 of pay payment processing acknowledgment in accordance with some implementations. In some implementations, themethod 1600 is performed by a payment module with one or more processors, memory, and one or more first communication capabilities, which is coupled with a payment accepting unit (e.g., the payment accepting unit 120 (sometimes also herein called “machine 120”) (FIGS. 5 and 19 ) such as a vending machine or kiosk for dispensing goods and/or services). For example, in some implementations, themethod 1600 is performed by theadapter module 100, (FIGS. 5 and 20 ). In some implementations, themethod 1600 is governed by instructions that are stored in a non-transitory computer readable storage medium (e.g., thememory 760,FIG. 20 ) and the instructions are executed by one or more processors (e.g., theprocessing unit 750,FIG. 20 ) of the payment module. Optional operations are indicated by dashed lines (e.g., boxes with dashed-line borders). - The payment module obtains (1602), from the payment accepting unit, a first notification indicating completion of a first transaction performed by a first user of a first device at the payment accepting unit and an amount of the first transaction. For example, in
step 1202 of theprocess 1200 inFIG. 25A , thepayment module 100 obtains a first notification from thepayment accepting unit 120 after a first transaction is completed at thepayment accepting unit 120. - In response to receiving the notification, the payment module (1604): generates first transaction information based at least in part on the first notification; stores the generated first transaction information; and sends the generated first transaction information to the first device via one of the one or more first communication capabilities. In some implementations, the
payment module 100 generates the transaction information 1150 (FIG. 24D ) which includes the transaction ID 1152 (e.g., which sequentially increases after each completed transaction), the module ID 1154 (e.g., a unique ID for the payment module 100), the user ID 1156 (e.g., a unique user ID of themobile device 150 such as a MAC address), theauthorization grant 1158, the transaction status 1160 (e.g., complete, incomplete, or aborted), the transaction amount 1162 (e.g., $1.00), and/orother information 1164. Theother information 1164 includes, in some implementations, information included in the packet 1100 (FIG. 24A ), such as one or more status flags 1108 indicating a state of the payment accepting unit, and/or other information pertaining to the payment accepting unit, the first device, the first transaction, and/or the first user. In some implementations, the first transaction information is also stored until reception of an acknowledgement from the first device (e.g., the mobile device 150). Thetransaction information 1150, for example, is stored in the memory 760 (FIG. 20 ) of thepayment module 100. - In some implementations, the one or more first communication capabilities correspond to a short-range communication protocol. As described above, short-range communication protocols include BLE, NFC, and/or other protocols utilizing non-persistent communication channels.
- In some implementations, the first device forwards the first transaction information to a server (e.g., the server 130) via a second communication capability (e.g., a long-range communication protocol such as CDMA, GSM, Wi-Fi, or the like), and the
server 130 debits the account of the first user of the first device based on the amount of the first transaction, which is indicated in the first transaction information. In some implementations, theserver 130 sends encrypted acknowledgment information via the second communication capability to the first device, and the first device forwards the encrypted acknowledgment information to the payment module via the first communication capability. - After sending the first transaction information to the first device and in accordance with a determination that first acknowledgement information is received from the first device within a predetermined time period, the payment module deletes (1606) the stored first transaction information generated for the first transaction performed by the first user of the first device. In some implementations, the
payment module 100 marks the first and second transaction as complete (in addition to or instead of deleting the first and second transaction information). For example, when the predetermined time period is 30 seconds, thepayment module 100 deletes the first transaction information stored in the memory 760 (FIG. 20 ) if the first acknowledgment information is received within 30 seconds of sending the first transaction information. For example, thepayment module 100 determines whether the first acknowledgement information is received within a predetermined time period by comparing a timestamp of the stored first transaction information and the current time when (or if) the first acknowledgement is received. - In some implementations, the payment module encrypts (1608) the generated first transaction information, and the first acknowledgement information is encrypted. For example, the first transaction information is encrypted with a key corresponding to the
payment module 100, and the first acknowledgement information is encrypted with a key selected by theserver 130 that corresponds to thepayment module 100. In this example, the keys are distinct, the same, or mutually known. - After sending the first transaction information to the first device and in accordance with a determination that the first acknowledgement information is not received from the first device within the predetermined time period, the payment module maintains (1610) the stored first transaction information generated for the first transaction performed by the first user of the first device. In one example, an acknowledgement is not received because the first device (e.g., the mobile device 150) loses power. In another example, the first device loses its long-range communication connection to the
server 130, and is therefore unable to forward the first transaction information to a server for debiting the first user's account, or receiving an acknowledgement from theserver 130. In another example, the user of the first device maliciously severs the long-range communication connection to interrupt the transaction information from being sent to theserver 130, or to interrupt the acknowledgement information from being received by thepayment module 100. In some implementations, if thepayment module 100 does not receive the acknowledgment information within the predetermined time period, or if the acknowledgment information cannot be decrypted (e.g., it has been fraudulently modified or accessed), thepayment module 100 maintains the first transaction information (e.g., keepstransactions information 1150 stored in thememory 760,FIG. 20 ) and attempts to send the first transaction information to theserver 130 via another device (e.g., a second mobile device 150). For example, as discussed in greater detail below, the payment module leverages a subsequent second transaction involving a second device, and the first transaction information is sent to the second device with second transaction information that corresponds to a second transaction initiated by the user of the second device. - In some implementations, in accordance with the determination that the first acknowledgement information is not received from the first device within a predetermined time period, the payment module disables (1612) usage rights for the first user at the payment accepting unit. For example, the first user or user ID associated with the first device is suspended from performing cashless transactions, and further authorization grant tokens received from the first user or user ID are ignored by the
payment module 100. Thus, for example, the first user cannot initiate another transaction cashless transaction with thepayment module 100. In some implementations, theserver 130 and/orpayment module 100 records a history of incomplete transactions. In some implementations, theserver 130 and/orpayment module 100 blacklists the user only after a predefined number of incomplete transactions (e.g., 20 incomplete transactions), accounting for incomplete transactions that arise from non-malicious actions, such as a loss of cellular connection or power. - In some implementations, in accordance with the determination that the first acknowledgement information is not received from the first device within the predetermined time period, the payment module broadcasts (1614) an information packet via one of the one or more first communication capabilities, where the information packet includes one or more status flags indicating one or more unacknowledged first transactions including the first transaction performed by the first user of the first device. For example, the
payment module 100 broadcasts packets (e.g., thepacket 1100,FIG. 24A ) which include the status flags 1108 that indicate (e.g., upload information indicator 1116) that thepayment module 100 has information that needs to be uploaded to the server 130 (e.g., transaction information for the interrupted/unacknowledged first transaction). Alternatively, in some implementations, the transaction information 1150 (FIG. 24D ) corresponding to an incomplete transaction is appended to the advertised information instead of merely setting the uploadinformation indicator 1116 in the broadcast advertised information. - In some implementations, after determining that the first acknowledgement information is not received from the first device within the predetermined time period, the payment module obtains (1616), from the payment accepting unit, a second notification indicating completion of a second first transaction performed by a second user of a second device at the payment accepting unit and an amount of the first transaction. In response to receiving the second notification, the
payment module 100 generates second transaction information based at least in part on the second notification, stores the generated second transaction information, and sends the generated first transaction information and the generated second transaction information to the second device via one of the one or more first communication capabilities. Thus, thepayment module 100 leverages the subsequent second transaction by sending the first transaction information with the second transaction information. In some implementations, when the second user enters an authorization zone (e.g.,authorization zone 104,FIG. 1 ), transaction information corresponding to the first user's incomplete first transaction is transmitted to the second device. - In some implementations, in accordance with a determination that second acknowledgement information is received from the second device within the predetermined time period, the payment modules deletes (1618) the stored first transaction information generated for the first transaction performed by the first user of the first device and the stored second transaction information generated for the second transaction performed by the second user of the second device. For example, in
step 1272 of theprocess 1250 inFIG. 25B , after receiving the first transaction information and the second transaction information, theserver 130 sends acknowledgement information to thepayment module 100 via the second device 150-2, which acknowledges reception of the first transaction information and the second transaction information. Continuing with this example, instep 1276 of theprocess 1250 inFIG. 25B , after receiving the acknowledgement information, thepayment module 100 deletes the first transaction information and the second transaction information. - In some implementations, in accordance with a determination that the second acknowledgement information is not received from the second device within a predetermined time period, the payment module maintains (1620) the stored first transaction information generated for the first transaction performed by the first user of the first device and the stored second transaction information generated for the second transaction performed by the second user of the second device. In some further implementations, the
payment module 100 leverages a subsequent transaction involving a third device, and both the first and second transaction information are sent to the third device with third transaction information that corresponds to a third transaction initiated by the user of the third device. - It should be understood that the particular order in which the operations in
FIGS. 29A-29C have been described is merely exemplary and is not intended to indicate that the described order is the only order in which the operations could be performed. One of ordinary skill in the art would recognize various ways to reorder the operations described herein. Additionally, it should be noted that details of other processes described herein with respect to other methods described herein (e.g., themethod 1400 inFIGS. 27A-27C , themethod 1500 inFIGS. 28A-28B , and themethod 1700 inFIGS. 30A-30D ) are also applicable in an analogous manner to themethod 1600 described above with respect toFIGS. 29A-29C . -
FIGS. 30A-30D illustrate a flowchart diagram of amethod 1700 of updating firmware of the payment module in the payment processing system in accordance with some embodiments. In some implementations, themethod 1700 is performed by a device (e.g., the mobile device 150) with one or more processors, memory, and two or more communication capabilities. In some implementations, themethod 1700 is governed by instructions that are stored in a non-transitory computer readable storage medium (e.g., thememory 860,FIG. 21 ) and the instructions are executed by one or more processors of the mobile device 150 (e.g., theprocessing unit 850,FIG. 21 ). Optional operations are indicated by dashed lines (e.g., boxes with dashed-line borders). - As noted above, in some circumstances, a payment module (e.g., the
payment module 100,FIG. 26A ) in a payment processing system cannot establish a direct communications channel to a server (e.g., theserver 130,FIG. 26A ), and is therefore unable to directly receive firmware updates from the server. In these cases, as described below, if the firmware of the payment module is determined to satisfy certain criteria (e.g., firmware version is out-of-date), one or more devices (e.g., the mobile device 150) will send data packets to the payment module for updating the payment module's firmware. The device serves as a communications bridge between the payment module and the server, whereby the device obtains a verification request from the payment module, which the device then sends to the server for processing (e.g., theserver 130 verifies that the data packets are non-corrupted and complete). After processing the verification request, the server sends a firmware command to the device, which the device then sends to the payment module for execution. - A device (e.g., the mobile device 150) obtains (1702), from a payment module (e.g., the payment module 100), advertised information via a first communication capability, where the advertised information at least includes a current firmware version of the payment module. In some implementations, the current firmware version corresponds to a timestamp (e.g., Feb. 5, 2014), while in other implementations, the current firmware version is denoted by a version number (e.g., v1.4). Advertised information is described in greater detail herein with respect to
FIG. 24A . - In some implementations, the first communication capability corresponds (1704) to a short-range communication protocol. As described above, short-range communication protocols include BLE, NFC, and/or other protocols utilizing non-persistent communication channels.
- The device determines (1708) that the current firmware version of the payment module satisfies one or more predefined firmware criteria.
- In some implementations, the current firmware version of the payment module is compared (1710) with a firmware version stored by the device, and the one or more predefined firmware criteria are satisfied (1712) if the current firmware version of the payment module does not match the firmware version stored by the device. In some implementations, the device obtains an indication (e.g., from the
server 130,FIG. 26A ) that the firmware version it stores is the latest firmware version. In some implementations, the latest firmware version is determined from a timestamp associated with the firmware. Alternatively, in some implementations, it is presumed that the firmware version stored by the device is the latest version. - In some implementations, the predefined firmware criteria are satisfied if the current firmware version of the payment module predates the firmware version stored by the device (e.g., the firmware of
payment module 100 has a timestamp of Feb. 5, 2014, compared to the firmware ofmobile device 150 which has a timestamp of Apr. 4, 2014), or has a version number less than the firmware version stored by the device (e.g., firmware v1.4 of thepayment module 100 compared to firmware v1.5 of themobile device 150, where the firmware version numbers are assigned in monotonically ascending order by the server 130). In other implementations, the predefined firmware criteria are satisfied if the current firmware version of the payment module is newer than the firmware version stored by the device. This arises, for example, if a firmware rollback procedure is initiated, where the newer firmware version of the payment module is overwritten with an older firmware version of the device. - Alternatively, in some implementations, the device receives, from a server, the determination that the current firmware version of the payment module satisfies one or more predefined firmware criteria. In these implementations, for example, the device sends the current firmware version of the payment module to the server (e.g., the
server 130,FIG. 26A ) via a second communication capability (e.g., GSM), where the server determines (e.g., by comparing the current firmware version of the payment module and a latest version of the firmware) if the current firmware version satisfies predefined firmware criteria (as described in greater detail above). - In some implementations, prior to sending firmware update information and in accordance with a determination that the current firmware version of the payment module does not match the firmware version stored by the first device (1714), the device sends (1716), to a server, a firmware update request so as to update the firmware of the payment module via a second communication capability. In some implementations, the second communication capability corresponds (1718) to a long-range communication protocol. For example, in some implementations, the long-range communication protocol is one of GSM, Wi-Fi, CDMA, LTE, and/or the like.
- In some implementations, in response to sending the firmware update request, the device receives (1720) from the server, a firmware update approval message, and in response to receiving the firmware update approval message, the device sends (1724), to the payment module, the firmware update approval message. In some implementations, as described in greater detail with respect to
FIG. 26C , the server (e.g., server 130) permits or declines the firmware update request for any of a number of reasons (e.g., firmware stored by themobile device 150 is out of date). - Furthermore, in some implementations, firmware update approval message includes (1722) a verification value for each of the one or more data packets and a hash value for the firmware update information. A more in-depth discussion is provided in the corresponding description for
FIG. 26C , with respect to the ways in which thepayment module 100 uses the verification value and hash value for verifying and executing the firmware update information (e.g., one or more data packets corresponding to a latest firmware version). - In some implementations, sending the firmware update information via the first communication capability includes (1726), in response to receiving the firmware update approval message from the server, sending, to the payment module, the firmware update information via the first communication capability.
- In some implementations, the device obtains (1728) update status information from the payment module, wherein the update status information indicates remaining packets for updating the current firmware version of the payment module. As described in greater detail with respect to
FIG. 26C , in some implementations, the update status information indicating remaining packets (e.g., packets 50-100) for updating the current firmware version is sent by thepayment module 100 after receiving a firmware update approval message, while in other implementations, the update status information is included in broadcastedpacket 1100 that is broadcast by thepayment module 100. Alternatively and/or additionally, the update status information indicates one or more data packets received for updating the current firmware version of the payment module to the most recent firmware version. Furthermore, in some implementations, the update status information identifies the firmware version to which the remaining and/or received data packets correspond. Furthermore, in some implementations, sending the firmware update information via the first communication capability is based on the update status information. - In accordance with a determination that the current firmware version of the payment module satisfies one or more predefined firmware criteria, the device sends (1730), to the payment module, firmware update information via the first communication capability, where the firmware update information includes one or more data packets for updating the current firmware version of the payment module. In some implementations, the firmware update information is stored by the device, and was included in a latest update to the
application 140 associated with the payment processing system. In some implementations, the firmware update information is obtained from a server (e.g., theserver 130,FIG. 26A ) via a second communication capability (e.g., GSM), and sent to the payment module via the first communication capability. - In some implementations, advertised information further includes (1706) an authorization zone threshold criterion, and the device determines (1732) that the authorization zone threshold criterion is satisfied. For example, in some implementations, the device starts transmitting data packets to update the payment module firmware upon entering the authorization zone (e.g., the
authorization zone 140,FIG. 1 ) of the payment module. In some implementations, once the device has started transmitting data packets, if the device later leaves the authorization zone, the device continues to transmit data packets as long as the device remains with the communication zone of the payment module (e.g., BLE range), or, alternatively, the device ceases transmission of data packets. - In some implementations, the device obtains (1734) additional advertised information, where the additional advertised information at least includes update status information. In some implementations, the additional advertised information further includes a new authorization code and/or status flags. In some implementations, the update status information identifies (1738) one or more remaining data packets (e.g., packets 50-100) for updating the current firmware version of the payment module to the most recent firmware version. Alternatively and/or additionally, the update status information identifies (1740) one or more data packets received for updating the current firmware version of the payment module to the most recent firmware version. Furthermore, in some implementations, the update status information identifies the firmware version to which the remaining and/or received data packets correspond. Optionally, the update status information is included in transaction information (e.g., the
transaction information 1150, after completing a transaction). - In some implementations, the update status information includes (1736) a verification request. For example, a verification request is generated and included in update status information when the
payment module 100 has received all data packets necessary for completing the firmware update. A verification request is generally associated with a request to implement the received data packets in order to update the firmware of thepayment module 100. In some implementations, a verification request is a request for a server (e.g., theserver 130,FIG. 26A ) to determine if any received data packets are corrupted, if the received data packets form a complete set sufficient to initiate a firmware update, and/or if the received data packets correspond to a latest firmware version. In some embodiments, a verification request is a checksum performed by the payment module on the received data packets for the firmware update according to a predefined checksum algorithm. Furthermore, in some implementations, the verification request is sent to the server with transaction status information (e.g.,transaction information 1150,FIG. 24D ) after a user completes a transaction (e.g., thestep 1260 inprocess 1250 ofFIG. 25B ). - In some implementations in which the device obtains additional advertised information including a verification request, the device sends (1742), to a server, at least the current firmware version and a verification request via a second communication capability. In some implementations, the second communication capability corresponds (1744) to a long-range communication protocol (e.g., GSM, Wi-Fi, CDMA, LTE, and/or the like). In some implementations, the verification request is sent by the payment module directly to the server via a secure communications channel (e.g., an encrypted channel).
- Furthermore, in some implementations, the device obtains (1746), from the server, a firmware command via the second communication capability, and sends (1748), to the payment module, the firmware command via the first communication capability. The server processes the verification request prior to issuing a firmware command to the device to send to the payment module. As described above, in some implementations, the server determines if any received data packets are corrupt (e.g., by using a checksum), if the received data packets form a complete set sufficient to initiate a firmware update, and/or if the received data packets correspond to a latest firmware version. In some implementations, unless some or all of these aforementioned conditions (e.g., corrupted data packets, complete set, etc.) are not satisfied, the server issues an approval code and/or a firmware command to initiate an update of the payment module's firmware. In some embodiments, the server determines whether a checksum included in the verification request matches a checksum value determined by the server for the firmware update indicated by the verification request (e.g., a version number). For example, if the checksum included in the verification request does not match the server's checksum, the server issues a firmware command to not implement the firmware update and to delete the data packets corresponding to the firmware update associated with the verification request was sent. In this example, the checksums may not match if one or more of the data packets for the firmware update are corrupted or have been altered.
- In some implementations, the firmware command is a rollback command (e.g., ignore firmware update and keep current firmware version of the payment module 100), a delete command (e.g., deleting either all or a portion of the data packets for the firmware update), or an initialization command (e.g., initializing the firmware update in the payment module 100). If the server determines, in some implementations, that the received data packets do not correspond to a latest firmware version (e.g., the firmware update information stored by the device corresponds to firmware v1.4, compared to a latest firmware v1.5), the server will send, to the device or directly to the payment module, firmware update information including one or more data packets corresponding to a latest firmware version. This may occur, for example, if the
mobile device 150 itself is not storing the latest firmware. In some implementations, the firmware command is encrypted with an encryption key that corresponds to the payment module (e.g., a shared secret key or a public key in an asymmetric cryptography scheme). - In some implementations, a second device with one or more processors, memory, and two or more communication capabilities, obtain (1750), from the payment module, advertised information via the first communication capability, where the advertised information at least includes a current firmware version of the payment module and the update status information. The second device determines (1752) whether the current firmware version of the payment module predates a most recent firmware version. In accordance with a determination that the current firmware version of the payment module satisfies one or more predefined firmware criteria, the second device sends (1754), to the payment module, firmware update information via the first communication capability, where the firmware update information one or more additional data packets for updating the current firmware version based at least in part on the update status information. Thus, in some implementations, multiple devices send to the payment module portions of a complete set of data packets needed for a firmware update, where the data packets sent by one device are distinct from the data packets sent by another device. In one example, when a firmware update includes
data packets 1 through 100, a first device (e.g. the mobile device 150) sendsdata packets 1 through 50 to thepayment module 100, and a second device (a differentmobile device 150, not shown) sends data packets 50 through 100. - It should be understood that the particular order in which the operations in
FIGS. 30A-30D have been described is merely exemplary and is not intended to indicate that the described order is the only order in which the operations could be performed. One of ordinary skill in the art would recognize various ways to reorder the operations described herein. Additionally, it should be noted that details of other processes described herein with respect to other methods described herein (e.g., themethod 1400 inFIGS. 27A-27C , themethod 1500 inFIGS. 28A-28B , and themethod 1600 inFIGS. 29A-29C ) are also applicable in an analogous manner to themethod 1600 described above with respect toFIGS. 30A-30D . - It should be noted that relative terms are meant to help in the understanding of the technology and are not meant to limit the scope of the invention. Similarly, unless specifically stated otherwise, the terms used for labels (e.g., “first,” “second,” and “third”) are meant solely for purposes of designation and not for order or limitation. The term “short” in the phrase “short-range” (in addition to having technology specific meanings) is relative to the term “long” in the phrase “long-range.”
- The terms “may,” “might,” “can,” and “could” are used to indicate alternatives and optional features and only should be construed as a limitation if specifically included in the claims.
- It should be noted that, unless otherwise specified, the term “or” is used in its nonexclusive form (e.g., “A or B” includes A, B, A and B, or any combination thereof, but it would not have to include all of these possibilities). It should be noted that, unless otherwise specified, “and/or” is used similarly (e.g., “A and/or B” includes A, B, A and B, or any combination thereof, but it would not have to include all of these possibilities). It should be noted that, unless otherwise specified, the terms “includes” and “has” mean “comprises” (e.g., a device that includes, has, or comprises A and B contains A and B, but optionally may contain C or additional components other than A and B). It should be noted that, unless otherwise specified, the singular forms “a,” “an,” and “the” refer to one or more than one, unless the context clearly dictates otherwise.
- It is to be understood that the inventions, examples, and implementations described herein are not limited to particularly exemplified materials, methods, and/or structures. It is to be understood that the inventions, examples, and implementations described herein are to be considered preferred inventions, examples, and implementations whether specifically identified as such or not.
- The terms and expressions that have been employed in the foregoing specification are used as terms of description and not of limitation, and are not intended to exclude equivalents of the features shown and described. While the above is a complete description of selected implementations of the present invention, it is possible to practice the invention using various alternatives, modifications, adaptations, variations, and/or combinations and their equivalents. It will be appreciated by those of ordinary skill in the art that any arrangement that is calculated to achieve the same purpose may be substituted for the specific embodiment shown. It is also to be understood that the following claims are intended to cover all of the generic and specific features of the invention herein described and all statements of the scope of the invention that, as a matter of language, might be said to fall therebetween.
Claims (18)
1. A method of payment processing acknowledgment, comprising:
at a payment module coupled with a payment accepting unit, the payment module including one or more processors, memory, and one or more first communication capabilities:
obtaining, from the payment accepting unit, a first notification indicating completion of a first transaction performed by a first user of a first device at the payment accepting unit and an amount of the first transaction;
in response to receiving the notification:
generating first transaction information based at least in part on the first notification;
storing the generated first transaction information; and
sending the generated first transaction information to the first device via one of the one or more first communication capabilities; and
after sending the first transaction information to the first device:
in accordance with a determination that first acknowledgement information is received from the first device within a predetermined time period, deleting the stored first transaction information generated for the first transaction performed by the first user of the first device; and
in accordance with a determination that the first acknowledgement information is not received from the first device within the predetermined time period, maintaining the stored first transaction information generated for the first transaction performed by the first user of the first device.
2. The method of claim 1 , further comprising:
in accordance with the determination that the first acknowledgement information is not received from the first device within a predetermined time period, disabling usage rights for the first user at the payment accepting unit.
3. The method of claim 1 , further comprising:
in accordance with the determination that the first acknowledgement information is not received from the first device within the predetermined time period, broadcasting an information packet via one of the one or more first communication capabilities, wherein the information packet includes one or more status flags indicating one or more unacknowledged first transactions including the first transaction performed by the first user of the first device.
4. The method of claim 1 , further comprising:
after determining that the first acknowledgement information is not received from the first device within the predetermined time period:
obtaining, from the payment accepting unit, a second notification indicating completion of a second first transaction performed by a second user of a second device at the payment accepting unit and an amount of the first transaction; and
in response to receiving the second notification:
generating second transaction information based at least in part on the second notification;
storing the generated second transaction information; and
sending the generated first transaction information and the generated second transaction information to the second device via one of the one or more first communication capabilities.
5. The method of claim 4 , further comprising:
in accordance with a determination that second acknowledgement information is received from the second device within the predetermined time period, deleting the stored first transaction information generated for the first transaction performed by the first user of the first device and the stored second transaction information generated for the second transaction performed by the second user of the second device; and
in accordance with a determination that the second acknowledgement information is not received from the second device within a predetermined time period, maintaining the stored first transaction information generated for the first transaction performed by the first user of the first device and the stored second transaction information generated for the second transaction performed by the second user of the second device.
6. The method of claim 1 , further comprising:
encrypting the generated first transaction information; and
wherein the first acknowledgement information is encrypted.
7. A payment module coupled with a payment accepting unit, the payment module comprising:
one or more or more first communication capabilities;
one or more processors; and
memory storing one or more programs to be executed by the one or more processors, the one or more programs comprising instructions for:
obtaining, from the payment accepting unit, a first notification indicating completion of a first transaction performed by a first user of a first device at the payment accepting unit and an amount of the first transaction;
in response to receiving the notification:
generating first transaction information based at least in part on the first notification;
storing the generated first transaction information; and
sending the generated first transaction information to the first device via one of the one or more first communication capabilities; and
after sending the first transaction information to the first device:
in accordance with a determination that first acknowledgement information is received from the first device within a predetermined time period, deleting the stored first transaction information generated for the first transaction performed by the first user of the first device; and
in accordance with a determination that the first acknowledgement information is not received from the first device within the predetermined time period, maintaining the stored first transaction information generated for the first transaction performed by the first user of the first device.
8. The payment module of claim 7 , wherein the one or more programs further comprise instructions for:
in accordance with the determination that the first acknowledgement information is not received from the first device within a predetermined time period, disabling usage rights for the first user at the payment accepting unit.
