US20210201309A9 - Communications device, point of sale device, payment device and methods - Google Patents

Communications device, point of sale device, payment device and methods Download PDF

Info

Publication number
US20210201309A9
US20210201309A9 US16/313,789 US201716313789A US2021201309A9 US 20210201309 A9 US20210201309 A9 US 20210201309A9 US 201716313789 A US201716313789 A US 201716313789A US 2021201309 A9 US2021201309 A9 US 2021201309A9
Authority
US
United States
Prior art keywords
communications device
user
passcode
characters
luk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US16/313,789
Other versions
US11847641B2 (en
US20200013054A1 (en
Inventor
Nilesh UPADHYE
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IPCO 2012 Ltd
Original Assignee
IPCO 2012 Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by IPCO 2012 Ltd filed Critical IPCO 2012 Ltd
Assigned to IPCO 2012 LIMITED reassignment IPCO 2012 LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: UPADHYE, Nilesh
Publication of US20200013054A1 publication Critical patent/US20200013054A1/en
Publication of US20210201309A9 publication Critical patent/US20210201309A9/en
Application granted granted Critical
Publication of US11847641B2 publication Critical patent/US11847641B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/105Only a part of the PIN is required to be input
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1091Use of an encrypted form of the PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q2220/00Business processing using cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the present disclosure relates to a communications device, point of sale device, payment device, and methods.
  • One method of helping to improve mobile payment security is to require a user of a mobile device via which a payment is to be made to enter a passcode (such as a personal identification number (PIN) or password) in order to authenticate the payment. That is, in order for the payment to be completed, a user must be allocated or must choose a passcode in advance, and this passcode must then be entered by the user on the mobile device when that mobile device is used to initiate payment. The payment is then only completed in the case that the passcode is entered correctly. This helps to prevent fraudulent payment in the case that, for example, a user's mobile device is stolen.
  • a passcode such as a personal identification number (PIN) or password
  • the user may be required to enter the 1 st , 2 nd , 4 th and 6 th characters as the passcode is read from left to right (thus requiring the user to enter the numerical characters 8, 3, 6 and 9 since these are, respectively, the 1 st , 2 nd , 4 th and 6 th characters of the passcode).
  • the user may be required to enter the 2 nd , 3 rd , 5 th and 6 th characters as the passcode is read from left to right (thus requiring the user to enter the numerical characters 3, 1, 4 and 9 since these are, respectively, the 2 nd , 3 rd , 5 th and 6 th characters of the passcode).
  • the position of the characters in the subset of characters which must be entered by the user to complete a transaction may be determined on a random (or at least pseudo-random) basis, for example.
  • Such a technique has a number of problems, however.
  • the passcode should only be stored by a financial institution associated with the user and should not be stored by a third party (for example, a provider of goods or services to the user) or on the user's mobile device.
  • the present disclosure provides a communications device for implementing an electronic payment process, the communications device including a receiver unit operable to receive a secure limited use key (SLUK) from a financial institution, the SLUK being generated by the financial institution using (1) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device and a variable code and (2) a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode, and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device, and the variable code, the second key being a secret key, wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset; and receive the variable code from the financial institution, and a storage unit operable to receive a
  • the receiver unit is operable to receive a message indicative of a successful electronic payment in the case that the second LUK transmitted to the financial institution matches the first LUK generated by the financial institution and a message indicative of a non-successful electronic payment in the case that the second LUK transmitted to the financial institution does not match the first LUK generated by the financial institution.
  • the predetermined algorithm for generating the character position in the passcode of each character in the subset includes the steps of (1) generating a cryptographic random number (CRN) by providing the second key, identifier of the user of the communications device, and variable code as inputs to a Format Preserving Encryption (FPE) function, (2) determining whether the generated CRN has a number of characters greater than or equal to the number of characters of the passcode associated with the user of the communications device, wherein if the generated CRN has a number of characters greater than or equal to the number of characters of the passcode, then the algorithm proceeds to step (3), and wherein if the generated CRN does not have a number of characters greater than or equal to the number of characters of the passcode, then the algorithm repeats step (2), (3) determining whether the generated CRN has at least a predetermined number of unique characters, each of which is less than or equal to the number of characters of the passcode, the predetermined number being the number of characters to be included in the subset of characters of the passcode, where
  • the SLUK is generated by wrapping the first LUK using each of the characters in the subset of characters of the passcode using a Password-Based Key Derivation Function 2 (PBKDF2) algorithm, and the second LUK is generated using a corresponding PBKDF2 algorithm using each character indicated by the input from the user of the communications device.
  • PBKDF2 Password-Based Key Derivation Function 2
  • the first key associated with the financial institution is an Issuer Master Key (IMK).
  • INK Issuer Master Key
  • the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key.
  • AES Advanced Standards Encryption
  • variable code has the format DDDNN, wherein DDD represents the number of days since a predetermined first day of the year and NN is a key sequence number ranging from 00 to 99.
  • the identifier which identifies the user of the communications device is a Primary Account Number (PAN) associated with the user of the communications device.
  • PAN Primary Account Number
  • the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key
  • AES Advanced Standards Encryption
  • the identifier which identifies the user of the communications device is a 16 character Primary Account Number (PAN) associated with the user of the communications device
  • the variable code has the format DDDNN, wherein DDD represents the number of days since a predetermined first day of the year and NN is a key sequence number ranging from 00 to 99
  • inputs to the FPE function for generating the CRN are the second key
  • the inputs to the FPE function are the AES 128 bit secret second key and the sum of the 16 character PAN and variable code DDDNN.
  • the second LUK is transmitted to the financial institution as a cryptogram.
  • the controller is operable to generate a Key Check Value (KCV) using the second LUK
  • the transmitter unit is operable to transmit the generated KCV to the financial institution together with the second LUK.
  • KCV Key Check Value
  • the KCV is generated by an algorithm including the following steps: (1) providing the second LUK and eight zero bytes as inputs to an encryption function; and (2) obtaining the first three bytes of the output to the encryption function, the obtained first three bytes forming the KCV.
  • the receiver is operable to receive a message from the POS device indicative of the payment value
  • the controller is operable to determine whether or not the payment value exceeds a predetermined threshold, wherein the controller generates the character position in the passcode of each character in the subset, the user interface indicates to the user of the communications device the character position in the passcode of each character in the subset and is operable to receive the input from the user indicative of each character in the subset, the controller performs the unwrapping process on the SLUK using each character indicated by the input from the user to generate the second LUK, and the transmitter unit transmits the generated second LUK to the financial institution only when the payment value exceeds the predetermined threshold.
  • the receiver unit and transmitter unit are operable to exchange signalling with the POS device using a Near Field Communication (NFC) interface and to exchange signalling with the financial institution using a longer range wireless access network (WAN) interface.
  • NFC Near Field Communication
  • WAN wireless access network
  • the transmitter is operable to transmit the second LUK to the financial institution via the POS device.
  • the present disclosure provides a payment device for implementing an electronic payment process at a financial institution, the payment device including a controller operable to generate a secure limited use key (SLUK) to be transmitted to a communications device, the SLUK being generated by the controller using (1) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device and a variable code and (2) a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device and the variable code, the second key being a secret key, wherein the SLUK is generated by wrapping the first LUK using the each of the characters in the subset, a transmitter unit operable to transmit the generated
  • LUK first limited
  • the transmitter unit is operable to transmit a message indicative of a successful electronic payment in the case that the received second LUK matches the first LUK and a message indicative of a non-successful electronic payment in the case that the received second LUK the first LUK.
  • the controller in response to receipt of the second LUK, is operable to regenerate the first LUK using the first key associated with the financial institution, the identifier which identifies the user of the communications device and the variable code.
  • the predetermined algorithm for generating the character position in the passcode of each character in the subset includes the steps of (1) generating a cryptographic random number (CRN) by providing the second key, identifier of the user of the communications device, and variable code as inputs to a Format Preserving Encryption (FPE) function, (2) determining whether the generated CRN has a number of characters greater than or equal to the number of characters of the passcode associated with the user of the communications device, wherein if the generated CRN has a number of characters greater than or equal to the number of characters of the passcode, then the algorithm proceeds to step (3), and wherein if the generated CRN does not have a number of characters greater than or equal to the number of characters of the passcode, then the algorithm repeats step (2), (3) determining whether the generated CRN has at least a predetermined number of unique characters, each of which is less than or equal to the number of characters of the passcode, the predetermined number being the number of characters to be included in the subset of characters of the passcode, where
  • the SLUK is generated by wrapping the first LUK using each of the characters in the subset of characters of the passcode using a Password-Based Key Derivation Function 2 (PBKDF2) algorithm, and the second LUK is generated using a corresponding PBKDF2 algorithm using each character indicated by the input from the user of the communications device.
  • PBKDF2 Password-Based Key Derivation Function 2
  • the first key associated with the financial institution is an Issuer Master Key (IMK).
  • INK Issuer Master Key
  • the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key.
  • AES Advanced Standards Encryption
  • variable code has the format DDDNN, wherein DDD represents the number of days since a predetermined first day of the year, and NN is a key sequence number ranging from 00 to 99.
  • the identifier which identifies the user of the communications device is a Primary Account Number (PAN) associated with the user of the communications device.
  • PAN Primary Account Number
  • the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key
  • AES Advanced Standards Encryption
  • the identifier which identifies the user of the communications device is a 16 character Primary Account Number (PAN) associated with the user of the communications device
  • the variable code has the format DDDNN, wherein DDD represents the number of days since a predetermined first day of the year and NN is a key sequence number ranging from 00 to 99
  • inputs to the FPE function for generating the CRN are the second key
  • the inputs to the FPE function are the AES 128 bit secret second key and the sum of the 16 character PAN and variable code DDDNN.
  • the second LUK is received from the communications device as a cryptogram
  • the controller is operable to generate a corresponding cryptogram from the first LUK and to compare the cryptograms, wherein if the cryptograms match, then the controller determines that the first LUK matches the second LUK, and if the cryptograms do not match, then the controller determines that the first LUK does not match the second LUK.
  • the cryptogram is received together with a Key Check Value (KCV) generated by the communications device using the second LUK, and in the case that the second LUK does not match the first LUK, the controller is operable to generate a further KCV using the first LUK and to compare the received KVC with the further generated KCV, wherein if the received KCV matches the further generated KCV, then the controller determines that the characters of the subset of characters of the passcode were correctly input by the user of the communications device, and if the received KCV does not match the further generated KCV, then the controller determines that the characters of the subset of characters of the passcode were not correctly input by the user of the communications device.
  • KCV Key Check Value
  • the further generated KCV is generated by an algorithm including the following steps: (1) providing the first LUK and eight zero bytes as inputs to an encryption function, and (2) obtaining the first three bytes of the output to the encryption function, the obtained first three bytes forming the further generated KCV.
  • the receiver is operable to receive the second LUK from the communications device via the POS device.
  • the receiver prior to receiving the LUK from the communications device, the receiver is operable to receive signalling from the communications device indicative of an initiation of an electronic payment, and, in response, the controller is operable to control the transmitter to transmit signalling indicative of the payment value to the communications device.
  • the present disclosure provides a method of operating a communications device for implementing an electronic payment process, the method including controlling a receiver unit of the communications device to receive a secure limited use key (SLUK) from a financial institution, the SLUK being generated by the financial institution using (1) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device and a variable code and (2) a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device and the variable code, the second key being a secret key, wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset, and receive the variable code from the financial institution, controlling
  • LUK first
  • the present disclosure provides a recording medium storing a computer program for controlling a computer to perform a method according to the fourth aspect.
  • the present disclosure provides a method of operating a payment device for implementing an electronic payment process at a financial institution, the method including generating a secure limited use key (SLUK) to be transmitted to a communications device, the SLUK being generated by the controller using (1) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device and a variable code and (2) a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device and the variable code, the second key being a secret key, wherein the SLUK is generated by wrapping the first LUK using the each of the characters in the subset, controlling a transmitter unit of the payment device to transmit the
  • the present disclosure provides a recording medium storing a computer program for controlling a computer to perform a method according to the sixth aspect.
  • the present disclosure provides a method of operating a point of sale (POS) device for implementing an electronic payment process, the method including determining a payment value of a payment to be made by a user of a communications device, controlling a receiver of the POS device to receive, from the communications device, a limited use key (LUK), the LUK being generated by the communications device and the generation of the LUK including determining a character position in a passcode associated with the user of the communications device of each character in a subset of characters of the passcode, the character position in the passcode of each character in the subset being determined by a predetermined algorithm on the basis of a secret key associated with the communications device, an identifier of the user of the communications device and a variable code, each of which is known to the communications device, indicating to the user of the communications device the determined character position in the passcode of each character in the subset and receiving an input from the user indicative of each character in the subset, and performing an unwrapping process on the SLUK transmitted by the transmitter,
  • LUK
  • the present disclosure provides a recording medium storing a computer program for controlling a computer to perform a method according to the eighth aspect.
  • FIG. 1 schematically shows a mobile device payment arrangement implemented when a user wishes to buy a product from a store, according to an embodiment of the present disclosure
  • FIGS. 2A-C schematically show a communications device, point of sale (POS) device and payment device according to embodiments;
  • FIG. 3 schematically shows a partial passcode entry screen which is presented to a user, according to an embodiment of the present disclosure
  • FIG. 4 schematically shows a registration process, according to an embodiment of the present disclosure
  • FIG. 5 schematically shows a process in which a secure limited use key (SLUK) is generated and transmitted to a communications device, according to an embodiment of the present disclosure
  • FIGS. 6A-B schematically show a process used for identifying the characters of a partial passcode, according to an embodiment of the present disclosure
  • FIG. 7 schematically shows an electronic payment process, according to an embodiment of the present disclosure.
  • FIG. 8 schematically shows the generation of a Key Check Value (KCV), according to an embodiment of the present disclosure.
  • KCV Key Check Value
  • FIG. 1 schematically shows a mobile device payment arrangement implemented when a user 100 wishes to buy a product from a store.
  • the staff member 102 of the store puts the product through the store's check out or payment system in the usual way.
  • the staff member 102 will scan the product using a barcode or the like and a suitable electronic check out system (as known in the art).
  • the store is set up to allow mobile device payments (also known as mobile payments).
  • the store is fitted with a point of sale (POS) device 106 which is able to exchange signalling with a mobile device 104 (also known as a communications device) of the user so as to enable the mobile payment to take place.
  • POS point of sale
  • signalling is exchanged between the communications device 104 and POS device 106 using Near Field Communication (NFC) technology, although it will be appreciated that any other suitable signalling technology (such as Bluetooth, Wi-Fi, cellular signalling) could also be used.
  • NFC Near Field Communication
  • the user 100 simply has to bring the communications device 104 into close proximity with the POS device (the close proximity being determined by one or more of the relevant NFC standards, as known in the art) in order to initiate the implementation of an electronic payment process.
  • the electronic payment process is carried out using the communications device 104 , POS device 106 , and a payment device 200 . These are illustrated in FIGS. 2A, 2B, and 2C , respectively.
  • the communications device 104 belongs to the user 100
  • the POS device 106 is located at the store
  • the payment device 200 is located at a financial institution associated with the user.
  • the financial institution associated with the user is a financial institution through which a user may transfer funds so as to issue payment to a third party (such as the store at which the user buys the product).
  • the financial institution may be a bank at which the user has a bank account.
  • the communications device 104 includes an NFC unit 202 , receiver 204 , transmitter 206 , controller 207 , storage unit 208 , and user interface 210 .
  • the communications device may be, for example, a mobile phone, tablet computer, or any other suitable device including the components as exemplified in FIG. 2A .
  • the NFC unit 202 includes an NFC receiver and NFC transmitter so as to allow the communications device to receive and transmit NFC signals with another NFC enabled device (such as POS device 106 ).
  • the receiver 204 and transmitter 206 allow the communications device 104 to receive and transmit, respectively, signals from external devices using a suitable interface such as a wide area network (WAN) interface (for example, a cellular interface such as Long Term Evolution (LTE) or Universal Mobile Telecommunications System (UMTS) or a Wi-Fi interface).
  • WAN wide area network
  • LTE Long Term Evolution
  • UMTS Universal Mobile Telecommunications System
  • Wi-Fi Wi-Fi interface
  • the storage unit 208 allows data to be stored by the communications device 104 .
  • the user interface 210 allows a user to interact with the communications device 104 by viewing information output by the communications device and inputting information to the communications device.
  • the user interface may be touch screen or may include a screen and one or more physical buttons or switches or the like.
  • the controller 207 controls the operation of each of the other components of the communications device.
  • the POS device 106 includes an NFC unit 212 , a receiver 214 , transmitter 216 , and a controller 218 .
  • the NFC unit 212 includes an NFC receiver and NFC transmitter so as to allow the POS device to receive and transmit NFC signals with another NFC enabled device (such as communications device 104 ).
  • the receiver 204 and transmitter 206 allow the POS device to receive and transmit, respectively, signals from external devices using a suitable interface such as a WAN interface (for example, a cellular interface such as Long Term Evolution (LTE) or Universal Mobile Telecommunications System (UMTS) or a Wi-Fi interface) or wired access interface (such as a wired Ethernet interface).
  • the controller 218 controls the operation of each of the other components of the POS device.
  • payment device 200 located at the financial institution associated with the user 100 of the communications device 104 includes a receiver 220 , transmitter 222 , controller 224 , and storage unit 226 .
  • the receiver 220 and transmitter 222 allow the payment device 200 to receive and transmit, respectively, signals from external devices using a suitable interface such as a WAN interface (for example, a cellular interface such as Long Term Evolution (LTE) or Universal Mobile Telecommunications System (UMTS) or a Wi-Fi interface).
  • LTE Long Term Evolution
  • UMTS Universal Mobile Telecommunications System
  • Wi-Fi interface wireless local area network
  • each of the communications device 104 , POS device 106 , and payment device 200 is discussed in detail below.
  • a user in order to authenticate a payment in the situation as exemplified in FIG. 1 , a user must enter a partial passcode using the communications device 104 .
  • the partial passcode is defined by a subset of characters of a passcode which has previously been associated with the user, and the subset of characters which define the partial passcode is determined for each individual transaction which takes place.
  • the position in the passcode of each character in the subset is determined, and the user is then required to enter the characters of the passcode which occur at those determined positions.
  • the transaction (for example, the payment to the store) will only be completed if the characters of the partial passcode are correctly entered.
  • the user is presented with a partial passcode entry screen 300 on the communications device 104 .
  • the partial passcode entry screen 300 is displayed on a screen of the communications device following a successful exchange of NFC signalling between the communications device 104 and POS device 106 which occurs when the user attempts to pay for a product or service using the communications device 104 .
  • the staff member 102 at a store checks though the one or more products or services to be purchased by the user 100 , and once the total required payment value has been calculated, the user 100 is given the option of initiating a mobile payment using the communications device 104 and POS device 106 .
  • the user brings the communications device 104 into sufficient proximity to the POS device 106 so as to allow an exchange of NFC signalling between the communications device and POS device, thus initiating a mobile payment process.
  • the partial passcode has been generated such that the user must enter the 1 st , 2 nd , 5 th and 6 th characters of the six character passcode.
  • the 1 st , 2 nd , 5 th , and 6 th characters form a subset of characters of the passcode, and the characters in the subset represent the partial passcode. These characters must be entered in the accessible passcode character entry fields 302 A-D.
  • the user 100 must enter the number “8” (this being the 1 st character) in field 302 A, the number “3” (this being the 2 nd character) in the field 302 B, the number “4” (this being the 5 th character) in the field 302 C and the number “9” (this being the 6 th character) in the field 302 D.
  • the remaining passcode character entry fields 304 A and 304 B (which relate to the 3 rd character “1” and the 4 th character “6”, respectively, of the passcode “ 831649 ”) appear shaded and are not accessible by the user. The user thus does not need to enter the 3 rd and 4 th characters of the passcode.
  • the user is thus able to recognise which characters of the passcode are required based on the accessible and non-accessible fields and the fact that each of the fields as considered from left to right corresponds to the position of a respective character of the passcode as read from left to right. That is, because the 1 st , 2 nd , 5 th and 6 th fields are accessible, the user knows that it is the 1 st , 2 nd , 5 th and 6 th characters of the passcode which must be respectively entered in these fields. The user also knows that, because the 3 rd and 4 th fields are not accessible, the 3 rd and 4 th characters of the passcode are not required for this particular transaction. As previously mentioned, for a different transaction, the positions in the passcode of the characters to be included in the partial passcode may be different.
  • the user interface 210 of the communications device 104 is a touch screen and the user is able to enter the passcode character associated with each accessible field 302 A-D using the virtual numerical keypad 306 .
  • the partial passcode entry screen 300 is only an example, and the passcode screen may take any other suitable format.
  • the partial passcode entry screen may instead include a plurality of successively displayed sub-screens in which the user is invited to enter one of the characters of the partial passcode on each sub-screen.
  • the partial passcode entry screen may instead include a plurality of successively displayed sub-screens in which the user is invited to enter one of the characters of the partial passcode on each sub-screen.
  • the 1 st , 2 nd , 5 th and 6 th characters of the passcode which must be entered one respective sub-screen will be displayed to allow entry of each of these characters.
  • Each sub-screen may look the same and have the same functionality as the partial passcode entry screen 300 shown in FIG.
  • the order in which the characters of the passcode are entered need not necessarily be correlated with the order in which the characters are positioned in the passcode. For example, although it may be the case that the 1 st , 2 nd , 5 th and 6 th characters are respectively entered via the first, second, third and fourth successively displayed sub-screen (so that the 1 st character is entered, followed by the 2 nd character, followed by the 5 th character, followed by the 6 th character), this is not necessary.
  • the first displayed sub-screen may be associated with the 2 nd character
  • the second displayed sub-screen may be associated with the 5 th character
  • the third displayed sub-screen may be associated with the 1 st character
  • the fourth displayed sub-screen may be associated with the 6 th character (so that the 2 nd character is entered, followed by the 5 th character, followed by the 1 st character, followed by the 6 th character).
  • the order in which the characters of the partial passcode are entered can thus be changed as well as the characters of the partial passcode itself.
  • the user In order to use the mobile payment arrangement according to embodiments of the present disclosure, the user must first register their communications device 104 .
  • the process of this registration is schematically illustrated in FIG. 4 .
  • the transmitter 206 of the communications device 104 transmits a registration request to the payment device 200 at the financial institution associated with the user of the communications device.
  • the registration request is received by the receiver 220 of the payment device 200 .
  • the controller 224 of the payment device registers the user for use with the mobile payment service at step 402 and, at step 404 , generates a token primary account number (PAN) associated with the user.
  • PAN token primary account number
  • the generated token PAN is a number which acts as an identifier of the user and which is used in the generation of subsequent cryptographic keys, as will be explained.
  • the token PAN associated with the user is then stored in the storage unit 226 of the payment device at step 406 .
  • a secret key which is associated with the user is generated.
  • the secret key may be an Advanced Standards Encryption (AES) 128 bit key, for example.
  • AES Advanced Standards Encryption
  • the secret key is also stored in the storage unit 226 (and is protected using, for example, a cryptographic hardware security module).
  • the transmitter 222 transmits the generated token PAN and secret key back to the receiver 204 of the communications device 104 .
  • the token PAN and secret key are then stored in the storage unit 208 of the communications device 104 (the secret key being protected using, for example, a whitebox cryptographic technique). This completes the registration process of the communications device, and allows the user to now initiate mobile payments using the communications device.
  • the communications device 104 must first be provided with secure limited use key (SLUK) for use during the payment process.
  • SLUK is a cryptographic key, and the generation of the SLUK and its transmission to the communications device from the payment device 200 is schematically illustrated in FIG. 5 .
  • the transmitter 206 of the communications device 104 transmits a SLUK request to the payment device 200 .
  • the SLUK request is received by the receiver 220 of the payment device.
  • the SLUK request indicates to the payment device that the communications device requires a SLUK.
  • the controller 224 of the payment device 200 first generates a limited use key (LUK).
  • LLK is a cryptographic key, and is generated via any suitable key derivation function using the token PAN associated with the user of the communications device, a further key associated with the financial institution to which the payment device 200 is related, and a variable code.
  • the key generation function may be, for example, a suitable symmetric key derivation function (such as, for example, a function based on an Advanced Encryption Standard (AES) or Data Encryption Standard (DES) technique).
  • AES Advanced Encryption Standard
  • DES Data Encryption Standard
  • the variable code is discussed in more detail below.
  • the key associated with the financial institution to which the payment device 200 is related is stored in the storage unit 226 of the payment device 200 , and may be an Issue Master Key (IMK), for example.
  • IMK Issue Master Key
  • the controller 224 generates the position in the passcode of each of the characters of the passcode which are to form the subset of characters defining the partial passcode.
  • the determined characters are then acquired from the passcode (which is stored in the storage unit 226 of the payment device 200 following previous allocation of a passcode to the user), and, at step 506 , the LUK generated in step 502 is wrapped using the characters of the partial passcode so as to generated the SLUK. This wrapping may be carried out using a Password-Based Key Derivation Function 2 (PBKDF2) algorithm, for example.
  • PBKDF2 Password-Based Key Derivation Function 2
  • the transmitter 222 of the payment device 200 then transmits the SLUK to the receiver 204 of the communications device 104 .
  • the SLUK is then stored in the storage unit 208 of the communications device 104 at step 510 . This process is described in more detail below.
  • FIGS. 6A and 6B The process of determining the position in the passcode of each of the characters of the passcode which are to form the subset of characters defining the partial passcode is schematically illustrated in FIGS. 6A and 6B .
  • a cryptographic random number (CRN) is generated on the basis of the secret key associated with the user, the token PAN associated with the user and a further code.
  • the further code varies according to one or more predetermined rules, and may be referred to as a variable code.
  • the variable code may be generated with any other suitable format and using any other predetermined rule(s), as long as the resulting variable code is suitable for use in generation of the CRN. It is noted that this same variable code is used in the generation of the LUK generated in step 502 .
  • the CRN may be generated on the basis of the secret key, token PAN and variable code using Format Preserving Encryption (FPE), for example.
  • FPE Format Preserving Encryption
  • FIG. 6B An example of the generation of the CRN is shown in FIG. 6B .
  • the user's token PAN is shown in row (4) and the variable code (in the format DDDNN) is shown in row ( 5 ).
  • the CRN is generated by applying an FPE encryption function with the user's secret key, token PAN and variable code as inputs.
  • the token PAN and variable code are added together and the resulting total is input to an FPE encryption function together with the user's secret key.
  • the result is show in row ( 6 ).
  • step 604 it is determined as to whether the generated CRN has a length greater than 6. If the generated CRN does not have a length greater than 6, then the process returns to step 602 , and the CRN is regenerated. This regeneration uses FPE in the same way as previously described. On the other hand, if the generated CRN does have a length greater than 6, then the process proceeds to step 606 . It can be seen in row ( 6 ) of FIG. 6B that the CRN does have a length greater than 6 digits, and thus there is no need to regenerate the CRN. The process thus proceeds to step 606 .
  • the check at step 604 to determine whether the generated CRN has a length greater than the length of the passcode helps improve the chance that the CRN which is passed to step 606 of the process has a sufficient number of unique bits each of which has a value less than or equal to the length of the passcode (see below).
  • step 606 it is determined as to whether the CRN has at least 4 unique digits each of which has a numerical value which is less than or equal to 6. If this condition is not satisfied, then the process returns to step 602 , and the CRN is regenerated. On the other hand, if this condition is satisfied, then the process proceeds to step 608 . It can be seen in row ( 6 ) of FIG. 6B that the generated CRN has 5 unique digits each of which has a numerical value less than or equal to 6. These numbers are 6, 5, 1, 2, and 4.
  • the first four of the at least four unique digits each of which has a numerical value which is less than or equal to 6, as identified in step 606 are identified. These then identify the position in the passcode of each of the passcode characters which are to form the subset of characters which define the partial passcode. Thus, looking at the list of numbers 65124 generated in step 606 , the first four of these numbers gives the list 6512. Thus, the characters of the passcode which define the partial passcode are the 6 th character, 5 th character, 1 st character, and 2 nd character. As shown in row (3) of FIG. 6B , the passcode of the user is 831649.
  • the numbers defining the partial passcode are 9 (the 6 th character), 4 (the 5 th character), 8 (the 1 st character), and 3 (the 2 nd character). It will be appreciated that, when necessary, these numbers may be entered by the user using, for example, the partial passcode entry screen shown in FIG. 3 (since the accessible fields 302 A-D relate to the 6 th , 5 th , 1 st , and 2 nd characters of the passcode).
  • the passcode of the user is saved in the storage unit 226 of the payment device 200 .
  • the controller 224 retrieves the appropriate characters of the passcode from the storage unit (thus, in the above example, the controller 224 would retrieve the characters 9, 4, 8, and 3).
  • the determination of the positions of the characters of the partial passcode (using the method exemplified with reference to FIGS. 6A and 6B ) and the retrieving of these characters occurs in step 504 .
  • the characters of the partial passcode are then used to wrap the LUK in step 506 using, for example, a PBKDF2 encryption algorithm, as previously explained.
  • the resulting SLUK is then transmitted to the communications device 104 , together with the variable code, at step 508 , and the SLUK and variable code are stored in the storage unit 208 of the communications device at step 510 .
  • the payment gateway 700 is an information gateway which links the POS terminal 106 (located at the store at which goods or services are purchased) and payment device 200 (located at the financial institution) and which manages electronic messages transmitted between the POS terminal 106 and payment device 200 .
  • Such information gateways are known in the art, and will therefore not be described in detail here.
  • the user 100 takes the communications device 104 and presents the communications device to the POS terminal 106 .
  • this involves the user holding the communications device 104 in sufficiently close proximity to the POS communications device 106 so as to allow NFC signalling to be exchanged between the communications device and POS device.
  • the user will take and present the communications device once goods or services have been checked through the check-out system used by the store and thus when a total price which must be paid by the user (that is, the payment value) has been calculated.
  • This payable price is determined by the POS terminal (for example, the POS terminal may receive information indicative of the payable price from the proprietary check out system used by the store).
  • the NFC unit 202 of the communications device transmits signalling to the NFC unit 212 of the POS device indicating that the communications device wishes to initiate payment.
  • the NFC unit 212 of the POS device returns a datagram indicative of the price which must be paid. This occurs in step 706 .
  • the controller 207 determines whether the payment is a high value payment.
  • a high value payment is a payment which exceeds a predetermined threshold value in a given currency. Payments due which exceed this threshold are deemed to be high value payments.
  • a high value payment may be a payment which is more than 30 pounds sterling (£) or 30 US dollars ($), for example (in which case the £30 or $30 represents the predetermined threshold).
  • the determination of whether a payment is a high value payment may be used to determine whether the partial passcode needs to be entered by the user.
  • the payment process may be such that, in order to provide increased convenience for the user for low value payments (that is, payments below the predetermined threshold), the partial passcode must be entered only for high value payments in order for the transaction to be initiated. For low value payments, the partial passcode is not required for the transaction to be initiated.
  • the use of the partial passcode only for high value payments occurs in the example of FIG. 7 , hence the determination of whether or not the proposed payment value (as indicated in the datagram received from the POS terminal in step 706 ) is a high value payment (that is, whether or not the proposed payment value exceeds the predetermined high value payment threshold).
  • the proposed payment value is determined to be a high value payment, and thus the process continues.
  • the partial passcode must be entered for all payment values. In this case, there is no need to determine whether or not the proposed payment value is a high value payment, and thus step 708 can be omitted from the payment process.
  • the controller 207 of the communications device determines the positions in the passcode of each character of the partial passcode. This is carried out using the same method as used by the payment device 200 in determining the positions in the passcode of each character of the partial passcode, as previously described with reference to FIGS. 6A and 6B . This is possible because the token PAN, secret key associated with the communications device and variable code have been previously stored in the storage unit 208 of the communications device (see step 410 of FIG. 4 and step 510 of FIG. 5 ).
  • the controller 207 is therefore able to apply the same FPE function on the token PAN, secret key and variable code as applied by the payment device 200 and to therefore obtain the same character position numbers as previously determined by the payment device (thus, to use the previously mentioned example, the controller 207 will determined the character position numbers 6, 5, 1 and 2). Note that no characters of the partial passcode are actually determined here (since the partial passcode is not stored on the communications device). Only the position of each character in the partial passcode is determined.
  • the user is requested by the communications device 104 to enter the partial passcode. That is, the user is requested to enter the subset of characters of the passcode whose character position in the passcode has been determined at step 710 . This is carried out via the user interface 210 , which presents to the user a screen such as the partial passcode entry screen 300 shown in FIG. 3 .
  • the user then enters the partial passcode (using the virtual keypad 306 , for example), thus providing the characters of the partial passcode to the controller 207 of the communications device. In this case, the user would enter the partial passcode characters 9, 4, 8, and 3, since these relate to the 6 th , 5 th , 1 st , and 2 nd characters of the passcode, respectively.
  • the controller 207 retrieves the SLUK which was previously received from the payment device 200 and stored in the storage unit 208 (see step 510 of FIG. 5 ) and unwraps the SLUK using the characters of the partial passcode entered by the user.
  • the SLUK is unwrapped using an algorithm corresponding to the PBKDF2 algorithm previously used to generate the SLUK, for example.
  • the unwrapping of the SLUK generates a further LUK (which may be referred to as a second LUK) which should match the LUK originally generated by the payment device 200 (which may be referred to as a first LUK—see step 502 of FIG. 5 ) in the case that the user has entered the correct characters of the partial passcode.
  • the controller 207 uses the second LUK to generate a cryptogram.
  • the cryptogram may be generated using any suitable cryptogram generation algorithm.
  • the cryptogram generation algorithm may be defined by the payment scheme (described below) used to actually transfer funds from the user of the communications device 104 to the store at which a product or service is purchased following correct entry of the partial passcode.
  • the cryptogram generation algorithm is associated with a Cardholder Verification Method (CVM) associated with the used payment scheme.
  • CVM Cardholder Verification Method
  • Such algorithms include may include, for example, CVM10, CVM14, CVM17, or CVM15.
  • a Cryptographic Key Check Value KCV
  • the use of the KCV allows the payment device 200 to determine whether a mismatch between the first and second LUKs has been caused by a user entering the partial passcode incorrectly or for another reason (for example, data corruption or tampering).
  • the KCV is explained in detail later on.
  • the cryptogram, KCV and token PAN are transmitted as an electronic message (the electronic message being an electronic payment authentication request message) from the communications device 104 to the POS device 106 via the NFC units 202 and 212 .
  • the controller 218 of the POS device 106 adds a datagram indicative of the value of the payment (that is, the price which is to be paid by the user for the acquired goods or services) to the electronic message and controls the transmitter 216 to transmit the electronic message (with the datagram added) to the gateway 700 .
  • the gateway 700 forwards the electronic message to the payment device 200 at the financial institution. The electronic message is received by the receiver 220 of the payment device 200 .
  • the controller 224 of the payment device retrieves the token PAN from the electronic message and uses the token PAN, together with the key associated with the financial institution and the variable code to regenerate the first LUK. It is recalled that the token PAN associated with the user of the communications device 104 , the key associated with the financial institution (such as the IMK) and the variable code are exactly the same parameters used previously to generate the first LUK prior to the first LUK being wrapped (to generate the SLUK) and transmitted to the communications device 104 (see step 502 of FIG. 5 ). At step 726 , the controller 224 then generates a cryptogram from the regenerated first LUK using the same technique as used by the communications device 104 in step 714 .
  • the resulting cryptogram is then compared with the cryptogram included in the electronic message received from the communications device 104 . In particular, it is determined as to whether the newly generated cryptogram matches the cryptogram received from the communications device. If there is a successful match, then it is determined that the user has correctly entered the partial passcode and that there has been no tampering with the electronic message. The payment is therefore authenticated, and the payment device 200 then initiates a payment equal to the payment value from an account held by the user at the financial institution to the recipient (for example, the goods or service provider with which the POS terminal 106 is associated). The details of the recipient necessary for receiving payment are included, for example, in the datagram of the electronic message received from the communications device 104 .
  • the payment is initiated by the payment device 200 using a suitable predetermined payment scheme, such as, for example, Visa®, Discover®, or Faster Payments®.
  • a suitable predetermined payment scheme such as, for example, Visa®, Discover®, or Faster Payments®.
  • the token PAN may be associated with the user of the communications device 104 will be indicative of the payment scheme which is used.
  • the token PAN may be or may be based on a debit or credit card number associated with the account of the user held at the financial institution.
  • a message is then transmitted to the POS device 106 and/or communications device 104 to indicate that the payment has been processed successfully.
  • step 730 in which the KCV of the message received from the communications device is analysed.
  • FIG. 8 schematically shows a process in which the KCV is generated by the controller 207 of the communications device 104 for the second LUK generated by unwrapping the SLUK.
  • the process starts at step 800 .
  • the SLUK is unwrapped to generate the second LUK and, at step 804 , a cryptogram is generated using the second LUK.
  • steps 802 and 804 are equivalent to previously described steps 712 and 714 , respectively.
  • an encryption function DD is performed with the second LUK (also known as the unwrapped SLUK) and eight zero bytes as inputs.
  • the encryption function may be a symmetric key encryption function, for example.
  • the first LUK is generated using a specific symmetric key encryption function
  • a corresponding symmetric key encryption function is used at step 806 (thus, for example, if AES or DES is used for generating the first LUK, then a respective AES or DES symmetric key encryption function is used at step 806 ).
  • the first three bytes of the output of this encryption function are then determined to be the KCV.
  • the process then ends at step 810 .
  • the KCV is passed from the communications device 104 to the payment device 200 as part of an Issuer Application Data (IAD) EMV® data element.
  • IAD Issuer Application Data
  • a similar process as shown in FIG. 8 is applied by the controller 224 of the payment device 200 so as to generate a KCV value for the first LUK which is regenerated at step 724 in FIG. 7 .
  • the regenerated first LUK is taken as an input, together with eight zero bytes to the same encryption function used at step 806 , and the first three bytes of the output of the encryption function are taken as the KCV.
  • the KCV received from the communications device 104 is compared with the KCV generated by the payment device 200 . If the KCVs match, then it is determined that the user correctly entered the partial passcode. In this case, the mismatch between the cryptogram received from the communications device and the cryptogram generated by the payment device is determined to be caused by tampering and/or corruption (for example) of the electronic message received from the communications device, and this may therefore be further investigated. On the other hand, if the KCVs do not match, then it is determined that the user incorrectly entered the partial passcode.
  • This KCV comparison may be implemented using a suitable Hardware Security Module (HSM) forming part of the controller 224 and may be implemented as part of an Authorization Request Cryptogram (ARQC) verification method, for example.
  • HSM Hardware Security Module
  • ARQC Authorization Request Cryptogram
  • the payment device 200 transmits an updated SLUK to the communications device 104 repeatedly over time.
  • the SLUK may be sent prior to each transaction, for example.
  • the communications device 104 first transmits a SLUK request to the payment device 200 , thus initiating the process shown in FIG. 5 . Only once the communications device 104 has received the SLUK from the payment device 200 will the communications device then initiate the payment process via NFC signalling.
  • a new SLUK may be periodically sent to the communications device 104 .
  • the communications device 104 may request and receive a new SLUK once per day, hour, week, etc. It is noted that when the variable code (used for the generation of both the LUK and the partial passcode, both of which are then used to generate the SLUK) has the format DDDNN, for example, then up to 100 different codes may be sent on the same day by changing the final two numbers (which may take any of the 100 different values from 00 to 99). This allows 100 different SLUK values to potentially be produced for a given communications device 104 on any given day.
  • NFC unit, receiver and transmitter of each of the communications device and POS device 106 are shown as separate units, they together are the equivalent of a single receiver unit (which may receive signalling using a plurality of different technologies such as NFC and longer range WAN interfaces such as LTE, UMTS or Wi-Fi or wired interfaces) and a single transmitter unit (which may transmit signalling using a plurality of different technologies such as NFC and longer range WAN interfaces such as LTE, UMTS or Wi-Fi or wired interfaces).
  • longer range here means that signals can be exchanged between two devices over greater distances than is possible with NFC.
  • the present disclosure provides a mobile payment arrangement with increased security and convenience for the user.
  • security is increased due to the use of the partial passcode and due to the fact that the partial passcode is securely stored only at the payment device 200 of the financial institution.
  • the passcode is not stored (fully or partially) on the communications device 104 and is not shared (fully or partially) with the POS terminal 106 , thus helping to keep the passcode secure.
  • a method of operating a communications device for implementing an electronic payment process includes controlling a receiver unit of the communications device to receive a secure limited use key (SLUK) from a financial institution, wherein the SLUK is generated by the financial institution using (A) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device, and a variable code, and (B) a subset of the characters of a passcode associated with the user of the communications device, wherein each character in the subset is identified by its character position in the passcode, wherein the character position in the passcode of each of the characters in the subset is determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device, and the variable code, wherein the second key is a secret key, and wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset, and receive the
  • the method further includes controlling a storage unit of the communications device to store the received SLUK, the variable code, the second key associated with the user of the communications device, and the identifier which identifies the user of the communications device and initiating, in response to an operation by a user, an electronic payment at a point of sale (POS) device, and generating the character position in the passcode of each character in the subset, wherein the character position in the passcode of each character in the subset is determined by the predetermined algorithm on the basis of the second key, the identifier of the user of the communications device, and the variable code, as stored in the storage unit.
  • POS point of sale
  • the method further includes controlling a user interface of the communications device to indicate to the user of the communications device the character position in the passcode of each character in the subset as generated by the controller and to receive an input from the user indicative of each character in the subset, wherein an unwrapping process is performed on the SLUK stored in the storage unit using each character indicated by the input from the user, wherein the unwrapping process generates a second LUK, and controlling a transmitter unit of the communications device to transmit the generated second LUK to the financial institution for authentication of the electronic payment.
  • the example embodiment may also include a recording medium configured to store a computer program configured to control a computer configured to perform the method.
  • a method of operating a payment device for implementing an electronic payment process at a financial institution includes generating a secure limited use key (SLUK) to be transmitted to a communications device, wherein the SLUK is generated by the controller using (A) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device, and a variable code, and (B) a subset of the characters of a passcode associated with the user of the communications device, wherein each character in the subset is identified by its character position in the passcode, wherein the character position in the passcode of each of the characters in the subset is determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device, and the variable code, wherein the second key is a secret key, and wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset.
  • LUK first limited use key
  • the method further includes controlling a transmitter unit of the payment device to transmit the generated SLUK to the communications device.
  • the method further includes controlling a receiver unit of the payment device to receive a second LUK generated by the communications device, wherein the second LUK is generated by the communications device in response to an operation by the user of the communications device to initiate an electronic payment at a point of sale (POS) device, and wherein the generation of the second LUK includes determining the character position in the passcode of each character in the subset, wherein the character position in the passcode of each character in the subset is determined by the predetermined algorithm on the basis of the second key, the identifier of the user of the communications device, and the variable code, each of which is known to the communications device, indicating to the user of the communications device the determined character position in the passcode of each character in the subset and receiving an input from the user indicative of each character in the subset, and performing an unwrapping process on the SLUK transmitted by the transmitter unit, wherein the unwrapping process generates the second LUK, where
  • a method of operating a point of sale (POS) device for implementing an electronic payment process includes determining a payment value of a payment to be made by a user of a communications device. The method further includes controlling a receiver of the POS device to receive, from the communications device, a limited use key (LUK), wherein the LUK is generated by the communications device, and wherein the generation of the LUK includes determining a character position in a passcode associated with the user of the communications device of each character in a subset of characters of the passcode, wherein the character position in the passcode of each character in the subset is determined by a predetermined algorithm on the basis of a secret key associated with the communications device, an identifier of the user of the communications device, and a variable code, each of which is known to the communications device, indicating to the user of the communications device the determined character position in the passcode of each character in the subset and receiving an input from the user indicative of each character in the subset, and performing an unwrapping process on the SLUK
  • LUK
  • Described embodiments may be implemented in any suitable form including hardware, software, firmware or any combination of these. Described embodiments may optionally be implemented at least partly as computer software running on one or more data processors and/or digital signal processors.
  • the elements and components of any embodiment may be physically, functionally, and logically implemented in any suitable way. Indeed the functionality may be implemented in a single unit, in a plurality of units, or as part of other functional units. As such, the disclosed embodiments may be implemented in a single unit or may be physically and functionally distributed between different units, circuitry, and/or processors.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A communications device for implementing an electronic payment process, the communications device including a receiver unit operable to receive a secure limited use key (SLUK) from a financial institution that is generated by the financial institution using a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device, and a variable code, and a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode, and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device and the variable code.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This patent application is a National Stage Entry of PCT/GB2017/051902 filed on Jun. 29, 2017, which claims the benefit and priority of Great Britain Patent Application No. 1611367.2 filed on Jun. 30, 2016, the disclosures of which are incorporated herein by reference in their entirety as part of the present application.
    • BACKGROUND
  • The present disclosure relates to a communications device, point of sale device, payment device, and methods.
  • The “background” description provided herein is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventors, to the extent it is described in the background section, as well as aspects of the description which may not otherwise qualify as prior art at the time of filing, are neither expressly or impliedly admitted as prior art against the present disclosure.
  • Payment using mobile devices (such as mobile phones, tablet computers, etc., such devices also being known as communications devices) has huge potential to bring revolution in the payment industry. However it also brings security challenges. In particular, measures must be taken so as to reduce the risk of fraud or theft using such payment methods. This applies to all payments, but especially to high value payments (that is, payment values which exceed a predetermined threshold in a given currency).
  • One method of helping to improve mobile payment security is to require a user of a mobile device via which a payment is to be made to enter a passcode (such as a personal identification number (PIN) or password) in order to authenticate the payment. That is, in order for the payment to be completed, a user must be allocated or must choose a passcode in advance, and this passcode must then be entered by the user on the mobile device when that mobile device is used to initiate payment. The payment is then only completed in the case that the passcode is entered correctly. This helps to prevent fraudulent payment in the case that, for example, a user's mobile device is stolen.
  • In order to increase security further, it is known to require a user to enter only a subset of characters of their passcode for any given transaction. Thus, for example, if the user has a passcode with six characters, then the user may be asked to enter only four out of these six characters for a given transaction. The characters which must be entered by the user for a given transaction are identified by their position in the passcode, and different characters which must be entered may be chosen for each transaction. Thus, for example, in the case where the user has a six character passcode 831649, then for a first transaction, the user may be required to enter the 1st, 2nd, 4th and 6th characters as the passcode is read from left to right (thus requiring the user to enter the numerical characters 8, 3, 6 and 9 since these are, respectively, the 1st, 2nd, 4th and 6th characters of the passcode). Later on, in a second transaction, the user may be required to enter the 2nd, 3rd, 5th and 6th characters as the passcode is read from left to right (thus requiring the user to enter the numerical characters 3, 1, 4 and 9 since these are, respectively, the 2nd, 3rd, 5th and 6th characters of the passcode). The position of the characters in the subset of characters which must be entered by the user to complete a transaction may be determined on a random (or at least pseudo-random) basis, for example.
  • By entering only a subset of the passcode characters (rather than all of the characters) in order to complete a transaction, security is increased. This is because even if someone else sees the user enter their passcode on a mobile device, this person not seen the whole passcode. This makes it more difficult for that someone to use the user's mobile device to initiate fraudulent payments, since the next time a transaction is attempted, it is likely that a different subset of characters of the passcode must be entered, and someone who has not seen the entire passcode will then not know what all characters in this new subset will be. For example, to use the examples of the first and second transactions mentioned above, if someone sees the user enter the 1st, 2nd, 4th and 6th passcode characters (these being 8, 3, 6 and 9, respectively), then if that someone then tries to fraudulently initiate a payment using the user's mobile device, then that fraudulent transaction will require the 2nd, 3rd, 5th and 6th passcode characters to be entered (these being 3, 1, 4 and 9). Even though this person saw the user enter the previous subset of characters during the first transaction, and thus may know the 1st, 2nd, 4th and 6th characters of the passcode, they still do not know the 3rd or 5th characters of the passcode. This fraudulent transaction thus cannot be completed. The subset of characters of a passcode which must be entered by a user in order to authorise a transaction may be referred to as a partial passcode.
  • Such a technique has a number of problems, however. In particular, there is the problem of how to determine which characters of a user's passcode should be used to generate the partial passcode for a given transaction. There is also the problem of keeping the passcode itself secure. Ideally, the passcode should only be stored by a financial institution associated with the user and should not be stored by a third party (for example, a provider of goods or services to the user) or on the user's mobile device. These security considerations must be taken into account whilst, at the same time, ensuring that the system is robust and efficient.
    • BRIEF DESCRIPTION
  • In a first aspect, the present disclosure provides a communications device for implementing an electronic payment process, the communications device including a receiver unit operable to receive a secure limited use key (SLUK) from a financial institution, the SLUK being generated by the financial institution using (1) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device and a variable code and (2) a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode, and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device, and the variable code, the second key being a secret key, wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset; and receive the variable code from the financial institution, and a storage unit operable to store the received SLUK and variable code and to store the second key associated with the user of the communications device and the identifier which identifies the user of the communications device; a controller operable to, in response to an operation by a user to initiate an electronic payment at a point of sale (POS) device, generate the character position in the passcode of each character in the subset, the character position in the passcode of each character in the subset being determined by the predetermined algorithm on the basis of the second key, the identifier of the user of the communications device and the variable code, as stored in the storage unit; and a user interface operable to indicate to the user of the communications device the character position in the passcode of each character in the subset as generated by the controller and to receive an input from the user indicative of each character in the subset, wherein the controller is operable to perform an unwrapping process on the SLUK stored in the storage unit using each character indicated by the input from the user, the unwrapping process generating a second LUK, and wherein the communications device includes a transmitter unit operable to transmit the generated second LUK to the financial institution for authentication of the electronic payment.
  • In an embodiment, the receiver unit is operable to receive a message indicative of a successful electronic payment in the case that the second LUK transmitted to the financial institution matches the first LUK generated by the financial institution and a message indicative of a non-successful electronic payment in the case that the second LUK transmitted to the financial institution does not match the first LUK generated by the financial institution.
  • In an embodiment, the predetermined algorithm for generating the character position in the passcode of each character in the subset includes the steps of (1) generating a cryptographic random number (CRN) by providing the second key, identifier of the user of the communications device, and variable code as inputs to a Format Preserving Encryption (FPE) function, (2) determining whether the generated CRN has a number of characters greater than or equal to the number of characters of the passcode associated with the user of the communications device, wherein if the generated CRN has a number of characters greater than or equal to the number of characters of the passcode, then the algorithm proceeds to step (3), and wherein if the generated CRN does not have a number of characters greater than or equal to the number of characters of the passcode, then the algorithm repeats step (2), (3) determining whether the generated CRN has at least a predetermined number of unique characters, each of which is less than or equal to the number of characters of the passcode, the predetermined number being the number of characters to be included in the subset of characters of the passcode, wherein if the number of unique characters each of which is less than or equal to the number of characters of the passcode is greater than or equal to the predetermined number, then the algorithm proceeds to step (4), and wherein if the number of unique characters, each of which is less than or equal to the number of characters of the passcode is less than the predetermined number, then the algorithm repeats step (2), and (4) determining a set of the identified unique characters each of which is less than or equal to the number of characters of the passcode, the set including a number of the identified unique characters equal to the predetermined number; wherein the identified unique characters in the set indicate the character position in the passcode of each character of the passcode to be included in the subset of characters of the passcode.
  • In an embodiment, the SLUK is generated by wrapping the first LUK using each of the characters in the subset of characters of the passcode using a Password-Based Key Derivation Function 2 (PBKDF2) algorithm, and the second LUK is generated using a corresponding PBKDF2 algorithm using each character indicated by the input from the user of the communications device.
  • In an embodiment, the first key associated with the financial institution is an Issuer Master Key (IMK).
  • In an embodiment, the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key.
  • In an embodiment, the variable code has the format DDDNN, wherein DDD represents the number of days since a predetermined first day of the year and NN is a key sequence number ranging from 00 to 99.
  • In an embodiment, the identifier which identifies the user of the communications device is a Primary Account Number (PAN) associated with the user of the communications device.
  • In an embodiment, the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key, the identifier which identifies the user of the communications device is a 16 character Primary Account Number (PAN) associated with the user of the communications device, and the variable code has the format DDDNN, wherein DDD represents the number of days since a predetermined first day of the year and NN is a key sequence number ranging from 00 to 99, and inputs to the FPE function for generating the CRN are the second key, and the inputs to the FPE function are the AES 128 bit secret second key and the sum of the 16 character PAN and variable code DDDNN.
  • In an embodiment, the second LUK is transmitted to the financial institution as a cryptogram.
  • In an embodiment, the controller is operable to generate a Key Check Value (KCV) using the second LUK, and the transmitter unit is operable to transmit the generated KCV to the financial institution together with the second LUK.
  • In an embodiment, the KCV is generated by an algorithm including the following steps: (1) providing the second LUK and eight zero bytes as inputs to an encryption function; and (2) obtaining the first three bytes of the output to the encryption function, the obtained first three bytes forming the KCV.
  • In an embodiment, following the operation by the user of the communications device to initiate an electronic payment at the POS device, the receiver is operable to receive a message from the POS device indicative of the payment value, and the controller is operable to determine whether or not the payment value exceeds a predetermined threshold, wherein the controller generates the character position in the passcode of each character in the subset, the user interface indicates to the user of the communications device the character position in the passcode of each character in the subset and is operable to receive the input from the user indicative of each character in the subset, the controller performs the unwrapping process on the SLUK using each character indicated by the input from the user to generate the second LUK, and the transmitter unit transmits the generated second LUK to the financial institution only when the payment value exceeds the predetermined threshold.
  • In an embodiment, the receiver unit and transmitter unit are operable to exchange signalling with the POS device using a Near Field Communication (NFC) interface and to exchange signalling with the financial institution using a longer range wireless access network (WAN) interface.
  • In an embodiment, the transmitter is operable to transmit the second LUK to the financial institution via the POS device.
  • In a second aspect, the present disclosure provides a payment device for implementing an electronic payment process at a financial institution, the payment device including a controller operable to generate a secure limited use key (SLUK) to be transmitted to a communications device, the SLUK being generated by the controller using (1) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device and a variable code and (2) a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device and the variable code, the second key being a secret key, wherein the SLUK is generated by wrapping the first LUK using the each of the characters in the subset, a transmitter unit operable to transmit the generated SLUK to the communications device; and a receiver unit operable to receive a second LUK generated by the communications device, the second LUK being generated by the communications device in response to an operation by the user of the communications device to initiate an electronic payment at a point of sale (POS) device, and the generation of the second LUK including determining the character position in the passcode of each character in the subset, the character position in the passcode of each character in the subset being determined by the predetermined algorithm on the basis of the second key, the identifier of the user of the communications device and the variable code, each of which is known to the communications device, indicating to the user of the communications device the determined character position in the passcode of each character in the subset and receiving an input from the user indicative of each character in the subset, and performing an unwrapping process on the SLUK transmitted by the transmitter unit, the unwrapping process generating the second LUK, wherein the controller is operable to compare the received second LUK with the first LUK, and authenticate the electronic payment only when the second LUK matches the first LUK.
  • In an embodiment, the transmitter unit is operable to transmit a message indicative of a successful electronic payment in the case that the received second LUK matches the first LUK and a message indicative of a non-successful electronic payment in the case that the received second LUK the first LUK.
  • In an embodiment, in response to receipt of the second LUK, the controller is operable to regenerate the first LUK using the first key associated with the financial institution, the identifier which identifies the user of the communications device and the variable code.
  • In an embodiment, the predetermined algorithm for generating the character position in the passcode of each character in the subset includes the steps of (1) generating a cryptographic random number (CRN) by providing the second key, identifier of the user of the communications device, and variable code as inputs to a Format Preserving Encryption (FPE) function, (2) determining whether the generated CRN has a number of characters greater than or equal to the number of characters of the passcode associated with the user of the communications device, wherein if the generated CRN has a number of characters greater than or equal to the number of characters of the passcode, then the algorithm proceeds to step (3), and wherein if the generated CRN does not have a number of characters greater than or equal to the number of characters of the passcode, then the algorithm repeats step (2), (3) determining whether the generated CRN has at least a predetermined number of unique characters, each of which is less than or equal to the number of characters of the passcode, the predetermined number being the number of characters to be included in the subset of characters of the passcode, wherein if the number of unique characters, each of which is less than or equal to the number of characters of the passcode is greater than or equal to the predetermined number, then the algorithm proceeds to step (4), and wherein if the number of unique characters, each of which is less than or equal to the number of characters of the passcode is less than the predetermined number, then the algorithm repeats step (2), and (4) determining a set of the identified unique characters, each of which is less than or equal to the number of characters of the passcode, the set including a number of the identified unique characters equal to the predetermined number, wherein the identified unique characters in the set indicate the character position in the passcode of each character of the passcode to be included in the subset of characters of the passcode.
  • In an embodiment, the SLUK is generated by wrapping the first LUK using each of the characters in the subset of characters of the passcode using a Password-Based Key Derivation Function 2 (PBKDF2) algorithm, and the second LUK is generated using a corresponding PBKDF2 algorithm using each character indicated by the input from the user of the communications device.
  • In an embodiment, the first key associated with the financial institution is an Issuer Master Key (IMK).
  • In an embodiment, the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key.
  • In an embodiment, the variable code has the format DDDNN, wherein DDD represents the number of days since a predetermined first day of the year, and NN is a key sequence number ranging from 00 to 99.
  • In an embodiment, the identifier which identifies the user of the communications device is a Primary Account Number (PAN) associated with the user of the communications device.
  • In an embodiment, the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key, the identifier which identifies the user of the communications device is a 16 character Primary Account Number (PAN) associated with the user of the communications device, and the variable code has the format DDDNN, wherein DDD represents the number of days since a predetermined first day of the year and NN is a key sequence number ranging from 00 to 99, and inputs to the FPE function for generating the CRN are the second key, and the inputs to the FPE function are the AES 128 bit secret second key and the sum of the 16 character PAN and variable code DDDNN.
  • In an embodiment, the second LUK is received from the communications device as a cryptogram, and the controller is operable to generate a corresponding cryptogram from the first LUK and to compare the cryptograms, wherein if the cryptograms match, then the controller determines that the first LUK matches the second LUK, and if the cryptograms do not match, then the controller determines that the first LUK does not match the second LUK.
  • In an embodiment, the cryptogram is received together with a Key Check Value (KCV) generated by the communications device using the second LUK, and in the case that the second LUK does not match the first LUK, the controller is operable to generate a further KCV using the first LUK and to compare the received KVC with the further generated KCV, wherein if the received KCV matches the further generated KCV, then the controller determines that the characters of the subset of characters of the passcode were correctly input by the user of the communications device, and if the received KCV does not match the further generated KCV, then the controller determines that the characters of the subset of characters of the passcode were not correctly input by the user of the communications device.
  • In an embodiment, the further generated KCV is generated by an algorithm including the following steps: (1) providing the first LUK and eight zero bytes as inputs to an encryption function, and (2) obtaining the first three bytes of the output to the encryption function, the obtained first three bytes forming the further generated KCV.
  • In an embodiment, the receiver is operable to receive the second LUK from the communications device via the POS device.
  • In a third aspect, the present disclosure provides a point of sale (POS) device for implementing an electronic payment process, the POS device including a controller operable to determine a payment value of a payment to be made by a user of a communications device, a receiver operable to receive, from the communications device, a limited use key (LUK), the LUK being generated by the communications device and the generation of the LUK including determining a character position in a passcode associated with the user of the communications device of each character in a subset of characters of the passcode, the character position in the passcode of each character in the subset being determined by a predetermined algorithm on the basis of a secret key associated with the communications device, an identifier of the user of the communications device and a variable code, each of which is known to the communications device, indicating to the user of the communications device the determined character position in the passcode of each character in the subset and receiving an input from the user indicative of each character in the subset, and performing an unwrapping process on the SLUK transmitted by the transmitter, the unwrapping process generating the LUK, and a transmitter operable to transmit the determined payment value and the LUK received from the communications device to a financial institution.
  • In an embodiment, prior to receiving the LUK from the communications device, the receiver is operable to receive signalling from the communications device indicative of an initiation of an electronic payment, and, in response, the controller is operable to control the transmitter to transmit signalling indicative of the payment value to the communications device.
  • In a fourth aspect, the present disclosure provides a method of operating a communications device for implementing an electronic payment process, the method including controlling a receiver unit of the communications device to receive a secure limited use key (SLUK) from a financial institution, the SLUK being generated by the financial institution using (1) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device and a variable code and (2) a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device and the variable code, the second key being a secret key, wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset, and receive the variable code from the financial institution, controlling a storage unit of the communications device to store the received SLUK and variable code and to store the second key associated with the user of the communications device and the identifier which identifies the user of the communications device, in response to an operation by a user to initiate an electronic payment at a point of sale (POS) device, generate the character position in the passcode of each character in the subset, the character position in the passcode of each character in the subset being determined by the predetermined algorithm on the basis of the second key, the identifier of the user of the communications device and the variable code, as stored in the storage unit, and controlling a user interface of the communications device to indicate to the user of the communications device the character position in the passcode of each character in the subset as generated by the controller and to receive an input from the user indicative of each character in the subset; wherein an unwrapping process is performed on the SLUK stored in the storage unit using each character indicated by the input from the user, the unwrapping process generating a second LUK, and wherein the method includes controlling a transmitter unit of the communications device to transmit the generated second LUK to the financial institution for authentication of the electronic payment.
  • In a fifth aspect, the present disclosure provides a recording medium storing a computer program for controlling a computer to perform a method according to the fourth aspect.
  • In a sixth aspect, the present disclosure provides a method of operating a payment device for implementing an electronic payment process at a financial institution, the method including generating a secure limited use key (SLUK) to be transmitted to a communications device, the SLUK being generated by the controller using (1) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device and a variable code and (2) a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device and the variable code, the second key being a secret key, wherein the SLUK is generated by wrapping the first LUK using the each of the characters in the subset, controlling a transmitter unit of the payment device to transmit the generated SLUK to the communications device; and controlling a receiver unit of the payment device to receive a second LUK generated by the communications device, the second LUK being generated by the communications device in response to an operation by the user of the communications device to initiate an electronic payment at a point of sale (POS) device, and the generation of the second LUK including determining the character position in the passcode of each character in the subset, the character position in the passcode of each character in the subset being determined by the predetermined algorithm on the basis of the second key, the identifier of the user of the communications device and the variable code, each of which is known to the communications device; indicating to the user of the communications device the determined character position in the passcode of each character in the subset and receiving an input from the user indicative of each character in the subset; and performing an unwrapping process on the SLUK transmitted by the transmitter unit, the unwrapping process generating the second LUK, wherein the received second LUK is compared with the first LUK, and the electronic payment is authenticated only when the second LUK matches the first LUK.
  • In a seventh aspect, the present disclosure provides a recording medium storing a computer program for controlling a computer to perform a method according to the sixth aspect.
  • In an eighth aspect, the present disclosure provides a method of operating a point of sale (POS) device for implementing an electronic payment process, the method including determining a payment value of a payment to be made by a user of a communications device, controlling a receiver of the POS device to receive, from the communications device, a limited use key (LUK), the LUK being generated by the communications device and the generation of the LUK including determining a character position in a passcode associated with the user of the communications device of each character in a subset of characters of the passcode, the character position in the passcode of each character in the subset being determined by a predetermined algorithm on the basis of a secret key associated with the communications device, an identifier of the user of the communications device and a variable code, each of which is known to the communications device, indicating to the user of the communications device the determined character position in the passcode of each character in the subset and receiving an input from the user indicative of each character in the subset, and performing an unwrapping process on the SLUK transmitted by the transmitter, the unwrapping process generating the LUK, and controlling a transmitter of the POS device to transmit the determined payment value and the LUK received from the communications device to a financial institution.
  • In a ninth aspect, the present disclosure provides a recording medium storing a computer program for controlling a computer to perform a method according to the eighth aspect.
  • The foregoing paragraphs have been provided by way of general introduction, and are not intended to limit the scope of the following claims. The described embodiments, together with further advantages, will be best understood by reference to the following detailed description taken in conjunction with the accompanying drawings.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • A more complete appreciation of the disclosure and many of the attendant advantages thereof will be readily obtained as the same becomes better understood by reference to the following detailed description when considered in connection with the accompanying drawings, wherein:
  • FIG. 1 schematically shows a mobile device payment arrangement implemented when a user wishes to buy a product from a store, according to an embodiment of the present disclosure;
  • FIGS. 2A-C schematically show a communications device, point of sale (POS) device and payment device according to embodiments;
  • FIG. 3 schematically shows a partial passcode entry screen which is presented to a user, according to an embodiment of the present disclosure;
  • FIG. 4 schematically shows a registration process, according to an embodiment of the present disclosure;
  • FIG. 5 schematically shows a process in which a secure limited use key (SLUK) is generated and transmitted to a communications device, according to an embodiment of the present disclosure;
  • FIGS. 6A-B schematically show a process used for identifying the characters of a partial passcode, according to an embodiment of the present disclosure;
  • FIG. 7 schematically shows an electronic payment process, according to an embodiment of the present disclosure; and
  • FIG. 8 schematically shows the generation of a Key Check Value (KCV), according to an embodiment of the present disclosure.
    •  DESCRIPTION OF THE EMBODIMENTS
  • Referring now to the drawings, wherein like reference numerals designate identical or corresponding parts throughout the several views.
  • FIG. 1 schematically shows a mobile device payment arrangement implemented when a user 100 wishes to buy a product from a store. When wishing to pay for the product, the staff member 102 of the store puts the product through the store's check out or payment system in the usual way. In this case, the staff member 102 will scan the product using a barcode or the like and a suitable electronic check out system (as known in the art). The store is set up to allow mobile device payments (also known as mobile payments). In particular, the store is fitted with a point of sale (POS) device 106 which is able to exchange signalling with a mobile device 104 (also known as a communications device) of the user so as to enable the mobile payment to take place. In this example, signalling is exchanged between the communications device 104 and POS device 106 using Near Field Communication (NFC) technology, although it will be appreciated that any other suitable signalling technology (such as Bluetooth, Wi-Fi, cellular signalling) could also be used. When NFC is used, the user 100 simply has to bring the communications device 104 into close proximity with the POS device (the close proximity being determined by one or more of the relevant NFC standards, as known in the art) in order to initiate the implementation of an electronic payment process.
  • The electronic payment process is carried out using the communications device 104, POS device 106, and a payment device 200. These are illustrated in FIGS. 2A, 2B, and 2C, respectively. In this example, the communications device 104 belongs to the user 100, the POS device 106 is located at the store, and the payment device 200 is located at a financial institution associated with the user. The financial institution associated with the user is a financial institution through which a user may transfer funds so as to issue payment to a third party (such as the store at which the user buys the product). For example, the financial institution may be a bank at which the user has a bank account.
  • As shown in FIG. 2A, the communications device 104 includes an NFC unit 202, receiver 204, transmitter 206, controller 207, storage unit 208, and user interface 210. The communications device may be, for example, a mobile phone, tablet computer, or any other suitable device including the components as exemplified in FIG. 2A. The NFC unit 202 includes an NFC receiver and NFC transmitter so as to allow the communications device to receive and transmit NFC signals with another NFC enabled device (such as POS device 106). The receiver 204 and transmitter 206 allow the communications device 104 to receive and transmit, respectively, signals from external devices using a suitable interface such as a wide area network (WAN) interface (for example, a cellular interface such as Long Term Evolution (LTE) or Universal Mobile Telecommunications System (UMTS) or a Wi-Fi interface). The storage unit 208 allows data to be stored by the communications device 104. The user interface 210 allows a user to interact with the communications device 104 by viewing information output by the communications device and inputting information to the communications device. For example, the user interface may be touch screen or may include a screen and one or more physical buttons or switches or the like. The controller 207 controls the operation of each of the other components of the communications device.
  • As shown in FIG. 2B, the POS device 106 includes an NFC unit 212, a receiver 214, transmitter 216, and a controller 218. The NFC unit 212 includes an NFC receiver and NFC transmitter so as to allow the POS device to receive and transmit NFC signals with another NFC enabled device (such as communications device 104). The receiver 204 and transmitter 206 allow the POS device to receive and transmit, respectively, signals from external devices using a suitable interface such as a WAN interface (for example, a cellular interface such as Long Term Evolution (LTE) or Universal Mobile Telecommunications System (UMTS) or a Wi-Fi interface) or wired access interface (such as a wired Ethernet interface). The controller 218 controls the operation of each of the other components of the POS device.
  • As shown in FIG. 2C, payment device 200 located at the financial institution associated with the user 100 of the communications device 104 includes a receiver 220, transmitter 222, controller 224, and storage unit 226. The receiver 220 and transmitter 222 allow the payment device 200 to receive and transmit, respectively, signals from external devices using a suitable interface such as a WAN interface (for example, a cellular interface such as Long Term Evolution (LTE) or Universal Mobile Telecommunications System (UMTS) or a Wi-Fi interface). The storage unit 226 allows data to be stored by the payment device 200. The controller 224 controls the operation of each of the other components of the payment device 200.
  • The operation and interaction of each of the communications device 104, POS device 106, and payment device 200 is discussed in detail below. As previously discussed, in embodiments of the present disclosure, in order to authenticate a payment in the situation as exemplified in FIG. 1, a user must enter a partial passcode using the communications device 104. The partial passcode is defined by a subset of characters of a passcode which has previously been associated with the user, and the subset of characters which define the partial passcode is determined for each individual transaction which takes place. More specifically, for each transaction (for example, each time the user 100 wishes to make a payment for a product at a store), the position in the passcode of each character in the subset is determined, and the user is then required to enter the characters of the passcode which occur at those determined positions. The transaction (for example, the payment to the store) will only be completed if the characters of the partial passcode are correctly entered.
  • In one embodiment, the user is presented with a partial passcode entry screen 300 on the communications device 104. The partial passcode entry screen 300 is displayed on a screen of the communications device following a successful exchange of NFC signalling between the communications device 104 and POS device 106 which occurs when the user attempts to pay for a product or service using the communications device 104. Thus, for example, the staff member 102 at a store checks though the one or more products or services to be purchased by the user 100, and once the total required payment value has been calculated, the user 100 is given the option of initiating a mobile payment using the communications device 104 and POS device 106. In this case, the user brings the communications device 104 into sufficient proximity to the POS device 106 so as to allow an exchange of NFC signalling between the communications device and POS device, thus initiating a mobile payment process.
  • In the example of FIG. 3, the partial passcode has been generated such that the user must enter the 1st, 2nd, 5th and 6th characters of the six character passcode. The 1st, 2nd, 5th, and 6th characters form a subset of characters of the passcode, and the characters in the subset represent the partial passcode. These characters must be entered in the accessible passcode character entry fields 302A-D. Thus, to take again the earlier example passcode of “831649”, the user 100 must enter the number “8” (this being the 1st character) in field 302A, the number “3” (this being the 2nd character) in the field 302B, the number “4” (this being the 5th character) in the field 302C and the number “9” (this being the 6th character) in the field 302D. The remaining passcode character entry fields 304A and 304B (which relate to the 3rd character “1” and the 4th character “6”, respectively, of the passcode “831649”) appear shaded and are not accessible by the user. The user thus does not need to enter the 3rd and 4th characters of the passcode.
  • The user is thus able to recognise which characters of the passcode are required based on the accessible and non-accessible fields and the fact that each of the fields as considered from left to right corresponds to the position of a respective character of the passcode as read from left to right. That is, because the 1st, 2nd, 5th and 6th fields are accessible, the user knows that it is the 1st, 2nd, 5th and 6th characters of the passcode which must be respectively entered in these fields. The user also knows that, because the 3rd and 4th fields are not accessible, the 3rd and 4th characters of the passcode are not required for this particular transaction. As previously mentioned, for a different transaction, the positions in the passcode of the characters to be included in the partial passcode may be different.
  • Only if the required passcode characters are correctly entered by the user 100 at the partial passcode entry screen is the transaction allowed to be completed. In this example, the user interface 210 of the communications device 104 is a touch screen and the user is able to enter the passcode character associated with each accessible field 302A-D using the virtual numerical keypad 306.
  • It is noted that the partial passcode entry screen 300 is only an example, and the passcode screen may take any other suitable format. For example, the partial passcode entry screen may instead include a plurality of successively displayed sub-screens in which the user is invited to enter one of the characters of the partial passcode on each sub-screen. Thus, for example, when it is the 1st, 2nd, 5th and 6th characters of the passcode which must be entered, one respective sub-screen will be displayed to allow entry of each of these characters. Each sub-screen may look the same and have the same functionality as the partial passcode entry screen 300 shown in FIG. 3, the difference being that only a single field (rather than multiple fields 302A-D, for example) is displayed for allowing entry of the single one of the characters associated with that sub-screen via the virtual numerical keypad 306. It is noted that the order in which the characters of the passcode are entered need not necessarily be correlated with the order in which the characters are positioned in the passcode. For example, although it may be the case that the 1st, 2nd, 5th and 6th characters are respectively entered via the first, second, third and fourth successively displayed sub-screen (so that the 1st character is entered, followed by the 2nd character, followed by the 5th character, followed by the 6th character), this is not necessary. For example, the first displayed sub-screen may be associated with the 2nd character, the second displayed sub-screen may be associated with the 5th character, the third displayed sub-screen may be associated with the 1st character and the fourth displayed sub-screen may be associated with the 6th character (so that the 2nd character is entered, followed by the 5th character, followed by the 1st character, followed by the 6th character). The order in which the characters of the partial passcode are entered can thus be changed as well as the characters of the partial passcode itself.
  • The way in which the characters which define the partial passcode are determined and in which a payment is authenticated using the partial passcode will now be described in detail.
  • In order to use the mobile payment arrangement according to embodiments of the present disclosure, the user must first register their communications device 104. The process of this registration is schematically illustrated in FIG. 4.
  • Firstly, at step 400, the transmitter 206 of the communications device 104 transmits a registration request to the payment device 200 at the financial institution associated with the user of the communications device. The registration request is received by the receiver 220 of the payment device 200. The controller 224 of the payment device then registers the user for use with the mobile payment service at step 402 and, at step 404, generates a token primary account number (PAN) associated with the user. The generated token PAN is a number which acts as an identifier of the user and which is used in the generation of subsequent cryptographic keys, as will be explained. The token PAN associated with the user is then stored in the storage unit 226 of the payment device at step 406. At step 408, a secret key which is associated with the user is generated. The secret key may be an Advanced Standards Encryption (AES) 128 bit key, for example. The secret key is also stored in the storage unit 226 (and is protected using, for example, a cryptographic hardware security module). At step 410, the transmitter 222 transmits the generated token PAN and secret key back to the receiver 204 of the communications device 104. The token PAN and secret key are then stored in the storage unit 208 of the communications device 104 (the secret key being protected using, for example, a whitebox cryptographic technique). This completes the registration process of the communications device, and allows the user to now initiate mobile payments using the communications device.
  • Once registered, and prior to initiating a payment at the POS device 106, the communications device 104 must first be provided with secure limited use key (SLUK) for use during the payment process. The SLUK is a cryptographic key, and the generation of the SLUK and its transmission to the communications device from the payment device 200 is schematically illustrated in FIG. 5.
  • Firstly, at step 500, the transmitter 206 of the communications device 104 transmits a SLUK request to the payment device 200. The SLUK request is received by the receiver 220 of the payment device. The SLUK request indicates to the payment device that the communications device requires a SLUK.
  • At step 502, the controller 224 of the payment device 200 first generates a limited use key (LUK). This is a cryptographic key, and is generated via any suitable key derivation function using the token PAN associated with the user of the communications device, a further key associated with the financial institution to which the payment device 200 is related, and a variable code. The key generation function may be, for example, a suitable symmetric key derivation function (such as, for example, a function based on an Advanced Encryption Standard (AES) or Data Encryption Standard (DES) technique). The variable code is discussed in more detail below. The key associated with the financial institution to which the payment device 200 is related is stored in the storage unit 226 of the payment device 200, and may be an Issue Master Key (IMK), for example.
  • At step 504, the controller 224 generates the position in the passcode of each of the characters of the passcode which are to form the subset of characters defining the partial passcode. The determined characters are then acquired from the passcode (which is stored in the storage unit 226 of the payment device 200 following previous allocation of a passcode to the user), and, at step 506, the LUK generated in step 502 is wrapped using the characters of the partial passcode so as to generated the SLUK. This wrapping may be carried out using a Password-Based Key Derivation Function 2 (PBKDF2) algorithm, for example. At step 508, the transmitter 222 of the payment device 200 then transmits the SLUK to the receiver 204 of the communications device 104. The SLUK is then stored in the storage unit 208 of the communications device 104 at step 510. This process is described in more detail below.
  • The process of determining the position in the passcode of each of the characters of the passcode which are to form the subset of characters defining the partial passcode is schematically illustrated in FIGS. 6A and 6B.
  • The process starts at step 600. At step 602, a cryptographic random number (CRN) is generated on the basis of the secret key associated with the user, the token PAN associated with the user and a further code. The further code varies according to one or more predetermined rules, and may be referred to as a variable code. In this example, the variable code has the format DDDNN, wherein DDD represents the number of days since 1 January of the current year (so that for 1 January, DDD=000, for 2 January, DDD=001, and so on) and NN is a key sequence number ranging from 00-99. The key sequence number NN may be generated using, for example, a random number generator or, alternatively, the controller 224 may increment the value of the key sequence number NN each time a SLUK is request by a communications device 104 (in this case, if more than 100 SLUKs are requested on a given day, then the key sequence number NN will cycle round again so that the variable code used for the generation of the 101th SLUK will once again have NN=00). It will be appreciated that the variable code may be generated with any other suitable format and using any other predetermined rule(s), as long as the resulting variable code is suitable for use in generation of the CRN. It is noted that this same variable code is used in the generation of the LUK generated in step 502. The CRN may be generated on the basis of the secret key, token PAN and variable code using Format Preserving Encryption (FPE), for example.
  • An example of the generation of the CRN is shown in FIG. 6B. The user's token PAN is shown in row (4) and the variable code (in the format DDDNN) is shown in row (5). As shown in row (6), the CRN is generated by applying an FPE encryption function with the user's secret key, token PAN and variable code as inputs. In particular, the token PAN and variable code are added together and the resulting total is input to an FPE encryption function together with the user's secret key. The result is show in row (6).
  • At step 604, it is determined as to whether the generated CRN has a length greater than 6. If the generated CRN does not have a length greater than 6, then the process returns to step 602, and the CRN is regenerated. This regeneration uses FPE in the same way as previously described. On the other hand, if the generated CRN does have a length greater than 6, then the process proceeds to step 606. It can be seen in row (6) of FIG. 6B that the CRN does have a length greater than 6 digits, and thus there is no need to regenerate the CRN. The process thus proceeds to step 606. The check at step 604 to determine whether the generated CRN has a length greater than the length of the passcode (in this case, a length greater than 6) helps improve the chance that the CRN which is passed to step 606 of the process has a sufficient number of unique bits each of which has a value less than or equal to the length of the passcode (see below).
  • At step 606, it is determined as to whether the CRN has at least 4 unique digits each of which has a numerical value which is less than or equal to 6. If this condition is not satisfied, then the process returns to step 602, and the CRN is regenerated. On the other hand, if this condition is satisfied, then the process proceeds to step 608. It can be seen in row (6) of FIG. 6B that the generated CRN has 5 unique digits each of which has a numerical value less than or equal to 6. These numbers are 6, 5, 1, 2, and 4.
  • At step 608, the first four of the at least four unique digits each of which has a numerical value which is less than or equal to 6, as identified in step 606, are identified. These then identify the position in the passcode of each of the passcode characters which are to form the subset of characters which define the partial passcode. Thus, looking at the list of numbers 65124 generated in step 606, the first four of these numbers gives the list 6512. Thus, the characters of the passcode which define the partial passcode are the 6th character, 5th character, 1st character, and 2nd character. As shown in row (3) of FIG. 6B, the passcode of the user is 831649. Thus, the numbers defining the partial passcode are 9 (the 6th character), 4 (the 5th character), 8 (the 1st character), and 3 (the 2nd character). It will be appreciated that, when necessary, these numbers may be entered by the user using, for example, the partial passcode entry screen shown in FIG. 3 (since the accessible fields 302A-D relate to the 6th, 5th, 1st, and 2nd characters of the passcode).
  • Once the positions of the characters defining the partial passcode have been identified, the process ends at step 610.
  • The passcode of the user is saved in the storage unit 226 of the payment device 200. Thus, following the determination of the positions of the characters of the partial passcode, the controller 224 retrieves the appropriate characters of the passcode from the storage unit (thus, in the above example, the controller 224 would retrieve the characters 9, 4, 8, and 3). The determination of the positions of the characters of the partial passcode (using the method exemplified with reference to FIGS. 6A and 6B) and the retrieving of these characters occurs in step 504. The characters of the partial passcode are then used to wrap the LUK in step 506 using, for example, a PBKDF2 encryption algorithm, as previously explained. The resulting SLUK is then transmitted to the communications device 104, together with the variable code, at step 508, and the SLUK and variable code are stored in the storage unit 208 of the communications device at step 510.
  • Following the storage of the SLUK in the storage unit 208 of the communications device 104, the user may now initiate a payment process when purchasing goods or services at a store. This payment process is schematically illustrated in FIG. 7, which shows the various interactions between the user 100, the communications device 104, the POS terminal 106, a payment gateway 700, and the payment device 200. The payment gateway 700 is an information gateway which links the POS terminal 106 (located at the store at which goods or services are purchased) and payment device 200 (located at the financial institution) and which manages electronic messages transmitted between the POS terminal 106 and payment device 200. Such information gateways are known in the art, and will therefore not be described in detail here.
  • At steps 702 and 704, the user 100 takes the communications device 104 and presents the communications device to the POS terminal 106. As previously mentioned, in an embodiment, this involves the user holding the communications device 104 in sufficiently close proximity to the POS communications device 106 so as to allow NFC signalling to be exchanged between the communications device and POS device. The user will take and present the communications device once goods or services have been checked through the check-out system used by the store and thus when a total price which must be paid by the user (that is, the payment value) has been calculated. This payable price is determined by the POS terminal (for example, the POS terminal may receive information indicative of the payable price from the proprietary check out system used by the store). When the communications device is presented to the POS terminal, the NFC unit 202 of the communications device transmits signalling to the NFC unit 212 of the POS device indicating that the communications device wishes to initiate payment. In response to this, the NFC unit 212 of the POS device returns a datagram indicative of the price which must be paid. This occurs in step 706.
  • At step 708, the controller 207 determines whether the payment is a high value payment. A high value payment is a payment which exceeds a predetermined threshold value in a given currency. Payments due which exceed this threshold are deemed to be high value payments. For example, a high value payment may be a payment which is more than 30 pounds sterling (£) or 30 US dollars ($), for example (in which case the £30 or $30 represents the predetermined threshold).The determination of whether a payment is a high value payment may be used to determine whether the partial passcode needs to be entered by the user. That is, the payment process may be such that, in order to provide increased convenience for the user for low value payments (that is, payments below the predetermined threshold), the partial passcode must be entered only for high value payments in order for the transaction to be initiated. For low value payments, the partial passcode is not required for the transaction to be initiated. The use of the partial passcode only for high value payments occurs in the example of FIG. 7, hence the determination of whether or not the proposed payment value (as indicated in the datagram received from the POS terminal in step 706) is a high value payment (that is, whether or not the proposed payment value exceeds the predetermined high value payment threshold). In FIG. 7, the proposed payment value is determined to be a high value payment, and thus the process continues. However, in another embodiment, the partial passcode must be entered for all payment values. In this case, there is no need to determine whether or not the proposed payment value is a high value payment, and thus step 708 can be omitted from the payment process.
  • At step 710, the controller 207 of the communications device determines the positions in the passcode of each character of the partial passcode. This is carried out using the same method as used by the payment device 200 in determining the positions in the passcode of each character of the partial passcode, as previously described with reference to FIGS. 6A and 6B. This is possible because the token PAN, secret key associated with the communications device and variable code have been previously stored in the storage unit 208 of the communications device (see step 410 of FIG. 4 and step 510 of FIG. 5). The controller 207 is therefore able to apply the same FPE function on the token PAN, secret key and variable code as applied by the payment device 200 and to therefore obtain the same character position numbers as previously determined by the payment device (thus, to use the previously mentioned example, the controller 207 will determined the character position numbers 6, 5, 1 and 2). Note that no characters of the partial passcode are actually determined here (since the partial passcode is not stored on the communications device). Only the position of each character in the partial passcode is determined.
  • At step 711, the user is requested by the communications device 104 to enter the partial passcode. That is, the user is requested to enter the subset of characters of the passcode whose character position in the passcode has been determined at step 710. This is carried out via the user interface 210, which presents to the user a screen such as the partial passcode entry screen 300 shown in FIG. 3. At step 713, the user then enters the partial passcode (using the virtual keypad 306, for example), thus providing the characters of the partial passcode to the controller 207 of the communications device. In this case, the user would enter the partial passcode characters 9, 4, 8, and 3, since these relate to the 6th, 5th, 1st, and 2nd characters of the passcode, respectively.
  • At step 712, the controller 207 retrieves the SLUK which was previously received from the payment device 200 and stored in the storage unit 208 (see step 510 of FIG. 5) and unwraps the SLUK using the characters of the partial passcode entered by the user. The SLUK is unwrapped using an algorithm corresponding to the PBKDF2 algorithm previously used to generate the SLUK, for example. The unwrapping of the SLUK generates a further LUK (which may be referred to as a second LUK) which should match the LUK originally generated by the payment device 200 (which may be referred to as a first LUK—see step 502 of FIG. 5) in the case that the user has entered the correct characters of the partial passcode.
  • At step 714, the controller 207 uses the second LUK to generate a cryptogram. The cryptogram may be generated using any suitable cryptogram generation algorithm. For example, the cryptogram generation algorithm may be defined by the payment scheme (described below) used to actually transfer funds from the user of the communications device 104 to the store at which a product or service is purchased following correct entry of the partial passcode. In a particular example, the cryptogram generation algorithm is associated with a Cardholder Verification Method (CVM) associated with the used payment scheme. Such algorithms include may include, for example, CVM10, CVM14, CVM17, or CVM15. Furthermore, at step 716, a Cryptographic Key Check Value (KCV) is generated. The use of the KCV allows the payment device 200 to determine whether a mismatch between the first and second LUKs has been caused by a user entering the partial passcode incorrectly or for another reason (for example, data corruption or tampering). The KCV is explained in detail later on. At step 718, the cryptogram, KCV and token PAN are transmitted as an electronic message (the electronic message being an electronic payment authentication request message) from the communications device 104 to the POS device 106 via the NFC units 202 and 212. Then, at step 720, the controller 218 of the POS device 106 adds a datagram indicative of the value of the payment (that is, the price which is to be paid by the user for the acquired goods or services) to the electronic message and controls the transmitter 216 to transmit the electronic message (with the datagram added) to the gateway 700. At step 722, the gateway 700 forwards the electronic message to the payment device 200 at the financial institution. The electronic message is received by the receiver 220 of the payment device 200.
  • Once the electronic message has been received, at step 724, the controller 224 of the payment device retrieves the token PAN from the electronic message and uses the token PAN, together with the key associated with the financial institution and the variable code to regenerate the first LUK. It is recalled that the token PAN associated with the user of the communications device 104, the key associated with the financial institution (such as the IMK) and the variable code are exactly the same parameters used previously to generate the first LUK prior to the first LUK being wrapped (to generate the SLUK) and transmitted to the communications device 104 (see step 502 of FIG. 5). At step 726, the controller 224 then generates a cryptogram from the regenerated first LUK using the same technique as used by the communications device 104 in step 714.
  • At step 728, the resulting cryptogram is then compared with the cryptogram included in the electronic message received from the communications device 104. In particular, it is determined as to whether the newly generated cryptogram matches the cryptogram received from the communications device. If there is a successful match, then it is determined that the user has correctly entered the partial passcode and that there has been no tampering with the electronic message. The payment is therefore authenticated, and the payment device 200 then initiates a payment equal to the payment value from an account held by the user at the financial institution to the recipient (for example, the goods or service provider with which the POS terminal 106 is associated). The details of the recipient necessary for receiving payment are included, for example, in the datagram of the electronic message received from the communications device 104. These details depend on the payment scheme used, but may include, for example, a bank account number and sort code of the recipient. The payment is initiated by the payment device 200 using a suitable predetermined payment scheme, such as, for example, Visa®, Discover®, or Faster Payments®. It is noted that the token PAN may be associated with the user of the communications device 104 will be indicative of the payment scheme which is used. For example, the token PAN may be or may be based on a debit or credit card number associated with the account of the user held at the financial institution. A message is then transmitted to the POS device 106 and/or communications device 104 to indicate that the payment has been processed successfully.
  • On the other hand, if there is not a successful match, then this may be because either the user has entered the partial passcode incorrectly or because the electronic message received from the communications device has been corrupted or tampered with. It is important to know which of these is the case. If the user has entered the partial passcode incorrectly, then the user may be provided with one or more additional opportunities to enter the partial passcode, for example. On the other hand, if there is a risk of corruption or tampering, then this will need to be investigated. Thus, in the case that there is not a successful match, the process proceeds to step 730, in which the KCV of the message received from the communications device is analysed.
  • FIG. 8 schematically shows a process in which the KCV is generated by the controller 207 of the communications device 104 for the second LUK generated by unwrapping the SLUK. The process starts at step 800. At step 802, the SLUK is unwrapped to generate the second LUK and, at step 804, a cryptogram is generated using the second LUK. Thus, it is seen that steps 802 and 804 are equivalent to previously described steps 712 and 714, respectively. At step 806, an encryption function DD is performed with the second LUK (also known as the unwrapped SLUK) and eight zero bytes as inputs. The encryption function may be a symmetric key encryption function, for example. In particular, in one embodiment, if the first LUK is generated using a specific symmetric key encryption function, then a corresponding symmetric key encryption function is used at step 806 (thus, for example, if AES or DES is used for generating the first LUK, then a respective AES or DES symmetric key encryption function is used at step 806). At step 808, the first three bytes of the output of this encryption function are then determined to be the KCV. The process then ends at step 810. In an embodiment, the KCV is passed from the communications device 104 to the payment device 200 as part of an Issuer Application Data (IAD) EMV® data element. Such data elements have a size of 32 bytes, and thus 3 out of the 32 bytes are used for transmitting the KCV. A similar process as shown in FIG. 8 is applied by the controller 224 of the payment device 200 so as to generate a KCV value for the first LUK which is regenerated at step 724 in FIG. 7. In particular, the regenerated first LUK is taken as an input, together with eight zero bytes to the same encryption function used at step 806, and the first three bytes of the output of the encryption function are taken as the KCV.
  • At step 730, the KCV received from the communications device 104 is compared with the KCV generated by the payment device 200. If the KCVs match, then it is determined that the user correctly entered the partial passcode. In this case, the mismatch between the cryptogram received from the communications device and the cryptogram generated by the payment device is determined to be caused by tampering and/or corruption (for example) of the electronic message received from the communications device, and this may therefore be further investigated. On the other hand, if the KCVs do not match, then it is determined that the user incorrectly entered the partial passcode. In this case, it is this incorrect entry of the partial passcode which has caused the mismatch of the cryptograms, and thus, for example, the user may be provided with another chance to enter the partial passcode or may be alerted (using a telephone number and/or email address not associated with the communications device 104, for example) that an incorrect partial passcode has been entered using the communications device 104. Of course, different actions may be taken in response to each of these scenarios, depending on the preferences of the user and/or financial institution, legal requirements, etc. This KCV comparison may be implemented using a suitable Hardware Security Module (HSM) forming part of the controller 224 and may be implemented as part of an Authorization Request Cryptogram (ARQC) verification method, for example.
  • In embodiments, the payment device 200 transmits an updated SLUK to the communications device 104 repeatedly over time. The SLUK may be sent prior to each transaction, for example. In this case, when the user first brings the communications device 104 into sufficiently close proximity with the POS device 106 so as to initiate the payment process at each new transaction, the communications device 104 first transmits a SLUK request to the payment device 200, thus initiating the process shown in FIG. 5. Only once the communications device 104 has received the SLUK from the payment device 200 will the communications device then initiate the payment process via NFC signalling. In another example, a new SLUK may be periodically sent to the communications device 104. For example, the communications device 104 may request and receive a new SLUK once per day, hour, week, etc. It is noted that when the variable code (used for the generation of both the LUK and the partial passcode, both of which are then used to generate the SLUK) has the format DDDNN, for example, then up to 100 different codes may be sent on the same day by changing the final two numbers (which may take any of the 100 different values from 00 to 99). This allows 100 different SLUK values to potentially be produced for a given communications device 104 on any given day.
  • It will be appreciated that although the NFC unit, receiver and transmitter of each of the communications device and POS device 106 are shown as separate units, they together are the equivalent of a single receiver unit (which may receive signalling using a plurality of different technologies such as NFC and longer range WAN interfaces such as LTE, UMTS or Wi-Fi or wired interfaces) and a single transmitter unit (which may transmit signalling using a plurality of different technologies such as NFC and longer range WAN interfaces such as LTE, UMTS or Wi-Fi or wired interfaces). The term “longer range” here means that signals can be exchanged between two devices over greater distances than is possible with NFC.
  • Thus, it will be appreciated that the present disclosure provides a mobile payment arrangement with increased security and convenience for the user. In particular, security is increased due to the use of the partial passcode and due to the fact that the partial passcode is securely stored only at the payment device 200 of the financial institution. The passcode is not stored (fully or partially) on the communications device 104 and is not shared (fully or partially) with the POS terminal 106, thus helping to keep the passcode secure.
  • In an example embodiment, a method of operating a communications device for implementing an electronic payment process includes controlling a receiver unit of the communications device to receive a secure limited use key (SLUK) from a financial institution, wherein the SLUK is generated by the financial institution using (A) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device, and a variable code, and (B) a subset of the characters of a passcode associated with the user of the communications device, wherein each character in the subset is identified by its character position in the passcode, wherein the character position in the passcode of each of the characters in the subset is determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device, and the variable code, wherein the second key is a secret key, and wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset, and receive the variable code from the financial institution. The method further includes controlling a storage unit of the communications device to store the received SLUK, the variable code, the second key associated with the user of the communications device, and the identifier which identifies the user of the communications device and initiating, in response to an operation by a user, an electronic payment at a point of sale (POS) device, and generating the character position in the passcode of each character in the subset, wherein the character position in the passcode of each character in the subset is determined by the predetermined algorithm on the basis of the second key, the identifier of the user of the communications device, and the variable code, as stored in the storage unit. The method further includes controlling a user interface of the communications device to indicate to the user of the communications device the character position in the passcode of each character in the subset as generated by the controller and to receive an input from the user indicative of each character in the subset, wherein an unwrapping process is performed on the SLUK stored in the storage unit using each character indicated by the input from the user, wherein the unwrapping process generates a second LUK, and controlling a transmitter unit of the communications device to transmit the generated second LUK to the financial institution for authentication of the electronic payment. The example embodiment may also include a recording medium configured to store a computer program configured to control a computer configured to perform the method.
  • In another example embodiment, a method of operating a payment device for implementing an electronic payment process at a financial institution includes generating a secure limited use key (SLUK) to be transmitted to a communications device, wherein the SLUK is generated by the controller using (A) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device, and a variable code, and (B) a subset of the characters of a passcode associated with the user of the communications device, wherein each character in the subset is identified by its character position in the passcode, wherein the character position in the passcode of each of the characters in the subset is determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device, and the variable code, wherein the second key is a secret key, and wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset. The method further includes controlling a transmitter unit of the payment device to transmit the generated SLUK to the communications device. The method further includes controlling a receiver unit of the payment device to receive a second LUK generated by the communications device, wherein the second LUK is generated by the communications device in response to an operation by the user of the communications device to initiate an electronic payment at a point of sale (POS) device, and wherein the generation of the second LUK includes determining the character position in the passcode of each character in the subset, wherein the character position in the passcode of each character in the subset is determined by the predetermined algorithm on the basis of the second key, the identifier of the user of the communications device, and the variable code, each of which is known to the communications device, indicating to the user of the communications device the determined character position in the passcode of each character in the subset and receiving an input from the user indicative of each character in the subset, and performing an unwrapping process on the SLUK transmitted by the transmitter unit, wherein the unwrapping process generates the second LUK, wherein the received second LUK is compared with the first LUK, and wherein the electronic payment is authenticated only when the second LUK matches the first LUK. The example embodiment may also include a recording medium configured to store a computer program configured to control a computer configured to perform the method.
  • In another example embodiment, a method of operating a point of sale (POS) device for implementing an electronic payment process includes determining a payment value of a payment to be made by a user of a communications device. The method further includes controlling a receiver of the POS device to receive, from the communications device, a limited use key (LUK), wherein the LUK is generated by the communications device, and wherein the generation of the LUK includes determining a character position in a passcode associated with the user of the communications device of each character in a subset of characters of the passcode, wherein the character position in the passcode of each character in the subset is determined by a predetermined algorithm on the basis of a secret key associated with the communications device, an identifier of the user of the communications device, and a variable code, each of which is known to the communications device, indicating to the user of the communications device the determined character position in the passcode of each character in the subset and receiving an input from the user indicative of each character in the subset, and performing an unwrapping process on the SLUK transmitted by the transmitter, wherein the unwrapping process generates the LUK. The method further includes controlling a transmitter of the POS device to transmit the determined payment value and the LUK received from the communications device to a financial institution. The example embodiment may also include a recording medium configured to store a computer program configured to control a computer configured to perform the method.
  • Numerous modifications and variations of the present disclosure are possible in light of the above teachings. It is therefore to be understood that within the scope of the appended claims, the disclosure may be practiced otherwise than as specifically described herein.
  • In so far as embodiments of the disclosure have been described as being implemented, at least in part, by software-controlled data processing apparatus, it will be appreciated that a non-transitory machine-readable medium carrying such software, such as an optical disk, a magnetic disk, semiconductor memory or the like, is also considered to represent an embodiment of the present disclosure.
  • It will be appreciated that the above description for clarity has described embodiments with reference to different functional units, circuitry, and/or processors. However, it will be apparent that any suitable distribution of functionality between different functional units, circuitry, and/or processors may be used without detracting from the embodiments.
  • Described embodiments may be implemented in any suitable form including hardware, software, firmware or any combination of these. Described embodiments may optionally be implemented at least partly as computer software running on one or more data processors and/or digital signal processors. The elements and components of any embodiment may be physically, functionally, and logically implemented in any suitable way. Indeed the functionality may be implemented in a single unit, in a plurality of units, or as part of other functional units. As such, the disclosed embodiments may be implemented in a single unit or may be physically and functionally distributed between different units, circuitry, and/or processors.
  • Although the present disclosure has been described in connection with some embodiments, it is not intended to be limited to the specific form set forth herein. Additionally, although a feature may appear to be described in connection with particular embodiments, one skilled in the art would recognize that various features of the described embodiments may be combined in any manner suitable to implement the technique.

