WO2015199558A1 - Procédé d'autorisation de paiement dans dispositifs mobiles - Google Patents

Procédé d'autorisation de paiement dans dispositifs mobiles Download PDF

Info

Publication number
WO2015199558A1
WO2015199558A1 PCT/PL2014/000068 PL2014000068W WO2015199558A1 WO 2015199558 A1 WO2015199558 A1 WO 2015199558A1 PL 2014000068 W PL2014000068 W PL 2014000068W WO 2015199558 A1 WO2015199558 A1 WO 2015199558A1
Authority
WO
WIPO (PCT)
Prior art keywords
recipient
journalling
file system
user
server
Prior art date
Application number
PCT/PL2014/000068
Other languages
English (en)
Inventor
Marcin SZARY
Krzysztof TOKARCZYK
Anna FUK
Original Assignee
Getyid Software & Service Sp. Z O.O.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Getyid Software & Service Sp. Z O.O. filed Critical Getyid Software & Service Sp. Z O.O.
Publication of WO2015199558A1 publication Critical patent/WO2015199558A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Definitions

  • the subject of the invention is the The authorize payment method in mobile devices through the wireless data transmission with a portable communications device.
  • the current usable technology enables user identification wirelessly, with the use of many various technologies. These can be mobile phone interfaces or other specialised devices. Currently there are at least a few wireless methods of communication, which ensures adequate standards enabling secure user identification. These are Bluetooth, NFC, Wi-Fi, RFID technologies.
  • Wi-Fi is a popular technology which enables devices compatible with this technology to exchange data wirelessly using radio waves.
  • the wireless local area network (WLAN) is most frequently used, substituting wireless solutions used so far.
  • Devices using Wi-Fi solutions such as, for example, personal computers, smart phones, game consoles, tablets, TV sets, can connect to the Internet in this simple way through the wireless access point.
  • the range of such a solution (access point) is, approximately, up to 15-20 metres in a building and up to 100 metres in the open space without obstacles. The actual range is considerably dependent on the quality of the equipment used, the number of connected clients and the power which is used to transmit the signal.
  • access points can cover both small areas in buildings where walls block the signal considerably, as well as huge areas in the open space, where the radio waves propagation is not limited by terrain obstacles.
  • To connect the computer to the WiFi network it has to have a wireless interface.
  • the connection of the computer with the network controller is called a station.
  • all stations share the same frequency range.
  • the transmission in this channel is received by all the stations.
  • Wi-Fi networks are broadcast stations.
  • Wi-Fi devices can connect with the Internet when they are in the range of the network connected to the Internet.
  • the range of one or more connected access points (hotspots) may cover a few rooms or a few square kilometres. For the bigger areas, the range is realised by the groups of hotspots with their ranges overlapping.
  • wireless networks are used in houses, streets, and public places. Bigger shopping centres and airports offer free Internet access to make their offer more interesting and attract more clients. Free Wi-Fi access also drives advertising of many companies. Internet access is also often gained by routers with DSL or cable modems. Lately, portable access points have become very popular and they are routers which make the Internet available by the mobile networks used for that purpose. Also, newer GSM phones make it possible to create their own AP (access point).
  • AP access point
  • Wi-Fi networks In many cities municipal Wi-Fi networks have been created and they include all agglomerations in their range. Similar things are done by universities in their dormitories. It is a relatively cheap way of Internet distribution in the area where cabling would be extremely expensive. There is also a WiFi implementation where computers connect each other, without the need for an access point. This type of communication was called ad-hoc Wi-Fi transmission. This functionality is used by smaller, portable devices for a data exchange. Also some phones use this kind of wireless communication to make the Internet available to other devices (e.g. iPhone , becoming hotspots. Wi-Fi allows a simple, uncomplicated and at the same time cheap implementation of the LAN network.
  • Wi-Fi devices will work..all over the world. Also all devices with the "Wi-Fi Certified" logo awarded by Wi-Fi Alliance will be compatible with each other and are reversely compatible. Prepared individual developments of the 802.11 standard make it possible to improve the security and at the same time to increase the security of the data sent.
  • An average hotspot (802.11 b/g) with average aerials has the range of about 30 metres inside buildings and about 100 metres in the open space.
  • the 802.11 ⁇ standard is the first to be able to double the wireless network range.
  • the next modification influencing the range are aerials.
  • By using dedicated radiators it is possible to increase its value until the level defined by the local radio-communication law concerning the maximum broadcasting power for the needs of amateur needs. All of that requires considerable levels of energy needs.
  • Wi-Fi uses relatively high amounts of energy.
  • other solutions do not offer such a big range.
  • Production use of WLAN is limited to wireless readers, electric vehicles, with the limitation to small spaces.
  • WEP protocol Wired Equivalent Privacy
  • the security is achieved with the use of a shared ciphering key of the length of 10 or 104 bits.
  • WEP security is the simplest protection offered in WLAN networks. With the big load of the network (and the possibility of taking a big number of samples for analysis) a faster computer can break the ciphering in 30 minutes.
  • WPA protocol is an enhanced WEP version. It was established as a transitory version between WPA2 and WEP because it implements a permanent ciphering key change. Most network cards and access points compatible with WEP, also operate WPA. It allowed for the increase of security without the need for the equipment change.
  • WPA protocol can use the enterprise mode - which uses the RADIUS server, which assigns keys to suitable users, or the personal mode, which does not divide the keys into particular users but all the connected stations use one shared key (PSK - Pre-Shared Key)
  • WPA/WPA2 security very often the combinations of procedures are used, such as: filtering MAC addresses (an access point has a l
  • Using the combination of the protections increases the level of the transmission's security. It is quite inconvenient and can be applied rather when the clients often connect to the specified AP (Access Point), because it does not force the reconfiguration of the access point with every new WLAN station.
  • the components of the WLAN network are:
  • WAP Wireless Access Point
  • WAP Wireless Access Point
  • whose task is to separate the wireless signal received by the cable. It ensures the connection of wired stations with the wireless ones.