9. The payment module of claim 7 , wherein the one or more programs further comprise instructions for:
in accordance with the determination that the first acknowledgement information is not received from the first device within the predetermined time period, broadcasting an information packet via one of the one or more first communication capabilities, wherein the information packet includes one or more status flags indicating one or more unacknowledged first transactions including the first transaction performed by the first user of the first device.
10. The payment module of claim 7 , wherein the one or more programs further comprise instructions for:
after determining that the first acknowledgement information is not received from the first device within the predetermined time period:
obtaining, from the payment accepting unit, a second notification indicating completion of a second first transaction performed by a second user of a second device at the payment accepting unit and an amount of the first transaction; and
in response to receiving the second notification:
generating second transaction information based at least in part on the second notification;
storing the generated second transaction information; and
sending the generated first transaction information and the generated second transaction information to the second device via one of the one or more first communication capabilities.
11. The payment module of claim 10 , wherein the one or more programs further comprise instructions for:
in accordance with a determination that second acknowledgement information is received from the second device within the predetermined time period, deleting the stored first transaction information generated for the first transaction performed by the first user of the first device and the stored second transaction information generated for the second transaction performed by the second user of the second device; and
in accordance with a determination that the second acknowledgement information is not received from the second device within a predetermined time period, maintaining the stored first transaction information generated for the first transaction performed by the first user of the first device and the stored second transaction information generated for the second transaction performed by the second user of the second device.
12. The payment module of claim 7 , the one or more programs further comprise instructions for:
encrypting the generated first transaction information; and
wherein the first acknowledgement information is encrypted.
13. A non-transitory computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which, when executed by a payment module with one or more processors and one or more first communication capabilities, wherein the payment module is coupled with a payment accepting unit, cause the payment module to perform operations comprising:
obtaining, from the payment accepting unit, a first notification indicating completion of a first transaction performed by a first user of a first device at the payment accepting unit and an amount of the first transaction;
in response to receiving the notification:
generating first transaction information based at least in part on the first notification;
storing the generated first transaction information; and
sending the generated first transaction information to the first device via one of the one or more first communication capabilities; and
after sending the first transaction information to the first device:
in accordance with a determination that first acknowledgement information is received from the first device within a predetermined time period, deleting the stored first transaction information generated for the first transaction performed by the first user of the first device; and
in accordance with a determination that the first acknowledgement information is not received from the first device within the predetermined time period, maintaining the stored first transaction information generated for the first transaction performed by the first user of the first device.
14. The non-transitory computer readable storage medium of claim 13 , wherein the instructions cause the payment module to perform operations further comprising:
in accordance with the determination that the first acknowledgement information is not received from the first device within a predetermined time period, disabling usage rights for the first user at the payment accepting unit.
15. The non-transitory computer readable storage medium of claim 13 , the instructions cause the payment module to perform operations further comprising:
in accordance with the determination that the first acknowledgement information is not received from the first device within the predetermined time period, broadcasting an information packet via one of the one or more first communication capabilities, wherein the information packet includes one or more status flags indicating one or more unacknowledged first transactions including the first transaction performed by the first user of the first device.
16. The non-transitory computer readable storage medium of claim 13 , wherein the instructions cause the payment module to perform operations further comprising:
after determining that the first acknowledgement information is not received from the first device within the predetermined time period:
obtaining, from the payment accepting unit, a second notification indicating completion of a second first transaction performed by a second user of a second device at the payment accepting unit and an amount of the first transaction; and
in response to receiving the second notification:
generating second transaction information based at least in part on the second notification;
storing the generated second transaction information; and
sending the generated first transaction information and the generated second transaction information to the second device via one of the one or more first communication capabilities.
17. The non-transitory computer readable storage medium of claim 16 , wherein the instructions cause the payment module to perform operations further comprising:
in accordance with a determination that second acknowledgement information is received from the second device within the predetermined time period, deleting the stored first transaction information generated for the first transaction performed by the first user of the first device and the stored second transaction information generated for the second transaction performed by the second user of the second device; and
in accordance with a determination that the second acknowledgement information is not received from the second device within a predetermined time period, maintaining the stored first transaction information generated for the first transaction performed by the first user of the first device and the stored second transaction information generated for the second transaction performed by the second user of the second device.
18. The non-transitory computer readable storage medium of claim 13 , wherein the instructions cause the payment module to perform operations further comprising:
encrypting the generated first transaction information; and
wherein the first acknowledgement information is encrypted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/321,724 US20150170145A1 (en) | 2013-12-18 | 2014-07-01 | Method and system for transmitting interrupted transactions |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201361917936P | 2013-12-18 | 2013-12-18 | |
US29/477,025 USD755183S1 (en) | 2013-12-18 | 2013-12-18 | In-line dongle |
US14/214,644 US8856045B1 (en) | 2013-12-18 | 2014-03-14 | Mobile-device-to-machine payment systems |
US14/320,534 US20150170136A1 (en) | 2013-12-18 | 2014-06-30 | Method and System for Performing Mobile Device-To-Machine Payments |
US14/321,724 US20150170145A1 (en) | 2013-12-18 | 2014-07-01 | Method and system for transmitting interrupted transactions |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/320,534 Continuation US20150170136A1 (en) | 2013-12-18 | 2014-06-30 | Method and System for Performing Mobile Device-To-Machine Payments |
Publications (1)
Publication Number | Publication Date |
---|---|
US20150170145A1 true US20150170145A1 (en) | 2015-06-18 |
Family
ID=53368518
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/320,534 Abandoned US20150170136A1 (en) | 2013-12-18 | 2014-06-30 | Method and System for Performing Mobile Device-To-Machine Payments |
US14/321,724 Abandoned US20150170145A1 (en) | 2013-12-18 | 2014-07-01 | Method and system for transmitting interrupted transactions |
US14/321,717 Abandoned US20150170129A1 (en) | 2013-12-18 | 2014-07-01 | Method and system for transmitting machine state information |
US14/321,733 Active US9134994B2 (en) | 2013-12-18 | 2014-07-01 | Method and system for updating firmware using a mobile device as a communications bridge |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/320,534 Abandoned US20150170136A1 (en) | 2013-12-18 | 2014-06-30 | Method and System for Performing Mobile Device-To-Machine Payments |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/321,717 Abandoned US20150170129A1 (en) | 2013-12-18 | 2014-07-01 | Method and system for transmitting machine state information |
US14/321,733 Active US9134994B2 (en) | 2013-12-18 | 2014-07-01 | Method and system for updating firmware using a mobile device as a communications bridge |
Country Status (1)
Country | Link |
---|---|
US (4) | US20150170136A1 (en) |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150356112A1 (en) * | 2014-06-09 | 2015-12-10 | Samsung Electronics Co., Ltd. | Method and electronic device for processing data |
US20160012430A1 (en) * | 2014-07-11 | 2016-01-14 | Google Inc. | Hands-free offline communications |
CN106060764A (en) * | 2016-05-25 | 2016-10-26 | 深圳卡通新技术有限公司 | Authorization system and method based on collision triggering by mobile terminal |
US20180068133A1 (en) * | 2016-09-02 | 2018-03-08 | Blackberry Limited | Method and device having secure removable modules |
CN108475371A (en) * | 2015-11-06 | 2018-08-31 | Visa欧洲有限公司 | Trading authorization |
JP2018525720A (en) * | 2015-06-30 | 2018-09-06 | ビザ インターナショナル サービス アソシエーション | Dynamic portable communication system |
RU2673982C1 (en) * | 2017-12-04 | 2018-12-03 | Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) | Method and system of execution of transactions for delivery of money resources in case of failures in communication channel of self-service machine |
US20190205570A1 (en) * | 2017-12-28 | 2019-07-04 | Shenzhen Launch Software Co., Ltd. | Method and device for verifying instructions of diagnostic equipment, and lower computer |
US20190227783A1 (en) * | 2018-01-23 | 2019-07-25 | Wistron Corporation | Electronic apparatus and firmware update method thereof |
US10372932B2 (en) * | 2014-03-12 | 2019-08-06 | Apple Inc. | Secure factory data generation and restoration |
US10423949B2 (en) | 2015-04-10 | 2019-09-24 | Mastercard International Incorporated | Vending machine transactions |
US20190310842A1 (en) * | 2015-09-24 | 2019-10-10 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Method for upgrading firmware of adapter, mobile terminal, and adapter thereof |
US10460317B2 (en) | 2014-07-11 | 2019-10-29 | Google Llc | Hands-free transaction tokens via payment processor |
US10474879B2 (en) | 2016-07-31 | 2019-11-12 | Google Llc | Automatic hands free service requests |
US10482463B2 (en) | 2016-03-01 | 2019-11-19 | Google Llc | Facial profile modification for hands free transactions |
CN110740400A (en) * | 2019-10-30 | 2020-01-31 | 歌尔股份有限公司 | Charging box, TWS earphone, system of charging box and TWS earphone, reconnection device and method |
EP3526752A4 (en) * | 2016-10-11 | 2020-05-06 | Bluechain Pty Ltd | Effecting initiation and authorization of transactions between mobile devices |
US10657002B2 (en) * | 2017-11-10 | 2020-05-19 | International Business Machines Corporation | Method and apparatus to rollback memory DIMM lane sparing |
US11146633B2 (en) * | 2019-01-16 | 2021-10-12 | Siemens Aktiengesellschaft | Method for producing a bidirectional connection between a device forming a field device and an application in a central facility |
US11172047B2 (en) | 2019-09-30 | 2021-11-09 | Mastercard International Incorporated | Systems and methods for use in network service interface bundling |
US11251939B2 (en) * | 2018-08-31 | 2022-02-15 | Quantifind, Inc. | Apparatuses, methods and systems for common key identification in distributed data environments |
US11308462B2 (en) | 2014-05-13 | 2022-04-19 | Clear Token Inc | Secure electronic payment |
US11574301B2 (en) | 2014-07-11 | 2023-02-07 | Google Llc | Hands-free transactions with voice recognition |
US20230039533A1 (en) * | 2021-08-03 | 2023-02-09 | Security Platform Inc. | Firmware massive update method using flash memory and computer program stored in recording media for executing the same |
US20230055855A1 (en) * | 2021-08-23 | 2023-02-23 | Incutech Co., Ltd. | Vending machine system |
Families Citing this family (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11966926B2 (en) | 2013-12-18 | 2024-04-23 | PayRange Inc. | Method and system for asynchronous mobile payments for multiple in-person transactions conducted in parallel |
US11983692B2 (en) | 2013-12-18 | 2024-05-14 | PayRange Inc. | Mobile payment module with dual function radio transmitter |
US11481781B2 (en) * | 2013-12-18 | 2022-10-25 | PayRange Inc. | Processing interrupted transaction over non-persistent network connections |
US11966895B2 (en) | 2013-12-18 | 2024-04-23 | PayRange Inc. | Refund centers for processing and dispensing vending machine refunds via an MDB router |
US12086811B2 (en) * | 2013-12-18 | 2024-09-10 | PayRange Inc. | Processing interrupted transactions over non-persistent network connections |
US11481780B2 (en) | 2013-12-18 | 2022-10-25 | PayRange Inc. | Method and system for asynchronous mobile payments for multiple in-person transactions conducted in parallel |
US9659296B2 (en) | 2013-12-18 | 2017-05-23 | PayRange Inc. | Method and system for presenting representations of payment accepting unit events |
US11074580B2 (en) | 2013-12-18 | 2021-07-27 | PayRange Inc. | Device and method for providing external access to multi-drop bus peripheral devices |
US8856045B1 (en) | 2013-12-18 | 2014-10-07 | PayRange Inc. | Mobile-device-to-machine payment systems |
US11475454B2 (en) | 2013-12-18 | 2022-10-18 | PayRange Inc. | Intermediary communications over non-persistent network connections |
WO2017132686A1 (en) * | 2016-01-29 | 2017-08-03 | Payrange, Inc. | Refund centers for processing and dispensing vending machine refunds via an mdb router |
US11205163B2 (en) | 2013-12-18 | 2021-12-21 | PayRange Inc. | Systems and methods for determining electric pulses to provide to an unattended machine based on remotely-configured options |
US12093962B2 (en) | 2013-12-18 | 2024-09-17 | PayRange Inc. | Intermediary communications over non-persistent network connections |
US10019724B2 (en) | 2015-01-30 | 2018-07-10 | PayRange Inc. | Method and system for providing offers for automated retail machines via mobile devices |
EP2955629B1 (en) * | 2014-06-11 | 2021-10-27 | Home Control Singapore Pte. Ltd. | System for installing new firmware on a small-memory device |
US9246913B2 (en) | 2014-06-19 | 2016-01-26 | Verizon Patent And Licensing Inc. | Sharing content using a dongle device |
WO2016007563A1 (en) * | 2014-07-07 | 2016-01-14 | Symphony Teleca Corporation | Remote Embedded Device Update Platform Apparatuses, Methods and Systems |
US9965632B2 (en) | 2014-12-22 | 2018-05-08 | Capital One Services, Llc | System and methods for secure firmware validation |
JP6067761B2 (en) * | 2015-01-30 | 2017-01-25 | 京セラドキュメントソリューションズ株式会社 | Mobile device and firmware management program |
CA2982785C (en) * | 2015-04-14 | 2023-08-08 | Capital One Services, Llc | Systems and methods for secure firmware validation |
US9836296B2 (en) * | 2015-06-11 | 2017-12-05 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods and systems for providing updates to and receiving data from devices having short range wireless communication capabilities |
US20170031676A1 (en) | 2015-07-27 | 2017-02-02 | Deja Vu Security, Llc | Blockchain computer data distribution |
US10248940B1 (en) * | 2015-09-24 | 2019-04-02 | Square, Inc. | Modular firmware for transaction system |
US20170103380A1 (en) * | 2015-10-12 | 2017-04-13 | Wal-Mart Stores, Inc. | System, method, and non-transitory computer-readable storage media related to transactions using a mobile device |
CN105636004A (en) * | 2015-12-25 | 2016-06-01 | 惠州Tcl移动通信有限公司 | Bluetooth automatic reconnection method and system based on low power consumption Bluetooth |
EP3800607B1 (en) * | 2016-02-17 | 2023-08-02 | PayRange Inc. | Systems and methods for determining electric pulses to provide to an unattended machine based on remotely-configured options |
US10108412B2 (en) | 2016-03-30 | 2018-10-23 | Square, Inc. | Blocking and non-blocking firmware update |
JP6713056B2 (en) * | 2016-03-30 | 2020-06-24 | スクエア, インコーポレイテッド | Compression firmware update |
US11010765B2 (en) | 2016-06-29 | 2021-05-18 | Square, Inc. | Preliminary acquisition of payment information |
US10817869B2 (en) | 2016-06-29 | 2020-10-27 | Square, Inc. | Preliminary enablement of transaction processing circuitry |
US10417628B2 (en) | 2016-06-29 | 2019-09-17 | Square, Inc. | Multi-interface processing of electronic payment transactions |
CN106255047A (en) * | 2016-09-20 | 2016-12-21 | 广东乐心医疗电子股份有限公司 | Communication method of low-power-consumption Bluetooth self-adaptive intelligent mobile terminal |
CN106681774B (en) * | 2016-12-30 | 2021-01-12 | Tcl通力电子(惠州)有限公司 | Software upgrading method of Bluetooth loudspeaker and intelligent terminal |
CN207051993U (en) * | 2017-05-04 | 2018-02-27 | 杭州微拜斯科技有限公司 | Shared bicycle smart lock and its control system based on cell phone application control |
CN109345389A (en) * | 2018-09-25 | 2019-02-15 | 阿里巴巴集团控股有限公司 | A kind of resource sharing method, device and equipment |
US10990969B2 (en) | 2018-12-21 | 2021-04-27 | Square, Inc. | Point of sale (POS) systems and methods for dynamically processing payment data based on payment reader capability |
US11049095B2 (en) | 2018-12-21 | 2021-06-29 | Square, Inc. | Point of sale (POS) systems and methods with dynamic kernel selection |
US10762196B2 (en) | 2018-12-21 | 2020-09-01 | Square, Inc. | Point of sale (POS) systems and methods with dynamic kernel selection |
CN110084971A (en) * | 2019-04-25 | 2019-08-02 | 益逻触控系统公司 | The operating method and self-service terminal of self-service terminal |
US11119750B2 (en) * | 2019-05-23 | 2021-09-14 | International Business Machines Corporation | Decentralized offline program updating |
CN110351349B (en) * | 2019-06-28 | 2021-09-28 | 飞天诚信科技股份有限公司 | Method and system for realizing work of cloud sound box |
US11347860B2 (en) | 2019-06-28 | 2022-05-31 | Seagate Technology Llc | Randomizing firmware loaded to a processor memory |
US11409872B2 (en) | 2019-06-28 | 2022-08-09 | Seagate Technology Llc | Confirming a version of firmware loaded to a processor-based device |
US11966904B1 (en) * | 2022-04-18 | 2024-04-23 | Wells Fargo Bank, N.A. | Mobile as a banking gateway for smart appliances with future networks |
US12073376B2 (en) | 2022-05-31 | 2024-08-27 | Bank Of America Corporation | Light-weight and secure payment processing using a low-power wide-area networking protocol |
US12079619B2 (en) | 2022-07-27 | 2024-09-03 | T-Mobile Usa, Inc. | Firmware-over-the-air (FOTA) update for wireless devices in an internet of things (IoT) network |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5892900A (en) * | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20030158891A1 (en) * | 2002-02-21 | 2003-08-21 | Warp 9 Inc. | Utilizing mobile devices as a communication proxy for non-connected terminals |
US20080141033A1 (en) * | 1995-02-13 | 2008-06-12 | Intertrust Technologies Corporation | Trusted and secure techniques, systems and methods for item delivery and execution |
US7455223B1 (en) * | 2005-08-29 | 2008-11-25 | Bob Jones University | RFID-based method for a networked cashless vending system |
US7464867B1 (en) * | 2001-03-26 | 2008-12-16 | Usa Technologies, Inc. | Cashless vending system with tethered payment interface |
US20090313132A1 (en) * | 2008-06-13 | 2009-12-17 | Microsoft Corporation | Handling payment receipts with a receipt store |
US20100094456A1 (en) * | 2008-10-10 | 2010-04-15 | Usa Technologies, Inc. | Devices and methods for providing cashless payment and diagnostics for vending machines |
US20110244799A1 (en) * | 2010-03-31 | 2011-10-06 | Roberts David A | Systems and methods for operating transaction terminals |
US20110276636A1 (en) * | 2010-03-29 | 2011-11-10 | Konaware, Inc. | Efficient transactional messaging between loosely coupled client and server over multiple intermittent networks with policy based routing |
US20120150742A1 (en) * | 2010-12-14 | 2012-06-14 | Xtreme Mobility Inc. | System and Method for Authenticating Transactions Through a Mobile Device |
US20120158172A1 (en) * | 2010-12-21 | 2012-06-21 | Ncr Corporation | Methods to broadcast status of a self-service dispensing device |
US20130110296A1 (en) * | 2011-10-19 | 2013-05-02 | Zeco Systems Pte Ltd | Methods and Apparatuses for Charging of Electric Vehicles |
Family Cites Families (110)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
NO941202L (en) | 1994-03-30 | 1995-10-02 | Oeystein Konsmo | Method of monitoring and generating messages as well as equipment using the method |
US6462644B1 (en) | 1998-11-19 | 2002-10-08 | The Coca-Cola Company | Network of vending machines connected interactively to data-base building host |
CN1406444A (en) * | 1998-12-22 | 2003-03-26 | 艾利森电话股份有限公司 | Mobile telephone network access |
US6584309B1 (en) | 1999-12-16 | 2003-06-24 | The Coca-Cola Company | Vending machine purchase via cellular telephone |
DE10000948A1 (en) | 2000-01-12 | 2001-08-02 | Siemens Ag | Arrangement for the provision and flexible charging of a product or service, and automatic dispenser for use in such and method for operating such |
US20020164953A1 (en) | 2000-06-13 | 2002-11-07 | Jeremy Curtis | Bluetooth adaptor |
US7107236B2 (en) * | 2001-01-02 | 2006-09-12 | ★Roaming Messenger, Inc. | Self-contained business transaction capsules |
EP1372089A4 (en) | 2001-03-13 | 2006-06-07 | Fujitsu Ltd | Electronic money settlement method using mobile communication terminal |
WO2003058391A2 (en) | 2001-12-26 | 2003-07-17 | Vivotech, Inc. | Wireless network micropayment financial transaction processing |
US20120005039A1 (en) | 2002-02-05 | 2012-01-05 | Jack Dorsey | Method of conducting financial transactions |
US8270994B2 (en) | 2002-07-10 | 2012-09-18 | Ekahau, Oy | Applications of signal quality observations |
GB2391681B (en) | 2002-08-01 | 2005-09-21 | Ncr Int Inc | Self-service terminal |
GB0219909D0 (en) * | 2002-08-28 | 2002-10-02 | Koninkl Philips Electronics Nv | Secure logging of transactions |
US7494055B2 (en) | 2002-09-17 | 2009-02-24 | Vivotech, Inc. | Collaborative negotiation techniques for mobile personal trusted device financial transactions |
US20040117262A1 (en) * | 2002-12-17 | 2004-06-17 | Berger Jeffrey Keith | System and method for conducting a monetary transaction |
DE60308385T2 (en) | 2003-11-07 | 2007-09-20 | Alcatel Lucent | Procedure for supporting cashless payment |
BRPI0512468A (en) | 2004-06-25 | 2008-03-11 | Ian Charles Ogilvy | method, apparatus and system for processing a payment transaction; database; passive device; computer program; computer readable media; method for launching software applications; and method or organizer of a queue |
US8774963B2 (en) | 2005-03-15 | 2014-07-08 | Inventor Holdings, Llc | Systems and methods for providing network access |
WO2006115984A2 (en) | 2005-04-21 | 2006-11-02 | Securedpay Solutions, Inc. | Portable handheld device for wireless order entry and real time payment authorization and related methods |
US8819659B2 (en) * | 2005-09-14 | 2014-08-26 | Millennial Media, Inc. | Mobile search service instant activation |
US7721958B2 (en) | 2005-09-21 | 2010-05-25 | Alcatel Lucent | Coinless vending system, method, and computer readable medium using an audio code collector and validator |
US8352323B2 (en) * | 2007-11-30 | 2013-01-08 | Blaze Mobile, Inc. | Conducting an online payment transaction using an NFC enabled mobile communication device |
US7828204B2 (en) | 2006-02-01 | 2010-11-09 | Mastercard International Incorporated | Techniques for authorization of usage of a payment device |
US20070187491A1 (en) * | 2006-02-13 | 2007-08-16 | Godwin Bryan W | Processing Cashless Transactions of Remote Field Assets |
US7873573B2 (en) | 2006-03-30 | 2011-01-18 | Obopay, Inc. | Virtual pooled account for mobile banking |
US20080126213A1 (en) | 2006-09-14 | 2008-05-29 | Gilbarco Inc. | Peer-to-peer data replication for off-line transactions in a retail fueling environment |
US8118223B2 (en) | 2006-09-28 | 2012-02-21 | Visa U.S.A. Inc. | Smart sign mobile transit fare payment |
US8738485B2 (en) | 2007-12-28 | 2014-05-27 | Visa U.S.A. Inc. | Contactless prepaid product for transit fare collection |
US8838477B2 (en) | 2011-06-09 | 2014-09-16 | Golba Llc | Method and system for communicating location of a mobile device for hands-free payment |
US8838481B2 (en) | 2011-07-26 | 2014-09-16 | Golba Llc | Method and system for location based hands-free payment |
US7848980B2 (en) | 2006-12-26 | 2010-12-07 | Visa U.S.A. Inc. | Mobile payment system and method using alias |
US9940627B2 (en) | 2006-12-26 | 2018-04-10 | Visa U.S.A. Inc. | Mobile coupon method and system |
US20080201226A1 (en) | 2006-12-26 | 2008-08-21 | Mark Carlson | Mobile coupon method and portable consumer device for utilizing same |
CN101647040A (en) | 2006-12-26 | 2010-02-10 | 维萨美国股份有限公司 | Mobile payment system and method using alias |
US8615426B2 (en) | 2006-12-26 | 2013-12-24 | Visa U.S.A. Inc. | Coupon offers from multiple entities |
US20080154735A1 (en) | 2006-12-26 | 2008-06-26 | Mark Carlson | Mobile vending purchasing |
US8923827B2 (en) * | 2007-01-09 | 2014-12-30 | Visa U.S.A. Inc. | Mobile payment management |
JP2008181228A (en) * | 2007-01-23 | 2008-08-07 | Sony Corp | Management system, management method, terminal equipment, management server, and program |
US20080208762A1 (en) * | 2007-02-22 | 2008-08-28 | First Data Corporation | Payments using a mobile commerce device |
US8548908B2 (en) | 2007-04-11 | 2013-10-01 | First Data Corporation | Mobile commerce infrastructure systems and methods |
WO2009007967A2 (en) * | 2007-07-09 | 2009-01-15 | Nolio Ltd. | System and method for application process automation over a computer network |
US20090037284A1 (en) * | 2007-07-31 | 2009-02-05 | First Data Corporation | Point of sale system with ability to remotely update firmware |
US20090069049A1 (en) | 2007-09-12 | 2009-03-12 | Devicefidelity, Inc. | Interfacing transaction cards with host devices |
UY30685A1 (en) | 2007-11-01 | 2009-08-03 | NEW ELECTRONIC DEVICE FOR THE SALE OF INTANGIBLE PRODUCTS IN EXPENDING MACHINES | |
US7706784B2 (en) | 2008-03-14 | 2010-04-27 | Accells Technologies (2009), Ltd. | Method and system for providing a product or service using a mobile communication device |
US20090306818A1 (en) | 2008-06-09 | 2009-12-10 | The Coca-Cola Company | Method for Retrofitting a Vending Machine |
EP2469476A3 (en) | 2008-10-31 | 2014-08-20 | Accenture Global Services Limited | System for controlling user access to a service |
US8548426B2 (en) | 2009-02-20 | 2013-10-01 | Boku, Inc. | Systems and methods to approve electronic payments |
US8700530B2 (en) | 2009-03-10 | 2014-04-15 | Boku, Inc. | Systems and methods to process user initiated transactions |
US20100312692A1 (en) * | 2009-06-03 | 2010-12-09 | Mordechai Teicher | Compact payment terminal |
US8566159B2 (en) | 2009-09-04 | 2013-10-22 | Ips Group, Inc. | Location-aware advertising to parking location users |
US8374916B2 (en) * | 2009-10-27 | 2013-02-12 | At&T Mobility Ii Llc | Secure mobile-based financial transactions |
US8412626B2 (en) | 2009-12-10 | 2013-04-02 | Boku, Inc. | Systems and methods to secure transactions via mobile devices |
US20110153436A1 (en) | 2009-12-18 | 2011-06-23 | Krampe Richard L | Method of establishing credit on a cash register |
US9185539B2 (en) | 2009-12-18 | 2015-11-10 | Richard L. Krampe | Apparatus and method of establishing credit on a cash register or printer |
US20120303528A1 (en) | 2010-01-07 | 2012-11-29 | Accells Technologies (2009), Ltd. | System and method for performing a transaction responsive to a mobile device |
US20110251910A1 (en) | 2010-04-13 | 2011-10-13 | James Dimmick | Mobile Phone as a Switch |
US8781622B2 (en) | 2010-06-02 | 2014-07-15 | Utique, Inc. | Mobile device assisted retail system and process in a vending unit, retail display or automated retail store |
EP2405622B1 (en) * | 2010-07-08 | 2014-05-14 | Mobile Imaging in Sweden AB | Device communication |
WO2012012445A2 (en) | 2010-07-19 | 2012-01-26 | Universal Commerce, Inc. | Mobile system and method for payments and non-financial transactions |
US20120036045A1 (en) * | 2010-08-09 | 2012-02-09 | William Patrick Lowe | Methods and Systems for Reserving and Completing Purchases |
US9558481B2 (en) | 2010-09-28 | 2017-01-31 | Barclays Bank Plc | Secure account provisioning |
US8583496B2 (en) | 2010-12-29 | 2013-11-12 | Boku, Inc. | Systems and methods to process payments via account identifiers and phone numbers |
US8707276B2 (en) * | 2011-01-07 | 2014-04-22 | Mastercard International Incorporated | Method and system for managing programmed applications in an open API environment |
US8972286B2 (en) | 2011-01-31 | 2015-03-03 | Bank Of America Corporation | Transaction authorization system for a mobile commerce device |
US20120231844A1 (en) | 2011-03-11 | 2012-09-13 | Apriva, Llc | System and device for facilitating a transaction by consolidating sim, personal token, and associated applications for electronic wallet transactions |
US10168413B2 (en) * | 2011-03-25 | 2019-01-01 | T-Mobile Usa, Inc. | Service enhancements using near field communication |
US9104415B2 (en) * | 2011-03-29 | 2015-08-11 | Qualcomm Incorporated | Method for selecting and launching a hybrid mode of operation for a portable device based on received sensor information and a current mode of operation |
US9053510B2 (en) | 2011-04-04 | 2015-06-09 | David L. McEwan | Shopping apparatus and methods |
US8965449B2 (en) * | 2011-04-07 | 2015-02-24 | Apple Inc. | Devices and methods for providing access to internal component |
WO2012146951A1 (en) | 2011-04-28 | 2012-11-01 | Sony Ericsson Mobile Communications Ab | Payment processing |
EP3605432A1 (en) | 2011-05-10 | 2020-02-05 | Dynamics Inc. | Systems, devices and methods for mobile payment acceptance, mobile authorizations, mobile wallets, and contactless communication mechanisms |
USD669899S1 (en) | 2011-07-29 | 2012-10-30 | Cheng Uei Precision Industry Co., Ltd. | Bluetooth dongle |
US20130054395A1 (en) * | 2011-08-25 | 2013-02-28 | Michael Cyr | Methods and systems for self-service checkout |
US20130246171A1 (en) * | 2011-09-13 | 2013-09-19 | Giovanni Carapelli | Fuel Dispensing Environment Utilizing Mobile Payment |
US20130085835A1 (en) * | 2011-09-30 | 2013-04-04 | Coupons.Com Incorporated | Applying mobile digital coupons at the point of sale |
US8600899B1 (en) * | 2011-10-11 | 2013-12-03 | Videx, Inc. | Vending data communications systems |
US20130117738A1 (en) * | 2011-11-03 | 2013-05-09 | Microsoft Corporation | Server Upgrades with Safety Checking and Preview |
US8708745B2 (en) | 2011-11-07 | 2014-04-29 | Apple Inc. | Dual orientation electronic connector |
US20130166448A1 (en) | 2011-12-27 | 2013-06-27 | Infosys Limited | Financial transfers from mobile devices |
US20130217333A1 (en) * | 2012-02-22 | 2013-08-22 | Qualcomm Incorporated | Determining rewards based on proximity of devices using short-range wireless broadcasts |
JP5935871B2 (en) | 2012-03-07 | 2016-06-15 | ソニー株式会社 | Payment processing system, payment terminal, communication device, payment server, and payment processing method |
US9075758B2 (en) | 2012-03-19 | 2015-07-07 | Samsung Electronics Co., Ltd. | Removable storage device with transactional operation support and system including same |
US20130267121A1 (en) | 2012-04-04 | 2013-10-10 | Ching-Jen Hsu | Electronic Connector |
US8774721B2 (en) * | 2012-04-10 | 2014-07-08 | Google Inc. | Detecting a communication tap via signal monitoring |
WO2013163217A1 (en) * | 2012-04-23 | 2013-10-31 | Netspectrum Inc. | Secure and authenticated transactions with mobile devices |
US10360593B2 (en) * | 2012-04-24 | 2019-07-23 | Qualcomm Incorporated | Retail proximity marketing |
US20130311382A1 (en) | 2012-05-21 | 2013-11-21 | Klaus S. Fosmark | Obtaining information for a payment transaction |
EP2856406A4 (en) | 2012-05-24 | 2015-12-09 | Google Inc | Systems, methods, and computer program products for providing a contactless protocol |
US9607297B2 (en) | 2012-06-06 | 2017-03-28 | Intuit Inc. | Mobile payment via a virtual peripheral device |
US20130346305A1 (en) * | 2012-06-26 | 2013-12-26 | Carta Worldwide Inc. | Mobile wallet payment processing |
US8438066B1 (en) | 2012-06-28 | 2013-05-07 | Intuit Inc. | Secure geo-fencing with multi-form authentication |
US20140019367A1 (en) * | 2012-07-13 | 2014-01-16 | Apple Inc. | Method to send payment data through various air interfaces without compromising user data |
US11507950B2 (en) | 2012-07-31 | 2022-11-22 | Worldpay, Llc | Systems and methods for secure normative intermediation of payments processing peripherals |
US9179244B2 (en) * | 2012-08-31 | 2015-11-03 | Apple Inc. | Proximity and tap detection using a wireless system |
US20140074714A1 (en) | 2012-09-10 | 2014-03-13 | Gilbarco S.R.L. | Attended dispensing environment utilizing mobile payment |
US20140074723A1 (en) * | 2012-09-12 | 2014-03-13 | Shreyas Kamat | Communicating payments |
US20140180852A1 (en) * | 2012-09-12 | 2014-06-26 | Shreyas Kamat | Communicating payments |
US20140122298A1 (en) * | 2012-10-31 | 2014-05-01 | Troy Apps, LLC. | Mobile Information Tool System and Method |
US20140136301A1 (en) | 2012-11-13 | 2014-05-15 | Juan Valdes | System and method for validation and reliable expiration of valuable electronic promotions |
US9704153B2 (en) | 2013-01-14 | 2017-07-11 | Conduent Business Services, Llc | System and method for enabling transactions on an associated network |
US9407097B2 (en) * | 2013-03-04 | 2016-08-02 | Hello Inc. | Methods using wearable device with unique user ID and telemetry system |
US20140279101A1 (en) * | 2013-03-15 | 2014-09-18 | Clinkle Corporation | Distance factor based mobile device selection |
US8868796B1 (en) * | 2013-04-18 | 2014-10-21 | Otter Products, Llc | Device and method for updating firmware of a peripheral device |
US9425962B2 (en) * | 2013-06-21 | 2016-08-23 | Intel IP Corporation | Low energy Bluetooth system with authentication during connectionless advertising and broadcasting |
US9445220B2 (en) * | 2013-09-06 | 2016-09-13 | Paypal, Inc. | Systems and methods for enabling additional devices to check in to bluetooth low energy (BLE) beacons |
US9922488B2 (en) | 2013-10-16 | 2018-03-20 | Redbox Automated Retail, Llc | Wireless communication for consumer-operated kiosks |
US8769643B1 (en) | 2013-11-04 | 2014-07-01 | Mourad Ben Ayed | Method for identifying a remote device |
US8910868B1 (en) * | 2013-11-27 | 2014-12-16 | Square, Inc. | Firmware management |
US8856045B1 (en) | 2013-12-18 | 2014-10-07 | PayRange Inc. | Mobile-device-to-machine payment systems |
-
2014
- 2014-06-30 US US14/320,534 patent/US20150170136A1/en not_active Abandoned
- 2014-07-01 US US14/321,724 patent/US20150170145A1/en not_active Abandoned
- 2014-07-01 US US14/321,717 patent/US20150170129A1/en not_active Abandoned
- 2014-07-01 US US14/321,733 patent/US9134994B2/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080141033A1 (en) * | 1995-02-13 | 2008-06-12 | Intertrust Technologies Corporation | Trusted and secure techniques, systems and methods for item delivery and execution |
US5892900A (en) * | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7464867B1 (en) * | 2001-03-26 | 2008-12-16 | Usa Technologies, Inc. | Cashless vending system with tethered payment interface |
US20030158891A1 (en) * | 2002-02-21 | 2003-08-21 | Warp 9 Inc. | Utilizing mobile devices as a communication proxy for non-connected terminals |
US7455223B1 (en) * | 2005-08-29 | 2008-11-25 | Bob Jones University | RFID-based method for a networked cashless vending system |
US20090313132A1 (en) * | 2008-06-13 | 2009-12-17 | Microsoft Corporation | Handling payment receipts with a receipt store |
US20100094456A1 (en) * | 2008-10-10 | 2010-04-15 | Usa Technologies, Inc. | Devices and methods for providing cashless payment and diagnostics for vending machines |
US20110276636A1 (en) * | 2010-03-29 | 2011-11-10 | Konaware, Inc. | Efficient transactional messaging between loosely coupled client and server over multiple intermittent networks with policy based routing |
US20110244799A1 (en) * | 2010-03-31 | 2011-10-06 | Roberts David A | Systems and methods for operating transaction terminals |
US20120150742A1 (en) * | 2010-12-14 | 2012-06-14 | Xtreme Mobility Inc. | System and Method for Authenticating Transactions Through a Mobile Device |
US20120158172A1 (en) * | 2010-12-21 | 2012-06-21 | Ncr Corporation | Methods to broadcast status of a self-service dispensing device |
US20130110296A1 (en) * | 2011-10-19 | 2013-05-02 | Zeco Systems Pte Ltd | Methods and Apparatuses for Charging of Electric Vehicles |
Cited By (40)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10372932B2 (en) * | 2014-03-12 | 2019-08-06 | Apple Inc. | Secure factory data generation and restoration |
US11861572B2 (en) | 2014-05-13 | 2024-01-02 | Clear Token Inc. | Secure electronic payment |
US11308462B2 (en) | 2014-05-13 | 2022-04-19 | Clear Token Inc | Secure electronic payment |
US10042856B2 (en) * | 2014-06-09 | 2018-08-07 | Samsung Electronics Co., Ltd. | Method and electronic device for processing data |
US20150356112A1 (en) * | 2014-06-09 | 2015-12-10 | Samsung Electronics Co., Ltd. | Method and electronic device for processing data |
US20160012430A1 (en) * | 2014-07-11 | 2016-01-14 | Google Inc. | Hands-free offline communications |
US11574301B2 (en) | 2014-07-11 | 2023-02-07 | Google Llc | Hands-free transactions with voice recognition |
US10460317B2 (en) | 2014-07-11 | 2019-10-29 | Google Llc | Hands-free transaction tokens via payment processor |
US12039522B2 (en) | 2014-07-11 | 2024-07-16 | Google Llc | Hands-free transactions with voice recognition |
US10423949B2 (en) | 2015-04-10 | 2019-09-24 | Mastercard International Incorporated | Vending machine transactions |
JP2018525720A (en) * | 2015-06-30 | 2018-09-06 | ビザ インターナショナル サービス アソシエーション | Dynamic portable communication system |
US20190310842A1 (en) * | 2015-09-24 | 2019-10-10 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Method for upgrading firmware of adapter, mobile terminal, and adapter thereof |
US10908894B2 (en) * | 2015-09-24 | 2021-02-02 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Method for upgrading firmware of adapter, mobile terminal, and adapter thereof |
US20180322497A1 (en) * | 2015-11-06 | 2018-11-08 | Visa Europe Limited | Transaction authorisation |
US11645653B2 (en) * | 2015-11-06 | 2023-05-09 | Visa Europe Limited | Transaction authorization |
CN108475371A (en) * | 2015-11-06 | 2018-08-31 | Visa欧洲有限公司 | Trading authorization |
US10839393B2 (en) | 2016-03-01 | 2020-11-17 | Google Llc | Facial profile modification for hands free transactions |
US10482463B2 (en) | 2016-03-01 | 2019-11-19 | Google Llc | Facial profile modification for hands free transactions |
CN106060764A (en) * | 2016-05-25 | 2016-10-26 | 深圳卡通新技术有限公司 | Authorization system and method based on collision triggering by mobile terminal |
US10474879B2 (en) | 2016-07-31 | 2019-11-12 | Google Llc | Automatic hands free service requests |
US11495051B2 (en) | 2016-07-31 | 2022-11-08 | Google Llc | Automatic hands free service requests |
US10572690B2 (en) * | 2016-09-02 | 2020-02-25 | Blackberry Limited | Method and device having secure removable modules |
US20180068133A1 (en) * | 2016-09-02 | 2018-03-08 | Blackberry Limited | Method and device having secure removable modules |
EP3526752A4 (en) * | 2016-10-11 | 2020-05-06 | Bluechain Pty Ltd | Effecting initiation and authorization of transactions between mobile devices |
US10657002B2 (en) * | 2017-11-10 | 2020-05-19 | International Business Machines Corporation | Method and apparatus to rollback memory DIMM lane sparing |
EA034122B1 (en) * | 2017-12-04 | 2019-12-30 | Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) | Method and system of performing transactions for money delivery in case of failures in the telecommunication channel of self-service device |
WO2019112471A1 (en) * | 2017-12-04 | 2019-06-13 | Публичное Акционерное Общество "Сбербанк России" | Performing transactions in the event of failures in a connection channel of a self-service machine |
RU2673982C1 (en) * | 2017-12-04 | 2018-12-03 | Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) | Method and system of execution of transactions for delivery of money resources in case of failures in communication channel of self-service machine |
US20190205570A1 (en) * | 2017-12-28 | 2019-07-04 | Shenzhen Launch Software Co., Ltd. | Method and device for verifying instructions of diagnostic equipment, and lower computer |
US10740491B2 (en) * | 2017-12-28 | 2020-08-11 | Shenzhen Launch Software Co., Ltd. | Method and device for verifying instructions of diagnostic equipment, and lower computer |
US10402189B2 (en) * | 2018-01-23 | 2019-09-03 | Wistron Corporation | Electronic apparatus and firmware update method thereof |
US20190227783A1 (en) * | 2018-01-23 | 2019-07-25 | Wistron Corporation | Electronic apparatus and firmware update method thereof |
US11251939B2 (en) * | 2018-08-31 | 2022-02-15 | Quantifind, Inc. | Apparatuses, methods and systems for common key identification in distributed data environments |
US11146633B2 (en) * | 2019-01-16 | 2021-10-12 | Siemens Aktiengesellschaft | Method for producing a bidirectional connection between a device forming a field device and an application in a central facility |
US11172047B2 (en) | 2019-09-30 | 2021-11-09 | Mastercard International Incorporated | Systems and methods for use in network service interface bundling |
US11785116B2 (en) | 2019-09-30 | 2023-10-10 | Mastercard International Incorporated | Systems and methods for use in network service interface bundling |
CN110740400A (en) * | 2019-10-30 | 2020-01-31 | 歌尔股份有限公司 | Charging box, TWS earphone, system of charging box and TWS earphone, reconnection device and method |
US20230039533A1 (en) * | 2021-08-03 | 2023-02-09 | Security Platform Inc. | Firmware massive update method using flash memory and computer program stored in recording media for executing the same |
US11789719B2 (en) * | 2021-08-03 | 2023-10-17 | Security Platform Inc. | Firmware massive update method using flash memory and computer program stored in recording media for executing the same |
US20230055855A1 (en) * | 2021-08-23 | 2023-02-23 | Incutech Co., Ltd. | Vending machine system |
Also Published As
Publication number | Publication date |
---|---|
US20150170136A1 (en) | 2015-06-18 |
US9134994B2 (en) | 2015-09-15 |
US20150169312A1 (en) | 2015-06-18 |
US20150170129A1 (en) | 2015-06-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9134994B2 (en) | Method and system for updating firmware using a mobile device as a communications bridge | |
US11972423B2 (en) | Method and system for presenting representations of payment accepting unit events | |
EP3901880B1 (en) | Mobile device-to-machine payment systems | |
US12093962B2 (en) | Intermediary communications over non-persistent network connections | |
US10891608B2 (en) | Method and system for an offline-payment operated machine to accept electronic payments | |
US12086811B2 (en) | Processing interrupted transactions over non-persistent network connections | |
US11935051B2 (en) | Device and method for providing external access to multi-drop bus peripheral devices | |
US11966895B2 (en) | Refund centers for processing and dispensing vending machine refunds via an MDB router | |
US20150178702A1 (en) | Method and device for multi-drop bus payment peripheral expansion | |
US11475454B2 (en) | Intermediary communications over non-persistent network connections | |
WO2017132686A1 (en) | Refund centers for processing and dispensing vending machine refunds via an mdb router | |
US11481781B2 (en) | Processing interrupted transaction over non-persistent network connections | |
US20240273497A1 (en) | Refund Centers For Processing And Dispensing Vending Machine Refunds Via An MDB Router | |
US20240338693A1 (en) | Device And Method For Providing External Access To Multi-Drop Bus Peripheral Devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: PAYRANGE, INC., OREGON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PATEL, PARESH K.;DOAN, CHAU M.;SOKOL, CHRISTOPHER M.;REEL/FRAME:033539/0585 Effective date: 20140724 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |