WO2004006484A2 - Procede permettant d'effectuer des transactions financieres au moyen de communications de donnees infrarouge - Google Patents

Procede permettant d'effectuer des transactions financieres au moyen de communications de donnees infrarouge Download PDF

Info

Publication number
WO2004006484A2
WO2004006484A2 PCT/US2003/020995 US0320995W WO2004006484A2 WO 2004006484 A2 WO2004006484 A2 WO 2004006484A2 US 0320995 W US0320995 W US 0320995W WO 2004006484 A2 WO2004006484 A2 WO 2004006484A2
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
data
electronic device
payment
account
Prior art date
Application number
PCT/US2003/020995
Other languages
English (en)
Other versions
WO2004006484A3 (fr
Inventor
Jagdeep Singh Sahota
Thanigaivel Ashwin Raj
Ann-Pin Chen
Original Assignee
Visa International Service Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/439,635 external-priority patent/US6988534B2/en
Application filed by Visa International Service Association filed Critical Visa International Service Association
Priority to AU2003248817A priority Critical patent/AU2003248817A1/en
Publication of WO2004006484A2 publication Critical patent/WO2004006484A2/fr
Publication of WO2004006484A3 publication Critical patent/WO2004006484A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/388Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • Magnetic stripe credit cards provide consumers with an easy and secure method for paying for a transaction which is also widely accepted around the world.
  • credit card shall mean any magnetic stripe card, including cards for conducting a credit transaction, a debit transaction, check cards and loyalty cards.
  • a consumer will approach the point of sale to purchase one or more items.
  • the point of sale may be automated, or attended by a representative of the merchant.
  • the items to be purchased may be identified to a point of sale device, such as a cash register, and the total bill of sale will be determined.
  • the consumer will be requested to identify their means of payment. If the consumer elects to pay for the items using a credit card, the consumer will present the card at the point of sale, which will swipe the card through a magnetic card reader, such as that disclosed by Chang, et al. in U.S. Patent No. 4,788,420.
  • the magnetic reader will access account information stored on a magnetic stripe on the back of the credit card and will use such information to determine the approval or disapproval of the transaction.
  • the consumer may be required to enter a personal identification number (i.e. PLN) and/or to sign a paper receipt indicating approval of the transaction.
  • the signature may be made on a scanning device incorporated to the magnetic stripe reader, such as that disclosed by Terrell in U.S. Patent No. 6,076,731.
  • integrated circuits were imbedded on credit cards to provide substantially increased functionality.
  • Credit cards with imbedded integrated circuits (known commonly as integrated circuit cards) represented a significant increase in functionality over magnetic stripe cards.
  • the integrated circuit typically included memory such as random access memory (RAM) and electrically erasable programmable read only memory (EEPROM) which allow the integrated circuit card to store orders of magnitude more information than the typical magnetic stripe card.
  • the integrated circuit will typically include a microprocessor for managing data flow and processing instruction sets. This allowed issuers of integrated circuit cards to include multiple financial instruments on a single card.
  • a single integrated circuit card may provide the functionality for conducting credit based transactions, debit transactions, ATM functionality, as well as reward programs, discounts and special offers.
  • a contactless credit card utilized radio frequency technology to communicate with the card reader.
  • the contactless credit card has coiled antennae within the card itself which provides communication between the card and the reader and also provides means for powering the card by an inductively coupling the card to an electro-magnetic field.
  • contactless technology seeks to significantly reduce one of the primary cost components for credit cards.
  • Both magnetic stripe cards and integrated circuit cards must be placed in physical contact with a reader, which transfers the data residing on the card (either the magnetic stripe or the memory in the integrated circuit) to the point of sale for processing.
  • the physical contact required for such reading step results in wear and tear on the card itself, ultimately requiring its replacement at additional cost.
  • Attempts at utilizing RF technology eliminated the need to place the credit card in physical contact with a reader thereby significantly reducing this physical cost component. Nonetheless, even contactless credit cards will require replacement due to expiration, theft, and loss, with the associated replacement costs.
  • Infrared technology is estimated to be in over 300 million electronic devices, including desktop computers, notebook computers, palm PC's, printers, digital cameras, public phones/kiosks, cellular phones, pagers, personal digital assistants, watches, and other mobile devices.
  • Infrared technology provides a. high speed, short range, line of sight, wireless data transfer technology which is suitable for one-way or bi-directional data exchange.
  • infrared technology is widely used to exchange information between physical components of a computer such as printers, mice and keyboards, and also providing an interface to digital cameras and PDA's.
  • IrDA Infrared Data Association
  • IrFM Infrared Financial Messaging
  • This profile provides for a standard means for conducting a financial transaction between two infrared-enabled devices.
  • a PDA or mobile phone would be preloaded with a consumer's financial instruments and have the ability to initiate a credit card, debit card, or check transaction via infrared transport of the necessary information to the point of sale.
  • the information that is stored in the consumer's device would be transmitted to a credit card reader, ATM or other point of sale terminal for payment processing.
  • FIG. 1 shows the protocol stack as implemented on both the PTD, and the POS.
  • FIG. la shows a representation of the stack implemented on the PTD.
  • the IrDA hardware 101 which is needed to support the functionality for infrared data exchange.
  • Proprietary protocols have been developed for both the data link layer 102 and the network layer 103 for establishing the orderly transfer of data between the devices.
  • the transport layer 104 uses a Tiny TP protocol for managing the exchange of data packets.
  • OBEX session protocols 105 reside at the session layer.
  • the POS and PTD will operate in a client-server relationship.
  • the PTD will respond to requests for interaction made by the POS and therefore will serve in the role of server and the POS will function as the client.
  • the IrDA has developed core protocols 106 which sit on the OBEX server and support the proprietary financial instruments 107.
  • the POS has a corresponding stack, shown in FIG. lb with the necessary hardware 110, data links 111, " network protocols 112, any data exchange protocols 113.
  • the POS operates in the role as an OBEX client 114 at the session level and will support any corresponding core protocols 115.
  • the POS will have proprietary services 116, installed which must correspond with proprietary services on the PTD 107 in order for a transaction to be conducted.
  • PTD's can continuously operate in a normal environment from 1 to 2 meters away. If power consumption by the PTD is of particular concern, or if battery levels are low, a low power mode can be utilized allowing effective operation from 20 to 30 centimeters away. In the low power mode, the power consumption may be as much as 10 times less than the power required for normal operation.
  • the IrDA profile describes the protocols for the exchange of data to conduct a financial transaction over an IR-enabled network
  • the profile does not describe the methodology of implementing a financial instrument, such as a credit card. Accordingly, there is a need for a methodology for implementing financial instruments operating in an IR-enabled environment.
  • an application utilizing a quick and secure IR data exchange to effect a point of sale transaction at a fixed price.
  • the present invention describes a method for conducting a credit or a debit transaction utilizing IR-enabled mobile electronic devices in communication with IR-enabled point of sale devices.
  • the present invention enables a * mobile electronic device to effect a transaction with a point of sale device where the transaction is accomplished with minimal data exchanged between the IR-enabled mobile electronic device and the IR-enabled POS device.
  • the IR-enabled mobile electronic device is pre-loaded with the information necessary to conduct a standard magnetic stripe based credit or debit transaction.
  • standard protocols for conducting a financial transaction may be utilized.
  • FIG. la and lb are representations of the IrDA protocol stack implemented on a mobile electronic device and point of sale terminal.
  • FIG. 2a and 2b is a drawing of the modified IrDA stack on a mobile electronic device and a point of sale device which is part of the present invention.
  • FIG. 3 is a flow diagram of the steps to complete a transaction with minimal data exchanges in the present invention.
  • FIG. 4 is a record diagram of the data primitive utilized in the present invention.
  • FIG. 5 is a flow diagram of the steps to complete a transaction in the present invention.
  • FIG. 6 is a flow diagram of the steps tcf complete a transaction and provide a transaction receipt in the present invention.
  • DETAILED DESCRIPTION OF THE INVENTION [0020]
  • the present invention provides a method for conducting a transaction utilizing an IR-enabled portable electronic device which has some or all of a customer's payment applications deployed thereon.
  • the present invention allows consumers to utilize their personal digital assistants ("PDA's"), pagers, mobile phones, and other electronic personal trusted devices (collectively referred to as PTD's) to store financial instruments thereon for use in conducting a transaction with an IR-enabled point of sale terminal ("POS”) where data exchange is by infrared communication.
  • PDA's personal digital assistants
  • POS IR-enabled point of sale terminal
  • a single hand held ' device can be utilized to preferably store and.
  • the present invention may be utilized to exchange financial information and assets outside a retail setting such as in business to business exchange or in. personal peer to peer exchanges.
  • a retail setting such as in business to business exchange or in. personal peer to peer exchanges.
  • the present invention allows companies entering into contractual relationships to make required payments under the contract simply by connecting PTD's and exchanging the appropriate financial data.
  • the present invention may be used to exchange financial assets between accounts. For example, a parent may debit their child's account as the child matriculates to school rather than writing a paper check or providing cash. The child could then use the PTD to purchase necessary supplies.
  • the present invention provides a quick and secure method to utilize a PTD to. conduct fixed price transactions.
  • a modified IrFM stack is deployed on a PTD and a POS.
  • the PTD has an IrDA hardware layer 202, IrFM specified protocols at the data link layer 202, a network layer 203, and the transport layer 204.
  • the session layer 205 may similarly be configured with OBEX session protocols.
  • the present invention deploys the payment service application 206 directly on the session layer 205.
  • the core protocols 207 utilized in a standard IrFM environment also sit directly on the session layer 205. This allows use of the PTD with services 208 which rely on the core protocols 207 which services 208 sit on top of the core protocols 207 themselves.
  • FIG. 2b shows the required stack mirrored on " the POS with the corresponding hardware layer 221, data link layer 222, network layer 223, transport layer 224, and session layer 225.
  • the present invention deploys the payment service application 226 directly on the session layer 225.
  • the core protocols 227 necessary to support additional IrFM-compliant services 228 also sit directly on the session layer 225.
  • an application for performing a transaction, or other exchange of data can be accomplished quickly and securely.
  • the present invention finds use in environments not typically amenable to non-cash based transactions such as transit environments, street vendors and vending machines.
  • the PTD is powered 301 and sends a DR. signal 305 indicating it is ready to initiate data exchange.
  • the POS receives the IR signal 310 from the PTD and discovers the PTD 315.
  • a data link is established 320 between the PTD and the POS as is a network link 325 and a transport link 330.
  • a directed OBEX connection is a targeted connection between intended services or applications.
  • a directed OBEX session 335 is established between the payment service which resides on the PTD and the corresponding payment service which resides on the POS device.
  • the POS and the PTD operate in a client-server relationship where the POS serves as the client and the PTD the server.
  • the PTD and POS may establish a reliable OBEX session, the present invention makes this extra step unnecessary.
  • a reliable OBEX session allows the PTD and POS to re-establish a prematurely terminated connection at the same data transmission point at which the connection was terminated.
  • the PTD requests payment data and key data 340 from the POS. Once this data is received, the PTD returns to the POS payment response data in a data primitive 345 which is described more fully in FIG. 3.
  • the payment response data is encrypted utilizing the key data received from the POS and a common encryption algorithm which has been preloaded on both the POS and PTD.
  • FIG. 4 is a diagram of the payment primitive which is utilized in communications between the PTD and the POS in the present invention.
  • a primitive is a set of data objects which can be used to exchange information in the course of the transaction.
  • the payment primitive 400 has three data tags, which identifies three data sets to be exchanged.
  • the first data tag 401 identifies the entire primitive 400 and is mandatory.
  • This tag 401 is followed by a length identifier field 402 which identifies the total number of bytes in primitive 400.
  • Field 403 is an indicator field which indicates that account information is following and will be of a length set forth in the length identifier field 404.
  • the data object for the account information 405 follows.
  • the account information may include an account number necessary to identify the service being provided by the"issuer of the service.
  • the service may be a stored value card issued by a merchant and the account information may comprise information necessary to update the stored value account.
  • the account information comprises track 2 data for a credit card. Track 2 data is understood in the credit card industry to refer to that data which is necessary to a credit card transaction and includes the account number for the service being provided, expiration date, the name of the card service holder, and necessary service codes.
  • the primitive 400 may have two additional data sets, each identified by separate tags.
  • the optional second tag 410 identifies the data set for the exchange of domestic data.
  • Domestic processing data refers to data such as an ISO-compliant country code, data allowing for the accommodation of domestic variations in payment information and transaction processing requirements, an identifier for the provider of the service identified in the account information 405, and data to enable a transaction to be processed internally within its country of origin.
  • market research such as country specific tracking and usage analysis, could also utilize this optional data field. Using these fields, purchasing trends can be tracked including the number of items purchased, locations of purchases, time of purchases, and other information useful or desirable in monitoring trends.
  • the domestic data set can be of variable length not exceeding 256-bytes which is identified in the length identifier field 411.
  • the country code data is identified by a country code tag 412 with a length identifier field 413 which is restricted to a 2-byte length. Other lengths are not necessary as the country code which is set forth in field 414 is ISO-compliant.
  • the domestic processing data set is identified by tag 415, can be of variable length set forth in the length identifier field 416, with the data residing at field 417.
  • the optional third tag 420 identifies the data set for issuer program data which includes data related to voucher-type services, such as loyalty programs, coupons, tickets, issuer identification details and similar services.
  • issuer program data comprises key data which is used to access and enable such coupons, tickets, or programs at remote locations.
  • issuer program data may include an identifier in instances where the service provided is co-branded. For example, the user may accumulate frequent flyer miles by using the service when the service is co-branded with a participating airline.
  • the issuer program data fields can be used to identify the participating airline and/or the frequent flyer account of the user.
  • the issuer program data set can be of variable length not exceeding 256-bytes which is identified in the length identifier field 421.
  • the data set for the program identification which provides for identification of the particular voucher or other service which an issuer may implement through use of this data set, is identified by tag 422 with a length identifier field 423 which is restricted to 4-bytes.
  • the program identification field 424 contains a unique identifier for the program, which identifier typically will be the last four bytes of the universally unique identifier ("UUTD") for the program. Alternately, the program identification field 424 may utilize unique identifiers other than the last four bytes of the UULD.
  • UUTD universally unique identifier
  • the unique identifier may be any four bytes of the UULD, unrelated to the UUID, a hash of the UUID, or an identifier unrelated to the UULD.
  • the UUID is a 128-bit value which is guaranteed to be unique across space and time until roughly 3400 A.D. Additional data required for the implementation of the program is identified by tag 426, can be of variable length set forth in length identifier field 427, with the data residing in field 428.
  • FIG. 5 is a flow diagram of the steps followed to accomplish a transaction in this embodiment of the present invention.
  • the PTD generates an IR signal 501 which is received by the POS 505.
  • the POS determines that the PTD is attempting to initiate a transaction and begins the discovery process.
  • the discovery 506 of the PTD by the POS is accomplished and a data link 507, network connection 508 and transport link 509 are established.
  • the POS initiates a reliable directed OBEX session which is established with the PTD 510.
  • the IrDA compliant stack specifies use of an OBEX session, other session protocols may be used.
  • a reliable OBEX session is used the PTD and the POS can re-establish a terminated connection at the same data transmission point at which the connection was lost. As a result, the transaction will not have to be restarted anew, rather it will be possible to pick up the transaction at the point the transaction was lost.
  • the POS will communicate to the PTD a list of financial instruments which the POS supports.
  • the POS may support credit and debit card transactions, and may also include other instruments.
  • the PTD checks the list received from the POS and commonly supported applications are displayed to the user for selection.
  • a connection is then established between a common payment service on both the POS and the PTD.
  • the POS device and PTD exchange information regarding the type of security to be used for the transaction 511.
  • Various levels of security can be used for a given transaction, the only requirement being that the type of security must be supported by both the PTD and the POS.
  • the POS provides the PTD a definition of the encryption key to be used in the exchange of information 512. This may contain information such as the data required to generate a key, certificates in an asymmetric implementation, or the
  • a payment primitive is communicated from the PTD to the POS 513.
  • the payment primitive such as that shown in FIG. 4, provides for the exchange of information necessary to affect payment of the transaction, as well as information related to vouchers, loyalty programs, gift cards, and other instruments that may be pre-selected.
  • the payment information is presented to the point of sale device, which proceeds to process the transaction in its normal manner. At that point in time, the POS device and the PTD disconnect and the transaction is completed.
  • a transaction may be accomplished between the POS and PTD with reporting data, such as an electronic receipt, being provided to the PTD.
  • reporting data such as an electronic receipt
  • the PTD is discovered 601 by the POS and a reliable OBEX session is established 602 between the two devices, and a connection made between the core payment services 603.
  • the POS then provides the PTD with information related to the merchant involved in the transaction 604, which may include the name and location of the merchant, a unique identifier for the merchant, the type of business being done by the merchant and potentially additional information which is necessary or desirable to exchange.
  • the POS sends to the PTD transaction information 605 which could then be displayed to the user.
  • This information may include the . type of transaction being executed, the amount of the transaction, including any adjustments, the currency of the transaction.
  • the POS forwards the PTD additional information related to the transaction 606, including the total number of items purchased and a listing of those items.
  • the two devices will then exchange information on the type of security to be used 607 for the transaction and the POS will send to the PTD information defining the encryption key to be used 608.
  • Payment information is then communicated 609 from the PTD to the POS utilizing a payment primitive, such as that shown in FIG. 4.
  • the POS sends a transaction log to the PTD 610 which comprises information related to the transaction which the consumer can use to compare to his credit card bill at the end of the month.
  • the transaction is then completed and the devices disconnect 611 from each other.
  • the PTD can be utilized to manage and store information related to each transaction more conveniently than through paper receipts traditionally issued in a card-based transaction.
  • the receipts may be a legally recognizable receipt which can be stored on the hand held device and may be printed therefrom.
  • information comprising a summary of the transaction could be stored to the PTD, which information would be useful for record keeping purposes, but otherwise would not be effective for legal purposes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

L'invention concerne un procédé et un dispositif permettant d'effectuer une transaction entre des dispositifs électroniques dans lesquels des données de transaction sont échangées sur une fréquence infrarouge. Des premier et second dispositifs électroniques, un algorithme de chiffrement commun étant déployé sur chaque dispositif, établissent une liaison de communications infrarouge. Le second dispositif électronique émet une demande de transaction conjointement avec une clé de chiffrement vers le premier dispositif électronique. Celui-ci retourne des données de réponse au second dispositif électronique, ces données de réponse étant chiffrées au moyen de l'algorithme de chiffrement commun et de la clé de chiffrement. Un compte à utiliser dans la transaction est dérivé des données de réponse permettant d'achever la transaction.
PCT/US2003/020995 2002-07-10 2003-07-07 Procede permettant d'effectuer des transactions financieres au moyen de communications de donnees infrarouge WO2004006484A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003248817A AU2003248817A1 (en) 2002-07-10 2003-07-07 Method for conducting financial transactions utilizing infrared data communications

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US39488102P 2002-07-10 2002-07-10
US60/394,881 2002-07-10
US10/439,635 US6988534B2 (en) 2002-11-01 2003-05-16 Method and apparatus for flexible fluid delivery for cooling desired hot spots in a heat producing device
US10/439,635 2003-05-16

Publications (2)

Publication Number Publication Date
WO2004006484A2 true WO2004006484A2 (fr) 2004-01-15
WO2004006484A3 WO2004006484A3 (fr) 2004-07-01

Family

ID=30118447

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/020995 WO2004006484A2 (fr) 2002-07-10 2003-07-07 Procede permettant d'effectuer des transactions financieres au moyen de communications de donnees infrarouge

Country Status (2)

Country Link
AU (1) AU2003248817A1 (fr)
WO (1) WO2004006484A2 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2414994A1 (fr) * 2009-04-02 2012-02-08 QUALCOMM Incorporated Système et procédé de conduite de transactions à l'aide d'un dispositif sans fil

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892824A (en) * 1996-01-12 1999-04-06 International Verifact Inc. Signature capture/verification systems and methods
US6175922B1 (en) * 1996-12-04 2001-01-16 Esign, Inc. Electronic transaction systems and methods therefor
US6553351B1 (en) * 1996-05-24 2003-04-22 Eduard Karel De Jong System with and method of cryptographically protecting communications
US6595342B1 (en) * 2000-12-07 2003-07-22 Sony Corporation Method and apparatus for a biometrically-secured self-service kiosk system for guaranteed product delivery and return

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892824A (en) * 1996-01-12 1999-04-06 International Verifact Inc. Signature capture/verification systems and methods
US6553351B1 (en) * 1996-05-24 2003-04-22 Eduard Karel De Jong System with and method of cryptographically protecting communications
US6175922B1 (en) * 1996-12-04 2001-01-16 Esign, Inc. Electronic transaction systems and methods therefor
US6595342B1 (en) * 2000-12-07 2003-07-22 Sony Corporation Method and apparatus for a biometrically-secured self-service kiosk system for guaranteed product delivery and return

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2414994A1 (fr) * 2009-04-02 2012-02-08 QUALCOMM Incorporated Système et procédé de conduite de transactions à l'aide d'un dispositif sans fil
EP2414994A4 (fr) * 2009-04-02 2014-03-26 Qualcomm Inc Système et procédé de conduite de transactions à l'aide d'un dispositif sans fil

Also Published As

Publication number Publication date
AU2003248817A1 (en) 2004-01-23
AU2003248817A8 (en) 2004-01-23
WO2004006484A3 (fr) 2004-07-01

Similar Documents

Publication Publication Date Title
US20040015451A1 (en) Method for conducting financial transactions utilizing infrared data communications
US10332087B2 (en) POS payment terminal and a method of direct debit payment transaction using a mobile communication device, such as a mobile phone
AU2007261035B2 (en) Portable consumer device configured to generate dynamic authentication data
US8565723B2 (en) Onetime passwords for mobile wallets
AU2009243159B2 (en) Portable device including alterable indicator
AU2008288946B2 (en) Method and system for implementing a dynamic verification value
US9547861B2 (en) System and method for wireless communication with an IC chip for submission of pin data
US8095113B2 (en) Onetime passwords for smart chip cards
US7853523B2 (en) Secure networked transaction system
AU2008299100B2 (en) Host capture
US20090119170A1 (en) Portable consumer device including data bearing medium including risk based benefits
AU2009239396B2 (en) Prepaid portable consumer device including accumulator
AU2007217901A1 (en) Cash redemption of gift cards systems and methods
WO2004012352A1 (fr) Dispositif mobile equipe d'un dispositif de lecture/ecriture de carte a puce intelligente sans contact
MX2011003425A (es) Sistemas, metodos, y medio leible por computadora para la transferencia de tarjeta virtual de pago y no pago entre dispositivos moviles.
KR100945415B1 (ko) 해외카드의 결제 처리 방법 및 시스템과 이를 위한 카드단말장치
WO2007149830A2 (fr) dispositif grand public portable configuré pour générer des données d'authentification dynamique
WO2004006484A2 (fr) Procede permettant d'effectuer des transactions financieres au moyen de communications de donnees infrarouge
KR200219045Y1 (ko) 휴대형 정보관리단말기
AU2015218423A1 (en) Systems, methods, and computer readable media for payment and non-payment virtual card transfer between mobile devices
KR20060028532A (ko) 전자화폐 결제 시스템 및 그의 거래내역 처리 방법
KR20020083523A (ko) 광송신기가 내장된 휴대단말기의 배터리팩

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP