WO2015114460A2 - Improvements relating to activating transaction cards - Google Patents

Improvements relating to activating transaction cards Download PDF

Info

Publication number
WO2015114460A2
WO2015114460A2 PCT/IB2015/000309 IB2015000309W WO2015114460A2 WO 2015114460 A2 WO2015114460 A2 WO 2015114460A2 IB 2015000309 W IB2015000309 W IB 2015000309W WO 2015114460 A2 WO2015114460 A2 WO 2015114460A2
Authority
WO
WIPO (PCT)
Prior art keywords
request
activation
user interaction
vendor
authentication code
Prior art date
Application number
PCT/IB2015/000309
Other languages
French (fr)
Other versions
WO2015114460A3 (en
Inventor
Ralph Mahmoud Omar
Original Assignee
Omarco Network Solutions Limited
DISTEFANO, Luigi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Omarco Network Solutions Limited, DISTEFANO, Luigi filed Critical Omarco Network Solutions Limited
Publication of WO2015114460A2 publication Critical patent/WO2015114460A2/en
Publication of WO2015114460A3 publication Critical patent/WO2015114460A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/354Card activation or deactivation

Definitions

  • the present invention relates to improvements relating to authenticating transaction cards.
  • the invention relates to a system and method for authenticating scratch cards or "top up" transaction cards, such as top up phone cards.
  • transaction cards e.g. such as top up phone cards, instant prize scratch cards or gift vouchers
  • transaction cards typically have a value in their distribution chain which is a problem as the tickets can be stolen and then used illegally. This problem increases costs in policing the distribution chain.
  • transaction cards refer to a range of items that a user may purchase as part of a transaction process.
  • lottery tickets scratch cards for lotteries
  • mobile phone top up vouchers (“top up phone cards”)
  • gift voucher cards e.g. iTunes® gift card
  • the present invention seeks to overcome or substantially mitigate at least some of the above problems.
  • a method of activating a transaction card at an authentication server comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions
  • the method comprising: receiving a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card; generating an authentication code; storing the unique identifier and authentication code in a data store; sending the authentication code to the vendor; receiving an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code; checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store; and, in the event that the identifier and code correspond, activating the transaction card wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active.
  • the present invention provides a method of authenticating a transaction card.
  • An activation server receives a request from a vendor to provide an authentication code for a transaction card that is to be transferred in a transaction to a user.
  • the vendor may include a unique vendor identifier in their request so that they can be identified by the server.
  • the server is arranged to return an authentication code (e.g. a unique purchase number) to the vendor.
  • an authentication code overcomes or mitigates the risk of stolen transaction cards being used.
  • the server receives an activation request to activate the card.
  • the request comprises the unique identifier of the transaction card (e.g. its serial number), the authentication code and symbol data associated with the user interaction symbols on the card.
  • the unique identifier and authentication code received in the activation request may be checked against a data record in the data store (such data record corresponding to the information contained in the vendor request) and in the event that they correspond to the data record the card is activated and an activation message is sent indicating which of the interaction regions is active.
  • the active regions may be selected in dependence on the symbol data received at the server.
  • the present invention generally relates to a method and associated systems for authenticating the validity of transaction cards so as to address problems associated with known methods.
  • the present invention proposes the provision of a composite telecommunications address to a telecommunications server in order to provide the means for authenticating the transaction card and to ensuring that the card has been obtained through legal channels (e.g. via an authorised retailer/vendor).
  • a method of authenticating the transaction card with the telecommunications server there is provided a method of determining the identity of a vendor as part of an authentication process.
  • the use of a composite telecommunications address enables authentication of the vendor and the enablement of multiple types of functionality associated with the transaction card.
  • the transaction card may comprise a printed "paper" card with peel off strips and/or scratch off regions. Alternatively the transaction card may comprise a plastic card with similar strips and/or regions.
  • the authentication process may additionally be linked with the provision of a financial instrument (which requires Know Your Client (KYC functionality) as well as providing an instant prize.
  • KYC functionality Know Your Client
  • the authentication process may additionally unlock further transaction items for an authenticating user, e.g. by the provision of a further physical transaction card or via the provision of an electronic transaction card in the form of a software program.
  • the step of storing the unique identifier and the authentication code may comprise associating the authentication code with the unique identifier.
  • the authentication code may be linked to the unique identifier in a data record within the data store.
  • the activation request may comprise a server address field such that the request comprises a composite telecommunications address having the following fields: server address; unique identifier; authentication code; symbol data.
  • the authentication server may be arranged to extract the various data fields from the composite telecommunications address.
  • the unique identifier and vendor authentication code may be extracted and checked against a data record within the data store.
  • the activation server may mark the transaction card as "awaiting activation"
  • the server may mark the transaction card as inactive if an activation request has not been received within a set period from the vendor request.
  • the one or more interaction symbols on the transaction card may comprise a removable opaque layer covering symbol data, each interaction symbol being associated with different symbol data.
  • the symbol data received in the activation request may comprise symbol data that has been selected by the user removing the opaque layer above a given interaction symbol.
  • the server may direct the user (or vendor in the event that the vendor is removing the opaque layer on behalf of the user) to remove a specific interaction symbol.
  • a first communication may be sent to the server requesting activation of the card, the first communication comprising the vendor authentication code and the unique identifier.
  • the activation server may then check the data store for a user interaction symbol that has been pre-associated with the unique identifier or pick an interaction symbol randomly. The selected interaction symbol is then sent back to user/vendor.
  • a second communication may then be sent to the server comprising the vendor authentication code, the unique identifier and any symbol data that is associated with the indicated user interaction symbol.
  • the activation request is effectively a two part request comprising the first and second communications.
  • symbol data may be located under the removable opaque layer.
  • the received symbol data may be checked against the data store to determine if the received symbol data corresponds to symbol data that has been previously stored in the data store for the given unique identifier and selected interaction symbol.
  • the authentication request may be received from either the user or the vendor depending on the arrangements at the vendor. In the instance that the vendor sends the authentication request then they may enter symbol data under the direction of the user.
  • the activation message may be sent to the user or the vendor.
  • the method may further comprise receiving a further content request following the sending of the activation message, the further content request comprising a request for authorised content from the activation server.
  • the further content request may comprise a passcode identifier retrieved from the user interaction region indicated in the activation message.
  • the one or more user interaction regions on the transaction card may comprise a removable opaque layer covering further content data, each interaction region being associated with different further content data.
  • the activation request may comprise location data.
  • the location data may comprise location data corresponding to the time of a transaction between the vendor and user.
  • the method may comprise checking that the location data corresponds to the location of an authorised vendor.
  • the activation request may comprise a mobile device identifier associated with the user. Further communications received by the server following receipt of the activation request may comprise a mobile device identifier and the method may comprise checking that the mobile device identifier matches the identifier in the activation request in order to verify the identity of the user.
  • the interaction symbols may comprise one or more of: numeric; alphanumeric; Unicode; pictographs; or emoji.
  • the symbol data may comprise a passcode.
  • the data store may comprises a database and the database may comprise a plurality of data records, each data record comprising one or more of the following fields: vendor field; authentication code field; symbol data field; active interaction region field; activation status field.
  • the activation process may enable the status of the vendor to be confirmed to the user during the transaction process.
  • the method may therefore comprise receiving an authentication request from the user to authenticate the vendor, the authentication request comprising the authentication code and the unique identifier.
  • the server may then check the authentication code and unique identifier in the authentication request, verify that the vendor is a registered vendor and send a confirmation message to the user, the confirmation message confirming that the vendor is trusted.
  • the vendor status check may comprise the server checking the details received from the user against known vendors in a trusted vendor database.
  • the vendor status check may also comprise checking that the card details provided by the user during the vendor status check correspond to the card details provided by the vendor in the vendor request.
  • a method of activating a transaction card at an authentication server comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions
  • the method comprising: receiving an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code; checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store; and, in the event that the identifier and code correspond, activating the transaction card wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active.
  • an activation server for activating a transaction card, the card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions
  • the server comprising: an input arranged to receive a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card; a processor arranged to generate an authentication code and to store the unique identifier and authentication code in a data store; an output arranged to send the authentication code to the vendor; wherein the input is arranged to receive an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the vendor authentication code; and the processor is arranged to check that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store and, in the event that the identifier and code correspond, activate the transaction card, the output being arranged to send an activation message to
  • a method of activating a transaction card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions
  • the method comprising: receiving a vendor authentication code from an activation server; sending an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code; receiving an activation message indicating which of the one or more user interaction regions is active.
  • a transaction card for activation in conjunction with an authentication server, the card comprising: a unique identifier; a first user interaction zone comprising one or more user interaction symbols; and a second user interaction zone comprising one or more user interaction regions, the server address layer wherein the one or more interaction symbols comprise a removable opaque layer covering symbol data, each interaction symbol being associated with different symbol data, user interaction symbols and user interaction regions being covered with a removable opaque layer and wherein the one or more user interaction regions comprise a removable opaque layer covering further content data, each interaction region being associated with different further content data.
  • the transaction card may carry server address data, the server address data being covered by a removable opaque layer.
  • the transaction card may comprise a mobile device top-up card.
  • a method of activating a transaction card at an authentication server comprising a unique identifier and a user interaction zone comprising one or more user interaction regions
  • the method comprising: receiving a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card; generating an authentication code; storing the unique identifier and authentication code in a data store; sending the authentication code to the vendor; receiving an activation request, the request comprising the unique identifier of the transaction card and the authentication code; checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store; and, in the event that the identifier and code correspond, activating the transaction card wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active.
  • the invention extends to a carrier medium for carrying a computer readable code for controlling a computer server to carry out the method of the first and second aspects of the invention.
  • Figure 1 is a schematic diagram of an environment according to an embodiment of the invention.
  • FIGS. 2a to 2c are schematic top views of a transaction card according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of the activation system/server of Figure 1 ;
  • FIGS 4 and 5 are data flows of an activation process according to an embodiment of the present invention.
  • Figure 6 shows a data flow of a vendor authentication process according to an embodiment of the present invention
  • Figures 7 and 8 show the data flow of Figure 4 in the form of a flow chart.
  • the present invention provides a system for activating and authenticating transaction cards.
  • the system is arranged to enable users to register purchased transaction cards and to provide users with authentication information regarding transaction cards.
  • FIG. 1 shows an embodiment of the invention and an environment 100 in which the activation system operates.
  • a user 102 comprises a transaction card 104 and a mobile phone 106.
  • a communications network 108 is shown represented by a cellular tower, and is configured to communicate wirelessly with the mobile phone 106.
  • the communications network is operatively connected to the Internet 110.
  • An activation system 112, in the form of an activation server, is also operatively connected to the Internet 110.
  • a Vendor point-of-sale system 114 is also shown comprising a point-of-sale terminal 116, the terminal having a communications module 118, a scanner device 120 and a data store 122.
  • the communications module 118 may be operatively connected to the Internet 110 or alternatively may be connected to the communications network 108 such that the communications module can communicate wirelessly with the network. In a further arrangement the communications module may be connected to both the communications network 108 and the Internet 110.
  • An authorisation code 124 is shown in Figure 1 being delivered to the point-of-sale system 114. As explained in more detail below this authorisation code 124 is generated by the activation system 112 and may be stored locally with the data store 124. The code 124 may either be provided to the user as part of a transaction to purchase the transaction card 104 or may alternatively be used by the vendor during the transaction process.
  • the transaction card 104 has no value until it is activated.
  • the transaction card may be activated by the user using the mobile phone 106 to connect to the activation system 112 as will be explained in more detail below.
  • the transaction card 104 may be a mobile phone "top up" card for obtaining call/data credits.
  • the transaction card may also be a scratch card.
  • a composite telecommunications address 126 is also shown being transmitted to the activation system and is described in more detail below.
  • FIG. 2a shows the transaction card 104 in more detail.
  • the transaction card comprises a number of different areas as will be described below.
  • the transaction card comprises a serial number 140, an activation address region 142, a first user interaction zone 144 comprising one or more user interaction symbols 146 and a second user interaction zone 148 comprising one or more interaction regions 150.
  • the activation address region 42 and the first and second interaction zones (144, 148) are covered with a removable opaque layer 152 and in order to access the information under these layers, the user is required to remove the opaque layer, e.g. by scratching off the layer.
  • the layer may be thermally reactive and may be burned off either by the user or the vendor using a suitable device.
  • the presence of the address 154 is indicated within the activation address area (via the word “ADDRESS"). However, in an actual transaction card 104 the address will not be visible until the opaque layer has been removed. Similarly the "void” symbols 156 shown in the "Game interaction region 150 of the second user interaction zone 146 will not be visible until the opaque layer has been removed. The "address” and void symbols are only visible in Figure 1 to indicate that there is further information under the opaque layer.
  • a number of symbols 146 are shown with the first user interaction zone 144. It is noted that each symbol is printed or otherwise carried on the opaque layer 152. Removal of any of the symbols is arranged to reveal further data, herein referred to as "symbol data".
  • the symbols may comprise Unicode, pictographs, or emoji as well as alphanumeric codes or other identifiers.
  • Figure 2b shows the transaction card 104 of Figure 2a in which one of the symbols 146 has been scratched off to reveal the symbol data underneath. It can be seen that the portion of the opaque layer 152 that included the "arrow" symbol shown in Figure 2a has been scratched off to reveal the symbol data 147 underneath.
  • the symbol data 147 is the code "X2Y6" though it is appreciated that any suitable passcode, numeric or alphanumeric code may be used.
  • the transaction card 104 shown in Figure 2a comprises four interaction regions 150 within the second user interaction zone 148. It is to be recognised however that there may be more or fewer such regions depending on the particular use of the card.
  • the interaction regions within the second user interaction zone are also covered with a removable opaque layer 152. These zones may represent a number of functions, e.g. a scratch card game (where the region underneath may indicate a prize that can be claimed) or a passcode to obtain further content from the activation system.
  • serial number 140 shown in Figures 2a-2c is a numeric code it is to be appreciated that the code may take other forms, e.g. an alphanumeric code, or a symbol based code such as a barcode or QR code 158 that may be read by a suitable scanning apparatus such as the mobile phone of the user or the scanning device of the point-of- sale system.
  • Figure 2c shows where the opaque layer above the third game line has been removed to reveal a passcode 151
  • FIG. 3 shows the activation system 112 in greater detail.
  • the activation system comprises a communications module 160, a processor 162 and a data store 164 such as a database.
  • the communication module 160 and the database 164 are each connected to the processor 162.
  • the communication module 160 is configured to communicate data to and from the Internet 110.
  • the processor 162 is configured to receive requests to activate and/or authenticate transaction cards 104 based on information stored in the database 164.
  • data store 164 in Figure 3 is shown as part of the activation system. In an alternative configuration the data store may be located remotely from the server 112.
  • FIG. 3 also shows the database 164 in greater detail.
  • the database comprises a plurality of data records 166 comprising information associated with each transaction card.
  • Each data record comprises a number of data fields including a serial number field 168, details 170 of the valid/active interaction zones 150 for that card, a card activation field 172, a vendor field 173, a vendor authorisation code field 174, a received symbol data field 176 and a location data field 178. It is noted that some or all of the fields listed above may be present in the database depending on the particular application of the transaction card.
  • the vendor In response to a user requesting a transaction card 104 as part of a transaction at a vendor the vendor sends, in step 200, the card serial number 140 (the unique identifier of the transaction card 104) to the authentication system (server) 1 2.
  • the serial number may conveniently be scanned into the POS terminal 116 using the scanning device 120.
  • serial number may be entered manually into the POS terminal 116 for onward transmission to the authentication server.
  • the vendor may capture the serial number 140 using a suitable image capture device (camera) and the image of the serial number may be sent to the server 2 to be extracted via an optical character recognition (OCR) method or the serial number may be locally extracted from the image using OCR and then sent to the authentication server.
  • OCR optical character recognition
  • the serial number is then received at the server 112 (via the module 160) and the processor 162 is then arranged, in step 202, to generate an authentication code 124 that is unique to the vendor and the received serial number.
  • the processor 162 may also check the vendor's identity (the vendor will include a unique vendor identifier within their message to the server 112) against known authorised vendors stored in the vendor field 173 of the database 164.
  • the authentication system 112 may be pre-loaded with all valid transaction cards 104 that are available in the general transaction environment (i.e. it may have records of all the transaction cards that have been produced and issued for sale).
  • the database 164 will be populated with a plurality of data records 166, each data record corresponding to a particular transaction card 104 and each record comprising the serial number 140 of the transaction card 104.
  • the database 164 may initially be empty of data records 166 and may be populated as cards are sold.
  • the processor 164 may be arranged to validate the received serial number 140 either by a self-contained process (such as a checksum) or by checking with an issuing authority (not shown) that has manufactured and issued the transaction cards.
  • the processor 162 may then update a database entry 166 for the transaction card with the authentication code 124.
  • the authentication code 124 in the embodiment shown in Figure 4 is then returned, in step 204, to the vendor's point-of-sale system 114.
  • the vendor's point-of-sale system 114 is used as a convenient mechanism to supply the serial number 140 of the transaction card 104 to the authentication server 112.
  • the vendor may use a separate communications channel to convey the serial number to the server and to receive the authentication code in return.
  • a dedicated computer system which is separate to the point-of-sale system may be used (similar to how National Lottery terminals in the UK are distinct computer systems to a vendor's point of sale systems) or a mobile communications device (such as a mobile phone, smartphone such as an iPhone® or Android® phone, or a tablet device or other computing device) may be used and a suitable communication such as an SMS or an email may be sent.
  • the vendor may then provide, in step 206, the authentication code 124 to the user, e.g. via a printed receipt for the transaction.
  • the user then removes, in step 208, the opaque layer 152 from one of the symbols 1416 to reveal symbol data 147 underneath.
  • the user sends, in step 210, a composite telecommunications message 126 to the authentication server 112, the message comprising: the address 154 of the authentication server (e.g. www.authenticateserver.com/ or a telephone number), the serial number 140 of the transaction card (e.g. 12345678), the symbol data 147 determined by the user and the vendor's authentication code 124.
  • the composite telecommunications address 126 may comprise a telephone number with further numbers (serial number, symbol data, authentication code appended to the telephone number).
  • the composite telecommunications message 126 is received by the server 112 which then proceeds to extract the serial number of the transaction card 104, the symbol data 47 and the authentication code 124.
  • the database 164 may then be checked, in step 212, to ascertain if the serial number 140-authentication code 124 tuple received by the server 112 from the user matches the database record 166 for that card 104. In the event that the data matches then a flag within the database 64 may be set to indicate that the card has been activated (see data field 172 in Figure 3 and the "YTN" flag).
  • the transaction card may comprise a plurality of user interaction regions 150.
  • the processor may be arranged to select one of these regions for activation on the basis of the received symbol data 147. Confirmation of which interaction region 150 is active may then be sent, in step 214, to the user who can proceed to reveal, in step 216, interaction region data 151 in the selected interaction region 150 by removing the opaque layer 152 in the region in question. This is shown in Figure 2c where the opaque layer above the third game line has been removed to reveal a passcode 151.
  • the area undemeath the selected interaction region may encapsulate different functionality types. For example, an "instant win" style game may be encoded underneath which can be redeemed at the vendor (or any participating vendor) in the event of a win. Alternatively, the area may be used to encode further data that can be used to access further authorised content.
  • the user may be provided with number/symbol data that can be sent, in step 218, to the activation server 112.
  • the server 112 may, in step 219, may retrieve authorised content associated with the provided number/symbol and then send the authorised content in step 220, e.g. to the user's mobile phone.
  • authorised content may comprise a data file (e.g. containing confidential information) or a software application (such as an electronic game or electronic lottery game).
  • an authentication code to the vendor links the transaction card to a given transaction at a particular vendor. This mitigates against the risk of stolen cards being used since the use of a transaction card without an accompanying authentication code will raise a warning flag within the activation system which may then deactivate or suspend the card as far as any associated benefits are concerned. For example, if a user attempts to activate the card without the authentication code then the server may deactivate the card by returning an invalid message if the card is subsequently presented to a vendor. If the transaction card is a "top-up" type card (i.e. associated with a mobile phone call/data amount) then the call/data amount may be deactivated.
  • the activation system may merely return an error message and request the authentication code in order to proceed further.
  • a further benefit provided by the above authentication method is in the selection and activation of a particular interaction region within the second user interaction zone 148. If a user removes the opaque layer in an area not determined to be valid then they run the risk of invalidating the card. It is noted that more that the activation system may be able to select more than one of the available interaction regions in the second user interaction zone to be active, e.g. the user may be authorised to remove more than one opaque layer. Alternatively, the activation server may select a given interaction region depending on the symbol choice made by the user.
  • This ability to effectively configure the active regions of the second user interaction zone provides a means for extending the functionality of the transaction card. It is noted that when the user wishes to redeem a transaction card they may return to a vendor (not necessarily the same vendor that sold the transaction card). The vendor may scan the transaction card and contact the activation system (e.g. via their point-of-sale system as noted above) in order to validate the transaction card.
  • This redemption process is shown in Figure 5 in which the user provides the card 104 for redemption in step 300.
  • the vendor may enter the details of the exposed interaction region and confirm that no further interaction regions have been revealed.
  • the transaction card serial number, details of the exposed region and confirmation of the integrity of the rest of the transaction card may then be sent, in step 302, to the activation server as part of a validation information message.
  • the activation server may check, in step 304, the database entry associated with that serial number. The server may check that the interaction region indicated as used in the validation information message corresponds to the valid region listed in the database entry. In this manner the activation server may be able to validate the transaction card as valid and authentic at any participating vendor. This reduces the risk of forged transaction cards being redeemed by vendors. Confirmation of redemption is then sent in step 306 to the vendor.
  • the activation server may not be configured to send an authorisation code to the vendor during the transaction process between the user and the vendor.
  • the user sends three pieces of information (composite telecommunication address 126 comprises the address of the activation sever, the serial number of the transaction card and symbol data) to the activation server in step 210 rather than the four pieces of information (the above three pieces plus the authentication code) described in relation to Figure 4 above.
  • the user may be directed by the server 112 to remove the opaque layer from a given user interaction symbol rather than the user having the freedom to choose their own symbol.
  • the user would communicate the serial number of the card to the activation system, the activation system would then return the activation symbol corresponding to a symbol on the card.
  • the user would then remove the opaque layer corresponding to the server selected symbol to reveal symbol data associated with that symbol on the card.
  • the user would provide the symbol data to the activation system.
  • the symbol data would represent predetermined information that is part of the activation system's information stored in its data records (e.g. stored in the database 164) for each manufactured transaction card.
  • the activation system would then determine whether the symbol data received from the user matched the symbol data from the database 164. This mechanism would provide a countermeasure against forged transaction cards being redeemed at vendors.
  • activation of a transaction car may involve the user having a downloaded app on their mobile phone or mobile browser which takes the user to a mobile web page where they are asked to enter in the serial number of the scratch card and to enter the telecommunications address of the activation system along with the vendor's authentication code.
  • the mobile app may send a mobile device ID (e.g. the telephone number of the device or the device's serial number or any other available unique identifier) to the activation system in step 210 which stores this in the database 164 (either "as received” or a hashed version of the ID in order to preserve anonymity of the user).
  • a mobile device ID e.g. the telephone number of the device or the device's serial number or any other available unique identifier
  • the mobile device ID may be sent again to enable a comparison with the device ID stored in the database. This ensures that the transaction card has not been lost or stolen between activation and redemption.
  • the user may send location information, e.g. GPS data collected via the user's mobile device, in order to verify the purchase location. Such location data may be sent at the point of transaction or alternatively an application on the user's mobile device may collect location data periodically and may send location data for a particular time frame when requested by the activation system. This would enable the activation system to cross check the purchase location against the vendor's location to ensure the transaction card was not stolen. In this example the vendor would have transmitted transaction time data during the transaction process.
  • the transaction card may be presented to the vendor during activation process of Figure 4 and it may be the vendor that removes the opaque layer 152 associated with the symbol 146 within the first user interaction zone 144 elected by the user/activation server 112 and/or the user interaction region 150 selected by the activation server.
  • the point-of-sale system 114 may also be fitted with the means to automatically remove the opaque layer, e.g. a laser device in the cash till proximate to the scanner device may thermally react with the opaque layer.
  • the transaction card may then be returned to the user who transmits the symbol data 147 that has been revealed from underneath the opaque layer to the activation server 112 in order to complete activation and receive an indication from the activation server as to which interaction region 150 within the second user interaction zone 152 is active.
  • the transaction card may be associated with registering a financial instrument as well as providing an instant prize.
  • the transaction card may be embodied on an instant win card, a mobile device "top up” card, gift cards etc. Revealing specific content in an activated interaction region may be associated with the provision of a further transaction card to the user, e.g. provision of a lottery card, scratch card etc.
  • the transaction card 104 may be a top-up card providing credit to the user in respect of an activity (e.g. data/phone calls).
  • an activity e.g. data/phone calls.
  • the user may be offered the ability to increase the value of the credit by following the activation process.
  • the activation process may enable the status of the vendor to be confirmed to the user during the transaction process as shown in Figure 6. It is noted that the process shown in Figure 6 occurs between the receipt of the authentication code 124 in step 206 of Figure 4 and the obtaining symbol data step 208.
  • step 400 rather than sending the composite telecommunications address message 126, the user instead sends an authentication request message to the server 112 in which the user requests that the server authenticates the vendor as a registered vendor.
  • the server 112 checks its records (e.g. the database 164 or another data record system) to determine if the vendor is a registered vendor known to the activation system.
  • the vendor status check may comprise the server checking the details received from the user against known vendors in a trusted vendor database.
  • the vendor status check may also comprise checking that the card details provided by the user during the vendor status check correspond to the card details provided by the vendor in the vendor request.
  • step 404 in the event that the vendor is a trusted vendor, the server sends a confirmation message to the user, the confirmation message confirming that the vendor is trusted.
  • step 208 as shown in Figure 4.
  • the process described in Figure 6 enables the user to enter into a transaction with the vendor safe in the knowledge that the vendor is known to the activation system.
  • the process is shown for a trusted vendor and authentic transaction card.
  • the authentication code provide to the user by the vendor in step 206 would be fake and this would be detected by the activation server 112 during the process of Figure 6.
  • the activation server 112 may comprise a public "vendor status check" address that is publicly known independent of any vendor or any particular transaction.
  • the above described actions taken by the user at their mobile device 106 may be made via a dedicated mobile application ("app").
  • the mobile device may be a mobile phone, smartphone, tablet device or other suitable telecommunications device.
  • a method of activating a transaction card at an authentication server comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising:
  • the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code;
  • activation comprises sending an activation message indicating which of the one or more user interaction regions is active.
  • a method as claimed in any preceding clause comprising marking the transaction card as awaiting activation upon receiving the vendor request.
  • activation request comprises symbol data following removal of the opaque layer associated with an interaction symbol selected by the activation server.
  • a method as claimed in any preceding clause comprising receiving a further content request following the sending of the activation message, the further content request comprising a request for authorised content from the activation server.
  • the one or more user interaction regions on the transaction card comprise a removable opaque layer covering further content data, each interaction region being associated with different further content data.
  • the activation request comprises location data.
  • location data comprises location data corresponding to the time of a transaction between the vendor and user.
  • a method as claimed in Clause 17, comprising checking that the location data corresponds to the location of an authorised vendor. 19. A method as claimed in any preceding clause, wherein the activation request comprises a mobile device identifier associated with the user.
  • communications received by the server following the activation request comprise a mobile device identifier and the method comprises checking that the mobile device identifier matches the identifier in the activation request in order to verify the identity of the user.
  • interaction symbols comprise one or more of: numeric; alphanumeric; Unicode; pictographs; or emoji.
  • each data record comprising one or more of the following fields: vendor field; authentication code field; symbol data field; active interaction region field; activation status field.
  • a method as claimed in any preceding clause comprising receiving an authentication request from the user to authenticate the vendor, the authentication request comprising the authentication code and the unique identifier.
  • a method as claimed in Clause 25, comprising checking the authentication code and unique identifier in the authentication request, verifying that the vendor is a registered vendor, sending a confirmation message to the user, the confirmation message confirming that the vendor is trusted.
  • a method of activating a transaction card at an authentication server comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising:
  • the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code;
  • activation comprises sending an activation message indicating which of the one or more user interaction regions Is active.
  • An activation server for activating a transaction card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the server comprising:
  • an input arranged to receive a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card;
  • a processor arranged to generate an authentication code and to store the unique identifier and authentication code in a data store
  • the input is arranged to receive an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the vendor authentication code; and the processor is arranged to check that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store and, in the event that the identifier and code correspond, activate the transaction card, the output being arranged to send an activation message to the user indicating which of the one or more user interaction regions is active.
  • a method of activating a transaction card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising:
  • an activation request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code;
  • a transaction card for activation in conjunction with an authentication server comprising:
  • first user interaction zone comprising one or more user interaction symbols
  • second user interaction zone comprising one or more user interaction regions
  • the one or more interaction symbols comprise a removable opaque layer covering symbol data, each interaction symbol being associated with different symbol data, user interaction symbols and user interaction regions being covered with a removable opaque layer and wherein the one or more user interaction regions comprise a removable opaque layer covering further content data, each interaction region being associated with different further content data.
  • 33. A method of activating a transaction card at an authentication server, the card comprising a unique identifier and a user interaction zone comprising one or more user interaction regions, the method comprising:
  • the request comprising the unique identifier of the transaction card and the authentication code
  • activation comprises sending an activation message indicating which of the one or more user interaction regions is active.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

A method of activating a transaction card at an authentication server, the card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising: receiving a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card; generating an authentication code; storing the unique identifier and authentication code in a data store; sending the authentication code to the vendor; receiving an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code; checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store; and, in the event that the identifier and code correspond, activating the transaction card wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active.

Description

IMPROVEMENTS RELATING TO ACTIVATING TRANSACTION CARDS
TECHNICAL FIELD The present invention relates to improvements relating to authenticating transaction cards. In particular, but not exclusively, the invention relates to a system and method for authenticating scratch cards or "top up" transaction cards, such as top up phone cards.
BACKGROUND
At present, transaction cards (e.g. such as top up phone cards, instant prize scratch cards or gift vouchers) typically have a value in their distribution chain which is a problem as the tickets can be stolen and then used illegally. This problem increases costs in policing the distribution chain.
Additionally, such cards typically only have a single function, e.g. as a lottery card, which limits the use of the card. Finally, the authenticity of the vendor within the distribution chain is not checked on purchase as no mechanisms exist to confirm the vendor's identity.
It is noted that within the context of the following disclosure references to "transaction cards" refer to a range of items that a user may purchase as part of a transaction process. For example, lottery tickets, scratch cards for lotteries, mobile phone top up vouchers ("top up phone cards"), gift voucher cards (e.g. iTunes® gift card)
The present invention seeks to overcome or substantially mitigate at least some of the above problems.
STATEMENTS OF INVENTION
According to a first aspect of the present invention there is provided a method of activating a transaction card at an authentication server, the card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising: receiving a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card; generating an authentication code; storing the unique identifier and authentication code in a data store; sending the authentication code to the vendor; receiving an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code; checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store; and, in the event that the identifier and code correspond, activating the transaction card wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active.
The present invention provides a method of authenticating a transaction card. An activation server receives a request from a vendor to provide an authentication code for a transaction card that is to be transferred in a transaction to a user. The vendor may include a unique vendor identifier in their request so that they can be identified by the server. The server is arranged to return an authentication code (e.g. a unique purchase number) to the vendor. Such an authentication code overcomes or mitigates the risk of stolen transaction cards being used.
Subsequent to sending the authentication code the server receives an activation request to activate the card. The request comprises the unique identifier of the transaction card (e.g. its serial number), the authentication code and symbol data associated with the user interaction symbols on the card.
The unique identifier and authentication code received in the activation request may be checked against a data record in the data store (such data record corresponding to the information contained in the vendor request) and in the event that they correspond to the data record the card is activated and an activation message is sent indicating which of the interaction regions is active. The active regions may be selected in dependence on the symbol data received at the server.
The present invention generally relates to a method and associated systems for authenticating the validity of transaction cards so as to address problems associated with known methods. In particular, the present invention proposes the provision of a composite telecommunications address to a telecommunications server in order to provide the means for authenticating the transaction card and to ensuring that the card has been obtained through legal channels (e.g. via an authorised retailer/vendor). In one aspects of the present invention there is provided a method of authenticating the transaction card with the telecommunications server. In another aspect of the present invention there is provided a method of determining the identity of a vendor as part of an authentication process.
The use of a composite telecommunications address enables authentication of the vendor and the enablement of multiple types of functionality associated with the transaction card. The transaction card may comprise a printed "paper" card with peel off strips and/or scratch off regions. Alternatively the transaction card may comprise a plastic card with similar strips and/or regions. The authentication process may additionally be linked with the provision of a financial instrument (which requires Know Your Client (KYC functionality) as well as providing an instant prize. The authentication process may additionally unlock further transaction items for an authenticating user, e.g. by the provision of a further physical transaction card or via the provision of an electronic transaction card in the form of a software program.
The step of storing the unique identifier and the authentication code may comprise associating the authentication code with the unique identifier. The authentication code may be linked to the unique identifier in a data record within the data store.
The activation request may comprise a server address field such that the request comprises a composite telecommunications address having the following fields: server address; unique identifier; authentication code; symbol data.
The authentication server may be arranged to extract the various data fields from the composite telecommunications address. The unique identifier and vendor authentication code may be extracted and checked against a data record within the data store.
Upon receiving the vendor request for an authentication code, the activation server may mark the transaction card as "awaiting activation" The server may mark the transaction card as inactive if an activation request has not been received within a set period from the vendor request. The one or more interaction symbols on the transaction card may comprise a removable opaque layer covering symbol data, each interaction symbol being associated with different symbol data. The symbol data received in the activation request may comprise symbol data that has been selected by the user removing the opaque layer above a given interaction symbol.
Alternatively, the server may direct the user (or vendor in the event that the vendor is removing the opaque layer on behalf of the user) to remove a specific interaction symbol. In this alternative mode of operation a first communication may be sent to the server requesting activation of the card, the first communication comprising the vendor authentication code and the unique identifier. Upon receipt of the first communication the activation server may then check the data store for a user interaction symbol that has been pre-associated with the unique identifier or pick an interaction symbol randomly. The selected interaction symbol is then sent back to user/vendor. A second communication may then be sent to the server comprising the vendor authentication code, the unique identifier and any symbol data that is associated with the indicated user interaction symbol. In this alternative arrangement the activation request is effectively a two part request comprising the first and second communications.
As noted above the symbol data may be located under the removable opaque layer.
The received symbol data may be checked against the data store to determine if the received symbol data corresponds to symbol data that has been previously stored in the data store for the given unique identifier and selected interaction symbol.
The authentication request may be received from either the user or the vendor depending on the arrangements at the vendor. In the instance that the vendor sends the authentication request then they may enter symbol data under the direction of the user. The activation message may be sent to the user or the vendor.
The method may further comprise receiving a further content request following the sending of the activation message, the further content request comprising a request for authorised content from the activation server. The further content request may comprise a passcode identifier retrieved from the user interaction region indicated in the activation message. The one or more user interaction regions on the transaction card may comprise a removable opaque layer covering further content data, each interaction region being associated with different further content data.
The activation request may comprise location data. The location data may comprise location data corresponding to the time of a transaction between the vendor and user. The method may comprise checking that the location data corresponds to the location of an authorised vendor.
The activation request may comprise a mobile device identifier associated with the user. Further communications received by the server following receipt of the activation request may comprise a mobile device identifier and the method may comprise checking that the mobile device identifier matches the identifier in the activation request in order to verify the identity of the user.
The interaction symbols may comprise one or more of: numeric; alphanumeric; Unicode; pictographs; or emoji. The symbol data may comprise a passcode. The data store may comprises a database and the database may comprise a plurality of data records, each data record comprising one or more of the following fields: vendor field; authentication code field; symbol data field; active interaction region field; activation status field. Conveniently, the activation process may enable the status of the vendor to be confirmed to the user during the transaction process. The method may therefore comprise receiving an authentication request from the user to authenticate the vendor, the authentication request comprising the authentication code and the unique identifier. The server may then check the authentication code and unique identifier in the authentication request, verify that the vendor is a registered vendor and send a confirmation message to the user, the confirmation message confirming that the vendor is trusted. The vendor status check may comprise the server checking the details received from the user against known vendors in a trusted vendor database. The vendor status check may also comprise checking that the card details provided by the user during the vendor status check correspond to the card details provided by the vendor in the vendor request. According to a second aspect of the present invention there is provided a method of activating a transaction card at an authentication server, the card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising: receiving an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code; checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store; and, in the event that the identifier and code correspond, activating the transaction card wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active.
According to a third aspect of the present invention there is provided an activation server for activating a transaction card, the card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the server comprising: an input arranged to receive a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card; a processor arranged to generate an authentication code and to store the unique identifier and authentication code in a data store; an output arranged to send the authentication code to the vendor; wherein the input is arranged to receive an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the vendor authentication code; and the processor is arranged to check that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store and, in the event that the identifier and code correspond, activate the transaction card, the output being arranged to send an activation message to the user indicating which of the one or more user interaction regions is active.
According to a fourth aspect of the present invention there is provided a method of activating a transaction card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising: receiving a vendor authentication code from an activation server; sending an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code; receiving an activation message indicating which of the one or more user interaction regions is active.
According to a fifth aspect of the present invention there is provided a transaction card for activation in conjunction with an authentication server, the card comprising: a unique identifier; a first user interaction zone comprising one or more user interaction symbols; and a second user interaction zone comprising one or more user interaction regions, the server address layer wherein the one or more interaction symbols comprise a removable opaque layer covering symbol data, each interaction symbol being associated with different symbol data, user interaction symbols and user interaction regions being covered with a removable opaque layer and wherein the one or more user interaction regions comprise a removable opaque layer covering further content data, each interaction region being associated with different further content data. The transaction card may carry server address data, the server address data being covered by a removable opaque layer. The transaction card may comprise a mobile device top-up card.
According to a sixth aspect of the present invention there is provided a method of activating a transaction card at an authentication server, the card comprising a unique identifier and a user interaction zone comprising one or more user interaction regions, the method comprising: receiving a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card; generating an authentication code; storing the unique identifier and authentication code in a data store; sending the authentication code to the vendor; receiving an activation request, the request comprising the unique identifier of the transaction card and the authentication code; checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store; and, in the event that the identifier and code correspond, activating the transaction card wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active. The invention extends to a carrier medium for carrying a computer readable code for controlling a computer server to carry out the method of the first and second aspects of the invention.
Within the scope of this application it is expressly intended that the various aspects, embodiments, examples and alternatives set out in the preceding paragraphs, in the claims and/or in the following description and drawings, and in particular the individual features thereof, may be taken independently or in any combination. That is, all embodiments and/or features of any embodiment can be combined in any way and/or combination, unless such features are incompatible. The applicant reserves the right to change any originally filed claim or file any new claim accordingly, including the right to amend any originally filed claim to depend from and/or incorporate any feature of any other claim although not originally claimed in that manner.
BRIEF DESCRIPTION OF THE DRAWINGS
One or more embodiments of the invention will now be described, by way of example, with reference to the accompanying drawings, in which:
Figure 1 is a schematic diagram of an environment according to an embodiment of the invention;
Figures 2a to 2c are schematic top views of a transaction card according to an embodiment of the present invention;
Figure 3 is a schematic diagram of the activation system/server of Figure 1 ;
Figures 4 and 5 are data flows of an activation process according to an embodiment of the present invention;
Figure 6 shows a data flow of a vendor authentication process according to an embodiment of the present invention; Figures 7 and 8 show the data flow of Figure 4 in the form of a flow chart. DETAILED DESCRIPTION
In the following description like numerals are used to indicate like features within the figures.
In one aspect, the present invention provides a system for activating and authenticating transaction cards. The system is arranged to enable users to register purchased transaction cards and to provide users with authentication information regarding transaction cards.
Figure 1 shows an embodiment of the invention and an environment 100 in which the activation system operates. A user 102 comprises a transaction card 104 and a mobile phone 106. A communications network 108 is shown represented by a cellular tower, and is configured to communicate wirelessly with the mobile phone 106. The communications network is operatively connected to the Internet 110. An activation system 112, in the form of an activation server, is also operatively connected to the Internet 110. A Vendor point-of-sale system 114 is also shown comprising a point-of-sale terminal 116, the terminal having a communications module 118, a scanner device 120 and a data store 122. The communications module 118 may be operatively connected to the Internet 110 or alternatively may be connected to the communications network 108 such that the communications module can communicate wirelessly with the network. In a further arrangement the communications module may be connected to both the communications network 108 and the Internet 110.
An authorisation code 124 is shown in Figure 1 being delivered to the point-of-sale system 114. As explained in more detail below this authorisation code 124 is generated by the activation system 112 and may be stored locally with the data store 124. The code 124 may either be provided to the user as part of a transaction to purchase the transaction card 104 or may alternatively be used by the vendor during the transaction process. The transaction card 104 has no value until it is activated. The transaction card may be activated by the user using the mobile phone 106 to connect to the activation system 112 as will be explained in more detail below. In one example, the transaction card 104 may be a mobile phone "top up" card for obtaining call/data credits. The transaction card may also be a scratch card. A composite telecommunications address 126 is also shown being transmitted to the activation system and is described in more detail below.
Figure 2a shows the transaction card 104 in more detail. The transaction card comprises a number of different areas as will be described below.
The transaction card comprises a serial number 140, an activation address region 142, a first user interaction zone 144 comprising one or more user interaction symbols 146 and a second user interaction zone 148 comprising one or more interaction regions 150. It is noted that in the embodiment shown in Figure 2a, the activation address region 42 and the first and second interaction zones (144, 148) are covered with a removable opaque layer 152 and in order to access the information under these layers, the user is required to remove the opaque layer, e.g. by scratching off the layer. As an alternative the layer may be thermally reactive and may be burned off either by the user or the vendor using a suitable device.
Within the context of the illustration of Figure 2a, the presence of the address 154 is indicated within the activation address area (via the word "ADDRESS"). However, in an actual transaction card 104 the address will not be visible until the opaque layer has been removed. Similarly the "void" symbols 156 shown in the "Game interaction region 150 of the second user interaction zone 146 will not be visible until the opaque layer has been removed. The "address" and void symbols are only visible in Figure 1 to indicate that there is further information under the opaque layer.
A number of symbols 146 are shown with the first user interaction zone 144. It is noted that each symbol is printed or otherwise carried on the opaque layer 152. Removal of any of the symbols is arranged to reveal further data, herein referred to as "symbol data". The symbols may comprise Unicode, pictographs, or emoji as well as alphanumeric codes or other identifiers. Figure 2b shows the transaction card 104 of Figure 2a in which one of the symbols 146 has been scratched off to reveal the symbol data underneath. It can be seen that the portion of the opaque layer 152 that included the "arrow" symbol shown in Figure 2a has been scratched off to reveal the symbol data 147 underneath. In this example the symbol data 147 is the code "X2Y6" though it is appreciated that any suitable passcode, numeric or alphanumeric code may be used.
The transaction card 104 shown in Figure 2a comprises four interaction regions 150 within the second user interaction zone 148. It is to be recognised however that there may be more or fewer such regions depending on the particular use of the card. The interaction regions within the second user interaction zone are also covered with a removable opaque layer 152. These zones may represent a number of functions, e.g. a scratch card game (where the region underneath may indicate a prize that can be claimed) or a passcode to obtain further content from the activation system.
Although the serial number 140 shown in Figures 2a-2c is a numeric code it is to be appreciated that the code may take other forms, e.g. an alphanumeric code, or a symbol based code such as a barcode or QR code 158 that may be read by a suitable scanning apparatus such as the mobile phone of the user or the scanning device of the point-of- sale system. Figure 2c shows where the opaque layer above the third game line has been removed to reveal a passcode 151
Figure 3 shows the activation system 112 in greater detail. The activation system comprises a communications module 160, a processor 162 and a data store 164 such as a database. The communication module 160 and the database 164 are each connected to the processor 162. The communication module 160 is configured to communicate data to and from the Internet 110. The processor 162 is configured to receive requests to activate and/or authenticate transaction cards 104 based on information stored in the database 164.
It is noted that the data store 164 in Figure 3 is shown as part of the activation system. In an alternative configuration the data store may be located remotely from the server 112.
Figure 3 also shows the database 164 in greater detail. The database comprises a plurality of data records 166 comprising information associated with each transaction card. Each data record comprises a number of data fields including a serial number field 168, details 170 of the valid/active interaction zones 150 for that card, a card activation field 172, a vendor field 173, a vendor authorisation code field 174, a received symbol data field 176 and a location data field 178. It is noted that some or all of the fields listed above may be present in the database depending on the particular application of the transaction card.
An example of the mode of operation of the authentication system 112 according to an embodiment of the present invention is now described in relation to the data flow diagram of Figure 4 in conjunction with the schematic diagrams of Figures 1, 2a-2c and 3. The data flow diagram of Figure 4 is also shown in flow chart form in Figure 7 and 8.
In response to a user requesting a transaction card 104 as part of a transaction at a vendor the vendor sends, in step 200, the card serial number 140 (the unique identifier of the transaction card 104) to the authentication system (server) 1 2.
In the event that the card serial number is a barcode/QR code 158 then the serial number may conveniently be scanned into the POS terminal 116 using the scanning device 120.
As an alternative the serial number may be entered manually into the POS terminal 116 for onward transmission to the authentication server.
As a further alternative the vendor may capture the serial number 140 using a suitable image capture device (camera) and the image of the serial number may be sent to the server 2 to be extracted via an optical character recognition (OCR) method or the serial number may be locally extracted from the image using OCR and then sent to the authentication server.
The serial number is then received at the server 112 (via the module 160) and the processor 162 is then arranged, in step 202, to generate an authentication code 124 that is unique to the vendor and the received serial number. In step 202, the processor 162 may also check the vendor's identity (the vendor will include a unique vendor identifier within their message to the server 112) against known authorised vendors stored in the vendor field 173 of the database 164. The authentication system 112 may be pre-loaded with all valid transaction cards 104 that are available in the general transaction environment (i.e. it may have records of all the transaction cards that have been produced and issued for sale). In such an example the database 164 will be populated with a plurality of data records 166, each data record corresponding to a particular transaction card 104 and each record comprising the serial number 140 of the transaction card 104.
Alternatively, the database 164 may initially be empty of data records 166 and may be populated as cards are sold. In this example, the processor 164 may be arranged to validate the received serial number 140 either by a self-contained process (such as a checksum) or by checking with an issuing authority (not shown) that has manufactured and issued the transaction cards.
Once the authentication code has been generated, the processor 162 may then update a database entry 166 for the transaction card with the authentication code 124. The authentication code 124 in the embodiment shown in Figure 4 is then returned, in step 204, to the vendor's point-of-sale system 114.
In the above description the vendor's point-of-sale system 114 is used as a convenient mechanism to supply the serial number 140 of the transaction card 104 to the authentication server 112. In an alternative arrangement the vendor may use a separate communications channel to convey the serial number to the server and to receive the authentication code in return. For example, a dedicated computer system which is separate to the point-of-sale system may be used (similar to how National Lottery terminals in the UK are distinct computer systems to a vendor's point of sale systems) or a mobile communications device (such as a mobile phone, smartphone such as an iPhone® or Android® phone, or a tablet device or other computing device) may be used and a suitable communication such as an SMS or an email may be sent.
Returning to Figure 4 the vendor may then provide, in step 206, the authentication code 124 to the user, e.g. via a printed receipt for the transaction. The user then removes, in step 208, the opaque layer 152 from one of the symbols 1416 to reveal symbol data 147 underneath.
In order to validate and activate the card 104 the user sends, in step 210, a composite telecommunications message 126 to the authentication server 112, the message comprising: the address 154 of the authentication server (e.g. www.authenticateserver.com/ or a telephone number), the serial number 140 of the transaction card (e.g. 12345678), the symbol data 147 determined by the user and the vendor's authentication code 124. In one example therefore the composite telecommunications address 126 may comprise a telephone number with further numbers (serial number, symbol data, authentication code appended to the telephone number).
The composite telecommunications message 126 is received by the server 112 which then proceeds to extract the serial number of the transaction card 104, the symbol data 47 and the authentication code 124.
The database 164 may then be checked, in step 212, to ascertain if the serial number 140-authentication code 124 tuple received by the server 112 from the user matches the database record 166 for that card 104. In the event that the data matches then a flag within the database 64 may be set to indicate that the card has been activated (see data field 172 in Figure 3 and the "YTN" flag).
As noted above the transaction card may comprise a plurality of user interaction regions 150. The processor may be arranged to select one of these regions for activation on the basis of the received symbol data 147. Confirmation of which interaction region 150 is active may then be sent, in step 214, to the user who can proceed to reveal, in step 216, interaction region data 151 in the selected interaction region 150 by removing the opaque layer 152 in the region in question. This is shown in Figure 2c where the opaque layer above the third game line has been removed to reveal a passcode 151.
The area undemeath the selected interaction region may encapsulate different functionality types. For example, an "instant win" style game may be encoded underneath which can be redeemed at the vendor (or any participating vendor) in the event of a win. Alternatively, the area may be used to encode further data that can be used to access further authorised content. For example, the user may be provided with number/symbol data that can be sent, in step 218, to the activation server 112. The server 112 may, in step 219, may retrieve authorised content associated with the provided number/symbol and then send the authorised content in step 220, e.g. to the user's mobile phone. Such authorised content may comprise a data file (e.g. containing confidential information) or a software application (such as an electronic game or electronic lottery game).
It is noted that the above authentication method provides a number of benefits over current arrangements.
The provision of an authentication code to the vendor as part of the activation process links the transaction card to a given transaction at a particular vendor. This mitigates against the risk of stolen cards being used since the use of a transaction card without an accompanying authentication code will raise a warning flag within the activation system which may then deactivate or suspend the card as far as any associated benefits are concerned. For example, if a user attempts to activate the card without the authentication code then the server may deactivate the card by returning an invalid message if the card is subsequently presented to a vendor. If the transaction card is a "top-up" type card (i.e. associated with a mobile phone call/data amount) then the call/data amount may be deactivated. To account for the possibility that the user has merely forgotten to enter the authentication code then the activation system may merely return an error message and request the authentication code in order to proceed further. A further benefit provided by the above authentication method is in the selection and activation of a particular interaction region within the second user interaction zone 148. If a user removes the opaque layer in an area not determined to be valid then they run the risk of invalidating the card. It is noted that more that the activation system may be able to select more than one of the available interaction regions in the second user interaction zone to be active, e.g. the user may be authorised to remove more than one opaque layer. Alternatively, the activation server may select a given interaction region depending on the symbol choice made by the user. This ability to effectively configure the active regions of the second user interaction zone provides a means for extending the functionality of the transaction card. It is noted that when the user wishes to redeem a transaction card they may return to a vendor (not necessarily the same vendor that sold the transaction card). The vendor may scan the transaction card and contact the activation system (e.g. via their point-of-sale system as noted above) in order to validate the transaction card.
This redemption process is shown in Figure 5 in which the user provides the card 104 for redemption in step 300. At this point the vendor may enter the details of the exposed interaction region and confirm that no further interaction regions have been revealed. The transaction card serial number, details of the exposed region and confirmation of the integrity of the rest of the transaction card may then be sent, in step 302, to the activation server as part of a validation information message.
Upon receipt of the validation information message the activation server may check, in step 304, the database entry associated with that serial number. The server may check that the interaction region indicated as used in the validation information message corresponds to the valid region listed in the database entry. In this manner the activation server may be able to validate the transaction card as valid and authentic at any participating vendor. This reduces the risk of forged transaction cards being redeemed by vendors. Confirmation of redemption is then sent in step 306 to the vendor.
Further examples of transaction cards in accordance with embodiments of the present invention are described below. In a first example the activation server may not be configured to send an authorisation code to the vendor during the transaction process between the user and the vendor.
In such an arrangement the user sends three pieces of information (composite telecommunication address 126 comprises the address of the activation sever, the serial number of the transaction card and symbol data) to the activation server in step 210 rather than the four pieces of information (the above three pieces plus the authentication code) described in relation to Figure 4 above.
This arrangement would not enable the identity of the vendor to be checked but would allow the authenticity of the transaction card to be verified against a database of known valid transaction cards. In a further example, the user may be directed by the server 112 to remove the opaque layer from a given user interaction symbol rather than the user having the freedom to choose their own symbol. To activate such a transaction card, the user would communicate the serial number of the card to the activation system, the activation system would then return the activation symbol corresponding to a symbol on the card. The user would then remove the opaque layer corresponding to the server selected symbol to reveal symbol data associated with that symbol on the card. The user would provide the symbol data to the activation system. The symbol data would represent predetermined information that is part of the activation system's information stored in its data records (e.g. stored in the database 164) for each manufactured transaction card. The activation system would then determine whether the symbol data received from the user matched the symbol data from the database 164. This mechanism would provide a countermeasure against forged transaction cards being redeemed at vendors.
In a still further example, activation of a transaction car may involve the user having a downloaded app on their mobile phone or mobile browser which takes the user to a mobile web page where they are asked to enter in the serial number of the scratch card and to enter the telecommunications address of the activation system along with the vendor's authentication code. As an additional layer of security the mobile app may send a mobile device ID (e.g. the telephone number of the device or the device's serial number or any other available unique identifier) to the activation system in step 210 which stores this in the database 164 (either "as received" or a hashed version of the ID in order to preserve anonymity of the user). Upon subsequent interactions with the activation service, e.g. during a redemption process or when requesting further authorised content, the mobile device ID may be sent again to enable a comparison with the device ID stored in the database. This ensures that the transaction card has not been lost or stolen between activation and redemption. As a still further example the user may send location information, e.g. GPS data collected via the user's mobile device, in order to verify the purchase location. Such location data may be sent at the point of transaction or alternatively an application on the user's mobile device may collect location data periodically and may send location data for a particular time frame when requested by the activation system. This would enable the activation system to cross check the purchase location against the vendor's location to ensure the transaction card was not stolen. In this example the vendor would have transmitted transaction time data during the transaction process.
As a yet further example the transaction card may be presented to the vendor during activation process of Figure 4 and it may be the vendor that removes the opaque layer 152 associated with the symbol 146 within the first user interaction zone 144 elected by the user/activation server 112 and/or the user interaction region 150 selected by the activation server. The point-of-sale system 114 may also be fitted with the means to automatically remove the opaque layer, e.g. a laser device in the cash till proximate to the scanner device may thermally react with the opaque layer. The transaction card may then be returned to the user who transmits the symbol data 147 that has been revealed from underneath the opaque layer to the activation server 112 in order to complete activation and receive an indication from the activation server as to which interaction region 150 within the second user interaction zone 152 is active.
The transaction card may be associated with registering a financial instrument as well as providing an instant prize. The transaction card may be embodied on an instant win card, a mobile device "top up" card, gift cards etc. Revealing specific content in an activated interaction region may be associated with the provision of a further transaction card to the user, e.g. provision of a lottery card, scratch card etc.
The transaction card 104 may be a top-up card providing credit to the user in respect of an activity (e.g. data/phone calls). In order to encourage activation of the card the user may be offered the ability to increase the value of the credit by following the activation process.
The activation process may enable the status of the vendor to be confirmed to the user during the transaction process as shown in Figure 6. It is noted that the process shown in Figure 6 occurs between the receipt of the authentication code 124 in step 206 of Figure 4 and the obtaining symbol data step 208.
Returning to Figure 6, it is noted that steps 200, 202, 204 and 206 from Figure 4 are shown for ease of reference. In step 400, rather than sending the composite telecommunications address message 126, the user instead sends an authentication request message to the server 112 in which the user requests that the server authenticates the vendor as a registered vendor.
In step 402 the server 112 checks its records (e.g. the database 164 or another data record system) to determine if the vendor is a registered vendor known to the activation system. The vendor status check may comprise the server checking the details received from the user against known vendors in a trusted vendor database. The vendor status check may also comprise checking that the card details provided by the user during the vendor status check correspond to the card details provided by the vendor in the vendor request.
In step 404, in the event that the vendor is a trusted vendor, the server sends a confirmation message to the user, the confirmation message confirming that the vendor is trusted.
The process then continues with step 208 as shown in Figure 4.
The process described in Figure 6 enables the user to enter into a transaction with the vendor safe in the knowledge that the vendor is known to the activation system. In Figure 6 the process is shown for a trusted vendor and authentic transaction card. In the event that a user encounters a fraudulent vendor then the authentication code provide to the user by the vendor in step 206 would be fake and this would be detected by the activation server 112 during the process of Figure 6. It is noted that for additional security the activation server 112 may comprise a public "vendor status check" address that is publicly known independent of any vendor or any particular transaction.
The above described actions taken by the user at their mobile device 106 may be made via a dedicated mobile application ("app"). The mobile device may be a mobile phone, smartphone, tablet device or other suitable telecommunications device.
Further aspects of embodiments of the present invention are detailed in the following numbered clauses:
1. A method of activating a transaction card at an authentication server, the card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising:
receiving a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card;
generating an authentication code;
storing the unique identifier and authentication code in a data store;
sending the authentication code to the vendor;
receiving an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code;
checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store;
and, in the event that the identifier and code correspond, activating the transaction card
wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active.
2. A method as claimed in Clause 1 , wherein storing the unique identifier and the authentication code comprises associating the authentication code with the unique identifier.
3. A method as claimed in Clause 1 or Clause 2, wherein the activation request comprises a server address field such that the request comprises a composite telecommunications address having the following fields: server address; unique identifier; authentication code; symbol data.
4. A method as claimed in Clause 3, wherein the authentication server is arranged to extract the various data fields from the composite telecommunications address.
5. A method as claimed in any preceding clause, comprising marking the transaction card as awaiting activation upon receiving the vendor request.
6. A method as claimed in Clause 5, comprising marking the transaction card as inactive if an activation request has not been received within a set period from the vendor request. 2
7. A method as claimed in any preceding clause, wherein the one or more interaction symbols on the transaction card comprise a removable opaque layer covering symbol data, each interaction symbol being associated with different symbol data. 8. A method as claimed in Clause 7, wherein the symbol data received in the activation request comprises symbol data selected by the user removing the opaque layer above a given interaction symbol.
9. A method as claimed in Clause 7, wherein the activation request comprises symbol data following removal of the opaque layer associated with an interaction symbol selected by the activation server.
10. A method as claimed in Clause 9, wherein the received symbol data is checked against the data store to determine if the received symbol data corresponds to symbol data stored in the data store for the given unique identifier and selected interaction symbol.
11. A method as claimed in any preceding clause, wherein the activation request is received from a vendor transaction system.
12. A method as claimed in any one of Clauses 1 to 10, wherein the activation request is received from a user computing device.
13. A method as claimed in any preceding clause, comprising receiving a further content request following the sending of the activation message, the further content request comprising a request for authorised content from the activation server.
14. A method as claimed in Clause 13, wherein the further content request comprises a passcode identifier retrieved from the user interaction region indicated in the activation message.
15. A method as claimed in any preceding clause, wherein the one or more user interaction regions on the transaction card comprise a removable opaque layer covering further content data, each interaction region being associated with different further content data. 16. A method as claimed in any preceding clause, wherein the activation request comprises location data.
17. A method as claimed in Clause 16, wherein the location data comprises location data corresponding to the time of a transaction between the vendor and user.
18. A method as claimed in Clause 17, comprising checking that the location data corresponds to the location of an authorised vendor. 19. A method as claimed in any preceding clause, wherein the activation request comprises a mobile device identifier associated with the user.
20. A method as claimed in Clause 19, wherein communications received by the server following the activation request comprise a mobile device identifier and the method comprises checking that the mobile device identifier matches the identifier in the activation request in order to verify the identity of the user.
21. A method as claimed in any preceding clause wherein the interaction symbols comprise one or more of: numeric; alphanumeric; Unicode; pictographs; or emoji.
22. A method as claimed in any preceding clause wherein the symbol data comprises a passcode.
23. A method as claimed in any preceding clause, wherein the data store comprises a database.
24. A method as claimed in Clause 23, wherein the database comprises a plurality of data records, each data record comprising one or more of the following fields: vendor field; authentication code field; symbol data field; active interaction region field; activation status field.
25. A method as claimed in any preceding clause, comprising receiving an authentication request from the user to authenticate the vendor, the authentication request comprising the authentication code and the unique identifier. 26. A method as claimed in Clause 25, comprising checking the authentication code and unique identifier in the authentication request, verifying that the vendor is a registered vendor, sending a confirmation message to the user, the confirmation message confirming that the vendor is trusted.
27. A method of activating a transaction card at an authentication server, the card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising:
receiving an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code;
checking that the unique identifier and vendor authentication code contained In the activation request correspond to a data record in the data store;
and, in the event that the identifier and code correspond, activating the transaction card
wherein activation comprises sending an activation message indicating which of the one or more user interaction regions Is active.
28. An activation server for activating a transaction card, the card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the server comprising:
an input arranged to receive a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card;
a processor arranged to generate an authentication code and to store the unique identifier and authentication code in a data store;
an output arranged to send the authentication code to the vendor;
Wherein the input is arranged to receive an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the vendor authentication code; and the processor is arranged to check that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store and, in the event that the identifier and code correspond, activate the transaction card, the output being arranged to send an activation message to the user indicating which of the one or more user interaction regions is active.
29. A method of activating a transaction card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising:
receiving a vendor authentication code from an activation server;
sending an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code;
receiving an activation message indicating which of the one or more user interaction regions is active.
30. A transaction card for activation in conjunction with an authentication server, the card comprising:
a unique identifier;
a first user interaction zone comprising one or more user interaction symbols; and a second user interaction zone comprising one or more user interaction regions, the server address layer
wherein the one or more interaction symbols comprise a removable opaque layer covering symbol data, each interaction symbol being associated with different symbol data, user interaction symbols and user interaction regions being covered with a removable opaque layer and wherein the one or more user interaction regions comprise a removable opaque layer covering further content data, each interaction region being associated with different further content data.
31. A transaction card as claimed in Clause 30, wherein the card carries server address data, the server address data being covered by a removable opaque layer.
32. A transaction card as claimed in Clause 30 or 31, wherein the transaction card comprises a mobile device top-up card. 33. A method of activating a transaction card at an authentication server, the card comprising a unique identifier and a user interaction zone comprising one or more user interaction regions, the method comprising:
receiving a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card;
generating an authentication code;
storing the unique identifier and authentication code in a data store;
sending the authentication code to the vendor;
receiving an activation request, the request comprising the unique identifier of the transaction card and the authentication code;
checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store;
and, in the event that the identifier and code correspond, activating the transaction card
wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active.
34. A carrier medium for carrying a computer readable code for controlling a server computer to carry out the method of Clause 1 to 27 or Clause 33.

Claims

1. A method of activating a transaction card at an authentication server, the card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising:
receiving a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card;
generating an authentication code;
storing the unique identifier and authentication code in a data store;
sending the authentication code to the vendor;
receiving an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code;
checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store;
and, in the event that the identifier and code correspond, activating the transaction card
wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active.
2. A method as claimed in Claim 1 , wherein storing the unique identifier and the authentication code comprises associating the authentication code with the unique identifier.
3. A method as claimed in Claim 1 , wherein the activation request comprises a server address field such that the request comprises a composite telecommunications address having the following fields: server address; unique identifier; authentication code; symbol data.
4. A method as claimed in Claim 3, wherein the authentication server is arranged to extract the various data fields from the composite telecommunications address.
5. A method as claimed in Claim 1 , comprising marking the transaction card as awaiting activation upon receiving the vendor request.
6. A method as claimed in Claim 5, comprising marking the transaction card as inactive if an activation request has not been received within a set period from the vendor request.
7. A method as claimed in Claim 1, wherein the one or more interaction symbols on the transaction card comprise a removable opaque layer covering symbol data, each interaction symbol being associated with different symbol data.
8. A method as claimed in Claim 7, wherein the symbol data received in the activation request comprises symbol data selected by the user removing the opaque layer above a given interaction symbol.
9. A method as claimed in Claim 7, wherein the activation request comprises symbol data following removal of the opaque layer associated with an interaction symbol selected by the activation server.
10. A method as claimed in Claim 9, wherein the received symbol data is checked against the data store to determine if the received symbol data corresponds to symbol data stored in the data store for the given unique identifier and selected interaction symbol.
11. A method as claimed in Claim 1 , wherein the activation request is received from a vendor transaction system.
12. A method as claimed in Claim 1 , wherein the activation request is received from a user computing device.
13. A method as claimed in Claim 1, comprising receiving a further content request following the sending of the activation message, the further content request comprising a request for authorised content from the activation server.
14. A method as claimed in Claim 13, wherein the further content request comprises a passcode identifier retrieved from the user interaction region indicated in the activation message.
15. A method as claimed in Claim 1 , wherein the one or more user interaction regions on the transaction card comprise a removable opaque layer covering further content data, each interaction region being associated with different further content data.
16. A method as claimed in Claim 1 , wherein the activation request comprises location data.
17. A method as claimed in Claim 16, wherein the location data comprises location data corresponding to the time of a transaction between the vendor and user.
18. A method as claimed in Claim 17, comprising checking that the location data corresponds to the location of an authorised vendor.
19. A method as claimed in Claim 1 , wherein the activation request comprises a mobile device identifier associated with the user.
20. A method as claimed in Claim 19, wherein communications received by the server following the activation request comprise a mobile device identifier and the method comprises checking that the mobile device identifier matches the identifier in the activation request in order to verify the identity of the user.
21. A method as claimed in Claim 1, wherein the interaction symbols comprise one or more of: numeric; alphanumeric; Unicode; pictographs; or emoji.
22. A method as claimed in Claim 1, wherein the symbol data comprises a passcode.
23. A method as claimed in Claim 1 , wherein the data store comprises a database.
24. A method as claimed in Claim 23, wherein the database comprises a plurality of data records, each data record comprising one or more of the following fields: vendor field; authentication code field; symbol data field; active interaction region field; activation status field.
25. A method as claimed in Claim 1 , comprising receiving an authentication request from the user to authenticate the vendor, the authentication request comprising the authentication code and the unique identifier.
26. A method as claimed in Claim 25, comprising checking the authentication code and unique identifier in the authentication request, verifying that the vendor is a registered vendor, sending a confirmation message to the user, the confirmation message confirming that the vendor is trusted.
27. A method of activating a transaction card at an authentication server, the card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising:
receiving an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code;
checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store;
and, in the event that the identifier and code correspond, activating the transaction card
wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active.
28. An activation server for activating a transaction card, the card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the server comprising:
an input arranged to receive a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card;
a processor arranged to generate an authentication code and to store the unique identifier and authentication code in a data store;
an output arranged to send the authentication code to the vendor;
Wherein the input is arranged to receive an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the vendor authentication code; and the processor is arranged to check that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store and, in the event that the identifier and code correspond, activate the transaction card, the output being arranged to send an activation message to the user indicating which of the one or more user interaction regions is active.
29. A method of activating a transaction card comprising a unique identifier, a first user interaction zone comprising one or more user interaction symbols and a second user interaction zone comprising one or more user interaction regions, the method comprising:
receiving a vendor authentication code from an activation server;
sending an activation request, the request comprising the unique identifier of the transaction card, symbol data associated with one of the one or more user interaction symbols and the authentication code;
receiving an activation message indicating which of the one or more user interaction regions is active.
30. A transaction card for activation in conjunction with an authentication server, the card comprising:
a unique identifier;
a first user interaction zone comprising one or more user interaction symbols; and a second user interaction zone comprising one or more user interaction regions, the server address layer
wherein the one or more interaction symbols comprise a removable opaque layer covering symbol data, each interaction symbol being associated with different symbol data, user interaction symbols and user interaction regions being covered with a removable opaque layer and wherein the one or more user interaction regions comprise a removable opaque layer covering further content data, each interaction region being associated with different further content data.
31. A transaction card as claimed in Claim 30, wherein the card carries server address data, the server address data being covered by a removable opaque layer.
32. A transaction card as claimed in Claim 30, wherein the transaction card comprises a mobile device top-up card.
33. A method of activating a transaction card at an authentication server, the card comprising a unique identifier and a user interaction zone comprising one or more user interaction regions, the method comprising:
receiving a vendor request to provide an authentication code, the request comprising a unique identifier of a transaction card;
generating an authentication code;
storing the unique identifier and authentication code in a data store;
sending the authentication code to the vendor;
receiving an activation request, the request comprising the unique identifier of the transaction card and the authentication code;
checking that the unique identifier and vendor authentication code contained in the activation request correspond to a data record in the data store;
and, in the event that the identifier and code correspond, activating the transaction card
wherein activation comprises sending an activation message indicating which of the one or more user interaction regions is active.
34. A carrier medium for carrying a computer readable code for controlling a server computer to carry out the method of Claim 1.
35. A carrier medium for carrying a computer readable code for controlling a server computer to carry out the method of Claim 27.
36. A carrier medium for carrying a computer readable code for controlling a server computer to carry out the method of Claim 33.
PCT/IB2015/000309 2014-01-30 2015-01-30 Improvements relating to activating transaction cards WO2015114460A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1401600.0 2014-01-30
GBGB1401600.0A GB201401600D0 (en) 2014-01-30 2014-01-30 Improvements relating to ticketing and authentication

Publications (2)

Publication Number Publication Date
WO2015114460A2 true WO2015114460A2 (en) 2015-08-06
WO2015114460A3 WO2015114460A3 (en) 2015-12-03

Family

ID=50344111

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2015/000309 WO2015114460A2 (en) 2014-01-30 2015-01-30 Improvements relating to activating transaction cards

Country Status (2)

Country Link
GB (1) GB201401600D0 (en)
WO (1) WO2015114460A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10872133B1 (en) * 2018-06-18 2020-12-22 NortonLifeLock Inc. Software application activation using a picture-based activation key
US10909526B2 (en) 2018-09-28 2021-02-02 The Toronto-Dominion Bank System and method for activating a physical token in augmented reality
US11928666B1 (en) 2019-09-18 2024-03-12 Wells Fargo Bank, N.A. Systems and methods for passwordless login via a contactless card

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5907142A (en) * 1995-12-12 1999-05-25 Kelsey; Craig E. Fraud resistant personally activated transaction card
US7740170B2 (en) * 2006-11-13 2010-06-22 Blackhawk Network, Inc. System for packaging, processing, activating, and deactivating multiple individual transaction cards as a singular unit
US8219148B2 (en) * 2009-04-06 2012-07-10 Gemalto Sa Method for activating the subscription of an UICC device
US20120278189A1 (en) * 2011-04-13 2012-11-01 Gmg Lifestyle Entertainment, Inc. Digital currency card sale, redemption and activation system and method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10872133B1 (en) * 2018-06-18 2020-12-22 NortonLifeLock Inc. Software application activation using a picture-based activation key
US10909526B2 (en) 2018-09-28 2021-02-02 The Toronto-Dominion Bank System and method for activating a physical token in augmented reality
US11880822B2 (en) 2018-09-28 2024-01-23 The Toronto-Dominion Bank System and method for activating a physical token in augmented reality
US11928666B1 (en) 2019-09-18 2024-03-12 Wells Fargo Bank, N.A. Systems and methods for passwordless login via a contactless card
US11941608B1 (en) 2019-09-18 2024-03-26 Wells Fargo Bank, N.A. Systems and methods for a transaction card having a customer-specific URL
US12014354B1 (en) 2019-09-18 2024-06-18 Wells Fargo Bank, N.A. Systems and methods for a transaction card having a cryptographic key

Also Published As

Publication number Publication date
GB201401600D0 (en) 2014-03-19
WO2015114460A3 (en) 2015-12-03

Similar Documents

Publication Publication Date Title
US20210295642A1 (en) Processing of a user device game-playing transaction based on location
US20210192887A1 (en) Processing of a game-playing transaction based on location
US9672697B2 (en) Processing of a mobile device game-playing transaction conducted between the mobile device and a bluetooth terminal
EP2392096B1 (en) Improvements relating to multifunction authentication systems
US11776355B2 (en) Processing of a game-playing transaction based on location
GB2573863A (en) Mobile terminal and service provision device connection system, and service provision method
CN102625725B (en) Secure lottery system and method based on the Internet and mobile technology
EP2810230A1 (en) Systems and methods for integrated game play through the use of proximity-based communication on smart phones and hand held devices
EP3149715A1 (en) Encrypted electronic gaming ticket
JP2007164449A (en) Personal information management device, personal information providing method using personal information management device, program for personal information management device and personal information providing system
CN104488245A (en) Improvements relating to security methods using mobile devices
CN1984699A (en) Method and system for lottery transactions over an open network
DK3092774T3 (en) SYSTEM AND PROCEDURE FOR COMMUNICATING USER DATA
WO2017184913A1 (en) System and method for purchasing lottery tickets
CN102025498A (en) Method, device and system for protecting user privacy
US9824340B2 (en) Processing of a user device game-playing transaction based on location
WO2015114460A2 (en) Improvements relating to activating transaction cards
WO2010140956A1 (en) Transaction identifier handling system
WO2017146565A1 (en) System and method of processing gaming machine payout wirelessly
CA2986618A1 (en) Method for providing a personal identification code of a security module
KR102509633B1 (en) Blockchain decentralized identity based integrated authentication payment terminal, platform system capable of selective promotion and control method thereof
CA2929023A1 (en) Method for participating in a lottery implemented by a mobile terminal
KR20210099479A (en) Living related method management method according to offile transaction, information transmitting apparauts for managing the same living related method, justification verificartion method regarding the offilne transaction, and infortmation transmitting apparatus for proceeding the justification verificartion
JP2024503668A (en) System and method for completing remote lottery ticket sales transactions by receiving payment at a point of sale
KR20220072213A (en) Lottery operation device and operation method for residents belonging to local governments

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15743196

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11/10/2016)

122 Ep: pct application non-entry in european phase

Ref document number: 15743196

Country of ref document: EP

Kind code of ref document: A2