WO2009071734A1 - Authentification de transaction - Google Patents

Authentification de transaction Download PDF

Info

Publication number
WO2009071734A1
WO2009071734A1 PCT/FI2007/000288 FI2007000288W WO2009071734A1 WO 2009071734 A1 WO2009071734 A1 WO 2009071734A1 FI 2007000288 W FI2007000288 W FI 2007000288W WO 2009071734 A1 WO2009071734 A1 WO 2009071734A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
controller
communications protocol
authentication information
authentication
Prior art date
Application number
PCT/FI2007/000288
Other languages
English (en)
Inventor
Ari VEPSÄLÄINEN
Marco Sandrini
Original Assignee
Nokia Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation filed Critical Nokia Corporation
Priority to EP07858312A priority Critical patent/EP2218238A1/fr
Priority to PCT/FI2007/000288 priority patent/WO2009071734A1/fr
Priority to CN200780101647A priority patent/CN101868953A/zh
Publication of WO2009071734A1 publication Critical patent/WO2009071734A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/208Use of an ATM as a switch or hub
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data

Definitions

  • the invention concerns an apparatus comprising an interface arranged to conduct a transaction via a short-range communications interface. Furthermore the invention concerns a wireless apparatus comprising an interface arranged to conduct a transaction via the short-range communications interface. Yet furthermore the invention concerns a method for operating the apparatuses. Yet furthermore the invention concerns a computer program arranged to perform operations of the method when stored and run on a computer.
  • wireless communication apparatuses Modern society has quickly adopted, and become reliant upon, handheld apparatuses for wireless communication. For example, cellular telephones continue to proliferate in the global marketplace due to technological improvements in both the communication quality and device functionality.
  • These wireless communication apparatuses have become common for both personal and business use, allowing users to transmit and receive voice, text and graphical data from a multitude of geographic locations.
  • the communication networks utilized by these apparatuses span different frequencies and cover different transmission distances, each having strengths desirable for various applications.
  • the wireless communication apparatuses can communicate with short-range and wide area wireless communications networks.
  • Short-range wireless networks provide communication solutions that avoid some of the problems seen in large cellular- networks.
  • BluetoothTM is an example of a short-range wireless technology quickly gaining acceptance in the marketplace.
  • a 1 Mbps BluetoothTM radio may transmit and receives data at a rate of 720 Kbps within a range of 10 meters, and may transmit up to 100 meters with additional power boosting.
  • Enhanced data rate (EDR) technology also available may enable maximum asymmetric data rates of 1448 Kbps for a 2 Mbps connection and 2178 Kbps for a 3 Mbps connection.
  • a user does not actively instigate a BluetoothTM network. Instead, a plurality of devices within operating range of each other may automatically form a network group called a "piconet".
  • Any apparatus may promote itself to the master of the piconet, allowing it to control data exchanges with up to seven "active" slaves and 255 "parked” slaves. Active slaves exchange data based on the clock timing of the master. Parked slaves monitor a beacon signal in order to stay synchronized with the master. These apparatuses continually switch between various active communication and power saving modes in order to transmit data to other piconet members.
  • BluetoothTM other popular short-range wireless networks include WLAN (of which "Wi-Fi" local access points communicating in accordance with the IEEE 802.11 standard, is an example), WUSB, UWB and ZigBee (802.15.4, 802.15.4a). All of these wireless mediums have features and advantages that make them appropriate for various applications.
  • near field communications technologies which can be considered for providing very short-range or near to touch communication technologies, have become more interesting lately for providing new use and functionality to wireless communication devices.
  • An example of near field communications technologies comprise Radio Frequency Identification (RFID) technology, which already exists in various consumers applications from transportation and payment systems to various identification systems including implantable RFID tags.
  • RFID Radio Frequency Identification
  • NFC Near Field Communication
  • the technology is based on RFID, which makes it compatible with the existing contactless infrastructure already in use for public transportation and payment.
  • Near Field Communication (NFC) Forum is a non-profit industry association that promotes the use of NFC short-range wireless interaction in various consumer electronics, wireless devices and PCs. The NFC Forum supports implementation and standardization of NFC technology to make it easier to get information, easier to pay for goods and services, easier to use public transport, and easier to share data between devices.
  • a wireless device such as, for example, a mobile phone implementing a radio frequency identification (RFID) transponder may be utilized to provide/present a digitally coded or electronic ticket, which has been obtained before, to a ticket checkpoint system of an entrance of a public transportation system.
  • the digitally coded ticket is read out by corresponding radio frequency identification (RFID) reader, with which the checkpoint system is equipped, and is analyzed thereby.
  • RFID radio frequency identification
  • the digitally coded tickets are not necessarily only a piece of code. They may also include authentication information, such as for instance in case of 30 travel tickets, wherein the actual purchase of a ticket may need to be included in the ticketing application, so that an inspector notices that the person has actually purchased those tickets.
  • such a ticket checkpoint system may be available for public transportation systems in various cities, which may result in the requirement for coding different digitally coded tickets.
  • the illustrated ticket checkpoint system may be extended to similar digitally coded records such as credit card information, loyalty card information, cinema tickets and the like, where the portable terminal performs information exchange with the very same equipment, e.g. point-of-sale equipment.
  • the same applications may be realized by using optical or visual codes presented by an optical or visual encoding means and an optical or visual scanning means allowing for reading-out the optical or visual codes from the optical or visual encoding means.
  • smartcards provide application developer with a secure and tamperproof environment for developing high value, secure and complex applications.
  • Said smartcards include a central processing unit as well as secure memory areas making unwanted access by third parties very difficult.
  • cryptographic means are provided within the smartcard, which opens the deployment of smartcards for secure applications like banking or even personal identification applications.
  • smart cards create a secure environment for storing items of monetary value while the contactless feature is fast and convenient for users who only need to bring the card in close proximity to a card reader. These types of contactless cards do not require a Personal Identification Number (PIN) and are therefore suited for high-volume, low-value transactions.
  • PIN Personal Identification Number
  • ATM Automated Teller Machine
  • a kiosk to transfer money from a checking account, savings account, a credit card account or by inserting cash into the ATM.
  • the user puts their ATM card or cash into the machine and positions a contactless card near the contactless reader/writer to complete the transfer of money.
  • These ATMs are typically located at the entrance to the transit station where the customers purchase transit tokens.
  • the popularity of contactless cards for transit has grown so that other vendors in area surrounding the transit system also accept the contactless card for payment for purchases such as parking, fast food, convenience stores, gas stations and vending machines.
  • Many merchants are installing contactless smart card reader/writers in their stores to provide the ability to accept smart cards as a form of payment.
  • a wireless apparatus such as, for example a mobile phone may contain a NFC module or other type of near field communications module. Furthermore the apparatus may contain a secure element such as a secure smart card. The secure element is used in association with the near field communications module to carry out acts that require trust and confident. Examples of these kinds of acts may be a payment, electronic payment, true identification, credit card, secure transaction, electronic ticket purchasing and validation etc. Another example can be a payment made by a mobile phone.
  • a real authentication is however a problem with transaction related acts when the actual transaction operations are conducted electronically, such as, for example in connection with transaction operations involving the secure smart card.
  • the transaction itself can be carried out quite easily and conveniently by the system nowadays.
  • a known solution is to carry it out by non-electric means. For example by personally demonstrating a personal identification card such as a passport.
  • Another known solution is to make a personal signature by hand.
  • Yet another known solution is to enter a personal identification code matching with the secure element by hand with a keypad.
  • Yet another solution is to conduct the authentication by way of biometric identification of the user.
  • a common problem for these and any similar or equivalent known solutions is that the authentication involving the person carrying the wireless apparatus requires taking an effort by said person.
  • an apparatus comprising: a controller;
  • a near field communications module operatively coupled to the controller
  • a first secure storage location operatively coupled to the controller and configured to store at least partly information for carrying out a transaction operation by way of a transaction communications protocol via the near field communications module;
  • a second secure storage location operatively coupled to the controller and configured to store at least authentication information regarding authentic user of the apparatus
  • controller is configured to switch communications from said transaction communications protocol to another communications protocol in response to detecting that said transaction is substantially carried out and communicate the at least authentication information regarding the authentic user of the apparatus via the another communications protocol.
  • a near field communications module operatively coupled to the controller; a first secure storage location operatively coupled to the controller and configured to store at least partly information for carrying out a transaction operation by way of a transaction communications protocol via the near field communications module;
  • a second secure storage location operatively coupled to the controller and configured to store at least authentication information regarding authentic user of the apparatus; wherein the controller is configured to switch communication from said transaction communications protocol to another communications protocol in response to detecting that said transaction is substantially carried out and communicate the at least authentication information regarding the authentic user of the wireless apparatus via the another communications protocol.
  • Figure 1 depicts a block diagram of an apparatus in which general principles of the various embodiment of the invention can be applied
  • Figure 2 depicts a block diagram of an apparatus having a switch configured to switch the protocol between the secure transaction element and the authentication module of the apparatus according to various further embodiments of the invention
  • Figure 3 depicts a flow chart of the operations of the apparatus according to various further embodiments of the invention
  • Figure 4 depicts schematically a block diagram including functional and structural components of the apparatus according to some further embodiments of the invention. DESCRIPTION OF FURTHER EMBODIMENTS
  • the apparatus 100 comprises a first secure storage location 101 such as a transaction element 101.
  • the transaction element 101 may be, according to at least one embodiment, a secure smart card element configured for transaction operations for example.
  • the secure transaction element 101 is arranged to communicate by a first communications protocol.
  • the apparatus comprises a second secure storage location 102 such as an authentication module 102.
  • the authentication module 102 can be a smart card of the apparatus 100 for authentication.
  • the authentication module 102 is arranged to communicate by a second communications protocol.
  • the apparatus 100 comprises also a near field communications module 103, which can be alternatively referred to as as a short-range communications module.
  • the apparatus comprises also a controller SW1 , which is coupled with the secure transaction element 101.
  • the controller SW 1 is also coupled with the authentication module 102 and with the near field communications module 103.
  • the controller SW1 is configured to switch communications from the first communications protocol to the second communications protocol once it is detected that a transaction operation is substantially carried out so as to provide means to authenticate a user of the apparatus responsible for carrying out the transaction using said another communications protocol.
  • the authentication relating to the transaction is carried out on a basis of the authentication of the user of the apparatus.
  • the apparatus 100 may contain hardware, software and/or middleware for carrying out the operations of various embodiments.
  • the apparatus 100 has computer code and/or the hardware for performing the operations of further embodiments.
  • the apparatus 100 may be a wireless radio frequency apparatus having a near field and/or a short range wireless communication capability.
  • the apparatus 100 can be, according to a further embodiment, a mobile phone containing near field communications capability.
  • Various embodiments of the invention provide blocks or modules for a cashier/ticketing inspector to request authentication information regarding the user of the apparatus 100 by way of switching from the transaction protocol (for example ISO-14443 communication) to peer-to-peer communications (for example NFC-IP) and requesting user authentication information from the apparatus 100.
  • the authentication information may include, according to at least one embodiment, an image of the user or like, but also other kind of information that can be used as a proof of authenticity of the person using the apparatus 100 can be used as well.
  • the authentication information is typically secured and may be, according to at least one embodiment, stored e.g. in the authentication module 102 in a secure memory location, such as, for example within a secure smart card (for example SIM card in case of a mobile phone). It should be also noted that in accordance of at least one further embodiment of the invention, the secure transaction element
  • a secure smart card 102 such as, for example SIM card in a mobile phone apparatus.
  • the authentication information (e.g. the image of the owner of the apparatus or like) can be secured by way of for example signing the authentication information with secure key of some reliable account provider.
  • a credit issuing company such as, for example MasterCard may provide, in addition to actual payment application within the secure smart card element 102, also a secure signing of the authentication information with its secure key so that the authentication information can also be secured to prevent potential misuse.
  • the authentication information is provided to the cashier/ticketing inspector, it is conformed with the public key corresponding to the secure key so that the authentication information cannot be hacked.
  • FIG. 2 depicts a block diagram of an apparatus 100' having a controller SW1' configured to switch the protocol between the secure transaction element 101 ' and the authentication module 102' of the apparatus 100' according to various further embodiments of the invention.
  • the apparatus 100' comprises the secure transaction element 101'.
  • the apparatus 100' comprises near field communications module 103', a CPU, and an authentication module 102', such as, for example the SIM of the apparatus 100'.
  • the secure transaction smart card element/module 101 ' is connected via the controller SWV either to a near field communication NFC 103' interface providing connectivity with external devices by means of using for example RFID or optical connection.
  • the secure transaction smart card element/module 10V is connected via the controller SWV with a terminal CPU for providing control to the secure smart card element 10V.
  • the NFC 103' interface allows both reading and writing operations to be conducted both to and from external tags/devices and also peer-to-peer type communication between two NFC terminals.
  • the secure transaction smart card element 10V is directly linked to the NFC 103' interface by means of the controller SWV, in order to ensure that there will be no unnecessary delays within terminal logic that might hinder/prevent transactions due to the nature of RFID communications, which will typically require fast response times.
  • An RFID transaction for instance, will be typically conducted within, e.g., hundreds of milliseconds.
  • the secure element 10V is thus connected with the controller SWV.
  • the controller SWV is connected with the near field communications module 103'.
  • the CPU is connected to the SW1' and also to the NFC module 103'.
  • the controller SW1' may switch communications to the authentication module 102'.
  • the authentication module 102' applies another communications protocol than the secure element 101 '.
  • the CPU instructs the controller SW1' to switch to another communications protocol and further to the authentication module 102'.
  • Apparatus 100' comprises also a memory which is connected with CPU.
  • the apparatus 100' may comprise a short-range transceiver which is coupled with CPU.
  • Apparatus 100' comprises a network receiver which is couples with CPU.
  • the apparatus 100' comprises application storage which is coupled with a CPU.
  • the application storage may be coupled directly with the secure transaction element 101 '.
  • the apparatus comprises also a display which is coupled with the previous components.
  • the apparatus comprises an antenna which is coupled with the network transceiver and possibly with the short- range transceiver.
  • a transaction is started in the step 200.
  • the transaction is performed with the apparatus 100.
  • the transaction takes place by reading and writing opertations that are concluded by the secure transaction element 101.
  • the secure transaction element 101 may communicate via the near field communications module 103.
  • the secure transaction element 101 may communicate via other communications modules of the apparatus 100, such as, for example, the network transceiver 105 and short range transceiver 104.
  • the transaction takes place by using a communication protocol such as, for example, the ISO-14443 communications protocol.
  • the transaction is completed using the communications protocol in the step 200.
  • a controller SW1 switches communications to another communications protocol such as, for example the ISO-18092, or ISO-21481 , once the transaction is substantially completed and carried out;
  • the controller SW1 may switch communications to ISO-18092, or ISO- 21481 , which are examples of other communications protocols for NFC-IP based peer-to-peer communications.
  • An authentication procedure for the transaction may now start in the step 202.
  • the authentication information may be requested from the apparatus 100.
  • the authentication information is requested from the authentication module 102 of the apparatus 100.
  • the authentication is requested from a smart card 102' of the apparatus 100, such as, for example the SIM card or the like.
  • the requesting party of the transaction is provided with the authentication information in the step 203.
  • the authentication information is advantageously used to complete the transaction.
  • the authentication information may be transferred for example by transmitting image information of the authenticated user of the device that can be presented as a picture of the authenticated user of the apparatus 100. Furthermore by providing the parties with digital signature etc. As said previously there are various examples.
  • the controller SW1 is further configured to detect whether the transaction has substantially been carried out so as to switch to said another communications protocol.
  • the controller SW1 may be further configured to detect specific data of the transaction so as to determine whether the transaction continues or is about to be substantially carried out.
  • the controller SW 1 may further be coupled with a timer (not shown) configured to prompt the controller to check a status of the transaction and/or determine whether messages related to the transaction has been exchanged within a certain predefined time period in yet another further embodiment.
  • the controller SW1 may determine that the transaction is substantially carried out if the controller SW1 detects no transaction related messages have been exchanged within a predefined time period.
  • the near filed communications module 103 may use various near field communications, such as, e.g. the NFC or the like.
  • the near field communications module 103 alternatively referred to as near field communications interface, provides necessary means to communicate with external tags/devices using e.g. RFID technology so that the terminal can conduct RFID-based payment and ticketing transactions, but not limited thereto.
  • the near field communications module allows both reading and writing operations to be conducted both to and from external tags/devices and also peer-to-peer type communication between two terminals.
  • the secure transaction module 101 and the secure authentication module 102 can be directly linked to the near filed communications interface 103, by means of the controller SW1 , in order to ensure that there will be no unnecessary delays within terminal logic that might hinder/prevent transactions due to the nature or RFID communication, which will typically require fast response times.
  • a RFID transaction for instance, will be typically conducted within hundreds of milliseconds.
  • NFC itself is a short-range wireless technology which enables the communication between devices over a short distance. The technology can be used in mobile phones and other RFID based apparatuses.
  • NFC is compatible with the existing contactless infrastructure, for example in use for public transportation and payment. NFC works by magnetic field induction. It can operate within the globally available and unlicensed RF band of 13.56 MHz.
  • Working distance can be 0-20 centimetres, and the speed: 106 Kbit/s, 212 Kbit/s or 424 Kbit/s.
  • Passive Communication Mode The Initiator device provides a carrier field and the target device answers by modulating existing field. In this mode, the Target device may draw its operating power from the Initiator-provided electromagnetic field, thus making the Target device a transponder.
  • Active Communication Mode Both Initiator and Target device communicate by generating their own field. In this mode, both devices typically need to have a power supply.
  • NFC can be used to configure and initiate other wireless network connections such as Bluetooth, Wi-Fi or Ultra-wideband.
  • NFC Non-Fi Protected Access
  • Reader mode the NFC device is active and read a passive RFID tag, for example for interactive advertising.
  • P2P mode two NFC devices are communicating together and exchanging information.
  • Mobile ticketing in public transport an extension of the existing contactless infrastructure.
  • Mobile Payment the mobile phone acts as a debit/ credit payment card.
  • Smart poster the mobile phone is used to read RFID tags on outdoor billboards in order to get info on the move.
  • a further embodiment of the invention takes advantage of smart card such as a subscriber identity module (SIM).
  • SIM card may be an SD card or actually any other auxiliary secure element.
  • SIM card contains the secure transaction element 101 as well.
  • the switch mat switch between these blocks, for example as described in various embodiment of the invention.
  • the user activates elements, and may further select at least one of the transaction/applications to be active at the time.
  • the selection may be based on e.g. default selection, based on user selection or alternatively the terminal 100 may be capable of selecting the suitable application based on the current context/environment of the terminal 100.
  • the selection of the context/environment of the terminal 100 may be performed by the user e.g. by initiating reading a dedicated tag through the NFC module 103', wherein the tag could indicated the presence of certain type of POS terminal (e.g.
  • the user can, for example, simply "touch” (i.e. brings his mobile terminal device in close proximity) the POS terminal NFC interface with the terminal 100, which results the terminals NFC interface 103' to communicate with the POS terminals NFC interface, so that the necessary information for conducting the agreed transaction will be exchanged.
  • the NFC interfaces 103 of the terminal 100 and the POS terminal may include any communication interface suitable for near field communication including RF and optical interfaces two name a couple of non-limiting examples.
  • the necessary information includes at least following communication operations.
  • Fig. 4 illustrates schematically an implementation of an apparatus 100" such as a portable consumer electronic device being equipped with a RFID device according to some further embodiments of the invention.
  • the block diagram of Fig. 4 illustrates a principle structural design of a cellular terminal, which should exemplary represent any kind of portable CE device 100" employable with the present invention. It shall be understood that the present invention is not limited to any specific kind of portable CE device such as that illustrated.
  • the illustrated portable CE device 100 comprises typically a central processing unit (CPU) 410, a data storage 420, an application storage 430, input/output means including audio input/output (I/O) means 450, a keypad with input controller (Ctrl) 460 and a display with display controller (Ctrl) 470.
  • the portable CE device 100" includes a cellular interface (I/F) 480 coupled to a cellular antenna and operable with a corresponding subscriber identification module (SIM) 440.
  • I/F cellular interface
  • SIM subscriber identification module
  • the smartcard module when integrating the smartcard module into the handheld mobile phone, security is improved as in order to use the mobile phone a PIN input is needed enabling GSM SIM in the mobile phone when the mobile phone is switched on.
  • the smartcard module may be integrated in to SIM card of the portable CE device 100" instead of being a separate module.
  • the smartcard module may be integrated into a MMC card or memory stick module in connection with the data storage 420 of the portable CE device.
  • the portable CE device 100" according to a further embodiment of the invention comprises also a local data interface (I/F) 400 and a general data interface (I/F) 490.
  • I/F local data interface
  • I/F general data interface
  • the local data interface (I/F) 400 can be also implemented as an infrared-based interface such as an IrDA (infrared direct access) interface or an interface being based on radio frequency identification (RFID) technology, namely RFID reader, RFID transponder and near field communication (NFC) standard, respectively.
  • IrDA infrared direct access
  • RFID radio frequency identification
  • the cellular interface (I/F) 480 is arranged as a cellular transceiver to receive signals from the cellular antenna, decodes the signals, demodulates them and also reduces them to the base band frequency.
  • the cellular interface 480 provides for an over-the-air interface, which serves in conjunction with the subscriber identification module (SIM) 440 for cellular communications with a corresponding radio access network (RAN) of a public land mobile network (PLMN).
  • SIM subscriber identification module
  • RAN radio access network
  • PLMN public land mobile network
  • the output of the cellular interface (I/F) 480 thus consists of a stream of data that may require further processing by the central processing unit (CPU) 410.
  • the cellular interface (I/F) 480 arranged as a cellular transceiver also receives data from the central processing unit (CPU) 410, which are to be transmitted via the over-the-air interface to the radio access network (RAN). Therefore, the cellular interface (I/F) 480 encodes, modulates and converts the signal to the radio frequency, which is to be used. The cellular antenna then transmits the resulting radio frequency signal to the corresponding radio access network (RAN) of the public land mobile network (PLMN).
  • RAN radio access network
  • the portable CE 100" device may include in certain embodiments of the present invention, a broadcast receiver interface (not shown), which allows the portable CE to access broadcast transmission services that include Digital Video broadcasting (DVB-T, DVB-H), Digital Audio Broadcasting (DAB), Digital Radio Musice (DRM), Integrated Services Digital Broadcasting-Terrestrial (ISDB-T), Advanced Television Systems Committee (ATSC) and Digital Multimedia Broadcasting (DMB-T) techniques to name a few.
  • DVD-T Digital Video Broadcasting
  • DVB-H Digital Audio Broadcasting
  • DRM Digital Radio Mondiale
  • ISDB-T Integrated Services Digital Broadcasting-Terrestrial
  • ATSC Advanced Television Systems Committee
  • DMB-T Digital Multimedia Broadcasting
  • the portable CE device 100" further comprises a protected memory, which is adapted for storing a plurality of data records, for instance within said smartcard module 101 and 103.
  • each data record shall be understood as a digital representation of information relating to for instance digital ticket data and digital payment data according to an embodiment of the present invention.
  • the protected memory is specifically adapted to meet requirements, which have to be considered to ensure security and privacy aspects relevant in view of the sensitive digital information stored therein.
  • the portable CE device 100 may anyone of the example devices comprising illustratively a portable phone, a personal digital assistant, a pocket personal computer, a portable personal computer, a communicator terminal or any other portable consumer electronics (CE) with processing capability and appropriate communication means; i.e. comprising at least a transaction module 101 , an authentication module 102, a and a near field communications module 103.
  • the portable CE device 100" embodies a processor-based device, which allows implementation of the inventive concept.
  • the following embodiment will illustrate enhanced identification device operation, which is for instance implementable in each of the aforementioned consumer electronic (CE) devices.
  • illustration of the identification device will be given with respect to illustrated portable CE device 100", which has attached or has embedded such an identification device. But it shall be noted that the invention is not specifically limited to those identification devices and to portable CE device coupled thereto, respectively, which are herein illustrated merely for the way of illustration on the basis of embodiments according to the present invention.
  • the computer program can be a computer program product.
  • the product is an example of a tangible object.
  • it can be a medium such as a disc, a hard disk, an optical medium, CD-ROM, floppy disk, or the like storage etc.
  • the product may in a form of a signal such as an electromagnetic signal.
  • the signal can be transmitted within the network for example.
  • the product comprises computer program code or code means arranged to perform the operations of various embodiments of the invention.

Abstract

Divers modes de réalisation de l'invention portent sur des blocs ou modules pour une transaction pour demander des informations d'authentification concernant l'utilisateur de l'appareil au moyen d'une commutation du protocole de transaction, par exemple une communication ISO-14443, à un protocole de communication poste à poste, par exemple NFC-IP, et d'une requête d'informations d'authentification d'utilisateur à partir de l'appareil. La transaction peut être authentifiée en conséquence. Les informations d'authentification peuvent comprendre, selon au moins un mode de réalisation, une image de l'utilisateur ou analogues, mais également d'autres types d'informations qui peuvent être utilisés en tant que preuve d'authenticité de la personne à l'aide de l'appareil peuvent être utilisés.
PCT/FI2007/000288 2007-12-07 2007-12-07 Authentification de transaction WO2009071734A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP07858312A EP2218238A1 (fr) 2007-12-07 2007-12-07 Authentification de transaction
PCT/FI2007/000288 WO2009071734A1 (fr) 2007-12-07 2007-12-07 Authentification de transaction
CN200780101647A CN101868953A (zh) 2007-12-07 2007-12-07 事务处理认证

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/FI2007/000288 WO2009071734A1 (fr) 2007-12-07 2007-12-07 Authentification de transaction

Publications (1)

Publication Number Publication Date
WO2009071734A1 true WO2009071734A1 (fr) 2009-06-11

Family

ID=40717341

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2007/000288 WO2009071734A1 (fr) 2007-12-07 2007-12-07 Authentification de transaction

Country Status (3)

Country Link
EP (1) EP2218238A1 (fr)
CN (1) CN101868953A (fr)
WO (1) WO2009071734A1 (fr)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2389023A1 (fr) * 2010-05-17 2011-11-23 Morpho Cards GmbH Carte à puce de télécommunication et dispositif de télécommunication mobile equipé de moyens de communication en champ proche (NFC).
US8068011B1 (en) 2010-08-27 2011-11-29 Q Street, LLC System and method for interactive user-directed interfacing between handheld devices and RFID media
CN102523092A (zh) * 2011-12-05 2012-06-27 上海柯斯软件有限公司 基于音频的非接触ic卡及移动认证数据传输装置
WO2013056783A1 (fr) * 2011-10-20 2013-04-25 Giesecke & Devrient Gmbh Terminal mobile, terminal de transactions et procédé de réalisation d'une transaction à partir d'un terminal de transactions en utilisant un terminal mobile
EP2626823A1 (fr) * 2012-02-10 2013-08-14 Vodafone Holding GmbH Sélection basée sur l'emplacement dans des portefeuilles mobiles
WO2013153437A1 (fr) * 2012-04-13 2013-10-17 Ologn Technologies Ag Appareils, procédés et systèmes pour transactions sécurisées automatisées
EP2672442A1 (fr) * 2012-06-05 2013-12-11 Nxp B.V. Circuit de communication multiprotocoles
EP2685411A4 (fr) * 2011-11-14 2015-05-27 Ntt Docomo Inc Terminal mobile, système de restriction de l'utilisation d'argent électronique et support d'enregistrement
EP2939493A4 (fr) * 2012-12-11 2016-07-20 Intel Corp Découverte de dispositif à dispositif (d2d) sans authentification par le biais de nuage
US9432348B2 (en) 2012-04-20 2016-08-30 Ologn Technologies Ag Secure zone for secure purchases
US9489505B2 (en) 2011-04-21 2016-11-08 Trustonic Limited Method for displaying information on a display device of a terminal
US9572029B2 (en) 2012-04-10 2017-02-14 Imprivata, Inc. Quorum-based secure authentication
US9742735B2 (en) 2012-04-13 2017-08-22 Ologn Technologies Ag Secure zone for digital communications
US9875366B2 (en) 2011-10-07 2018-01-23 Trustonic Limited Microprocessor system with secured runtime environment
US9948640B2 (en) 2013-08-02 2018-04-17 Ologn Technologies Ag Secure server on a system with virtual machines
US11176546B2 (en) 2013-03-15 2021-11-16 Ologn Technologies Ag Systems, methods and apparatuses for securely storing and providing payment information

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102156897B (zh) * 2011-03-30 2014-04-02 惠州Tcl移动通信有限公司 安全数码卡及在安全数码卡上实现近场通讯功能的方法
CN104680108B (zh) * 2015-03-31 2018-03-13 上海飞聚微电子有限公司 一种利用rfid芯片支持双协议的实现方法

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999035620A1 (fr) * 1998-01-07 1999-07-15 Sun Microsystems, Inc. Procedes et appareil de traitement de transactions par cartes a puce
US20020174068A1 (en) * 2001-05-07 2002-11-21 Rodolphe Marsot Method for increasing the security of payment of tradesman by a client, corresponding localization center and system
GB2424801A (en) * 2005-03-31 2006-10-04 Uniwill Comp Corp Portable apparatus communicates with a server using a first and second protocol
WO2007044882A2 (fr) * 2005-10-11 2007-04-19 Philip Yuen Systeme et procede d'autorisation de transactions
US20070156436A1 (en) * 2005-12-31 2007-07-05 Michelle Fisher Method And Apparatus For Completing A Transaction Using A Wireless Mobile Communication Channel And Another Communication Channel
US20070278290A1 (en) * 2006-06-06 2007-12-06 Messerges Thomas S User-configurable priority list for mobile device electronic payment applications

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005045557A (ja) * 2003-07-22 2005-02-17 Sony Corp 通信装置

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999035620A1 (fr) * 1998-01-07 1999-07-15 Sun Microsystems, Inc. Procedes et appareil de traitement de transactions par cartes a puce
US20020174068A1 (en) * 2001-05-07 2002-11-21 Rodolphe Marsot Method for increasing the security of payment of tradesman by a client, corresponding localization center and system
GB2424801A (en) * 2005-03-31 2006-10-04 Uniwill Comp Corp Portable apparatus communicates with a server using a first and second protocol
WO2007044882A2 (fr) * 2005-10-11 2007-04-19 Philip Yuen Systeme et procede d'autorisation de transactions
US20070156436A1 (en) * 2005-12-31 2007-07-05 Michelle Fisher Method And Apparatus For Completing A Transaction Using A Wireless Mobile Communication Channel And Another Communication Channel
US20070278290A1 (en) * 2006-06-06 2007-12-06 Messerges Thomas S User-configurable priority list for mobile device electronic payment applications

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ECMA INTERNATIONAL: ECMA 352 STANDARD., December 2003 (2003-12-01), XP008131162, Retrieved from the Internet <URL:http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-352.pdf> [retrieved on 20080814] *

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8768303B2 (en) 2010-05-17 2014-07-01 Morpho Cards Gmbh Telecommunications chip card and mobile telephone device
EP2389023A1 (fr) * 2010-05-17 2011-11-23 Morpho Cards GmbH Carte à puce de télécommunication et dispositif de télécommunication mobile equipé de moyens de communication en champ proche (NFC).
US8068011B1 (en) 2010-08-27 2011-11-29 Q Street, LLC System and method for interactive user-directed interfacing between handheld devices and RFID media
US8395486B2 (en) 2010-08-27 2013-03-12 Q Street, LLC System and method for interactive user-directed interfacing between handheld devices and RFID media
US9858455B2 (en) 2010-08-27 2018-01-02 Q Street, LLC System and method for interactive user-directed interfacing between handheld devices and RFID media
US9489505B2 (en) 2011-04-21 2016-11-08 Trustonic Limited Method for displaying information on a display device of a terminal
US9875366B2 (en) 2011-10-07 2018-01-23 Trustonic Limited Microprocessor system with secured runtime environment
WO2013056783A1 (fr) * 2011-10-20 2013-04-25 Giesecke & Devrient Gmbh Terminal mobile, terminal de transactions et procédé de réalisation d'une transaction à partir d'un terminal de transactions en utilisant un terminal mobile
EP2685411A4 (fr) * 2011-11-14 2015-05-27 Ntt Docomo Inc Terminal mobile, système de restriction de l'utilisation d'argent électronique et support d'enregistrement
CN102523092A (zh) * 2011-12-05 2012-06-27 上海柯斯软件有限公司 基于音频的非接触ic卡及移动认证数据传输装置
EP2626823A1 (fr) * 2012-02-10 2013-08-14 Vodafone Holding GmbH Sélection basée sur l'emplacement dans des portefeuilles mobiles
US11096052B2 (en) 2012-04-10 2021-08-17 Imprivata, Inc Quorum-based secure authentication
US10542430B2 (en) 2012-04-10 2020-01-21 Imprivata, Inc. Quorum-based secure authentication
US11937081B2 (en) 2012-04-10 2024-03-19 Imprivata, Inc. Quorum-based secure authentication
US9572029B2 (en) 2012-04-10 2017-02-14 Imprivata, Inc. Quorum-based secure authentication
US10484338B2 (en) 2012-04-13 2019-11-19 Ologn Technologies Ag Secure zone for digital communications
US10904222B2 (en) 2012-04-13 2021-01-26 Ologn Technologies Ag Secure zone for digital communications
WO2013153437A1 (fr) * 2012-04-13 2013-10-17 Ologn Technologies Ag Appareils, procédés et systèmes pour transactions sécurisées automatisées
US10027630B2 (en) 2012-04-13 2018-07-17 Ologn Technologies Ag Secure zone for digital communications
US10108953B2 (en) 2012-04-13 2018-10-23 Ologn Technologies Ag Apparatuses, methods and systems for computer-based secure transactions
US9742735B2 (en) 2012-04-13 2017-08-22 Ologn Technologies Ag Secure zone for digital communications
US10270776B2 (en) 2012-04-20 2019-04-23 Ologn Technologies Ag Secure zone for secure transactions
US9432348B2 (en) 2012-04-20 2016-08-30 Ologn Technologies Ag Secure zone for secure purchases
US11201869B2 (en) 2012-04-20 2021-12-14 Ologn Technologies Ag Secure zone for secure purchases
US10496981B2 (en) 2012-06-05 2019-12-03 Nxp B.V. Multi-protocol communication circuit
EP2672442A1 (fr) * 2012-06-05 2013-12-11 Nxp B.V. Circuit de communication multiprotocoles
EP2939493A4 (fr) * 2012-12-11 2016-07-20 Intel Corp Découverte de dispositif à dispositif (d2d) sans authentification par le biais de nuage
US11176546B2 (en) 2013-03-15 2021-11-16 Ologn Technologies Ag Systems, methods and apparatuses for securely storing and providing payment information
US11763301B2 (en) 2013-03-15 2023-09-19 Ologn Technologies Ag Systems, methods and apparatuses for securely storing and providing payment information
US9948640B2 (en) 2013-08-02 2018-04-17 Ologn Technologies Ag Secure server on a system with virtual machines

Also Published As

Publication number Publication date
EP2218238A1 (fr) 2010-08-18
CN101868953A (zh) 2010-10-20

Similar Documents

Publication Publication Date Title
US8005426B2 (en) Method and mobile terminal device including smartcard module and near field communications means
WO2009071734A1 (fr) Authentification de transaction
Curran et al. Near field communication
US9224140B2 (en) Near field communication activation and authorization
US8532572B2 (en) Mobile integrated distribution and transaction system and method for NFC services, and a mobile electronic device thereof
KR101554604B1 (ko) 금융 거래 시스템 및 방법
US20130092741A1 (en) Wireless smart card and integrated personal area network, near field communication and contactless payment system
US20160292667A9 (en) Nfc transaction processing systems and methods
US20120089507A1 (en) Device, system and transaction method for integrating payment function and receipt function
Hendry Near Field Communications Technology and Applications
EP2582062A1 (fr) Système, procédé et supports lisibles pour une distribution et une transaction mobiles appliquées dans un service de communication en champ proche (nfc)
EP2889823A1 (fr) Procédé de sécurisation d&#39;une étape de validation d&#39;une transaction en ligne
CN111222864A (zh) 车联网安全支付方法、系统、存储介质及车机
KR20140118251A (ko) 카드 결제 시스템 및 방법
KR20120057322A (ko) 엔에프시 모드 자동 전환 이동단말
Imhontu et al. A survey on near field communication in mobile phones & PDAs
Iglesias et al. NFC applications with an all-in-one device
CN111225357A (zh) 车联网一卡多号实现方法、系统、存储介质及车机
Karnouskos NFC-capable mobile devices for mobile payment services
Paitoonrajipipit Intelligent mobile payment (IMP) system

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200780101647.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07858312

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2007858312

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE