WO2011089423A2 - Appareil et procédé d'authentification sécurisée - Google Patents

Appareil et procédé d'authentification sécurisée Download PDF

Info

Publication number
WO2011089423A2
WO2011089423A2 PCT/GB2011/050082 GB2011050082W WO2011089423A2 WO 2011089423 A2 WO2011089423 A2 WO 2011089423A2 GB 2011050082 W GB2011050082 W GB 2011050082W WO 2011089423 A2 WO2011089423 A2 WO 2011089423A2
Authority
WO
WIPO (PCT)
Prior art keywords
tag
authentication
application
card
computing device
Prior art date
Application number
PCT/GB2011/050082
Other languages
English (en)
Other versions
WO2011089423A3 (fr
Inventor
Neil Garner
Original Assignee
Proxama Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Proxama Limited filed Critical Proxama Limited
Publication of WO2011089423A2 publication Critical patent/WO2011089423A2/fr
Publication of WO2011089423A3 publication Critical patent/WO2011089423A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • G06Q20/3263Payment applications installed on the mobile devices characterised by activation or deactivation of payment capabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/227Payment schemes or models characterised in that multiple accounts are available, e.g. to the payer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/353Payments by cards read by M-devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities

Definitions

  • This invention relates to an apparatus for secure authentication.
  • the present invention relates to a mobile telephone having a function which is activated using near field communication.
  • a mobile telephone may include contactless technology, such as a near-field communications (NFC) transceiver, which enables the telephone to act as contactless payment card, such as a bank card or credit card.
  • NFC near-field communications
  • the payment card is a virtual card stored on the mobile telephone.
  • the mobile telephone may therefore have several payment cards stored on it, for use with different services.
  • the mobile telephone includes a mobile wallet application in which the virtual cards are accessed.
  • the user may log into the application using a secure passcode.
  • the mobile wallet is therefore protected against fraudulent use. If someone steals the mobile telephone, they are unable to use any virtual payment cards as the thief will not typically have the passcode.
  • the device may include no passcode, in which case the virtual money is not protected against fraudulent use.
  • An example of the invention provides a mobile computing device comprising a communication module for communicating with an authentication tag, in which the authentication tag is for enabling a secure function; wherein the communication module is arranged to cause the authentication tag to transmit first authentication data which may be received by the communication module; and wherein the device determines if the first authentication data is valid, when it is received by the communication module, and if the first authentication data is valid, the device executes the secure function.
  • Examples of the invention provide a device which is easy to use, and allows a user a initiate a secure function without having to use the user interface of the phone.
  • the user does not have remember a password/passcode.
  • the device makes it more difficult for a phone to be used by an unauthorised person. If the device is stolen, the secure function can't be initiated without the authentication tag.
  • the first authentication data is a tag ID and the mobile device executes the secure function if the tag ID is stored on the device. This means different tags with different IDs can be used for different secure functions. Alternatively, one tag could be used for several secure functions.
  • the device further comprises a tag ID record in which tag IDs are stored, wherein the device determines if a tag ID is valid by checking the tag ID store.
  • the device further comprises a secure application, and wherein the secure function is launching of the secure application.
  • the secure application has an associated application ID
  • the authentication tag has second authentication data which is the application ID.
  • the secure application is launched if the second authentication data matches the application ID of the secure application. This enables the device to work out which secure application the tag is for use with.
  • the secure application includes a plurality of options, and the authentication tag may be used to cycle through said options. Therefore, in addition to opening an application, the tag can be used to initiate other functions.
  • said secure application is an account access application which includes an account record store, arranged to store user account details, and wherein said secure function is activating a user account.
  • said secure application is arranged to communicate with a remote server.
  • said user account details may be updated by communication with said remote server.
  • said authentication tag is used activate the secure application to update said user account details.
  • the account access application is a mobile wallet and said user account details are virtual bank cards.
  • the authentication tag is for activating a virtual bank card for payment.
  • the mobile wallet includes a plurality of bank cards, and the authentication tag is for cycling through the cards.
  • the communications module is further arranged to communicate with a contactless payment point using said virtual bank card.
  • the device further comprises a public key, wherein authentication data stored on the authentication tag is encrypted with a private key, and, in order to read the authentication data, the mobile device uses the public key to decrypt the data.
  • said tag ID is generated using one-time passcode creation when the communications module communicates with the authentication tag.
  • said tag ID is generated using challenge-response when the communication module communicates with the authentication tag.
  • the secure function may be initiation of a telephone call.
  • the device may be used for various secure functions, apart from a mobile wallet. For example, imitating an emergency call.
  • said communications module is a near-field communications module
  • said authentication tag is an RFID tag and said data is stored as an NDEF record.
  • said secure function is initiated by bringing the mobile device into close proximity with the authentication tag.
  • said authentication tag is located in an authentication card which has the dimensions of a credit card.
  • the authentication card is arranged to be attached to an item of clothing, and the secure function is initiated by moving the phone to the card.
  • the device is a mobile telephone.
  • the present invention provides a cellular telephone for communicating with a cellular telephone network, comprising a near-field communication module for communicating with RFID tags, wherein the near-filed communication module is arranged to cause any RFID tags brought into proximity with the telephone to transmit a tag ID and an application ID stored on the tags, and wherein the telephone includes a mobile wallet application, having an application ID, the mobile wallet application including at least one virtual bank card, and wherein the telephone further includes a tag ID record, and when the communication module receives the tag ID and application ID, it validates the tag by checking the tag ID is stored in the tag ID record, and if valid, the telephone opens the mobile wallet application and activates at least one virtual bank card.
  • the present invention provides a method of operating the device described above.
  • the present invention provides a method comprising: bringing an authentication tag and a mobile computing device into proximity with each other; receiving, at a communication module of the device, first authentication data, transmitted from the authentication tag; determining, on the mobile device, if the first authentication data is valid; and executing a secure function if the first authentication data is valid.
  • the present invention provides a system comprising: the mobile computing device described above; and an authentication tag; wherein the authentication tag has first authentication data stored thereon.
  • the present invention provides a computer program to be run by a processor on a mobile computing device, to: determine if first authentication data, received from an authentication tag, is valid; and execute a secure function on the mobile device, if the first authentication data is valid.
  • the present invention provides a computer- readable medium comprising instructions, which when executed by a mobile computing device causes the device to: determining if first authentication data, received from an authentication tag, is valid; execute a secure function, if the first authentication data is valid.
  • Figure 1 shows a mobile telephone and an authentication card in an example of the invention
  • Figure 2 is a schematic diagram showing some components of the mobile telephone shown in Figure 1 ;
  • Figure 3 shows some details of the authentication card of Figure 1 ;
  • Figure 4 shows some of the applications and data stored in the memory of the mobile telephone shown in Figure 1 ;
  • Figure 5 is a flow chart showing a method of operation of the mobile telephone shown in Figure 1 ;
  • Figure 6 shows the mobile telephone of Figure 1 during use;
  • Figure 7 shows a system which includes the mobile telephone of Figure 1 .
  • Figure 8 is a flow chart showing a further method of operation of the mobile telephone shown in Figure 1 ;
  • Figure 9 is a flow chart showing a further method of operation of the mobile telephone shown in Figure 1 .
  • the present invention provides a system for secure payment.
  • the system includes a mobile telephone 100 which includes a NFC module, which may use RFID technology, for example.
  • the NFC module enables the mobile telephone to communicate with contactless payment points.
  • a mobile wallet is stored on the mobile telephone and includes one or more virtual bank cards.
  • a user is able to pay for goods or services using the virtual cards.
  • the user selects the card they wish to use and waves the mobile telephone in front of the contactless payment point. Money is then deducted from the virtual card.
  • the user has one or more authentication cards, such as authentication card 101 , as shown in Figure 1 .
  • the authentication card 101 is used to unlock the mobile wallet to enable a user to make a payment.
  • the authentication card 101 is a plastic, credit card sized card which has an RFID tag embedded therein.
  • the user waves the mobile telephone 100 in front of the authentication card 101 .
  • the NFC module interrogates the RFID tag, which transmits a unique code back to the mobile telephone 100. This unique code is used to open the mobile wallet and activate a virtual card for payment. If the user loses their mobile phone, no payments can be made. In order to make payments, anyone who obtains the telephone must also have the authentication card.
  • the present invention is not limited to for use with a mobile wallet.
  • the system may be used to launch secure applications, authorise top- up of a mobile phone account, lock/unlock the mobile telephone 100, prove identification and make emergency calls. Other functions are possible with the scope of the present invention.
  • the present invention is not limited to the features an combinations described in the detailed description. Different features and combinations of features may be possible.
  • the mobile telephone may be replaced by other computing devices, including PDAa, handheld computers, games consoles, laptops, etc.
  • PDAa personal digital assistant
  • handheld computers handheld computers
  • games consoles laptops, etc.
  • the following detailed description provides examples of some ways of carrying out the present invention.
  • the mobile telephone 100 is enabled for NFCs using, for example, RFID technology.
  • the authentication card 101 is, for example, a plastic, credit card sized card, containing an RFID tag.
  • the mobile telephone 100 is arranged to interrogate the authentication card 101 , and the authentication card is arranged to transmit data, stored on the card, to the mobile telephone.
  • the data sent by the authentication card 101 is used by the mobile telephone 100 to authenticate a user to open a secure application, or to authenticate a user access certain functions associated with a secure application.
  • this application may be a mobile wallet, amongst other possibilities.
  • the user In order to open a secure application, or in order for a function associated with a secure application to be executed, the user must bring an authentication card, such as card 101 , into proximity with the mobile telephone 100.
  • the authentication card 101 has data stored on it which identifies secure application with which it is associated, and a unique code which identifies the card itself.
  • the telephone interrogates the card 101 , and the card transmits the data stored on it to the mobile telephone 100.
  • the mobile telephone 100 validates the data received from the card 101 , and causes the relevant secure application to open or to execute the relevant function. Further details of the mobile telephone 101 , authentication card 101 and the method of operation will be described below.
  • the mobile telephone 100 will now be described in more detail with reference to Figure 2.
  • the mobile telephone includes a processor 102, memory 103, an input device 104, a display 105, and an NFC module 106.
  • the processor 102 controls the operation of the mobile telephone 100 by executing computer code stored in memory 103.
  • a user can control the mobile telephone 100 using the input device 104 which may be a keypad.
  • the mobile telephone 100 provides feedback to the user via display 105.
  • the NFC module 106 enables the mobile telephone 100 to interact with other NFC devices, such as the authentication cards described above, as well as with NFC payment points.
  • the memory 103 is used to store secure applications for use with authentication cards, such as card 101 , amongst various other software elements.
  • the mobile telephone 100 may include additional components as is known in the art.
  • the mobile phone 100 may include various buses to connect the various components, various types of memory, multiple processors for different functions, and a mobile radio for communication with a mobile phone network.
  • the skilled person will understand the components necessary for the mobile phone 100 to function. Only those components which relate to the present invention are described in detail here.
  • the authentication card 101 will now be described in more detail in connection with Figure 3.
  • the card 101 is a credit card shaped card which includes a passive RFID tag 107.
  • the tag 107 includes an NFC Data Exchange Format (NDEF) record 108.
  • NDEF NFC Data Exchange Format
  • the record 108 includes data 109 which may be sent to a mobile telephone, such as telephone 100, when the tag 107 is interrogated by such a telephone.
  • the data stored on the tag 107 will be described in more detail below.
  • the secure applications and the authentication data stored in the mobile phone 100 and the authentication card 101 will now be described in more detail with reference to Figure 4.
  • several secure applications 200a, 200b and 200c are stored in memory 103.
  • the memory 103 is arranged to store one or more secure applications.
  • Each of the secure applications 200a, 200b, 200c has at least one unique mobile application identifier (MAI) associated with it.
  • MAI unique mobile application identifier
  • each secure application has a single MAI.
  • MAIs 201 a, 201 b, and 201 c are shown in Figure 4 as MAIs 201 a, 201 b, and 201 c.
  • Memory 103 also includes a MAI record 202 which is used to store the MAIs of all secure applications stored in memory.
  • the MAI record 202 includes MAIs 201 a, 201 b and 201 c.
  • Each authentication card has a unique card ID.
  • the card ID is stored in the mobile telephone.
  • the card ID is used as a passcode to open certain secure applications and to unlock certain secure functions. This process will be described in more detail below.
  • the memory 103 also includes a card ID record 203.
  • the card ID record 203 includes three card IDs; card ID 204a, 204b and 204c. This is shown in Figure 4.
  • Each authentication card has data 109 stored on it, as noted above.
  • the data includes the MAI for the secure application or function which the authentication card is for use with.
  • the data 109 also includes the card ID for that authentication card.
  • the memory 103 also includes a virtual card store 205 which has virtual cards 206a, 206b, 206c stored therein.
  • the authentication card 101 corresponds to virtual card 206a.
  • Virtual card 206a is a primary bank card of the user.
  • the primary bank card 206a has a cash balance.
  • the cash balance is stored in memory 103 with the virtual card 206a.
  • the memory 103 also includes a NFC module controller 207 which is for controlling the operation of the NFC module 106.
  • the NFC module controller 207 is responsible for handling the data. The operation of the NFC module controller will be described in more detail below.
  • the mobile phone includes a record of MAIs and a record of card IDs.
  • the user is in possession of various authentication cards, each of which is designed for a different purpose.
  • Each card also has a MAI and a card ID.
  • the MAI is used to identify the application or function which the card is designed to unlock, and the card ID is used to authenticate the card.
  • secure application 200a is mobile wallet application.
  • a mobile wallet is a virtual wallet which stores virtual bank cards, as will be described in more detail below.
  • authentication card 101 is for authorising a payment to be made by such a virtual bank card.
  • the mobile wallet 200a has MAI 201 a.
  • Authentication card 101 has MAI 201 a and card ID 204a stored in the NDEF record 108.
  • the authentication card 101 has already been registered with the mobile telephone 100.
  • the card ID 204a is stored in card ID record 203. The process for registration will be described in more detail below.
  • the mobile telephone 100 is set up so that the NFC module 106 is in an interrogation mode.
  • the NFC module 106 is transmitting an interrogation signal in order to discover RFID tags.
  • the tag receives the interrogation signal and transmits a response to the NFC module 106.
  • the user wants to make a payment with the primary bank card, they bring the authentication card 101 into proximity of the mobile telephone 100 (block 301 ).
  • the authentication card 101 transmits a response to the interrogation signal (block 302).
  • the response includes the card ID 204a and the MAI 201 a for the mobile wallet 200a.
  • the NFC module controller 207 cross references the MAI 201 a with the MAI record 202 (block 303). As the MAI 201 a is in the record 202, the NFC module controller 207 passes the data received from the tag 107 to the mobile wallet application 200a (block 304). The mobile wallet application 200a then validates the data received from the authentication card 101 (block 305). In this case, the mobile wallet application 200a checks the card ID with the card ID record 203 (block 306). In this case, the card ID 204a matches the entry in the card ID record 203. The mobile wallet application 200a then opens and displays the virtual card 206a on the mobile telephone display 105. This is shown in Figure 6. The mobile wallet application 200a indicates to the user the card balance and the fact that the card is active.
  • the mobile wallet application 205 displays an error message (block 307).
  • the authentication card 1 01 is for making an emergency call .
  • the mobile telephone 100 includes a secure application which is for initiating an emergency call.
  • the memory 103 includes the MAI of the emergency application, and the card ID of the authentication card. In order to make an emergency call, the user holds the card against the mobile telephone 100.
  • the user must hold the card against the phone for a minimum time-period; for example five seconds. After five seconds the application launches, the phone vibrates to alert the user, and displays the message, "Request Emergency Assistance: Yes/Cancel?". In order to message the emergency services, the user can press "yes". Alternatively, if they are not in a position to do this, the user can remove the card from the phone, and place it against it again, and the phone will send a message. The message will include the user ID and details of their location . Such a system could be invaluable to those who find themselves in a vulnerable situation, and do not wish to alert anyone to the fact that they are calling the emergency services.
  • the mobile wallet stored in memory 103 may includes several virtual cards. Tapping the authentication card against the mobile phone 100 causes the phone to cycle through the cards.
  • the authentication card 101 is not specific to any one card. Instead it is just specific to the mobile wallet. Once the wallet has authenticated the card, it opens. Tapping the card against the phone cycles through the various cards.
  • the authentication card can be used to open other secure application on the mobile device. Any application which requires the use of a passcode in order to access it may use this system. For example, social networking applications which require a passcode to access could have an authentication card instead. A single card could enable access to several applications, or different cards could be issued for different applications.
  • the authentication card could be used to lock or unlock the phone.
  • the authentication card could be sued to retrieve a PIN.
  • the authentication card could be used as part of an authentication process.
  • the application provider or network operator could require use of an authentication card in order to retrieve the PIN or unlock it.
  • the authentication card could be used as mobile phone insurance or a warranty identifier.
  • the authentication card could include an account reference, stored as data, and printed on the card. If the phone is lost, stolen or broken, the card could be used as evidence of ownership. The details could also be used to repatriate the card if lost.
  • the authentication card could include an application for checking ID.
  • the phone could have the ID record of the owner stored in memory.
  • the system could be used in such a way that the ID is displayed on the phone when an ID authentication card is held next to the phone. This could be used by retailers to check the age of customers. It could also be used by health workers to find details about a patient.
  • Some of the embodiments mentioned above require the authentication card to be registered.
  • the card must be issued to the user in a secure manner. There are also circumstances when the user needs to contact service in order to, for example, top-up an account on the mobile phone.
  • the present invention provides a system as shown in Figure 7.
  • the system includes the mobile telephone 100 and the authentication card 101 .
  • the system also includes an administration server 401 , a tag issuer 402 and third party services 403.
  • the administration server 401 has several purposes, including registration of secure applications, topping-up of mobile phone credit etc.
  • the mobile telephone 101 communicates with the administration server, as required, using conventional communication techniques.
  • the tag issuer 402 is a third party that provides a particular service. For example, the tag issuer
  • the tag issuer 402 communicates with the administration server 401 in order to register any tags which are issued to users.
  • the administration server 401 therefore has a record of all authentication cards 101 .
  • Third party services 403 may include a service to top-up an account of the mobile telephone 101 .
  • the mobile telephone 101 communicates via the administration server 402 in order to top-up the account.
  • the bank creates an account for the user and sends an authentication card 101 to the user using the tag issuer 402 (block 501 ).
  • the bank registers these details with the administration server 402.
  • the user registers the card with the mobile wallet application 200a on the mobile telephone 100 (block 502).
  • the user does this by entering the card ID 204a of the authentication card and the account number of the bank account.
  • the mobile wallet application 200a then contacts the administration server 402 to verify the details (block 503). If the details are correct, the administration server 402 confirms this to the mobile wallet application 200a (block 504).
  • the authentication card 101 and associated bank card are then ready for use.
  • the bank card is cash card.
  • virtual money is stored in the mobile wallet. When this money runs out, the virtual bank card must be topped up.
  • the present invention provides a mechanism for topping-up a bank card. This will be described in connection with Figure 9.
  • the mobile wallet 200a includes a 'top-up now' option, which the user can select in order to top-up the cash on the virtual card.
  • the user selects the 'top-up now' option (block 601 ).
  • the user can the select to top-up by a set amount (for example, £5, Mega or £20), or they can enter specific amount (block 602).
  • the application then prompts the user to tap their authentication card 101 , against the phone 100 to confirm the transaction (block 603).
  • the phone then contacts the bank via the administration server 402 to process the top-up request (block 604).
  • the bank checks that the details (card ID etc) are correct and updates the virtual card with the new balance (block 605). If the details are incorrect, and error message is returned (block 606).
  • the bank updates the user's online bank account to reflect the transfer of funds to the virtual card (block 607).
  • the bank may require the user to enter an additional passcode, when topping-up an account, to act as an extra layer of security.
  • data stored on the authentication card may be have a digital signature applied to it.
  • the signature can be made using a private asymmetric key of the trusted third party service. This may be the key of the bank issuing the authentication card.
  • the mobile wallet may include the public key of the bank, which is used to validate the card data.
  • the card ID mentioned above may be replaced by one-time passcode creation.
  • a new passcode is created using a cryptographic key.
  • This passocde acts as the new card ID.
  • This mechanism is transparent to the user and provides greater security than the use of a static card ID.
  • the system may use a challenge-response technique to further improve security.
  • the phone sends a challenge signal to the authentication card.
  • the RFID tag calculates a response using a cryptographic key, based on the challenge signal, and sends this back to the phone. The phone only allows the user to continue if the response is correct.
  • the authentication card may come in various form factors.
  • the card may be a credit card shaped plastic card. This enables the card to be placed in a users wallet.
  • the card may take other shapes that can easily be attached to the users body.
  • the card may be incorporated into a belt. In this manner, when a user wishes to make a payment, they can simply wave the mobile telephone phone over the correct portion of the belt. This has particular advantages because the user does not have to locate a card in their wallet to make a payment. Instead, the user intuitively moves their phone to a position on their belt.
  • An authentication tag may be any suitable sized tag which may store and transmit data to a mobile device. There are no particular limitations on the size, shape or technology used by the tag.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un dispositif informatique mobile comportant un module de communication destiné à communiquer avec une étiquette d'authentification, caractérisé en ce que ladite étiquette d'authentification sert à activer une fonction de sécurité ; en ce que le module de communication fait émettre par l'étiquette d'authentification des premières données d'authentification susceptibles d'être reçues par le module de communication ; en ce que le dispositif détermine si les premières données d'authentification sont valides lorsqu'elles sont reçues par le module de communication et en ce que, si les premières données d'authentification sont valides, le dispositif exécute la fonction de sécurité.
PCT/GB2011/050082 2010-01-19 2011-01-19 Appareil et procédé d'authentification sécurisée WO2011089423A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1000837A GB2476989A (en) 2010-01-19 2010-01-19 Activation of secure function in mobile computing device using authentication tag
GB1000837.3 2010-01-19

Publications (2)

Publication Number Publication Date
WO2011089423A2 true WO2011089423A2 (fr) 2011-07-28
WO2011089423A3 WO2011089423A3 (fr) 2011-10-06

Family

ID=42028550

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2011/050082 WO2011089423A2 (fr) 2010-01-19 2011-01-19 Appareil et procédé d'authentification sécurisée

Country Status (2)

Country Link
GB (1) GB2476989A (fr)
WO (1) WO2011089423A2 (fr)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012150585A2 (fr) 2011-05-03 2012-11-08 Verifone, Inc. Système de commerce mobile
CN103034823A (zh) * 2011-09-29 2013-04-10 美国博通公司 支持多重身份的装置上的单个 nfc 装置身份选择
WO2014011144A1 (fr) * 2012-07-09 2014-01-16 Intel Corporation Systèmes et procédés permettant de sécuriser des transactions avec des dispositifs mobiles
WO2014140818A3 (fr) * 2013-03-15 2014-12-04 Assa Abloy Ab Procédé, système et dispositif de génération, de stockage, d'utilisation et de validation d'étiquettes et de données
WO2015163771A1 (fr) * 2014-04-23 2015-10-29 Julien Truesdale Systèmes de paiement
US9681302B2 (en) 2012-09-10 2017-06-13 Assa Abloy Ab Method, apparatus, and system for providing and using a trusted tag
US9685057B2 (en) 2013-03-15 2017-06-20 Assa Abloy Ab Chain of custody with release process
US9703968B2 (en) 2014-06-16 2017-07-11 Assa Abloy Ab Mechanisms for controlling tag personalization
US20180124856A1 (en) * 2015-07-14 2018-05-03 Nec Platforms, Ltd. Mobile router, mobile network system, electronic money transaction method and electronic money transaction program
US10237072B2 (en) 2013-07-01 2019-03-19 Assa Abloy Ab Signatures for near field communications
US10440012B2 (en) 2014-07-15 2019-10-08 Assa Abloy Ab Cloud card application platform
EP3627424A3 (fr) * 2018-09-19 2020-04-08 Capital One Services, LLC Systèmes et procédés pour fournir des interactions de cartes
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2495704B (en) * 2011-10-12 2014-03-26 Technology Business Man Ltd ID Authentication
GB2500560A (en) * 2011-11-03 2013-10-02 Proxama Ltd Authorising transactions in a mobile device
CH705774B1 (de) 2011-11-16 2016-12-15 Swisscom Ag Verfahren, System und Karte zur Authentifizierung eines Benutzers durch eine Anwendung.
WO2013089568A1 (fr) 2011-12-12 2013-06-20 Iif Spółka Akcyjna Procédé de réalisation d'une opération de paiement par le biais d'un système de téléphonie cellulaire et système de télécommunication destiné à mener à bien des opérations de paiement
EP2820600A1 (fr) * 2012-02-28 2015-01-07 Giesecke & Devrient GmbH Libération de transaction authentifiée
CN104603809B (zh) * 2012-04-16 2019-07-05 盐技术股份有限公司 在移动设备上使用虚拟卡促进交易的系统和方法
ITMI20120988A1 (it) * 2012-06-07 2013-12-08 Ekboo Ltd Sistema e metodo per l'autenticazione automatica in un dispositivo mobile.
CN102737308B (zh) * 2012-06-08 2015-08-12 中兴通讯股份有限公司 一种移动终端及其查询智能卡信息的方法和系统
US20140149742A1 (en) 2012-11-28 2014-05-29 Arnold Yau Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
KR101460179B1 (ko) * 2012-11-28 2014-11-10 에스케이씨앤씨 주식회사 임시 결제카드 설정 방법 및 이를 적용한 모바일 기기
US10102510B2 (en) 2012-11-28 2018-10-16 Hoverkey Ltd. Method and system of conducting a cryptocurrency payment via a mobile device using a contactless token to store and protect a user's secret key
GB201221433D0 (en) * 2012-11-28 2013-01-09 Hoverkey Ltd A method and system of providing authentication of user access to a computer resource on a mobile device
WO2014116191A1 (fr) * 2013-01-24 2014-07-31 Ekmekçi̇ İsmail Portefeuille virtuel
EP2763370B1 (fr) 2013-01-31 2016-12-21 Nxp B.V. Jeton de sécurité et système d'accès de service
US9721082B2 (en) * 2013-06-04 2017-08-01 Mattel, Inc. Computing devices having access control
EP2811724B1 (fr) * 2013-06-07 2019-01-02 BlackBerry Limited Dispositif de communications sans fil mobile fournissant un déverrouillage de communication en champ proche (nfc), caractéristiques de changement de données d'étiquette et procédés associés
US9276643B2 (en) 2013-06-07 2016-03-01 Blackberry Limited Mobile wireless communications device providing near field communication (NFC) unlock and tag data change features and related methods
WO2014210563A1 (fr) * 2013-06-28 2014-12-31 Nexkey, Inc. Prise d'empreinte d'un dispositif mobile par l'intermédiaire d'une communication en champ proche
CZ306674B6 (cs) * 2013-10-03 2017-05-03 Software602 A.S. Způsob zabezpečení mobilních zařízení
US9222282B2 (en) 2013-10-11 2015-12-29 Nexkey, Inc. Energy efficient multi-stable lock cylinder
CA2921718C (fr) * 2013-10-22 2019-02-26 Accenture Global Services Limited Facilitation de transactions securisees en utilisant une interface sans contact
JP6271983B2 (ja) * 2013-12-09 2018-01-31 キヤノン株式会社 通信装置およびその制御方法、プログラム
CN104200176A (zh) * 2014-08-28 2014-12-10 电子科技大学 对智能移动终端中文件进行透明加解密的系统及方法
CN105653963B (zh) 2014-11-20 2020-06-19 阿里巴巴集团控股有限公司 一种信息展示方法及装置
US11423392B1 (en) 2020-12-01 2022-08-23 Wells Fargo Bank, N.A. Systems and methods for information verification using a contactless card

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE521480C2 (sv) * 2001-04-18 2003-11-04 Tagmaster Ab Förfarande jämte anordning för behörighetskontroll och behörighetsstyrning
US7920827B2 (en) * 2002-06-26 2011-04-05 Nokia Corporation Apparatus and method for facilitating physical browsing on wireless devices using radio frequency identification
EP2797020A3 (fr) * 2003-09-30 2014-12-03 Broadcom Corporation Système d'authentification à proximité
US8171531B2 (en) * 2005-11-16 2012-05-01 Broadcom Corporation Universal authentication token
US7562813B2 (en) * 2006-05-10 2009-07-21 First Data Corporation System and method for activating telephone-based payment instrument
US8135956B2 (en) * 2006-12-11 2012-03-13 Palo Alto Research Center Incorporated Systems and methods for lightweight authentication
JP2008171113A (ja) * 2007-01-10 2008-07-24 Konica Minolta Business Technologies Inc 管理端末、画像処理装置、制御システム及び制御プログラム並びに制御方法
US9264231B2 (en) * 2008-01-24 2016-02-16 Intermec Ip Corp. System and method of using RFID tag proximity to grant security access to a computer

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012150585A2 (fr) 2011-05-03 2012-11-08 Verifone, Inc. Système de commerce mobile
US9053478B2 (en) 2011-05-03 2015-06-09 Verifone, Inc. Mobile commerce system
US10068222B2 (en) 2011-05-03 2018-09-04 Verifone, Inc. Mobile commerce system
CN103034823A (zh) * 2011-09-29 2013-04-10 美国博通公司 支持多重身份的装置上的单个 nfc 装置身份选择
WO2014011144A1 (fr) * 2012-07-09 2014-01-16 Intel Corporation Systèmes et procédés permettant de sécuriser des transactions avec des dispositifs mobiles
US10445722B2 (en) 2012-07-09 2019-10-15 Intel Corporation Systems and methods for enabling secure transactions with mobile devices
US9681302B2 (en) 2012-09-10 2017-06-13 Assa Abloy Ab Method, apparatus, and system for providing and using a trusted tag
US10652233B2 (en) 2013-03-15 2020-05-12 Assa Abloy Ab Method, system and device for generating, storing, using, and validating NFC tags and data
US9825941B2 (en) 2013-03-15 2017-11-21 Assa Abloy Ab Method, system, and device for generating, storing, using, and validating tags and data
US9860236B2 (en) 2013-03-15 2018-01-02 Assa Abloy Ab Method, system and device for generating, storing, using, and validating NFC tags and data
US11252569B2 (en) 2013-03-15 2022-02-15 Assa Abloy Ab Method, system, and device for generating, storing, using, and validating NFC tags and data
US10404682B2 (en) 2013-03-15 2019-09-03 Assa Abloy Ab Proof of presence via tag interactions
US9685057B2 (en) 2013-03-15 2017-06-20 Assa Abloy Ab Chain of custody with release process
WO2014140818A3 (fr) * 2013-03-15 2014-12-04 Assa Abloy Ab Procédé, système et dispositif de génération, de stockage, d'utilisation et de validation d'étiquettes et de données
US11172365B2 (en) 2013-03-15 2021-11-09 Assa Abloy Ab Method, system, and device for generating, storing, using, and validating NFC tags and data
US11026092B2 (en) 2013-03-15 2021-06-01 Assa Abloy Ab Proof of presence via tag interactions
US10237072B2 (en) 2013-07-01 2019-03-19 Assa Abloy Ab Signatures for near field communications
WO2015163771A1 (fr) * 2014-04-23 2015-10-29 Julien Truesdale Systèmes de paiement
US9703968B2 (en) 2014-06-16 2017-07-11 Assa Abloy Ab Mechanisms for controlling tag personalization
US10440012B2 (en) 2014-07-15 2019-10-08 Assa Abloy Ab Cloud card application platform
US10609738B2 (en) * 2015-07-14 2020-03-31 Nec Platforms, Ltd. Mobile router, mobile network system, electronic money transaction method and electronic money transaction program
US20180124856A1 (en) * 2015-07-14 2018-05-03 Nec Platforms, Ltd. Mobile router, mobile network system, electronic money transaction method and electronic money transaction program
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system
EP3627424A3 (fr) * 2018-09-19 2020-04-08 Capital One Services, LLC Systèmes et procédés pour fournir des interactions de cartes
US11216806B2 (en) 2018-09-19 2022-01-04 Capital One Services, Llc Systems and methods for providing card interactions
US11861600B2 (en) 2018-09-19 2024-01-02 Capital One Services, Llc Systems and methods for providing card interactions

Also Published As

Publication number Publication date
GB201000837D0 (en) 2010-03-03
WO2011089423A3 (fr) 2011-10-06
GB2476989A (en) 2011-07-20

Similar Documents

Publication Publication Date Title
WO2011089423A2 (fr) Appareil et procédé d'authentification sécurisée
US10977642B2 (en) Apparatuses and methods for operating a portable electronic device to conduct mobile payment transactions
US11392927B2 (en) Multi-function data key
EP2641162B1 (fr) Système et procédé pour fournir des permissions de communication de données sécurisées à des applications de confiance sur un dispositif de communication portable
CN102567910B (zh) Nfc交易服务器
US20130040569A1 (en) Near field communication transactions with information display
US20120159612A1 (en) System for Storing One or More Passwords in a Secure Element
US20120123868A1 (en) System and Method for Physical-World Based Dynamic Contactless Data Emulation in a Portable Communication Device
US20090307140A1 (en) Mobile device over-the-air (ota) registration and point-of-sale (pos) payment
JP2014529964A (ja) モバイル機器経由の安全なトランザクション処理のシステムおよび方法
US20160162893A1 (en) Open, on-device cardholder verification method for mobile devices
KR20150072438A (ko) 모바일 장치 및 전원이 공급되는(powered) 디스플레이 카드를 사용하는 보안 원격 엑세스 및 원격 결제를 위한 시스템 및 방법
CN105556550A (zh) 用于保护在线交易的验证步骤的方法
KR20110033150A (ko) 전자 지급 요청 인증을 위한 방법과 시스템
JP2013140429A (ja) 携帯端末、端末機能管理システム、端末機能管理方法、端末機能管理プログラム、及びそのプログラムを記録するコンピュータ読取可能な記録媒体
WO2022221262A1 (fr) Carte à puce physique polyvalente
JPH10198636A (ja) 個人認証システムおよび個人認証方法
KR20070029537A (ko) 무선단말기와 연동한 개인별고유코드를 활용한인증시스템과 그 방법
KR20160085164A (ko) 배달 서비스를 위한 결제방법, 애플리케이션 시스템, 및 가맹점 장치
JP2003150876A (ja) バーチャルクレジットカード発行方法および利用方法
WO2012066653A1 (fr) Système de transaction électronique, terminal de traitement d'informations capable d'effectuer une transaction électronique, serveur de gestion de transaction électronique, et terminal de caisse capable d'effectuer une transaction électronique
CN102567879A (zh) 无线安全交易付费系统及其方法
KR20090070814A (ko) 이동통신단말기를 신용카드 또는 현금카드로 전환시키는방법과 시스템
KR20200020442A (ko) 결제 금액 설정이 가능한 카드 결제 시스템, 서버 및 방법
WO2013130651A2 (fr) Système permettant d'enregistrer un ou plusieurs mots de passe dans un élément sécurisé

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11734171

Country of ref document: EP

Kind code of ref document: A2