  • WAP is a hub (signal distributor) and at the same time the signal converter form the wired into the wireless and vice versa;
  • wireless routers which unite functionalities of WAP, switch and router ensuring forwarding of the signals from external interfaces.
  • bridges of wireless network Their task is to connect traditional network with the wireless one. An access point is different from the bridge in that it works on the data surface. Bridges are used when two localisations of the traditional computer network should be connected, for example two office buildings, by the use of the radio network without using cables.
  • multipliers of signals are used to increase the range of wireless networks. Their task is to eliminate “dead” points in WLAN range or lengthening the range in specified points.
  • NFC Near Field Communication system
  • NFC system for a secure data exchange between devices is known from many patent descriptions, among others from: EP1938242, EP1851865, EP2169924, EP1958470, EP2203835, EP1729253.
  • EP2203834 we know of a system of managing application data in NFC system which is implemented in a portable object which is a GSM phone and in contactless data transmission.
  • the method includes stages of creating internal application data in response to the appearance of the internal event in NFC system and delivering internal application data to the processor host of the NFC system.
  • Authentication happens through the authentication data transmission by the NFC interface by the module controlling the NFC scanner. Not until there is positive authorisation from the NFC does the NFC scanner enable the access to the data from NFC. To decrypt in the central module there is an electronic key stored and available to be used for the identification connected with the encrypted data.
  • NFC devices can be used as contactless payment systems, concurrent with the ones currently used in credit cards and electronic loyalty cards, making it possible for the mobile payments to be replaced by or to coexist with the above-mentioned solutions.
  • Today NFC implementations can be used in the following cases: to send images to be printed or displayed, to pay by holding the phone with the built in NFC near the NFC reader, to exchange information (about meetings, business cards etc.) through identification offered by NFC, to realise access systems through validation of an access code and/or an access key, to confirm identity, as two-factor authentication, with more advanced methods of data transmission by Bluetooth or Wi-Fi, to identify identification documents within a small range (in order to ensure data protection) and to support encrypting transmission of the data sent, safer than FID.
  • NFC is a set of short distance wireless technologies operating within the distances of two inches or fewer.
  • An initiator and a target device are always engaged in the transmission.
  • the initiator generates electromagnetic field which powers a passive target device. It enables the implementation of NFC in the form of simple devices (object forms) which do not need their own separate power supply. These can be stickers, labels, key rings, cards in the form of payment cards.
  • NFC labels contain data and usually are "read only” type, but they can also be writeable. The can be written with unique client data or use the NFC Forum specification, which is being developed by an organisation which takes care of the NFC standard development. Labels enable secure storage of personal data such as: debit and credit card information, loyalty programs data, access codes and so on. NFC Forum defines four types of labels regarding the communication speed:
  • the initiator makes the magnetic field of a specified carrier frequency available.
  • a target device responds by changing (modulating) the current magnetic field.
  • the target device takes energy indispensable for acting from the field generated by the initiator.
  • both the initiator and the target device separately create their own magnetic fields.
  • the device switches off its field when it is waiting for the data. In this case there is a need for both devices to have chargers.
  • the NFC system uses two different coding modes. If an active device transmits the data with the speed of 106 kb/s, a modified Miller's coding is used, in other cases Manchester coding is used, used among others in the Ethernet network.
  • NFC devices can at the same time send and receive data. They can also discover possible collisions of signals.
  • the unquestionable disadvantage of NFC is the situation when the owner loses the label (card or telephone). None prevents the finder from using the device as if they were the user.
  • the mobile phone can be protected with the PIN 1 access code, but a normal card does not have such a functionality.
  • NFC solutions are perfect for a simple user identification.
  • the standard itself does not supply such perfect protection that the critical systems are effectively and sufficiently secured. It is sufficient for product identification, loyalty cards and small money transactions.
  • the NFC tag may be encoded in a variety of standards, including but not limited to ISO/ IEC 14443 (both Type A and Type B), various MIFARE implementations, and FeliCa.
  • the electronic device provides inductive power to the NFC tag.
  • the NFC tag responds with a static Universal Resource Indicator (URI) which is encoded in such a way as to launch a special purpose application on the electronic device.
  • URI Universal Resource Indicator
  • the URI also contains an identifier string unique to each tag.
  • the same URI can be encoded in the form of a Quick Response (QR) code onto the surface of the tag.
  • QR Quick Response
  • the act of reading the tag will trigger the device to launch the application, passing the unique string as a parameter.
  • the application then passes the user id, password hash, and unique identifier string to a cloud service.
  • the cloud service validates the information, and performs an action associated with the unique tag identifier, or based on a command issued by a user as input on the portable electronic device.
  • the action or command is performed on a lock or lock server associated with the tag identifier to actuate the door lock.
  • the server sends a confirmation of the action performed to the electronic device.
  • An alternate embodiment of the process represented with camera enabled portable electronic device reading a Quick Response (QR) code instead of reading the URI through NFC.
  • QR Quick Response
  • the user launches a QR code reader application, scans the QR code, the application parses the code as a URI and the application acts accordingly to actuate the lock using a unique identifier embedded in the QR code.
  • WO2012151660 and WO2012151684 we know of Mobile Image Payment System or environment that includes the consumer environment from which the consumer encounters the OMRI 200 and interacts with the OMRI 200 using their computer device (e.g. desktop computer, mobile device, etc.) via the transaction application.
  • the environment also has the merchant operating their computer device (e.g. a merchant computer system including one or more servers, one or more desktop computers, one or more point of sale (POS) terminals, and/or one or more mobile devices), who requests generation of the OMRI 200 to include product data, merchant data and/or transaction data (further described below) from the transaction service.
  • POS point of sale
  • the merchant can make the OMRI 200 available in the consumer environment for subsequent access by the consumer and/or can send the OMRI 200 directly to the computer device of the consumer via the communications network.
  • the merchant can also instruct the transaction service to send the OMRI 200 directly to the computer device of the consumer via the communications network.
  • the communications network can be one or more networks, for example such as but not limited to: the Internet; an extranet; and/or an intranet. Further, the communications network can be a wired or wireless network. It is also recognized that network messages (between the various devices and a transaction system) can be communicated via short range wireless communication protocols such as but not limited to Bluetooth TM, infrared (IR), radio frequency (RF), near field communication (NFC) and/or by long range communication protocols (e.g. HTTP, HTTPS, etc.), in view of the type of electronic communication required between any pair of devices and the system. For example, the devices could communicate with one another using short range Bluetooth TM communications while the devices either could communicate with one another using long range HTTP or HTTPS based communications.
  • WO2012151685 the split mobile payment system is presented which makes use of a mobile payment application ("MPA") in the form of a software application which runs on the Consumer's Mobile Device.
  • the MPA may come pre-installed on the Mobile Device and/or may be downloaded on to the Mobile Device.
  • the MPA is configured to be able to communicate with the Payment Platform via the Internet using the Mobile Device's web-enabled functionality.
  • the merchant's Point of Sale Payment Application (“PPA" - the software application running on the merchant's POS system or network, and used to facilitate POS transactions) is also configured to be able to communicate with a Payment Platform either via the Internet or via a dedicated connection. It is contemplated that such communications will include security features such as data encryption, as necessary.
  • the MPA communicates the Consumer's Payment Account Identifier (which is used to identify to the Payment Platform, the Consumer's Payment Account that the funds are to be transferred from to pay the merchant) to the merchant's PPA, which the PPA will pass on to the Payment Platform. It is contemplated that several mechanisms can be used to communicate such Payment Account Identifier to the PPA. In one embodiment, the use of what shall be referred to herein as "Image Technology" contemplates that the Payment Account Identifier be in the form of a 1-D (linear) bar code, 2-D bar code, hologram or the like (which for ease of reference will generally be referred to herein, as a bar code).
  • the bar code is displayed on the screen display of the Consumer's Mobile Device, and presented to the merchant to be scanned (e.g., through a PPA Terminal).
  • Transportting Technology contemplates that the Payment Account Identifier or information identifying the Consumer's Payment Account (“Payment Account Identifying Information”) will simply be transmitted from the Consumer's Mobile Device to the PPA using such Transmitting Technology (i.e. NFC, Bluetooth, Infrared or other similar short-range, communication technology).
  • the merchant's PPA will be suitably equipped to receive such communication from the MPA/Mobile Device. It is contemplated that such communications will be suitably encrypted.
  • Consumer's Payment Account to the Payment Service Platform via the merchant terminal can involve the transmission of the Consumer's Payment Account Identifying Information from the Mobile Device (i.e. via the payment application) to the merchant terminal (i.e. via the merchant application) using NFC, Bluetooth, Infrared or other similar short-range, communication technology.
  • the transmission of this code data information to the merchant may be something as simple as verbal transmission between the merchant and consumer and/or by simply reading of the code data off of the screen of the device by the merchant - in the case where the code data is displayed on the screen of the device (e.g. via interaction with the payment application by the consumer).
  • a speaker of the device is used by the payment application to audibly communicate the code data to the merchant.
  • an operator of the PCD 100 may desire to purchase one or more products/services that may be scanned with a product scanner. Prior to or in parallel to the operation of scanning products with the product scanner, the operator of the PCD 100 may retrieve the unique terminal identifier and the merchant identifier associated with the tag which is affixed to the ECR of the Merchant POS system. The operator of the PCD may retrieve the data from the tag by scanning the tag with the camera or with a near-fieldcommunication ("NFC") antenna. The image being scanned by the camera may comprise one of the tags.
  • NFC near-fieldcommunication
  • the tag may comprise machine-readable data such as a two-dimensional bar code that contains a unique identifier associated with a particular electronic cash register and a particular merchant.
  • the 2-D bar code may include, but is not limited to, the following symbologies: Aztec Code, 3-DI, ArrayTag, Small Aztec Code, Chromatic Alphabet, Chromocode, Codablock, Code 1, Code 16K, Code 49, ColorCode, Compact Matrix Code, CP Code, CyberCode, d-touch, DataGlyphs, Datamatrix, Datastrip Code, Dot Code A, EZcode, Grid Matrix Code, High Capacity Color Bar code, HueCode, 1NTACTA.CODE, interCode, MaxiCode, mCode, MiniCode, Micro PDF417, MMCC, Nintendo e-Reader#Dot code, Optar, PaperDisk, PDF417, PDMark, QR Code, QuickMark Code, Semacode, SmartCode, Snowflake Code, ShotCode, SuperCode, Trill
  • a one dimensional bar code may be employed to provide the unique electronic cash register identifier and the unique identifier associated with the merchant.
  • Exemplary one-dimensional bar codes may include, but are not limited to, U.P.C., Codabar, Code 25 - Non-interleaved 2 of 5, Code 25 - Interleaved 2 of 5, Code 39, Code 93, Code 128, Code 128A, Code 128B, Code 128C, Code 11, CPC Binary, DUN 14, EAN 2, EAN 5, EAN 8, EAN 13, Facing Identification Mark, GS 1-128 (formerly known as UCC/EAN-128), GS1 DataBar formerly Reduced Space Symbology ("RSS"), HIBC (HIBCC Bar Code Standard), ITF- 14, Latent image bar code, Pharmacode, Plessey, PLANET, POSTNET, Intelligent Mail Bar code, MSI, PostBar, RM4SCC / KIX, JAN, and Telepen.
  • U.P.C. Codabar
  • machine readable codes for retrieving the unique identifiers associated with the electronic cash register and merchant are well within the scope of the invention such as contactless or wireless communication methods such as near- field communications (NFCs) used with smart cards and RF-ID cards as understood by one of ordinary skill in the art.
  • NFCs near- field communications
  • the operator of the PCD may key-in a human- readable code associated with the unique identifier of the electronic cash register and the merchant.
  • the central mobile payment controller may communicate with the merchant enterprise system ⁇ or receiving product scan data generated by the product scanner.
  • the personal identification number (“PIN”) module allows the operator to change his or her PIN as understood by one of ordinary skill in the art.
  • the locations module supports a function in which the PCD may display the closest merchants who support the PCD payment features.
  • the NFC tap module allows an operator to activate NFC functionality of the PCD.
  • the search module allows an operator to search for specific transactions that were made using the PCD.
  • the show map module may support functions such as a geographical map relative to the location of the PCD as well as maps of building plans for merchants who support payments with the PCD.
  • RFID label can be placed and used for monitoring and managing of goods, valuable things, animals or people.
  • it has many advantages. It does not need to be clearly visible and it is possible to read hundreds of RFID labels at the same time. This is impossible in the case of bar codes.
  • Various RFID implementations can be used in order to: check access, trace people and animals, trace goods, tolls and contactless payments, trace luggage at the airports. The number of applications depends on the user's creativity. It should be kept in mind, though, that it is a very primitive system offering very basic functionalities.
  • RFID works on the basis of identification made by the radio by the use of labels or stickers placed on objects which are to be identified.
  • the signal transmitter known as a reader, sends a signal to a label and reads its response. Then the reader sends the result into the computer or software in order for it to be analysed further.
  • the information is stored in an electronic form as an unbreakable memory content.
  • RFID labels contain a little transmitter which is a transmitter and receiver at the same time.
  • the reader sends a radio signal to the label and questions it. After receiving ⁇ the message, the response with the identification data happens, which can be a unique serial number of the label, data specific to the marked product such as the production date, product name, series number etc.
  • the labels can be passive, battery assisted passive (BAP) or active.
  • BAP labels use a small battery placed on the board which is activated the moment it is awakened by the RFID reader. Obviously, passive labels are cheaper and smaller because of their much simpler construction and there is no need for the battery. However, the labels use reader energy instead. It must be situated close enough to provide a sufficient level of transmitted power. Because labels can have unique numbers, RFID system can differentiate between many labels which can appear within the reader range and can read them all at the same time. Labels can be of a type read-only and also have a serial number which can be linked to the records in the the database or may be of the overwrite type where the user decides about the values defined by himself/herself.
  • RFID labels consist of at least two parts: an aerial for sending and receiving signals and an integrated circuit whose task is to store and process information, decode and code the signals received, transform the energy from the radio waves generated by the reader.
  • Readers usually have a very specified range distance into which they can read labels. This enables them to define areas of read and limit distances which crossing makes reading impossible.
  • a great RFID labels' advantage is their small size.
  • RFID labels were placed on insects. In subsequent miniaturisation stages it was possible to achieve sizes of the hundredths of millimetres. It causes the miniaturization of the aerials integrated with the devices, and, consequently, decreasing the range of activity of the label-reader pair.
  • the presented solutions were used, among others, in the mobile, phones communication. Solutions in the form of a microSD card have appeared, which can be a passive label, but after being put into the phone and charged by the card reader, can become an RFID reader.
  • the solutions of using RFID labels have also been implemented by Nokia in a few makes of phones of this company.
  • RFID labels solutions have been implemented in various logistic systems, storing systems and access control, and among others to: tag fixed assets in companies and products on shop shelves, mark parts of a large number of elements of a bigger product to unambiguously interpret their origins and destination, especially in enterprises where because of a large number of parts, an average worker is not able to determine the use of all the construction elements of a bigger machine or a vehicle; anti-theft protections in the shape of labels of books, clothes and other, especially more expensive, products which can be found on shop shelves, access control, in which RFID labels exchanged old, often failing magnetic cards, with the simultaneous elimination of magnetic readers in comparison to which RFID label readers do not require physical contact, minimising the risk of damaging the card or the reader; in transport and logistics, where because of the high speed of reading, the standard found its place with labelling the packages, to secure identification documents, making it difficult to forge them, tolls, e.g.
  • RFID labels as a form of prepaid tickets in public transport, which reduces queues at ticket offices and decreases distribution costs; animal and people identification, where some implants have been implemented to make it possible to identify lost pets and people, managing large herds of farm animals and, in case of people, to identify permanent clients of bars and other places.
  • Authentication with the help of any technologies presented above needs determining the rules on which the authentication will take place.
  • the equipment layer does not ensure the right level of security. It is necessary to determine a set of procedures, especially a user's guide, of the constructed implementation. Regardless of whether the protections are achieved through the encrypted wireless transmission or by using some different options, it seems necessary to establish the centre which could be a registration centre at the same time.
  • connection authorisation Assigning a unique number in the system to a unique equipment identification (label, MAC address of the network interface) will be called the connection authorisation.
  • a given device e.g. it can be a Bluetooth interface of a mobile phone
  • they will be subordinate to the authorisation:
  • A. IEEE MAC address of the Bluetooth device as a unique device address using the Bluetooth technology. It is a 45-bit number written in the hexadecimal system.
  • the first 24 bits describe the producer of the serial card, the other 24 bits are a unique identifier of a given copy of the card.
  • MAC address occurs in the case of every Ethernet interface. It is a consistent address for all serial cards and includes the wired and wireless connections
  • the registration in the authentication centre will start with reading wireiessly a unique identifier of the device which will be used by the user. Next, it will be linked with a unique number in the system. The next step will make it possible to get the powers to do things possible in a given system and planned for this specific user.
  • the identification method using a device which communicates wireiessly helps simplify and speed up entering the data into the resources gathered in the IT systems, but it is not personal data in the sense of the legal regulations but it is about saving into the user's account the results of a given activity.
  • the NFC transmitter allows: loading the information, direct cash payments, access control, controlling functions, authentication in the Internet auctions, bets and transactions, and above all for RFID-tag identification of valuable objects, electronic devices and their parts etc., from GSM on the basis of a website or balancing the account.
  • the device allows authenticating various operations from the platform of a mobile telephone equipped with the papillary lines sensor or through the function of mobile video in the user's phone.
  • Known seamless technology is a mobile phone payment and transaction service using QR codes on the front- end and Seamless proven transaction server on the back-end.
  • Technology is the only fully-integrated mobile phone payment solution handling the entire transaction chain, from customer through to settlement.
  • the cashier sends the sum payable to the SEQR transaction switch.
  • the customer scans the unique QR code on the cashier and sends the merchant ID to the SEQR transaction switch.
  • the customer receives a payment request on his mobile phone, and is asked to approve the amount.
  • the customer confirms the amount to be paid by entering their personal four digit pin code.
  • the banks verify the information and processes the transaction.
  • the SEQR transaction switch confirms the transaction to the cashier and the customer.
  • the essence of the invention is that the information package Ao from the NFC label of the recipient through a user's portable device is sent to the memory segment of the server assigned to the recipient in the journalling file system and after adding the data from the terminal of the recipient, it is sent back to the user's portable device, who sends the full information package A to the bank server of the user, after which in the bank server of the user the entry of the ordered operation is made in the segment of the user's memory and in the memory segment assigned to the journalling file system, wherein with the help of the server of the journalling file system systematically in the time shorter than every 5 seconds the entries are checked in the memory segment of the bank server assigned to the journalling file system and then the information package B is created, which with the help of the server of the journalling file system is sent to the bank server of the recipient, there the entries of the ordered operation are made in the memory segment assigned to the recipient and in the memory segment assigned to the journalling file system and preferably the information package Bo with the help of the server of the journalling file system is sent to the recipient
  • the encrypted information package from the NFC label of the recipient is preferably decrypted with the public key of the asymmetric cryptography in the opened application of the user's portable device.
  • the information package is sent to the memory segment of assigned to the recipient in a decrypted form or partially encrypted form.
  • the information package from the NFC label is sent to the journalling file system in the form of a unique set of characters.
  • An advantage of the solution according to the invention is increasing the speed of the secure authentication of the data transmission between the computer system, especially an isolated journalling file system, and a personal portable communications device, whose MAC address is the identifier in the bank's computer system.
  • a customer usually has their telephone with them in every situation as a portable communications device.
  • the authentication method in the payment system with portable equipment through the wireless data transmission between a user's portable ccmmunications device with the NFC module of the confirming user, an NFC label of the recipient, from which the information package is collected, and an isolated computer journalling file system in communication with the recipient's computer system equipped with the payment terminal of the recipient, from which the data in a digital form are obtained and sent to the bank server, where the entry of the operation is made in the memory segments dedicated to the recipient and the user, the condition of the entries is checked and the response from the server of journalling file system is sent to the payment terminal.
  • the information package Ao is sent from the NFC label through the user's portable device to the server's memory segment assigned to the recipient in the journalling file system.
  • the bank server of the user After adding the data from the terminal of the recipient, it is sent back to the user's portable device/who sends the full information package A to the bank server of the user.
  • the entry of the ordered operation is made in the segment of the user memory and in the memory segment assigned to the journalling file system.
  • the entries With the help of the server of the journalling file system systematically in the time shorter than every 5 seconds the entries are checked in the memory segment of the bank server assigned to the journalling file system.
  • the information package B is created, which with the help of the server of the journalling file system is sent to the bank server of the recipient.
  • the entries of the ordered operation are made in the memory segment assigned to the recipient and in the memory segment assigned to the journalling file system.
  • the information package B 0 with the help of the server of the journalling file system is sent to the recipient's terminal.
  • the encrypted information package from the NFC label of the recipient is used and is decrypted with the public key of the asymmetric cryptography in the opened application of the user's portable device.
  • the information package is sent to the memory segment assigned to the recipient in a decrypted form or partially encrypted form.
  • the security increase for the information package from the NFC label is achieved by writing it in the form of a unique set of characters, which is sent to the journalling file system.
  • the invention is presented below in the form of implementation.
  • the user's phone equipped with the NFC module and a payment application that is a programme placed in the phone's memory card and processed by the processor of the portable device of the user, makes it possible to pay fast after bringing it close to the NFC label presented, for example, by the merchant, which contains all the data needed to order a classic money transfer.
  • the NFC label used in a passive form that is, it possesses 'hard-coded' data needed for the transfer, which we usually enter into the template of a money transfer - that is the recipient's account number, the recipient's name, the transfer title.
  • the customer when he or she scans the NFC label, emulates manual entering of all the data needed for the transfer, fills in the sum of money and orders the transfer of the money.
  • the recipient's bank account number is in reality the number belonging to the billing agent (called here smoopay), but all the payments coming through the account are identified as owed to the final recipient.
  • the data in the label are encrypted with the use of the asymmetric cryptography, and the public key, being the pair to the secret private key, with which the information was encrypted in the label, is available from the level of the mobile application, therefore to the bank module of the application responsible for the money transfer the information gets in the decrypted form.
  • NFC label in an active form means that a unique and unpredictable identifier is entered into the tag, which in itself does not contain any key data for the money transfer and is only a unique identifier for the journalling file system, and when it is sent through the mobile application, it results in receiving the data needed for the money transfer, such as the recipient's account number, the recipient's name, the money transfer title, optionally the sum of money to be transferred.
  • the flexibility of an active label means that it does not need to be 'hard-coded' because it is only a reference to the network resources which can be modified in any moment, for example by setting the sum from the level of the point of sales. The customer receives then the full set of information, including the sum of the transaction, therefore he or she authenticates only the money transfer.
  • the user with the use of a portable device receives the information package Ao from the NFC label of the recipient and together with the information about their own individual device sends it to the server's memory segment assigned to the recipient in the journalling file system.
  • the information package is sent back to the user's portable device, who sends the full information A package to the bank server of the user, about which the information is written in the memory of the user's portable device.
  • the entry of the ordered operation is made in the segment of the user memory and in the memory segment assigned to the journalling file system.
  • the recordings are checked in the memory segment of the bank server assigned to the journalling file system.
  • the information package B is created and is sent to the bank server of the recipient.
  • the entries of the ordered operation are made in the memory segment assigned to the recipient and in the memory segment assigned to the journalling file system.
  • the information package Bo about the authentication and doing the operation is sent to the recipient's terminal.
  • the encrypted information package from the NFC label of the recipient is used and is decrypted with the public key of the asymmetric cryptography in the opened application of the user's portable device.
  • the information package is sent to the memory segment assigned to the recipient in an decrypted form or partially encrypted form.
  • the security increase for the information package from the NFC label is achieved by writing it in the form of a unique set of characters, which is sent to the journalling file system.
  • the NFC technology is used in such a way to securely and above all quickly make a "classical" money transfer between two accounts of the same bank, by automating entering the data indispensable for such a transfer. This process done manually takes so long that it would be impossible to use this model of payment in commercial conditions.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne le procédé d'autorisation de paiement dans les dispositifs mobiles par l'intermédiaire d'une transmission de données sans fil entre un dispositif de communication portatif doté du module NFC de l'utilisateur confirmant, une étiquette NFC du destinataire, à partir de laquelle le paquet d'informations est recueilli, et un système de fichier de journalisation informatique isolé en communication avec le système informatique du destinataire équipé du terminal de paiement du destinataire, à partir duquel les données sous forme numérique sont reçues et envoyées au serveur bancaire, dans lequel l'entrée de l'opération est effectuée dans les segments de mémoire réservés au destinataire et à l'utilisateur, l'état des entrées est vérifié et la réponse provenant du serveur du système de fichier de journalisation est envoyée au terminal de paiement, caractérisé en ce que le paquet d'informations Ao est envoyé à partir de l'étiquette NFC par l'intermédiaire du dispositif portatif de l'utilisateur au segment de mémoire du serveur affecté au destinataire dans le système de fichier de journalisation et après l'ajout des données provenant du terminal du récipient, ledit paquet d'informations est renvoyé au dispositif portatif du client, qui envoie le paquet d'informations complet A au serveur bancaire de l'utilisateur, après quoi, dans le serveur bancaire de l'utilisateur, l'entrée de l'opération commandée est effectuée dans le segment de la mémoire utilisateur et dans le segment de mémoire affecté au système de fichier de journalisation, les entrées étant vérifiées, à l'aide du serveur du système de fichier de journalisation de manière systématique dans un temps inférieur à toutes les 5 secondes, dans le segment de mémoire du serveur bancaire affecté au système de fichier de journalisation puis le paquet d'informations B étant créé, lequel, à l'aide du serveur du système de fichier de journalisation, est envoyé au serveur bancaire du destinataire ; ensuite les entrées de l'opération commandée sont effectuées dans le segment de mémoire affecté au destinataire et dans le segment de mémoire affecté au système de fichier de journalisation et préférentiellement le paquet d'informations Bo est envoyé à l'aide du serveur du système de fichier de journalisation au terminal du destinataire. Préférentiellement, le paquet d'informations chiffré provenant de l'étiquette NFC du destinataire est déchiffré à l'aide de la clé publique de cryptographie asymétrique dans l'application ouverte sur le dispositif portatif de l'utilisateur. Le paquet d'informations est envoyé au segment de mémoire du serveur affecté au destinataire sous forme déchiffrée ou partiellement déchiffrée. Éventuellement, le paquet d'informations provenant de l'étiquette NFC est envoyé au système de fichier de journalisation sous forme d'un ensemble unique de caractères.
PCT/PL2014/000068 2014-06-24 2014-06-24 Procédé d'autorisation de paiement dans dispositifs mobiles WO2015199558A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
PLP.408651 2014-06-24
PL408651A PL408651A1 (pl) 2014-06-24 2014-06-24 Sposób autoryzacji płatności w urządzeniach mobilnych

Publications (1)

Publication Number Publication Date
WO2015199558A1 true WO2015199558A1 (fr) 2015-12-30

Family

ID=51266400

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/PL2014/000068 WO2015199558A1 (fr) 2014-06-24 2014-06-24 Procédé d'autorisation de paiement dans dispositifs mobiles

Country Status (2)

Country Link
PL (1) PL408651A1 (fr)
WO (1) WO2015199558A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI727212B (zh) * 2017-12-06 2021-05-11 開曼群島商創新先進技術有限公司 Nfc可攜式設備的寫入、支付方法、裝置以及設備

Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002078381A1 (fr) 2001-03-26 2002-10-03 Accinity Ab Systeme delivrant a des dispositifs de telecommunication mobiles des donnees relatives a une position
US20030110216A1 (en) 2001-12-06 2003-06-12 Mathias Althin Mobile guide communications system
US20030114104A1 (en) 2001-12-18 2003-06-19 Roy Want Method and system for identifying when a first device is within a physical range of a second device
EP1729253A1 (fr) 2005-05-12 2006-12-06 Swisscom AG Procédé et système pour le transfert sécurisé de données par une interface NFC
EP1819106A1 (fr) 2006-02-13 2007-08-15 Blue Cell Networks GmbH Procédé destiné à l'échange d'informations entre une station fixe et une station mobile de type Bluetooth en fonction d'une proximité spatiale desdites stations
US20070197261A1 (en) 2004-03-19 2007-08-23 Humbel Roger M Mobile Telephone All In One Remote Key Or Software Regulating Card For Radio Bicycle Locks, Cars, Houses, And Rfid Tags, With Authorisation And Payment Function
EP1851865A1 (fr) 2005-02-09 2007-11-07 Nxp B.V. Procede permettant d'assurer une fonctionnalite nfc securisee de dispositif de communication mobile sans fil et dispositif de communication mobile sans fil possedant une fonctionnalite nfc securisee
EP1938242A1 (fr) 2005-10-17 2008-07-02 Stmicroelectronics Sa Lecteur nfc ayant un mode de fonctionnement passif a faible consommation electrique
EP1958470A1 (fr) 2005-12-09 2008-08-20 Sony Ericsson Mobile Communications AB Activation par nfc passive d'une communication sans fil courte distance
EP2169924A1 (fr) 2008-09-30 2010-03-31 Research In Motion Limited Dispositif de communication mobile sans fil disposant d'un circuit de communications de champ proche tactile activé
EP2203834A1 (fr) 2007-09-27 2010-07-07 Inside Contactless Procédé et dispositif de gestion de données d'application dans un système nfc
US20110264543A1 (en) * 2010-04-26 2011-10-27 Ebay Inc. Reverse payment flow
US20120004972A1 (en) * 2010-06-30 2012-01-05 Alcatel-Lucent Usa Inc. System and method for integrating near field communication devices with legacy customer loyalty services
US20120019361A1 (en) 2009-06-22 2012-01-26 Mourad Ben Ayed Systems for three factor authentication
WO2012151290A1 (fr) 2011-05-02 2012-11-08 Apigy Inc. Systèmes et procédés de commande d'un mécanisme de verrouillage à l'aide d'un dispositif électronique portable
WO2012151660A1 (fr) 2011-05-11 2012-11-15 Mark Itwaru Système de paiement basé sur une image mobile
WO2012158219A2 (fr) 2011-05-17 2012-11-22 Qualcomm Incorporated Système et procédé permettant de gérer des transactions avec un dispositif informatique portable
WO2013062481A1 (fr) * 2011-10-24 2013-05-02 Nachiappan Nachiappa Collecte anonyme, présentation et enchère inverse d'objets de type reçus de paiement
WO2013089568A1 (fr) * 2011-12-12 2013-06-20 Iif Spółka Akcyjna Procédé de réalisation d'une opération de paiement par le biais d'un système de téléphonie cellulaire et système de télécommunication destiné à mener à bien des opérations de paiement

Patent Citations (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002078381A1 (fr) 2001-03-26 2002-10-03 Accinity Ab Systeme delivrant a des dispositifs de telecommunication mobiles des donnees relatives a une position
US20030110216A1 (en) 2001-12-06 2003-06-12 Mathias Althin Mobile guide communications system
US20030114104A1 (en) 2001-12-18 2003-06-19 Roy Want Method and system for identifying when a first device is within a physical range of a second device
US20070197261A1 (en) 2004-03-19 2007-08-23 Humbel Roger M Mobile Telephone All In One Remote Key Or Software Regulating Card For Radio Bicycle Locks, Cars, Houses, And Rfid Tags, With Authorisation And Payment Function
EP1851865A1 (fr) 2005-02-09 2007-11-07 Nxp B.V. Procede permettant d'assurer une fonctionnalite nfc securisee de dispositif de communication mobile sans fil et dispositif de communication mobile sans fil possedant une fonctionnalite nfc securisee
EP1729253A1 (fr) 2005-05-12 2006-12-06 Swisscom AG Procédé et système pour le transfert sécurisé de données par une interface NFC
EP1938242A1 (fr) 2005-10-17 2008-07-02 Stmicroelectronics Sa Lecteur nfc ayant un mode de fonctionnement passif a faible consommation electrique
EP1958470A1 (fr) 2005-12-09 2008-08-20 Sony Ericsson Mobile Communications AB Activation par nfc passive d'une communication sans fil courte distance
EP1819106A1 (fr) 2006-02-13 2007-08-15 Blue Cell Networks GmbH Procédé destiné à l'échange d'informations entre une station fixe et une station mobile de type Bluetooth en fonction d'une proximité spatiale desdites stations
EP2203834A1 (fr) 2007-09-27 2010-07-07 Inside Contactless Procédé et dispositif de gestion de données d'application dans un système nfc
EP2203835A1 (fr) 2007-09-27 2010-07-07 Inside Contactless Procédé et dispositif de gestion de données d'application dans un système nfc en réponse à l'émission ou la réception de données sans contact
EP2169924A1 (fr) 2008-09-30 2010-03-31 Research In Motion Limited Dispositif de communication mobile sans fil disposant d'un circuit de communications de champ proche tactile activé
US20120019361A1 (en) 2009-06-22 2012-01-26 Mourad Ben Ayed Systems for three factor authentication
US20110264543A1 (en) * 2010-04-26 2011-10-27 Ebay Inc. Reverse payment flow
US20120004972A1 (en) * 2010-06-30 2012-01-05 Alcatel-Lucent Usa Inc. System and method for integrating near field communication devices with legacy customer loyalty services
WO2012151290A1 (fr) 2011-05-02 2012-11-08 Apigy Inc. Systèmes et procédés de commande d'un mécanisme de verrouillage à l'aide d'un dispositif électronique portable
WO2012151660A1 (fr) 2011-05-11 2012-11-15 Mark Itwaru Système de paiement basé sur une image mobile
WO2012151685A1 (fr) 2011-05-11 2012-11-15 Mark Itwaru Système de paiement mobile dissocié
WO2012151684A1 (fr) 2011-05-11 2012-11-15 Mark Itwaru Système de paiement mobile par image utilisant des codes abrégés
WO2012158219A2 (fr) 2011-05-17 2012-11-22 Qualcomm Incorporated Système et procédé permettant de gérer des transactions avec un dispositif informatique portable
WO2013062481A1 (fr) * 2011-10-24 2013-05-02 Nachiappan Nachiappa Collecte anonyme, présentation et enchère inverse d'objets de type reçus de paiement
WO2013089568A1 (fr) * 2011-12-12 2013-06-20 Iif Spółka Akcyjna Procédé de réalisation d'une opération de paiement par le biais d'un système de téléphonie cellulaire et système de télécommunication destiné à mener à bien des opérations de paiement

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI727212B (zh) * 2017-12-06 2021-05-11 開曼群島商創新先進技術有限公司 Nfc可攜式設備的寫入、支付方法、裝置以及設備

Also Published As

Publication number Publication date
PL408651A1 (pl) 2016-01-04

Similar Documents

Publication Publication Date Title
JP6441396B2 (ja) 携帯通信デバイスにおける動的一時決済認証のシステムおよび方法
Curran et al. Near field communication
ES2773100T3 (es) Sistema y métodos de procesamiento de transacciones distribuidas
EP2538382A1 (fr) Système de point de vente de délégation de paiement de transaction
CN102737308A (zh) 一种移动终端及其查询智能卡信息的方法和系统
Singh Near-field communication (NFC): an alternative to RFID in libraries
CN102867250A (zh) 用于交易支付授权的移动装置
US11176540B2 (en) Card-to-card direct communication
US20120124394A1 (en) System and Method for Providing a Virtual Secure Element on a Portable Communication Device
CN102640181A (zh) 标记读取器系统和可移动设备之间的自动信息分发系统
JP2008541289A (ja) トランスポンダからデータを安全に読み取る方法
Suparta Application of near field communication technology for mobile airline ticketing
CN103927652A (zh) 可携式电子交易装置
Ali et al. Secure mobile communication in m-payment system using NFC technology
KR101408210B1 (ko) Nfc 태그 카드를 이용한 복합 서비스 제공 방법 및 시스템
CN108416581A (zh) 一种在线支付的方法、装置和系统
KR20150069237A (ko) 다이나믹nfc태그를 이용한 결제방법 및 시스템
CN102509359A (zh) 信息自动处理终端及信息自动处理系统
CN104657854A (zh) 允许支付交易的无线电源
KR102431265B1 (ko) 모바일 단말의 위치 기반 결제 연계 서비스를 제공하는 방법 및 장치
CN101014985A (zh) 使用作为储值装置的普通的移动装置使跨越不同的支付系统的非接触支付交易便利的系统和方法
Kulkarni Near field communication (NFC) technology and its application
KR20120020804A (ko) 카드 결제 방법, 카드 결제 시스템 및 그를 위한 이동 단말기
WO2015199558A1 (fr) Procédé d'autorisation de paiement dans dispositifs mobiles
WO2014014369A1 (fr) Procédé de transmission de données sans fil sécurisée entre des dispositifs périphériques d'un système informatique et un dispositif de communication portable doté d'un dispositif d'affichage, en particulier entre un système de fichier de journalisation isolé et le dispositif de communication portable d'un utilisateur

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14747734

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14747734

Country of ref document: EP

Kind code of ref document: A1