Claims (37)

1. A communications device for implementing an electronic payment process, the communications device comprising:
a receiver unit operable to:
receive a secure limited use key (SLUK) from a financial institution, wherein the SLUK is generated by the financial institution using (A) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device, and a variable code, and (B) a subset of the characters of a passcode associated with the user of the communications device, wherein each character in the subset is identified by its character position in the passcode, wherein the character position in the passcode of each of the characters in the subset is determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device, and the variable code, wherein the second key is a secret key, and wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset, and
receive the variable code from the financial institution;
a storage unit operable to store the received SLUK, the variable code, the second key associated with the user of the communications device, and the identifier which identifies the user of the communications device;
a controller operable to, in response to an operation by a user to initiate an electronic payment at a point of sale (POS) device, generate the character position in the passcode of each character in the subset, wherein the character position in the passcode of each character in the subset is determined by the predetermined algorithm on the basis of the second key, the identifier of the user of the communications device, and the variable code, as stored in the storage unit; and
a user interface operable to indicate to the user of the communications device the character position in the passcode of each character in the subset as generated by the controller and to receive an input from the user indicative of each character in the subset,
wherein the controller is operable to perform an unwrapping process on the SLUK stored in the storage unit using each character indicated by the input from the user, wherein the unwrapping process generates a second LUK, and wherein the communications device comprises a transmitter unit operable to transmit the generated second LUK to the financial institution for authentication of the electronic payment.
2. The communications device according to claim 1, wherein the receiver unit is operable to receive a message indicative of a successful electronic payment when the second LUK transmitted to the financial institution matches the first LUK generated by the financial institution and to receive a message indicative of a non-successful electronic payment when the second LUK transmitted to the financial institution does not match the first LUK generated by the financial institution.
3. The communications device according to claim 1, wherein the predetermined algorithm for generating the character position in the passcode of each character in the subset comprises the steps of:
(i) generating a cryptographic random number (CRN) by providing the second key, the identifier of the user of the communications device, and variable code as inputs to a Format Preserving Encryption (FPE) function;
(ii) determining whether the generated CRN has a number of characters greater than or equal to the number of characters of the passcode associated with the user of the communications device, wherein if the generated CRN has a number of characters greater than or equal to the number of characters of the passcode, then the algorithm proceeds to step (3), and wherein if the generated CRN does not have a number of characters greater than or equal to the number of characters of the passcode, then the algorithm repeats step (2);
(iii) determining whether the generated CRN has at least a predetermined number of unique characters, each of which is less than or equal to the number of characters of the passcode, wherein the predetermined number is the number of characters to be included in the subset of characters of the passcode, wherein if the number of unique characters, each of which is less than or equal to the number of characters of the passcode, is greater than or equal to the predetermined number, then the algorithm proceeds to step (4), and wherein if the number of unique characters, each of which is less than or equal to the number of characters of the passcode, is less than the predetermined number, then the algorithm repeats step (2); and
(iv) determining a set of the identified unique characters, each of which is less than or equal to the number of characters of the passcode, wherein the set comprises a number of the identified unique characters equal to the predetermined number, and wherein the identified unique characters in the set indicate the character position in the passcode of each character of the passcode to be included in the subset of characters of the passcode.
4. The communications device according to claim 1, wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset of characters of the passcode using a Password-Based Key Derivation Function 2 (PBKDF2) algorithm, and wherein the second LUK is generated using a corresponding PBKDF2 algorithm using each character indicated by the input from the user of the communications device.
5. The communications device according to claim 1, wherein the first key associated with the financial institution is an Issuer Master Key (IMK), wherein the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key, wherein the variable code has the format DDDNN, wherein DDD represents the number of days since a predetermined first day of the year and NN is a key sequence number ranging from 00 to 99, and wherein the identifier which identifies the user of the communications device is a Primary Account Number (PAN) associated with the user of the communications device.
6. (canceled)
7. (canceled)
8. (canceled)
9. The communications device according to claim 3, wherein the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key, wherein the identifier which identifies the user of the communications device is a 16 character Primary Account Number (PAN) associated with the user of the communications device, wherein the variable code has the format DDDNN, wherein DDD represents the number of days since a predetermined first day of the year and NN is a key sequence number ranging from 00 to 99, wherein inputs to the FPE function that generate the CRN are the second key, and wherein the inputs to the FPE function are the AES 128 bit secret second key and the sum of the 16 character PAN and variable code DDDNN.
10. The communications device according to claim 1, wherein the second LUK is transmitted to the financial institution as a cryptogram, wherein the controller is operable to generate a Key Check Value (KCV) using the second LUK, wherein the transmitter unit is operable to transmit the generated KCV to the financial institution together with the second LUK, and wherein the transmitter is operable to transmit the second LUK to the financial institution via the POS device.
11. (canceled)
12. The communications device according to claim 11, wherein the KCV is generated by an algorithm comprising the following steps:
(i) providing the second LUK and eight zero bytes as inputs to an encryption function; and
(ii) obtaining the first three bytes of the output to the encryption function, wherein the obtained first three bytes form the KCV.
13. The communications device according to claim 1, wherein following the operation by the user of the communications device to initiate an electronic payment at the POS device, the receiver unit is operable to receive a message from the POS device indicative of the payment value, and the controller is operable to determine whether or not the payment value exceeds a predetermined threshold, wherein the controller generates the character position in the passcode of each character in the subset, wherein the user interface indicates to the user of the communications device the character position in the passcode of each character in the subset and is operable to receive the input from the user indicative of each character in the subset, wherein the controller performs the unwrapping process on the SLUK using each character indicated by the input from the user to generate the second LUK, and wherein the transmitter unit transmits the generated second LUK to the financial institution only when the payment value exceeds the predetermined threshold.
14. The communications device according to claim 1, wherein the receiver unit and transmitter unit are operable to exchange signalling with the POS device using a Near Field Communication (NFC) interface and to exchange signalling with the financial institution using a longer range wireless access network (WAN) interface.
15. (canceled)
16. A payment device for implementing an electronic payment process at a financial institution, the payment device comprising:
a controller operable to generate a secure limited use key (SLUK) to be transmitted to a communications device, wherein the SLUK is generated by the controller using (A) a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device, and a variable code, and (B) a subset of the characters of a passcode associated with the user of the communications device, wherein each character in the subset is identified by its character position in the passcode, wherein the character position in the passcode of each of the characters in the subset is determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device, and the variable code, wherein the second key is a secret key, and wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset;
a transmitter unit operable to transmit the generated SLUK to the communications device; and
a receiver unit operable to receive a second LUK generated by the communications device, wherein the second LUK is generated by the communications device in response to an operation by the user of the communications device to initiate an electronic payment at a point of sale (POS) device, and wherein the generation of the second LUK comprises:
determining the character position in the passcode of each character in the subset, wherein the character position in the passcode of each character in the subset is determined by the predetermined algorithm on the basis of the second key, the identifier of the user of the communications device, and the variable code, each of which is known to the communications device;
indicating to the user of the communications device the determined character position in the passcode of each character in the subset and receiving an input from the user indicative of each character in the subset; and
performing an unwrapping process on the SLUK transmitted by the transmitter unit, wherein the unwrapping process generates the second LUK, and wherein the controller is operable to compare the received second LUK with the first LUK and authenticate the electronic payment only when the second LUK matches the first LUK.
17. The payment device according to claim 16, wherein the transmitter unit is operable to transmit a message indicative of a successful electronic payment in the case that the received second LUK matches the first LUK and to receive a message indicative of a non-successful electronic payment in the case that the received second LUK does not match the first LUK.
18. The payment device according to claim 16, wherein, in response to receipt of the second LUK, the controller is operable to regenerate the first LUK using the first key associated with the financial institution, the identifier which identifies the user of the communications device, and the variable code.
19. The payment device according to claim 16, wherein the predetermined algorithm for generating the character position in the passcode of each character in the subset comprises the steps of:
(i) generating a cryptographic random number (CRN) by providing the second key, identifier of the user of the communications device, and variable code as inputs to a Format Preserving Encryption (FPE) function;
(ii) determining whether the generated CRN has a number of characters greater than or equal to the number of characters of the passcode associated with the user of the communications device, wherein if the generated CRN has a number of characters greater than or equal to the number of characters of the passcode, then the algorithm proceeds to step (3), and wherein if the generated CRN does not have a number of characters greater than or equal to the number of characters of the passcode, then the algorithm repeats step (2);
(iii) determining whether the generated CRN has at least a predetermined number of unique characters, each of which is less than or equal to the number of characters of the passcode, wherein the predetermined number is the number of characters to be included in the subset of characters of the passcode, wherein if the number of unique characters, each of which is less than or equal to the number of characters of the passcode, is greater than or equal to the predetermined number, then the algorithm proceeds to step (4), and wherein if the number of unique characters, each of which is less than or equal to the number of characters of the passcode, is less than the predetermined number, then the algorithm repeats step (2); and
(iv) determining a set of the identified unique characters, each of which is less than or equal to the number of characters of the passcode, wherein the set comprises a number of the identified unique characters equal to the predetermined number, wherein the identified unique characters in the set indicate the character position in the passcode of each character of the passcode to be included in the subset of characters of the passcode.
20. The payment device according to claim 16, wherein the SLUK is generated by wrapping the first LUK using each of the characters in the subset of characters of the passcode using a Password-Based Key Derivation Function 2 (PBKDF2) algorithm, wherein the second LUK is generated using a corresponding PBKDF2 algorithm using each character indicated by the input from the user of the communications device, wherein the first key associated with the financial institution is an Issuer Master Key (IMK), wherein the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key, and wherein the variable code has the format DDDNN, and wherein DDD represents the number of days since a predetermined first day of the year and NN is a key sequence number ranging from 00 to 99.
21. (canceled)
22. (canceled)
23. (canceled)
24. The payment device according to claim 16, wherein the identifier which identifies the user of the communications device is a Primary Account Number (PAN) associated with the user of the communications device.
25. The payment device according to claim 19, wherein the second key associated with the user of the communications device is an Advanced Standards Encryption (AES) 128 bit secret key, wherein the identifier which identifies the user of the communications device is a 16 character Primary Account Number (PAN) associated with the user of the communications device, wherein the variable code has the format DDDNN, wherein DDD represents the number of days since a predetermined first day of the year and NN is a key sequence number ranging from 00 to 99, wherein the inputs to the FPE function for generating the CRN are the second key, and wherein the inputs to the FPE function are the AES 128 bit secret second key and the sum of the 16 character PAN and variable code DDDNN.
26. The payment device according to claim 16, wherein the second LUK is received from the communications device as a cryptogram, wherein the controller is operable to generate a corresponding cryptogram from the first LUK and to compare the cryptograms, wherein, if the cryptograms match, then the controller determines that the first LUK matches the second LUK, and wherein if the cryptograms do not match, then the controller determines that the first LUK does not match the second LUK.
27. The payment device according to claim 26, wherein the cryptogram is received together with a Key Check Value (KCV) generated by the communications device using the second LUK, and in the case that the second LUK does not match the first LUK, the controller is operable to generate a further KCV using the first LUK and to compare the received KVC with the further generated KCV, wherein if the received KCV matches the further generated KCV, then the controller determines that the characters of the subset of characters of the passcode were correctly input by the user of the communications device, and wherein if the received KCV does not match the further generated KCV, then the controller determines that the characters of the subset of characters of the passcode were not correctly input by the user of the communications device.
28. The payment device according to claim 27, wherein the further generated KCV is generated by an algorithm comprising the following steps:
(i) providing the first LUK and eight zero bytes as inputs to an encryption function; and
(ii) obtaining the first three bytes of the output to the encryption function, wherein the obtained first three bytes form the further generated KCV.
29. The payment device according to claim 16, wherein the receiver unit is operable to receive the second LUK from the communications device via the POS device.
30. A point of sale (POS) device for implementing an electronic payment process, the POS device comprising:
a controller operable to determine a payment value of a payment to be made by a user of a communications device;
a receiver operable to receive, from the communications device, a limited use key (LUK), wherein the LUK is generated by the communications device; and
a transmitter operable to transmit the determined payment value and the LUK received from the communications device to a financial institution,
wherein the generation of the LUK comprises:
determining a character position in a passcode associated with the user of the communications device of each character in a subset of characters of the passcode, wherein the character position in the passcode of each character in the subset is determined by a predetermined algorithm on the basis of a secret key associated with the communications device, an identifier of the user of the communications device, and a variable code, each of which is known to the communications device;
indicating to the user of the communications device the determined character position in the passcode of each character in the subset and receiving an input from the user indicative of each character in the subset; and
performing an unwrapping process on a SLUK transmitted by the transmitter, wherein the unwrapping process generates the LUK.
31. The POS device according to claim 30, wherein, prior to receiving the LUK from the communications device, the receiver is operable to receive signalling from the communications device indicative of an initiation of an electronic payment, and, in response, the controller is operable to control the transmitter to transmit signalling indicative of the payment value to the communications device.
32. (canceled)
33. (canceled)
34. (canceled)
35. (canceled)
36. (canceled)
37. (canceled)
US16/313,789 2016-06-30 2017-06-29 Communications device, point of sale device, payment device and methods Active 2038-11-18 US11847641B2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GB1611367.2 2016-06-30
GB1611367.2A GB2551775A (en) 2016-06-30 2016-06-30 Communications device, point of sale device, payment device and methods
GB1611367 2016-06-30
PCT/GB2017/051902 WO2018002626A1 (en) 2016-06-30 2017-06-29 Communications device, point of sale device, payment device and methods

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2017/051902 A-371-Of-International WO2018002626A1 (en) 2016-06-30 2017-06-29 Communications device, point of sale device, payment device and methods

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US18/541,281 Continuation US20240127236A1 (en) 2016-06-30 2023-12-15 Communications Device, Point Of Sale Device, Payment Device and Methods

Publications (3)

Publication Number Publication Date
US20200013054A1 US20200013054A1 (en) 2020-01-09
US20210201309A9 true US20210201309A9 (en) 2021-07-01
US11847641B2 US11847641B2 (en) 2023-12-19

Family

ID=56891266

Family Applications (2)

Application Number Title Priority Date Filing Date
US16/313,789 Active 2038-11-18 US11847641B2 (en) 2016-06-30 2017-06-29 Communications device, point of sale device, payment device and methods
US18/541,281 Pending US20240127236A1 (en) 2016-06-30 2023-12-15 Communications Device, Point Of Sale Device, Payment Device and Methods

Family Applications After (1)

Application Number Title Priority Date Filing Date
US18/541,281 Pending US20240127236A1 (en) 2016-06-30 2023-12-15 Communications Device, Point Of Sale Device, Payment Device and Methods

Country Status (6)

Country Link
US (2) US11847641B2 (en)
EP (1) EP3479323A1 (en)
JP (1) JP6692937B2 (en)
GB (1) GB2551775A (en)
PH (1) PH12018502748A1 (en)
WO (1) WO2018002626A1 (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8579853B2 (en) * 2006-10-31 2013-11-12 Abbott Diabetes Care Inc. Infusion devices and methods
WO2018013431A2 (en) 2016-07-11 2018-01-18 Visa International Service Association Encryption key exchange process using access device
US10515353B2 (en) * 2016-12-29 2019-12-24 Paypal, Inc. Electronic identification and authentication system
US11715099B2 (en) * 2017-12-20 2023-08-01 Mastercard International Incorporated Method and system for trust-based payments via blockchain
US11088829B2 (en) 2018-09-04 2021-08-10 International Business Machines Corporation Securing a path at a node
US11025413B2 (en) 2018-09-04 2021-06-01 International Business Machines Corporation Securing a storage network using key server authentication
US11991273B2 (en) 2018-09-04 2024-05-21 International Business Machines Corporation Storage device key management for encrypted host data
US11038671B2 (en) 2018-09-04 2021-06-15 International Business Machines Corporation Shared key processing by a storage device to secure links
US11038698B2 (en) 2018-09-04 2021-06-15 International Business Machines Corporation Securing a path at a selected node
US10764291B2 (en) 2018-09-04 2020-09-01 International Business Machines Corporation Controlling access between nodes by a key server
US10833860B2 (en) 2018-09-04 2020-11-10 International Business Machines Corporation Shared key processing by a host to secure links
US10833856B2 (en) 2018-09-04 2020-11-10 International Business Machines Corporation Automatic re-authentication of links using a key server
CN115660680A (en) 2019-01-09 2023-01-31 维萨国际服务协会 Methods, systems, and computer program products for network binding agent re-encryption and PIN translation
US10614208B1 (en) * 2019-02-21 2020-04-07 Capital One Services, Llc Management of login information affected by a data breach
US10757676B1 (en) * 2019-03-08 2020-08-25 Tile, Inc. Commissioning electronic devices for use in a tracking system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110208964A1 (en) * 2010-02-24 2011-08-25 Arcot Systems, Inc. Method and apparatus for applying a partial password in a multi-factor authentication scheme
US20140169554A1 (en) * 2012-12-19 2014-06-19 Verifyle, Inc. System, processing device, computer program and method, to transparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords
US20150178724A1 (en) * 2013-12-19 2015-06-25 Hao Ngo Limited-use keys and cryptograms
US20160080381A1 (en) * 2014-09-12 2016-03-17 Id.Me, Inc. Systems and methods for online third-party authentication of credentials
EP3062271A1 (en) * 2015-02-27 2016-08-31 Samsung Electronics Co., Ltd. Electronic device including electronic payment system and operating method thereof
US20170155513A1 (en) * 2015-11-30 2017-06-01 Microsoft Technology Licensing, Llc Trusted Platform Module (TPM) Protected Device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001268649A (en) * 2000-03-22 2001-09-28 Nec Commun Syst Ltd Method and system for preventing illegal use of terminal device for mobile communication
JP3408228B2 (en) * 2000-06-19 2003-05-19 順子 杉中 Service providing device and recording medium
JP2002041789A (en) * 2001-04-13 2002-02-08 Sanwa Bank Ltd Contractor confirmation system, system and method for proposing, and confirmation card
US7882361B2 (en) * 2004-02-05 2011-02-01 Oracle America, Inc. Method and system for accepting a pass code
US20090144162A1 (en) * 2007-11-29 2009-06-04 Neil Milne Transaction Security Method and Apparatus
US10515359B2 (en) * 2012-04-02 2019-12-24 Mastercard International Incorporated Systems and methods for processing mobile payments by provisioning credentials to mobile devices without secure elements
CN103391188A (en) * 2013-07-17 2013-11-13 成都卫士通信息产业股份有限公司 Secret key management method based on symmetric secret key mechanism
CN103856640B (en) * 2014-01-07 2015-07-01 腾讯科技(深圳)有限公司 Method and system for processing user resource information

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110208964A1 (en) * 2010-02-24 2011-08-25 Arcot Systems, Inc. Method and apparatus for applying a partial password in a multi-factor authentication scheme
US20140169554A1 (en) * 2012-12-19 2014-06-19 Verifyle, Inc. System, processing device, computer program and method, to transparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords
US20150178724A1 (en) * 2013-12-19 2015-06-25 Hao Ngo Limited-use keys and cryptograms
US20160080381A1 (en) * 2014-09-12 2016-03-17 Id.Me, Inc. Systems and methods for online third-party authentication of credentials
EP3062271A1 (en) * 2015-02-27 2016-08-31 Samsung Electronics Co., Ltd. Electronic device including electronic payment system and operating method thereof
US20170155513A1 (en) * 2015-11-30 2017-06-01 Microsoft Technology Licensing, Llc Trusted Platform Module (TPM) Protected Device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Roongroj, Mobile Digital Right Management with enhanced security using limited-use session keys, 2015 12th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2015, p.1-5 *

Also Published As

Publication number Publication date
US11847641B2 (en) 2023-12-19
US20240127236A1 (en) 2024-04-18
WO2018002626A1 (en) 2018-01-04
GB201611367D0 (en) 2016-08-17
US20200013054A1 (en) 2020-01-09
JP2019527950A (en) 2019-10-03
EP3479323A1 (en) 2019-05-08
JP6692937B2 (en) 2020-05-13
GB2551775A (en) 2018-01-03
PH12018502748A1 (en) 2019-09-30

Similar Documents

Publication Publication Date Title
US20240127236A1 (en) Communications Device, Point Of Sale Device, Payment Device and Methods
CN112602300B (en) System and method for password authentication of contactless cards
US12058263B2 (en) Token offline provisioning
CN113168635A (en) System and method for password authentication of contactless cards
EP2733654A1 (en) Electronic payment method, system and device for securely exchanging payment information
US20140279555A1 (en) Dynamically allocated security code system for smart debt and credit cards
CN116722990B (en) System and method for enhancing strength of encryption algorithm
CN106462843A (en) Master applet for secure remote payment processing
CN112789643A (en) System and method for password authentication of contactless cards
JP2024102214A (en) System and method for cryptographic authentication of contactless card
CN109120395A (en) Label data generation method, label and the data processing based on NFC label
US12081582B2 (en) Systems and methods for signaling an attack on contactless cards
US11386427B2 (en) System for secure authentication of a user's identity in an electronic system for banking transactions
EP2787475A2 (en) Dynamically generated security code system for smart, debit and credit cards
CN113259308A (en) System and method for preventing token authentication replay attacks
CN107636664A (en) For to the method and system of mobile device supply access data
CN112805757B (en) System and method for password authentication of contactless cards

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: IPCO 2012 LIMITED, GREAT BRITAIN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:UPADHYE, NILESH;REEL/FRAME:048908/0091

Effective date: 20190412

FEPP Fee payment procedure

Free format text: PETITION RELATED TO MAINTENANCE FEES GRANTED (ORIGINAL EVENT CODE: PTGR); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE