WO2009071734A1 - Transaction authentication - Google Patents

Transaction authentication Download PDF

Info

Publication number
WO2009071734A1
WO2009071734A1 PCT/FI2007/000288 FI2007000288W WO2009071734A1 WO 2009071734 A1 WO2009071734 A1 WO 2009071734A1 FI 2007000288 W FI2007000288 W FI 2007000288W WO 2009071734 A1 WO2009071734 A1 WO 2009071734A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
controller
communications protocol
authentication information
authentication
Prior art date
Application number
PCT/FI2007/000288
Other languages
French (fr)
Inventor
Ari VEPSÄLÄINEN
Marco Sandrini
Original Assignee
Nokia Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation filed Critical Nokia Corporation
Priority to CN200780101647A priority Critical patent/CN101868953A/en
Priority to PCT/FI2007/000288 priority patent/WO2009071734A1/en
Priority to EP07858312A priority patent/EP2218238A1/en
Publication of WO2009071734A1 publication Critical patent/WO2009071734A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/208Use of an ATM as a switch or hub
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data

Definitions

  • the invention concerns an apparatus comprising an interface arranged to conduct a transaction via a short-range communications interface. Furthermore the invention concerns a wireless apparatus comprising an interface arranged to conduct a transaction via the short-range communications interface. Yet furthermore the invention concerns a method for operating the apparatuses. Yet furthermore the invention concerns a computer program arranged to perform operations of the method when stored and run on a computer.
  • wireless communication apparatuses Modern society has quickly adopted, and become reliant upon, handheld apparatuses for wireless communication. For example, cellular telephones continue to proliferate in the global marketplace due to technological improvements in both the communication quality and device functionality.
  • These wireless communication apparatuses have become common for both personal and business use, allowing users to transmit and receive voice, text and graphical data from a multitude of geographic locations.
  • the communication networks utilized by these apparatuses span different frequencies and cover different transmission distances, each having strengths desirable for various applications.
  • the wireless communication apparatuses can communicate with short-range and wide area wireless communications networks.
  • Short-range wireless networks provide communication solutions that avoid some of the problems seen in large cellular- networks.
  • BluetoothTM is an example of a short-range wireless technology quickly gaining acceptance in the marketplace.
  • a 1 Mbps BluetoothTM radio may transmit and receives data at a rate of 720 Kbps within a range of 10 meters, and may transmit up to 100 meters with additional power boosting.
  • Enhanced data rate (EDR) technology also available may enable maximum asymmetric data rates of 1448 Kbps for a 2 Mbps connection and 2178 Kbps for a 3 Mbps connection.
  • a user does not actively instigate a BluetoothTM network. Instead, a plurality of devices within operating range of each other may automatically form a network group called a "piconet".
  • Any apparatus may promote itself to the master of the piconet, allowing it to control data exchanges with up to seven "active" slaves and 255 "parked” slaves. Active slaves exchange data based on the clock timing of the master. Parked slaves monitor a beacon signal in order to stay synchronized with the master. These apparatuses continually switch between various active communication and power saving modes in order to transmit data to other piconet members.
  • BluetoothTM other popular short-range wireless networks include WLAN (of which "Wi-Fi" local access points communicating in accordance with the IEEE 802.11 standard, is an example), WUSB, UWB and ZigBee (802.15.4, 802.15.4a). All of these wireless mediums have features and advantages that make them appropriate for various applications.
  • near field communications technologies which can be considered for providing very short-range or near to touch communication technologies, have become more interesting lately for providing new use and functionality to wireless communication devices.
  • An example of near field communications technologies comprise Radio Frequency Identification (RFID) technology, which already exists in various consumers applications from transportation and payment systems to various identification systems including implantable RFID tags.
  • RFID Radio Frequency Identification
  • NFC Near Field Communication
  • the technology is based on RFID, which makes it compatible with the existing contactless infrastructure already in use for public transportation and payment.
  • Near Field Communication (NFC) Forum is a non-profit industry association that promotes the use of NFC short-range wireless interaction in various consumer electronics, wireless devices and PCs. The NFC Forum supports implementation and standardization of NFC technology to make it easier to get information, easier to pay for goods and services, easier to use public transport, and easier to share data between devices.
  • a wireless device such as, for example, a mobile phone implementing a radio frequency identification (RFID) transponder may be utilized to provide/present a digitally coded or electronic ticket, which has been obtained before, to a ticket checkpoint system of an entrance of a public transportation system.
  • the digitally coded ticket is read out by corresponding radio frequency identification (RFID) reader, with which the checkpoint system is equipped, and is analyzed thereby.
  • RFID radio frequency identification
  • the digitally coded tickets are not necessarily only a piece of code. They may also include authentication information, such as for instance in case of 30 travel tickets, wherein the actual purchase of a ticket may need to be included in the ticketing application, so that an inspector notices that the person has actually purchased those tickets.
  • such a ticket checkpoint system may be available for public transportation systems in various cities, which may result in the requirement for coding different digitally coded tickets.
  • the illustrated ticket checkpoint system may be extended to similar digitally coded records such as credit card information, loyalty card information, cinema tickets and the like, where the portable terminal performs information exchange with the very same equipment, e.g. point-of-sale equipment.
  • the same applications may be realized by using optical or visual codes presented by an optical or visual encoding means and an optical or visual scanning means allowing for reading-out the optical or visual codes from the optical or visual encoding means.
  • smartcards provide application developer with a secure and tamperproof environment for developing high value, secure and complex applications.
  • Said smartcards include a central processing unit as well as secure memory areas making unwanted access by third parties very difficult.
  • cryptographic means are provided within the smartcard, which opens the deployment of smartcards for secure applications like banking or even personal identification applications.
  • smart cards create a secure environment for storing items of monetary value while the contactless feature is fast and convenient for users who only need to bring the card in close proximity to a card reader. These types of contactless cards do not require a Personal Identification Number (PIN) and are therefore suited for high-volume, low-value transactions.
  • PIN Personal Identification Number
  • ATM Automated Teller Machine
  • a kiosk to transfer money from a checking account, savings account, a credit card account or by inserting cash into the ATM.
  • the user puts their ATM card or cash into the machine and positions a contactless card near the contactless reader/writer to complete the transfer of money.
  • These ATMs are typically located at the entrance to the transit station where the customers purchase transit tokens.
  • the popularity of contactless cards for transit has grown so that other vendors in area surrounding the transit system also accept the contactless card for payment for purchases such as parking, fast food, convenience stores, gas stations and vending machines.
  • Many merchants are installing contactless smart card reader/writers in their stores to provide the ability to accept smart cards as a form of payment.
  • a wireless apparatus such as, for example a mobile phone may contain a NFC module or other type of near field communications module. Furthermore the apparatus may contain a secure element such as a secure smart card. The secure element is used in association with the near field communications module to carry out acts that require trust and confident. Examples of these kinds of acts may be a payment, electronic payment, true identification, credit card, secure transaction, electronic ticket purchasing and validation etc. Another example can be a payment made by a mobile phone.
  • a real authentication is however a problem with transaction related acts when the actual transaction operations are conducted electronically, such as, for example in connection with transaction operations involving the secure smart card.
  • the transaction itself can be carried out quite easily and conveniently by the system nowadays.
  • a known solution is to carry it out by non-electric means. For example by personally demonstrating a personal identification card such as a passport.
  • Another known solution is to make a personal signature by hand.
  • Yet another known solution is to enter a personal identification code matching with the secure element by hand with a keypad.
  • Yet another solution is to conduct the authentication by way of biometric identification of the user.
  • a common problem for these and any similar or equivalent known solutions is that the authentication involving the person carrying the wireless apparatus requires taking an effort by said person.
  • an apparatus comprising: a controller;
  • a near field communications module operatively coupled to the controller
  • a first secure storage location operatively coupled to the controller and configured to store at least partly information for carrying out a transaction operation by way of a transaction communications protocol via the near field communications module;
  • a second secure storage location operatively coupled to the controller and configured to store at least authentication information regarding authentic user of the apparatus
  • controller is configured to switch communications from said transaction communications protocol to another communications protocol in response to detecting that said transaction is substantially carried out and communicate the at least authentication information regarding the authentic user of the apparatus via the another communications protocol.
  • a near field communications module operatively coupled to the controller; a first secure storage location operatively coupled to the controller and configured to store at least partly information for carrying out a transaction operation by way of a transaction communications protocol via the near field communications module;
  • a second secure storage location operatively coupled to the controller and configured to store at least authentication information regarding authentic user of the apparatus; wherein the controller is configured to switch communication from said transaction communications protocol to another communications protocol in response to detecting that said transaction is substantially carried out and communicate the at least authentication information regarding the authentic user of the wireless apparatus via the another communications protocol.
  • Figure 1 depicts a block diagram of an apparatus in which general principles of the various embodiment of the invention can be applied
  • Figure 2 depicts a block diagram of an apparatus having a switch configured to switch the protocol between the secure transaction element and the authentication module of the apparatus according to various further embodiments of the invention
  • Figure 3 depicts a flow chart of the operations of the apparatus according to various further embodiments of the invention
  • Figure 4 depicts schematically a block diagram including functional and structural components of the apparatus according to some further embodiments of the invention. DESCRIPTION OF FURTHER EMBODIMENTS
  • the apparatus 100 comprises a first secure storage location 101 such as a transaction element 101.
  • the transaction element 101 may be, according to at least one embodiment, a secure smart card element configured for transaction operations for example.
  • the secure transaction element 101 is arranged to communicate by a first communications protocol.
  • the apparatus comprises a second secure storage location 102 such as an authentication module 102.
  • the authentication module 102 can be a smart card of the apparatus 100 for authentication.
  • the authentication module 102 is arranged to communicate by a second communications protocol.
  • the apparatus 100 comprises also a near field communications module 103, which can be alternatively referred to as as a short-range communications module.
  • the apparatus comprises also a controller SW1 , which is coupled with the secure transaction element 101.
  • the controller SW 1 is also coupled with the authentication module 102 and with the near field communications module 103.
  • the controller SW1 is configured to switch communications from the first communications protocol to the second communications protocol once it is detected that a transaction operation is substantially carried out so as to provide means to authenticate a user of the apparatus responsible for carrying out the transaction using said another communications protocol.
  • the authentication relating to the transaction is carried out on a basis of the authentication of the user of the apparatus.
  • the apparatus 100 may contain hardware, software and/or middleware for carrying out the operations of various embodiments.
  • the apparatus 100 has computer code and/or the hardware for performing the operations of further embodiments.
  • the apparatus 100 may be a wireless radio frequency apparatus having a near field and/or a short range wireless communication capability.
  • the apparatus 100 can be, according to a further embodiment, a mobile phone containing near field communications capability.
  • Various embodiments of the invention provide blocks or modules for a cashier/ticketing inspector to request authentication information regarding the user of the apparatus 100 by way of switching from the transaction protocol (for example ISO-14443 communication) to peer-to-peer communications (for example NFC-IP) and requesting user authentication information from the apparatus 100.
  • the authentication information may include, according to at least one embodiment, an image of the user or like, but also other kind of information that can be used as a proof of authenticity of the person using the apparatus 100 can be used as well.
  • the authentication information is typically secured and may be, according to at least one embodiment, stored e.g. in the authentication module 102 in a secure memory location, such as, for example within a secure smart card (for example SIM card in case of a mobile phone). It should be also noted that in accordance of at least one further embodiment of the invention, the secure transaction element
  • a secure smart card 102 such as, for example SIM card in a mobile phone apparatus.
  • the authentication information (e.g. the image of the owner of the apparatus or like) can be secured by way of for example signing the authentication information with secure key of some reliable account provider.
  • a credit issuing company such as, for example MasterCard may provide, in addition to actual payment application within the secure smart card element 102, also a secure signing of the authentication information with its secure key so that the authentication information can also be secured to prevent potential misuse.
  • the authentication information is provided to the cashier/ticketing inspector, it is conformed with the public key corresponding to the secure key so that the authentication information cannot be hacked.
  • FIG. 2 depicts a block diagram of an apparatus 100' having a controller SW1' configured to switch the protocol between the secure transaction element 101 ' and the authentication module 102' of the apparatus 100' according to various further embodiments of the invention.
  • the apparatus 100' comprises the secure transaction element 101'.
  • the apparatus 100' comprises near field communications module 103', a CPU, and an authentication module 102', such as, for example the SIM of the apparatus 100'.
  • the secure transaction smart card element/module 101 ' is connected via the controller SWV either to a near field communication NFC 103' interface providing connectivity with external devices by means of using for example RFID or optical connection.
  • the secure transaction smart card element/module 10V is connected via the controller SWV with a terminal CPU for providing control to the secure smart card element 10V.
  • the NFC 103' interface allows both reading and writing operations to be conducted both to and from external tags/devices and also peer-to-peer type communication between two NFC terminals.
  • the secure transaction smart card element 10V is directly linked to the NFC 103' interface by means of the controller SWV, in order to ensure that there will be no unnecessary delays within terminal logic that might hinder/prevent transactions due to the nature of RFID communications, which will typically require fast response times.
  • An RFID transaction for instance, will be typically conducted within, e.g., hundreds of milliseconds.
  • the secure element 10V is thus connected with the controller SWV.
  • the controller SWV is connected with the near field communications module 103'.
  • the CPU is connected to the SW1' and also to the NFC module 103'.
  • the controller SW1' may switch communications to the authentication module 102'.
  • the authentication module 102' applies another communications protocol than the secure element 101 '.
  • the CPU instructs the controller SW1' to switch to another communications protocol and further to the authentication module 102'.
  • Apparatus 100' comprises also a memory which is connected with CPU.
  • the apparatus 100' may comprise a short-range transceiver which is coupled with CPU.
  • Apparatus 100' comprises a network receiver which is couples with CPU.
  • the apparatus 100' comprises application storage which is coupled with a CPU.
  • the application storage may be coupled directly with the secure transaction element 101 '.
  • the apparatus comprises also a display which is coupled with the previous components.
  • the apparatus comprises an antenna which is coupled with the network transceiver and possibly with the short- range transceiver.
  • a transaction is started in the step 200.
  • the transaction is performed with the apparatus 100.
  • the transaction takes place by reading and writing opertations that are concluded by the secure transaction element 101.
  • the secure transaction element 101 may communicate via the near field communications module 103.
  • the secure transaction element 101 may communicate via other communications modules of the apparatus 100, such as, for example, the network transceiver 105 and short range transceiver 104.
  • the transaction takes place by using a communication protocol such as, for example, the ISO-14443 communications protocol.
  • the transaction is completed using the communications protocol in the step 200.
  • a controller SW1 switches communications to another communications protocol such as, for example the ISO-18092, or ISO-21481 , once the transaction is substantially completed and carried out;
  • the controller SW1 may switch communications to ISO-18092, or ISO- 21481 , which are examples of other communications protocols for NFC-IP based peer-to-peer communications.
  • An authentication procedure for the transaction may now start in the step 202.
  • the authentication information may be requested from the apparatus 100.
  • the authentication information is requested from the authentication module 102 of the apparatus 100.
  • the authentication is requested from a smart card 102' of the apparatus 100, such as, for example the SIM card or the like.
  • the requesting party of the transaction is provided with the authentication information in the step 203.
  • the authentication information is advantageously used to complete the transaction.
  • the authentication information may be transferred for example by transmitting image information of the authenticated user of the device that can be presented as a picture of the authenticated user of the apparatus 100. Furthermore by providing the parties with digital signature etc. As said previously there are various examples.
  • the controller SW1 is further configured to detect whether the transaction has substantially been carried out so as to switch to said another communications protocol.
  • the controller SW1 may be further configured to detect specific data of the transaction so as to determine whether the transaction continues or is about to be substantially carried out.
  • the controller SW 1 may further be coupled with a timer (not shown) configured to prompt the controller to check a status of the transaction and/or determine whether messages related to the transaction has been exchanged within a certain predefined time period in yet another further embodiment.
  • the controller SW1 may determine that the transaction is substantially carried out if the controller SW1 detects no transaction related messages have been exchanged within a predefined time period.
  • the near filed communications module 103 may use various near field communications, such as, e.g. the NFC or the like.
  • the near field communications module 103 alternatively referred to as near field communications interface, provides necessary means to communicate with external tags/devices using e.g. RFID technology so that the terminal can conduct RFID-based payment and ticketing transactions, but not limited thereto.
  • the near field communications module allows both reading and writing operations to be conducted both to and from external tags/devices and also peer-to-peer type communication between two terminals.
  • the secure transaction module 101 and the secure authentication module 102 can be directly linked to the near filed communications interface 103, by means of the controller SW1 , in order to ensure that there will be no unnecessary delays within terminal logic that might hinder/prevent transactions due to the nature or RFID communication, which will typically require fast response times.
  • a RFID transaction for instance, will be typically conducted within hundreds of milliseconds.
  • NFC itself is a short-range wireless technology which enables the communication between devices over a short distance. The technology can be used in mobile phones and other RFID based apparatuses.
  • NFC is compatible with the existing contactless infrastructure, for example in use for public transportation and payment. NFC works by magnetic field induction. It can operate within the globally available and unlicensed RF band of 13.56 MHz.
  • Working distance can be 0-20 centimetres, and the speed: 106 Kbit/s, 212 Kbit/s or 424 Kbit/s.
  • Passive Communication Mode The Initiator device provides a carrier field and the target device answers by modulating existing field. In this mode, the Target device may draw its operating power from the Initiator-provided electromagnetic field, thus making the Target device a transponder.
  • Active Communication Mode Both Initiator and Target device communicate by generating their own field. In this mode, both devices typically need to have a power supply.
  • NFC can be used to configure and initiate other wireless network connections such as Bluetooth, Wi-Fi or Ultra-wideband.
  • NFC Non-Fi Protected Access
  • Reader mode the NFC device is active and read a passive RFID tag, for example for interactive advertising.
  • P2P mode two NFC devices are communicating together and exchanging information.
  • Mobile ticketing in public transport an extension of the existing contactless infrastructure.
  • Mobile Payment the mobile phone acts as a debit/ credit payment card.
  • Smart poster the mobile phone is used to read RFID tags on outdoor billboards in order to get info on the move.
  • a further embodiment of the invention takes advantage of smart card such as a subscriber identity module (SIM).
  • SIM card may be an SD card or actually any other auxiliary secure element.
  • SIM card contains the secure transaction element 101 as well.
  • the switch mat switch between these blocks, for example as described in various embodiment of the invention.
  • the user activates elements, and may further select at least one of the transaction/applications to be active at the time.
  • the selection may be based on e.g. default selection, based on user selection or alternatively the terminal 100 may be capable of selecting the suitable application based on the current context/environment of the terminal 100.
  • the selection of the context/environment of the terminal 100 may be performed by the user e.g. by initiating reading a dedicated tag through the NFC module 103', wherein the tag could indicated the presence of certain type of POS terminal (e.g.
  • the user can, for example, simply "touch” (i.e. brings his mobile terminal device in close proximity) the POS terminal NFC interface with the terminal 100, which results the terminals NFC interface 103' to communicate with the POS terminals NFC interface, so that the necessary information for conducting the agreed transaction will be exchanged.
  • the NFC interfaces 103 of the terminal 100 and the POS terminal may include any communication interface suitable for near field communication including RF and optical interfaces two name a couple of non-limiting examples.
  • the necessary information includes at least following communication operations.
  • Fig. 4 illustrates schematically an implementation of an apparatus 100" such as a portable consumer electronic device being equipped with a RFID device according to some further embodiments of the invention.
  • the block diagram of Fig. 4 illustrates a principle structural design of a cellular terminal, which should exemplary represent any kind of portable CE device 100" employable with the present invention. It shall be understood that the present invention is not limited to any specific kind of portable CE device such as that illustrated.
  • the illustrated portable CE device 100 comprises typically a central processing unit (CPU) 410, a data storage 420, an application storage 430, input/output means including audio input/output (I/O) means 450, a keypad with input controller (Ctrl) 460 and a display with display controller (Ctrl) 470.
  • the portable CE device 100" includes a cellular interface (I/F) 480 coupled to a cellular antenna and operable with a corresponding subscriber identification module (SIM) 440.
  • I/F cellular interface
  • SIM subscriber identification module
  • the smartcard module when integrating the smartcard module into the handheld mobile phone, security is improved as in order to use the mobile phone a PIN input is needed enabling GSM SIM in the mobile phone when the mobile phone is switched on.
  • the smartcard module may be integrated in to SIM card of the portable CE device 100" instead of being a separate module.
  • the smartcard module may be integrated into a MMC card or memory stick module in connection with the data storage 420 of the portable CE device.
  • the portable CE device 100" according to a further embodiment of the invention comprises also a local data interface (I/F) 400 and a general data interface (I/F) 490.
  • I/F local data interface
  • I/F general data interface
  • the local data interface (I/F) 400 can be also implemented as an infrared-based interface such as an IrDA (infrared direct access) interface or an interface being based on radio frequency identification (RFID) technology, namely RFID reader, RFID transponder and near field communication (NFC) standard, respectively.
  • IrDA infrared direct access
  • RFID radio frequency identification
  • the cellular interface (I/F) 480 is arranged as a cellular transceiver to receive signals from the cellular antenna, decodes the signals, demodulates them and also reduces them to the base band frequency.
  • the cellular interface 480 provides for an over-the-air interface, which serves in conjunction with the subscriber identification module (SIM) 440 for cellular communications with a corresponding radio access network (RAN) of a public land mobile network (PLMN).
  • SIM subscriber identification module
  • RAN radio access network
  • PLMN public land mobile network
  • the output of the cellular interface (I/F) 480 thus consists of a stream of data that may require further processing by the central processing unit (CPU) 410.
  • the cellular interface (I/F) 480 arranged as a cellular transceiver also receives data from the central processing unit (CPU) 410, which are to be transmitted via the over-the-air interface to the radio access network (RAN). Therefore, the cellular interface (I/F) 480 encodes, modulates and converts the signal to the radio frequency, which is to be used. The cellular antenna then transmits the resulting radio frequency signal to the corresponding radio access network (RAN) of the public land mobile network (PLMN).
  • RAN radio access network
  • the portable CE 100" device may include in certain embodiments of the present invention, a broadcast receiver interface (not shown), which allows the portable CE to access broadcast transmission services that include Digital Video broadcasting (DVB-T, DVB-H), Digital Audio Broadcasting (DAB), Digital Radio Musice (DRM), Integrated Services Digital Broadcasting-Terrestrial (ISDB-T), Advanced Television Systems Committee (ATSC) and Digital Multimedia Broadcasting (DMB-T) techniques to name a few.
  • DVD-T Digital Video Broadcasting
  • DVB-H Digital Audio Broadcasting
  • DRM Digital Radio Mondiale
  • ISDB-T Integrated Services Digital Broadcasting-Terrestrial
  • ATSC Advanced Television Systems Committee
  • DMB-T Digital Multimedia Broadcasting
  • the portable CE device 100" further comprises a protected memory, which is adapted for storing a plurality of data records, for instance within said smartcard module 101 and 103.
  • each data record shall be understood as a digital representation of information relating to for instance digital ticket data and digital payment data according to an embodiment of the present invention.
  • the protected memory is specifically adapted to meet requirements, which have to be considered to ensure security and privacy aspects relevant in view of the sensitive digital information stored therein.
  • the portable CE device 100 may anyone of the example devices comprising illustratively a portable phone, a personal digital assistant, a pocket personal computer, a portable personal computer, a communicator terminal or any other portable consumer electronics (CE) with processing capability and appropriate communication means; i.e. comprising at least a transaction module 101 , an authentication module 102, a and a near field communications module 103.
  • the portable CE device 100" embodies a processor-based device, which allows implementation of the inventive concept.
  • the following embodiment will illustrate enhanced identification device operation, which is for instance implementable in each of the aforementioned consumer electronic (CE) devices.
  • illustration of the identification device will be given with respect to illustrated portable CE device 100", which has attached or has embedded such an identification device. But it shall be noted that the invention is not specifically limited to those identification devices and to portable CE device coupled thereto, respectively, which are herein illustrated merely for the way of illustration on the basis of embodiments according to the present invention.
  • the computer program can be a computer program product.
  • the product is an example of a tangible object.
  • it can be a medium such as a disc, a hard disk, an optical medium, CD-ROM, floppy disk, or the like storage etc.
  • the product may in a form of a signal such as an electromagnetic signal.
  • the signal can be transmitted within the network for example.
  • the product comprises computer program code or code means arranged to perform the operations of various embodiments of the invention.

Abstract

Various embodiments of the invention provide blocks or modules for a transaction to request authentication information regarding the user of the apparatus by way of switching from the transaction protocol, for example ISO-14443 communication, to peer-to-peer communications protocol, for example NFC-IP, and requesting user authentication information from the apparatus. The transaction can be authenticated accordingly. The authentication information may include, according to at least one embodiment, an image of the user or like, but also other kind of information that can be used as a proof of authenticity of the person using the apparatus can be used as well.

Description

Transaction Authentication
TECHNICAL FIELD OF THE INVENTION
The invention concerns an apparatus comprising an interface arranged to conduct a transaction via a short-range communications interface. Furthermore the invention concerns a wireless apparatus comprising an interface arranged to conduct a transaction via the short-range communications interface. Yet furthermore the invention concerns a method for operating the apparatuses. Yet furthermore the invention concerns a computer program arranged to perform operations of the method when stored and run on a computer.
BACKGROUND
Modern society has quickly adopted, and become reliant upon, handheld apparatuses for wireless communication. For example, cellular telephones continue to proliferate in the global marketplace due to technological improvements in both the communication quality and device functionality. These wireless communication apparatuses have become common for both personal and business use, allowing users to transmit and receive voice, text and graphical data from a multitude of geographic locations. The communication networks utilized by these apparatuses span different frequencies and cover different transmission distances, each having strengths desirable for various applications. The wireless communication apparatuses can communicate with short-range and wide area wireless communications networks.
Short-range wireless networks provide communication solutions that avoid some of the problems seen in large cellular- networks. Bluetooth™ is an example of a short-range wireless technology quickly gaining acceptance in the marketplace. A 1 Mbps Bluetooth™ radio may transmit and receives data at a rate of 720 Kbps within a range of 10 meters, and may transmit up to 100 meters with additional power boosting. Enhanced data rate (EDR) technology also available may enable maximum asymmetric data rates of 1448 Kbps for a 2 Mbps connection and 2178 Kbps for a 3 Mbps connection. A user does not actively instigate a Bluetooth™ network. Instead, a plurality of devices within operating range of each other may automatically form a network group called a "piconet". Any apparatus may promote itself to the master of the piconet, allowing it to control data exchanges with up to seven "active" slaves and 255 "parked" slaves. Active slaves exchange data based on the clock timing of the master. Parked slaves monitor a beacon signal in order to stay synchronized with the master. These apparatuses continually switch between various active communication and power saving modes in order to transmit data to other piconet members. In addition to Bluetooth™ other popular short-range wireless networks include WLAN (of which "Wi-Fi" local access points communicating in accordance with the IEEE 802.11 standard, is an example), WUSB, UWB and ZigBee (802.15.4, 802.15.4a). All of these wireless mediums have features and advantages that make them appropriate for various applications.
In addition to the above, near field communications technologies, which can be considered for providing very short-range or near to touch communication technologies, have become more interesting lately for providing new use and functionality to wireless communication devices. An example of near field communications technologies comprise Radio Frequency Identification (RFID) technology, which already exists in various consumers applications from transportation and payment systems to various identification systems including implantable RFID tags. Near Field Communication (NFC), is yet another short- range wireless communication technology, which enables the exchange of data between devices over a short distance. The technology is based on RFID, which makes it compatible with the existing contactless infrastructure already in use for public transportation and payment. Near Field Communication (NFC) Forum is a non-profit industry association that promotes the use of NFC short-range wireless interaction in various consumer electronics, wireless devices and PCs. The NFC Forum supports implementation and standardization of NFC technology to make it easier to get information, easier to pay for goods and services, easier to use public transport, and easier to share data between devices.
Payment and ticket applications are considered as one of the most important emerging usage areas that will leverage in the near field communications technologies field, such as, for example radio frequency identification (RFID) technology. For instance, a wireless device, such as, for example, a mobile phone implementing a radio frequency identification (RFID) transponder may be utilized to provide/present a digitally coded or electronic ticket, which has been obtained before, to a ticket checkpoint system of an entrance of a public transportation system. The digitally coded ticket is read out by corresponding radio frequency identification (RFID) reader, with which the checkpoint system is equipped, and is analyzed thereby. In case of validity of the digitally coded ticket the access to the public transportation system is granted to the owner of the portable terminal. The digitally coded tickets are not necessarily only a piece of code. They may also include authentication information, such as for instance in case of 30 travel tickets, wherein the actual purchase of a ticket may need to be included in the ticketing application, so that an inspector notices that the person has actually purchased those tickets.
Advantageously, such a ticket checkpoint system may be available for public transportation systems in various cities, which may result in the requirement for coding different digitally coded tickets. Moreover, the illustrated ticket checkpoint system may be extended to similar digitally coded records such as credit card information, loyalty card information, cinema tickets and the like, where the portable terminal performs information exchange with the very same equipment, e.g. point-of-sale equipment. The same applications may be realized by using optical or visual codes presented by an optical or visual encoding means and an optical or visual scanning means allowing for reading-out the optical or visual codes from the optical or visual encoding means.
In combination with the above-mentioned technology the usage of smartcards is steadily growing. Modern smartcards provide application developer with a secure and tamperproof environment for developing high value, secure and complex applications. Said smartcards include a central processing unit as well as secure memory areas making unwanted access by third parties very difficult. Further, cryptographic means are provided within the smartcard, which opens the deployment of smartcards for secure applications like banking or even personal identification applications. Usually, smart cards create a secure environment for storing items of monetary value while the contactless feature is fast and convenient for users who only need to bring the card in close proximity to a card reader. These types of contactless cards do not require a Personal Identification Number (PIN) and are therefore suited for high-volume, low-value transactions. Users of the card can load value onto the card by using an Automated Teller Machine (ATM) or a kiosk to transfer money from a checking account, savings account, a credit card account or by inserting cash into the ATM. The user puts their ATM card or cash into the machine and positions a contactless card near the contactless reader/writer to complete the transfer of money. These ATMs are typically located at the entrance to the transit station where the customers purchase transit tokens. The popularity of contactless cards for transit has grown so that other vendors in area surrounding the transit system also accept the contactless card for payment for purchases such as parking, fast food, convenience stores, gas stations and vending machines. Many merchants are installing contactless smart card reader/writers in their stores to provide the ability to accept smart cards as a form of payment. It shall be appreciated that the above-mentioned embodiments regarding smartcards are only given to explain possible deployments of smartcards without any limiting intention. It is also imaginable that smartcards may be used in connection with credit card and debit transactions with dynamic value, for instance. A wireless apparatus, such as, for example a mobile phone may contain a NFC module or other type of near field communications module. Furthermore the apparatus may contain a secure element such as a secure smart card. The secure element is used in association with the near field communications module to carry out acts that require trust and confident. Examples of these kinds of acts may be a payment, electronic payment, true identification, credit card, secure transaction, electronic ticket purchasing and validation etc. Another example can be a payment made by a mobile phone. A real authentication is however a problem with transaction related acts when the actual transaction operations are conducted electronically, such as, for example in connection with transaction operations involving the secure smart card. The transaction itself can be carried out quite easily and conveniently by the system nowadays. However, when an authentication involving the person carrying the wireless apparatus needs to be done, a known solution is to carry it out by non-electric means. For example by personally demonstrating a personal identification card such as a passport. Another known solution is to make a personal signature by hand. Yet another known solution is to enter a personal identification code matching with the secure element by hand with a keypad. Yet another solution is to conduct the authentication by way of biometric identification of the user. A common problem for these and any similar or equivalent known solutions is that the authentication involving the person carrying the wireless apparatus requires taking an effort by said person. For example, a user has to make the effort, e.g. prove his identity by showing an id etc. Thus, while the electric transaction itself is rather convenient, the authentication fails with this respect. Furthermore it's generally a problem to really discover that the performing party of the transaction is an authenticated one. SUMMARY
It is the object of the invention to provide the apparatus with more convenient authentication.
In accordance with an aspect of the invention there is provided an apparatus, comprising: a controller;
a near field communications module operatively coupled to the controller;
a first secure storage location operatively coupled to the controller and configured to store at least partly information for carrying out a transaction operation by way of a transaction communications protocol via the near field communications module; and
a second secure storage location operatively coupled to the controller and configured to store at least authentication information regarding authentic user of the apparatus;
wherein the controller is configured to switch communications from said transaction communications protocol to another communications protocol in response to detecting that said transaction is substantially carried out and communicate the at least authentication information regarding the authentic user of the apparatus via the another communications protocol.
In accordance with another aspect of the invention there is provided a wireless apparatus, comprising: a controller;
a near field communications module operatively coupled to the controller; a first secure storage location operatively coupled to the controller and configured to store at least partly information for carrying out a transaction operation by way of a transaction communications protocol via the near field communications module; and
a second secure storage location operatively coupled to the controller and configured to store at least authentication information regarding authentic user of the apparatus; wherein the controller is configured to switch communication from said transaction communications protocol to another communications protocol in response to detecting that said transaction is substantially carried out and communicate the at least authentication information regarding the authentic user of the wireless apparatus via the another communications protocol.
In accordance with yet another aspect of the invention there is provided a method, comprising:
conducting substantially a transaction by exchanging transaction information via a first communications protocol, switching to a second communications protocol upon detecting that the transaction is substantially conducted, and finalizing the transaction by exchanging authentication information via the second communications protocol.
In accordance with yet another aspect of the invention there is provided a computer program code, wherein the computer program code is arranged to
conducting substantially a transaction by exchanging transaction information via a first communications protocol, switching to a second communications protocol upon detecting that the transaction is substantially conducted, and finalizing the transaction by exchanging authentication information via the second communications protocol.
In various embodiments of the invention there is no need to tamper the communication protocol that relates to the transaction. This is advantageous because such a protocol tend to be very protected and confident due to the nature of appliance. Furthermore various embodiments may take advantage of existing authentication of the apparatus as well as existing wireless transactions. Various embodiments are trust and reliable by combining the clumsy but secure transaction procedure with improved authenticity. BRIEF DESCRIPTION OF THE DRAWINGS
Various further embodiments of the invention will now be described, by way of examples only, with reference to the accompanying drawings, in which:
Figure 1 depicts a block diagram of an apparatus in which general principles of the various embodiment of the invention can be applied,
Figure 2 depicts a block diagram of an apparatus having a switch configured to switch the protocol between the secure transaction element and the authentication module of the apparatus according to various further embodiments of the invention, Figure 3 depicts a flow chart of the operations of the apparatus according to various further embodiments of the invention, and
Figure 4 depicts schematically a block diagram including functional and structural components of the apparatus according to some further embodiments of the invention. DESCRIPTION OF FURTHER EMBODIMENTS
As previously referred figure 1 depicts a block diagram of an apparatus 100 in which general principles of various further embodiments of the invention can be applied. The apparatus 100 comprises a first secure storage location 101 such as a transaction element 101. The transaction element 101 may be, according to at least one embodiment, a secure smart card element configured for transaction operations for example. The secure transaction element 101 is arranged to communicate by a first communications protocol. Furthermore the apparatus comprises a second secure storage location 102 such as an authentication module 102. The authentication module 102 can be a smart card of the apparatus 100 for authentication. The authentication module 102 is arranged to communicate by a second communications protocol. The apparatus 100 comprises also a near field communications module 103, which can be alternatively referred to as as a short-range communications module. The apparatus, according to at least one embodiment, comprises also a controller SW1 , which is coupled with the secure transaction element 101. The controller SW 1 is also coupled with the authentication module 102 and with the near field communications module 103. The controller SW1 , according to at least one embodiment, is configured to switch communications from the first communications protocol to the second communications protocol once it is detected that a transaction operation is substantially carried out so as to provide means to authenticate a user of the apparatus responsible for carrying out the transaction using said another communications protocol. The authentication relating to the transaction is carried out on a basis of the authentication of the user of the apparatus. The apparatus
100 may contain hardware, software and/or middleware for carrying out the operations of various embodiments. Thus the apparatus 100 has computer code and/or the hardware for performing the operations of further embodiments.
In various further embodiments, the apparatus 100 may be a wireless radio frequency apparatus having a near field and/or a short range wireless communication capability. The apparatus 100 can be, according to a further embodiment, a mobile phone containing near field communications capability.
Various embodiments of the invention provide blocks or modules for a cashier/ticketing inspector to request authentication information regarding the user of the apparatus 100 by way of switching from the transaction protocol (for example ISO-14443 communication) to peer-to-peer communications (for example NFC-IP) and requesting user authentication information from the apparatus 100. The authentication information may include, according to at least one embodiment, an image of the user or like, but also other kind of information that can be used as a proof of authenticity of the person using the apparatus 100 can be used as well.
The authentication information is typically secured and may be, according to at least one embodiment, stored e.g. in the authentication module 102 in a secure memory location, such as, for example within a secure smart card (for example SIM card in case of a mobile phone). It should be also noted that in accordance of at least one further embodiment of the invention, the secure transaction element
101 effecting the transaction may be located within a certain memory area of a secure smart card 102, such as, for example SIM card in a mobile phone apparatus.
In some further embodiments of the invention, the authentication information (e.g. the image of the owner of the apparatus or like) can be secured by way of for example signing the authentication information with secure key of some reliable account provider. For example, according to at least one embodiment, a credit issuing company, such as, for example MasterCard may provide, in addition to actual payment application within the secure smart card element 102, also a secure signing of the authentication information with its secure key so that the authentication information can also be secured to prevent potential misuse. When the authentication information is provided to the cashier/ticketing inspector, it is conformed with the public key corresponding to the secure key so that the authentication information cannot be hacked. Further, in order to edit or update the authentication information that is accessible only via an entity, such as, for example the MasterCard, the user of the apparatus needs to first sign in and authenticate oneself to e.g. the entity via e.g. the entity's web pages, and only after the user is signed in, and authenticated, the user is provided an opportunity to amend or change the authentication information of the apparatus. This kind of feature is especially suitable in situations where the apparatus is sold to another person and the ticketing information needs to be updated so that the new user can utilize his/her own tickets etc. after purchase of the apparatus while ensuring that the person selling the apparatus doesn't loose his/her tickets in connection with the transaction. Figure 2 depicts a block diagram of an apparatus 100' having a controller SW1' configured to switch the protocol between the secure transaction element 101 ' and the authentication module 102' of the apparatus 100' according to various further embodiments of the invention. Thus referring now to the Figure 2 there is being shown an example of an apparatus 100' according to various embodiments of the invention. The apparatus 100' comprises the secure transaction element 101'. Furthermore the apparatus 100' comprises near field communications module 103', a CPU, and an authentication module 102', such as, for example the SIM of the apparatus 100'. The secure transaction smart card element/module 101 ' is connected via the controller SWV either to a near field communication NFC 103' interface providing connectivity with external devices by means of using for example RFID or optical connection. Alternatively, the secure transaction smart card element/module 10V is connected via the controller SWV with a terminal CPU for providing control to the secure smart card element 10V. The NFC 103' interface allows both reading and writing operations to be conducted both to and from external tags/devices and also peer-to-peer type communication between two NFC terminals. The secure transaction smart card element 10V is directly linked to the NFC 103' interface by means of the controller SWV, in order to ensure that there will be no unnecessary delays within terminal logic that might hinder/prevent transactions due to the nature of RFID communications, which will typically require fast response times. An RFID transaction, for instance, will be typically conducted within, e.g., hundreds of milliseconds. The secure element 10V is thus connected with the controller SWV. Furthermore the controller SWV is connected with the near field communications module 103'. Also the CPU is connected to the SW1' and also to the NFC module 103'. The controller SW1' may switch communications to the authentication module 102'. The authentication module 102' applies another communications protocol than the secure element 101 '. Once the transaction by the secure element 101' is substantially carried out, the CPU instructs the controller SW1' to switch to another communications protocol and further to the authentication module 102'. Apparatus 100' comprises also a memory which is connected with CPU. Furthermore the apparatus 100' may comprise a short-range transceiver which is coupled with CPU. Apparatus 100' comprises a network receiver which is couples with CPU. Furthermore the apparatus 100' comprises application storage which is coupled with a CPU. Furthermore the application storage may be coupled directly with the secure transaction element 101 '. The apparatus comprises also a display which is coupled with the previous components. Furthermore the apparatus comprises an antenna which is coupled with the network transceiver and possibly with the short- range transceiver.
Referring to the further embodiments of Figure 3, a transaction is started in the step 200. The transaction is performed with the apparatus 100. The transaction takes place by reading and writing opertations that are concluded by the secure transaction element 101. According to at least one embodiment, the secure transaction element 101 may communicate via the near field communications module 103. Alternatively, the secure transaction element 101 may communicate via other communications modules of the apparatus 100, such as, for example, the network transceiver 105 and short range transceiver 104. The transaction takes place by using a communication protocol such as, for example, the ISO-14443 communications protocol. The transaction is completed using the communications protocol in the step 200. In the step 201 a controller SW1 switches communications to another communications protocol such as, for example the ISO-18092, or ISO-21481 , once the transaction is substantially completed and carried out; The controller SW1 may switch communications to ISO-18092, or ISO- 21481 , which are examples of other communications protocols for NFC-IP based peer-to-peer communications. An authentication procedure for the transaction may now start in the step 202. The authentication information may be requested from the apparatus 100. According to embodiments of the present invention, the authentication information is requested from the authentication module 102 of the apparatus 100. For example the authentication is requested from a smart card 102' of the apparatus 100, such as, for example the SIM card or the like. The requesting party of the transaction is provided with the authentication information in the step 203. The authentication information is advantageously used to complete the transaction. The authentication information may be transferred for example by transmitting image information of the authenticated user of the device that can be presented as a picture of the authenticated user of the apparatus 100. Furthermore by providing the parties with digital signature etc. As said previously there are various examples.
In a further embodiment of the invention during the authorisation for completing the transaction, the controller SW1 is configured to switch communications from the secure transaction mode into the authentication mode. The authentication mode authenticates the user of the apparatus 100 by the necessary authentication information. The authentication information can be presented where necessary.
In a further embodiment of the invention, the controller SW1 is further configured to detect whether the transaction has substantially been carried out so as to switch to said another communications protocol. The controller SW1 may be further configured to detect specific data of the transaction so as to determine whether the transaction continues or is about to be substantially carried out. The controller SW 1 may further be coupled with a timer (not shown) configured to prompt the controller to check a status of the transaction and/or determine whether messages related to the transaction has been exchanged within a certain predefined time period in yet another further embodiment. In accordance with a further embodiment, if the controller SW1 detects no transaction related messages have been exchanged within a predefined time period, the controller may determine that the transaction is substantially carried out.
Various embodiments of the invention use near field communication such as NFC for exchanging information. For example the near filed communications module 103 may use various near field communications, such as, e.g. the NFC or the like. The near field communications module 103, alternatively referred to as near field communications interface, provides necessary means to communicate with external tags/devices using e.g. RFID technology so that the terminal can conduct RFID-based payment and ticketing transactions, but not limited thereto. The near field communications module allows both reading and writing operations to be conducted both to and from external tags/devices and also peer-to-peer type communication between two terminals. As said the secure transaction module 101 and the secure authentication module 102 can be directly linked to the near filed communications interface 103, by means of the controller SW1 , in order to ensure that there will be no unnecessary delays within terminal logic that might hinder/prevent transactions due to the nature or RFID communication, which will typically require fast response times. A RFID transaction, for instance, will be typically conducted within hundreds of milliseconds. NFC itself is a short-range wireless technology which enables the communication between devices over a short distance. The technology can be used in mobile phones and other RFID based apparatuses. NFC is compatible with the existing contactless infrastructure, for example in use for public transportation and payment. NFC works by magnetic field induction. It can operate within the globally available and unlicensed RF band of 13.56 MHz. Working distance can be 0-20 centimetres, and the speed: 106 Kbit/s, 212 Kbit/s or 424 Kbit/s. Generally there are two modes: Passive Communication Mode: The Initiator device provides a carrier field and the target device answers by modulating existing field. In this mode, the Target device may draw its operating power from the Initiator-provided electromagnetic field, thus making the Target device a transponder. Active Communication Mode: Both Initiator and Target device communicate by generating their own field. In this mode, both devices typically need to have a power supply. NFC can be used to configure and initiate other wireless network connections such as Bluetooth, Wi-Fi or Ultra-wideband. Use cases for NFC may for example be: Card emulation: the NFC device behaves like an existing contactless card. Reader mode: the NFC device is active and read a passive RFID tag, for example for interactive advertising. P2P mode: two NFC devices are communicating together and exchanging information. Plenty of applications will be possible such as: Mobile ticketing in public transport - an extension of the existing contactless infrastructure. Mobile Payment - the mobile phone acts as a debit/ credit payment card. Smart poster - the mobile phone is used to read RFID tags on outdoor billboards in order to get info on the move.
Pairing - in the pairing of devices with NFC support may be as easy as bringing them close together and accepting the pairing. The process of activating on both sides, searching, waiting, pairing and authorization can be replaced by a simple "touch" of the mobile phones. Other applications in the could include: Electronic tickets - airline tickets, concert/event tickets, and others, Electronic money, Travel cards, Identity documents, Mobile commerce, Electronic keys - car keys, house/office keys, hotel room keys, etc
NFC is an open platform technology standardized in ECMA-340 and ISO/IEC 18092. These standards specify the modulation schemes, coding, transfer speeds and frame format of the RF interface of NFC devices, as well as initialization schemes and conditions required for data collision-control during initialization-for both passive and active NFC modes. Furthermore, they also define the transport protocol, including protocol activation and data-exchange methods. NFC incorporates a variety of pre-existing standards including ISO_14443 both A (normal) and B (banking/short range), ISO_15693, and FeIiCa.
A further embodiment of the invention takes advantage of smart card such as a subscriber identity module (SIM). Generally the SIM card may be an SD card or actually any other auxiliary secure element. In the further embodiment the SIM card contains the secure transaction element 101 as well. Thus the secure transaction element can be advantageously installed into the smart card. The switch mat switch between these blocks, for example as described in various embodiment of the invention.
In case that a user wants to conduct a NFC based transaction with a local point-of- sale terminal, comprising a NFC communication module, the user (or the terminal) activates elements, and may further select at least one of the transaction/applications to be active at the time. The selection may be based on e.g. default selection, based on user selection or alternatively the terminal 100 may be capable of selecting the suitable application based on the current context/environment of the terminal 100. The selection of the context/environment of the terminal 100 may be performed by the user e.g. by initiating reading a dedicated tag through the NFC module 103', wherein the tag could indicated the presence of certain type of POS terminal (e.g. local merchant having a contract with certain credit card company and also private loyalty card for the store), so that corresponding applications can be activated. The selection of the context/environment may alternatively be based on the current location of the mobile terminal, which may be based on GPS positioning information or alternatively information received through wide-area- or local-area networks.
Afterwards, when the amount of payment and other related information is negotiated (this "negotiation" means that user of the terminal 100 and the transaction provider have mutually agreed the amount of payment), the user can, for example, simply "touch" (i.e. brings his mobile terminal device in close proximity) the POS terminal NFC interface with the terminal 100, which results the terminals NFC interface 103' to communicate with the POS terminals NFC interface, so that the necessary information for conducting the agreed transaction will be exchanged. It should be further noted that the NFC interfaces 103 of the terminal 100 and the POS terminal may include any communication interface suitable for near field communication including RF and optical interfaces two name a couple of non-limiting examples. The necessary information includes at least following communication operations. All of the following operations shall be performed within the set time limit for the transaction that might be different for different embodiments. According to one non-limiting exemplary embodiment, the time limit may be set for 300-400ms for RFID-based transactions. In order to complete the transaction the authentication is provided as described by the various embodiments of the invention. Fig. 4 illustrates schematically an implementation of an apparatus 100" such as a portable consumer electronic device being equipped with a RFID device according to some further embodiments of the invention. The block diagram of Fig. 4 illustrates a principle structural design of a cellular terminal, which should exemplary represent any kind of portable CE device 100" employable with the present invention. It shall be understood that the present invention is not limited to any specific kind of portable CE device such as that illustrated. The illustrated portable CE device 100" comprises typically a central processing unit (CPU) 410, a data storage 420, an application storage 430, input/output means including audio input/output (I/O) means 450, a keypad with input controller (Ctrl) 460 and a display with display controller (Ctrl) 470.
Additionally, the portable CE device 100" according to various further embodiments of the invention includes a cellular interface (I/F) 480 coupled to a cellular antenna and operable with a corresponding subscriber identification module (SIM) 440. In a further embodiment of the invention when integrating the smartcard module into the handheld mobile phone, security is improved as in order to use the mobile phone a PIN input is needed enabling GSM SIM in the mobile phone when the mobile phone is switched on. Thus the mobile phone when switched off or e.g. when activation of phone from screen saver mode a PIN is well protected from violation. According to further embodiments of the present invention, the smartcard module may be integrated in to SIM card of the portable CE device 100" instead of being a separate module. According to further embodiments, the smartcard module may be integrated into a MMC card or memory stick module in connection with the data storage 420 of the portable CE device. Moreover, the portable CE device 100" according to a further embodiment of the invention comprises also a local data interface (I/F) 400 and a general data interface (I/F) 490. However, it should be noted that in embodiments where the smart card module is integrated into certain modules, there needs to be a direct link to the local data interface (I/F) 400 in order to ensure the time requirement for the transaction.
The local (short-range) data interface (I/F) 400 or local (short-range) transceiver may be additionally implemented in portable CE device 100" to provide for local data communication with a corresponding counterpart network, base station or transceiver. In general, the local data interface (I/F) 400 can be realized by a low- power radio frequency (LPRF) transceiver such as a Bluetooth transceiver, a WLAN (wireless local area network) transceiver, an ultra-wide band (UWB) transceiver or any other transceiver operable with an IEEE 8O2.xx standard. Moreover, the local data interface (I/F) 400 can be also implemented as an infrared-based interface such as an IrDA (infrared direct access) interface or an interface being based on radio frequency identification (RFID) technology, namely RFID reader, RFID transponder and near field communication (NFC) standard, respectively.
The cellular interface (I/F) 480 is arranged as a cellular transceiver to receive signals from the cellular antenna, decodes the signals, demodulates them and also reduces them to the base band frequency. The cellular interface 480 provides for an over-the-air interface, which serves in conjunction with the subscriber identification module (SIM) 440 for cellular communications with a corresponding radio access network (RAN) of a public land mobile network (PLMN). The output of the cellular interface (I/F) 480 thus consists of a stream of data that may require further processing by the central processing unit (CPU) 410. The cellular interface (I/F) 480 arranged as a cellular transceiver also receives data from the central processing unit (CPU) 410, which are to be transmitted via the over-the-air interface to the radio access network (RAN). Therefore, the cellular interface (I/F) 480 encodes, modulates and converts the signal to the radio frequency, which is to be used. The cellular antenna then transmits the resulting radio frequency signal to the corresponding radio access network (RAN) of the public land mobile network (PLMN).
In addition to the local data interface (I/F) 400 and the general data interface (I/F) 490, the portable CE 100" device may include in certain embodiments of the present invention, a broadcast receiver interface (not shown), which allows the portable CE to access broadcast transmission services that include Digital Video broadcasting (DVB-T, DVB-H), Digital Audio Broadcasting (DAB), Digital Radio Mondiale (DRM), Integrated Services Digital Broadcasting-Terrestrial (ISDB-T), Advanced Television Systems Committee (ATSC) and Digital Multimedia Broadcasting (DMB-T) techniques to name a few.
The display and display controller (Ctrl) 470 are controlled by the central processing unit (CPU) 410 and provides information for the user typically by the means of a user interface. The keypad and keypad controller (Ctrl) 460 are provided to allow the user to input information. The information input via the keypad is supplied to the central processing unit (CPU) 410, which may be controlled in accordance with the input information. The audio input/output (I/O) means 450 includes at least a speaker for reproducing an audio signal and a microphone for recording an audio signal. The central processing unit (CPU) 410 may control the conversion of audio data to audio output signals and the conversion of audio input signals into audio data, where the audio data have a suitable format for cellular transmission.
The data interface (I/F) 490 serves for interfacing data and instruction communications between the local data interface module 400 and the portable CE device 100". The data interface (I/F) 490 may be established by various appropriate hardware and/or software interfaces.
The portable CE device 100" further comprises a protected memory, which is adapted for storing a plurality of data records, for instance within said smartcard module 101 and 103. As defined above, each data record shall be understood as a digital representation of information relating to for instance digital ticket data and digital payment data according to an embodiment of the present invention. The protected memory is specifically adapted to meet requirements, which have to be considered to ensure security and privacy aspects relevant in view of the sensitive digital information stored therein. Those skilled in the art will appreciate that the handling of the sensitive digital information such as digital ticket data and digital payment data as defined above is subjected to security and privacy aspects from user view as well as from service provider view, where the service provider relates to both issuing authorities and accepting authorities of the digital information in question.
In general, the portable CE device 100" described above may anyone of the example devices comprising illustratively a portable phone, a personal digital assistant, a pocket personal computer, a portable personal computer, a communicator terminal or any other portable consumer electronics (CE) with processing capability and appropriate communication means; i.e. comprising at least a transaction module 101 , an authentication module 102, a and a near field communications module 103. In general the portable CE device 100" embodies a processor-based device, which allows implementation of the inventive concept. The following embodiment will illustrate enhanced identification device operation, which is for instance implementable in each of the aforementioned consumer electronic (CE) devices. However, illustration of the identification device will be given with respect to illustrated portable CE device 100", which has attached or has embedded such an identification device. But it shall be noted that the invention is not specifically limited to those identification devices and to portable CE device coupled thereto, respectively, which are herein illustrated merely for the way of illustration on the basis of embodiments according to the present invention.
In various embodiments of the invention the computer program can be a computer program product. The product is an example of a tangible object. For example, it can be a medium such as a disc, a hard disk, an optical medium, CD-ROM, floppy disk, or the like storage etc. In another example the product may in a form of a signal such as an electromagnetic signal. The signal can be transmitted within the network for example. The product comprises computer program code or code means arranged to perform the operations of various embodiments of the invention.
Ramifications and Scope
Although the description above contains many specifics, these are merely provided to illustrate the invention and should not be construed as limitations of the invention's scope. It should be also noted that the many specifics can be combined in various ways in a single or multiple embodiments. Thus it will be apparent to those skilled in the art that various modifications and variations can be made in the apparatuses and processes of the present invention without departing from the spirit or scope of the invention.

Claims

Claims
1. An apparatus, comprising:
a controller; a near field communications module operatively coupled to the controller;
a first secure storage location operatively coupled to the controller and configured to store at least partly information for carrying out a transaction operation by way of a transaction communications protocol via the near field communications module; and a second secure storage location operatively coupled to the controller and configured to store at least authentication information regarding authentic user of the apparatus; wherein the controller is configured to switch communications from said transaction communications protocol to another communications protocol in response to detecting that said transaction is substantially carried out and communicate the at least authentication information regarding the authentic user of the apparatus via the another communications protocol.
2. An apparatus according to claim 1 , wherein the controller is further arranged to authenticate the authentic user of the apparatus in said transaction using said another communications protocol, wherein the authentication relating to the transaction is carried out on a basis of the authentication information.
3. An apparatus according to any of the preceding claims, further comprising a smard card configured to store the first secure storage location.
4. An apparatus according to any of the preceding claims, further comprising a smart card configured to store the second secure storage location.
5. An apparatus according to any of the preceding claims, wherein the first and the second secure locations are arranged to be located at the same smart card or at least two different smart cards.
6. An apparatus according to any of the preceding claims, wherein the first secure storage location comprises a transaction module.
7. An apparatus according to any of the preceding claims, wherein the second secure storage location comprises an authentication module.
8. An apparatus according to any of the preceding claims, wherein the controller comprises a logical or a physical switch.
9. An apparatus according to any of the preceding claims, wherein said authentication comprises image information regarding the authentic user of the apparatus or a digital signature.
10. An apparatus according to any of the preceding claims, wherein the authentication information is configured to be secured so that an authentication key is needed to be presented for accessing authentication information.
11. An apparatus according to any of the preceding claims, wherein the controller is further configured to detect whether the transaction has substantially been carried out so as to switch to said another communications protocol.
12. An apparatus according to any of the preceding claims, wherein the controller is further configured to detect specific data of the transaction so as to detect that the transaction has been substantially carried out.
13. An apparatus according to any of the preceding claims, further comprising a timer coupled with the controller configured to prompt the controller to check a status of the transaction.
14. A wireless apparatus, comprising: a controller;
a near field communications module operatively coupled to the controller;
a first secure storage location operatively coupled to the controller and configured to store at least partly information for carrying out a transaction operation by way of a transaction communications protocol via the near field communications module; and a second secure storage location operatively coupled to the controller and configured to store at least authentication information regarding authentic user of the apparatus; wherein the controller is configured to switch communication from said transaction communications protocol to another communications protocol in response to detecting that said transaction is substantially carried out and communicate the at least authentication information regarding the authentic user of the wireless apparatus via the another communications protocol.
15. A wireless apparatus according to claim 14, wherein the controller is further arranged to authenticate the authentic user of the apparatus in said transaction using said another communications protocol, wherein the authentication relating to the transaction is carried out on a basis of the authentication information.
16. A wireless apparatus according to claim 14, wherein the controller is further configured to detect whether the transaction has substantially been carried out so as to switch to said another communications protocol.
17. A wireless apparatus according to claim 14, wherein the controller is further configured to detect specific data of the transaction so as to detect that the transaction has been substantially carried out.
18. A wireless apparatus according to claim 14, further comprising a timer coupled with the controller configured to prompt the controller to check a status of the transaction.
19. A method, comprising: conducting substantially a transaction by exchanging transaction information via a first communications protocol, switching to a second communications protocol upon detecting that the transaction is substantially conducted, and finalizing the transaction by exchanging authentication information via the second communications protocol.
20. A method according to claim 19, further comprising authenticating a valid user of the apparatus in said transaction using said another communications protocol, wherein the authentication relating to the transaction is carried out on a basis of the authentication information.
21. A method according to claim 19, further comprising detecting specific data of the transaction so as to detect that the transaction has been substantially carried out.
22. A method according to claim 19, further comprising prompting, by a timer, to check a status of the transaction.
23. A computer program code, wherein the computer program code is arranged to
conducting substantially a transaction by exchanging transaction information via a first communications protocol,
switching to a second communications protocol upon detecting that the transaction is substantially conducted, and
finalizing the transaction by exchanging authentication information via the second communications protocol.
24. An apparatus, comprising: means for conducting substantially a transaction by exchanging transaction information via a first communications protocol,
means for switching to a second communications protocol upon detecting that the transaction is substantially conducted, and means for finalizing the transaction by exchanging authentication information via the second communications protocol.
PCT/FI2007/000288 2007-12-07 2007-12-07 Transaction authentication WO2009071734A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN200780101647A CN101868953A (en) 2007-12-07 2007-12-07 Transaction authentication
PCT/FI2007/000288 WO2009071734A1 (en) 2007-12-07 2007-12-07 Transaction authentication
EP07858312A EP2218238A1 (en) 2007-12-07 2007-12-07 Transaction authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/FI2007/000288 WO2009071734A1 (en) 2007-12-07 2007-12-07 Transaction authentication

Publications (1)

Publication Number Publication Date
WO2009071734A1 true WO2009071734A1 (en) 2009-06-11

Family

ID=40717341

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2007/000288 WO2009071734A1 (en) 2007-12-07 2007-12-07 Transaction authentication

Country Status (3)

Country Link
EP (1) EP2218238A1 (en)
CN (1) CN101868953A (en)
WO (1) WO2009071734A1 (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2389023A1 (en) * 2010-05-17 2011-11-23 Morpho Cards GmbH Telecommunications chip card and NFC-enabled mobile telephone device
US8068011B1 (en) 2010-08-27 2011-11-29 Q Street, LLC System and method for interactive user-directed interfacing between handheld devices and RFID media
CN102523092A (en) * 2011-12-05 2012-06-27 上海柯斯软件有限公司 Audio-based non-contact integrated circuit (IC) card and mobile authentication data transmission device
WO2013056783A1 (en) * 2011-10-20 2013-04-25 Giesecke & Devrient Gmbh Mobile terminal, transaction terminal, and method for carrying out a transaction at a transaction terminal by means of a mobile terminal
EP2626823A1 (en) * 2012-02-10 2013-08-14 Vodafone Holding GmbH Location based selection in mobile wallets
WO2013153437A1 (en) * 2012-04-13 2013-10-17 Ologn Technologies Ag Apparatuses, methods and systems for computer-based secure transactions
EP2672442A1 (en) * 2012-06-05 2013-12-11 Nxp B.V. Multi-protocol communication circuit
EP2685411A4 (en) * 2011-11-14 2015-05-27 Ntt Docomo Inc Mobile terminal, electronic money usage restriction system, and recording medium
EP2939493A4 (en) * 2012-12-11 2016-07-20 Intel Corp Device-to-device (d2d) discovery without authenticating through cloud
US9432348B2 (en) 2012-04-20 2016-08-30 Ologn Technologies Ag Secure zone for secure purchases
US9489505B2 (en) 2011-04-21 2016-11-08 Trustonic Limited Method for displaying information on a display device of a terminal
US9572029B2 (en) 2012-04-10 2017-02-14 Imprivata, Inc. Quorum-based secure authentication
US9742735B2 (en) 2012-04-13 2017-08-22 Ologn Technologies Ag Secure zone for digital communications
US9875366B2 (en) 2011-10-07 2018-01-23 Trustonic Limited Microprocessor system with secured runtime environment
US9948640B2 (en) 2013-08-02 2018-04-17 Ologn Technologies Ag Secure server on a system with virtual machines
US11176546B2 (en) 2013-03-15 2021-11-16 Ologn Technologies Ag Systems, methods and apparatuses for securely storing and providing payment information
US11937081B2 (en) 2021-07-13 2024-03-19 Imprivata, Inc. Quorum-based secure authentication

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102156897B (en) * 2011-03-30 2014-04-02 惠州Tcl移动通信有限公司 Secure digital card and method for realizing near field communication function on same
CN104680108B (en) * 2015-03-31 2018-03-13 上海飞聚微电子有限公司 A kind of implementation method that double agreements are supported using RFID chip

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999035620A1 (en) * 1998-01-07 1999-07-15 Sun Microsystems, Inc. Methods and apparatus for processing smartcard transactions
US20020174068A1 (en) * 2001-05-07 2002-11-21 Rodolphe Marsot Method for increasing the security of payment of tradesman by a client, corresponding localization center and system
GB2424801A (en) * 2005-03-31 2006-10-04 Uniwill Comp Corp Portable apparatus communicates with a server using a first and second protocol
WO2007044882A2 (en) * 2005-10-11 2007-04-19 Philip Yuen System and method for authorization of transactions
US20070156436A1 (en) * 2005-12-31 2007-07-05 Michelle Fisher Method And Apparatus For Completing A Transaction Using A Wireless Mobile Communication Channel And Another Communication Channel
US20070278290A1 (en) * 2006-06-06 2007-12-06 Messerges Thomas S User-configurable priority list for mobile device electronic payment applications

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005045557A (en) * 2003-07-22 2005-02-17 Sony Corp Communication device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999035620A1 (en) * 1998-01-07 1999-07-15 Sun Microsystems, Inc. Methods and apparatus for processing smartcard transactions
US20020174068A1 (en) * 2001-05-07 2002-11-21 Rodolphe Marsot Method for increasing the security of payment of tradesman by a client, corresponding localization center and system
GB2424801A (en) * 2005-03-31 2006-10-04 Uniwill Comp Corp Portable apparatus communicates with a server using a first and second protocol
WO2007044882A2 (en) * 2005-10-11 2007-04-19 Philip Yuen System and method for authorization of transactions
US20070156436A1 (en) * 2005-12-31 2007-07-05 Michelle Fisher Method And Apparatus For Completing A Transaction Using A Wireless Mobile Communication Channel And Another Communication Channel
US20070278290A1 (en) * 2006-06-06 2007-12-06 Messerges Thomas S User-configurable priority list for mobile device electronic payment applications

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ECMA INTERNATIONAL: ECMA 352 STANDARD., December 2003 (2003-12-01), XP008131162, Retrieved from the Internet <URL:http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-352.pdf> [retrieved on 20080814] *

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8768303B2 (en) 2010-05-17 2014-07-01 Morpho Cards Gmbh Telecommunications chip card and mobile telephone device
EP2389023A1 (en) * 2010-05-17 2011-11-23 Morpho Cards GmbH Telecommunications chip card and NFC-enabled mobile telephone device
US8068011B1 (en) 2010-08-27 2011-11-29 Q Street, LLC System and method for interactive user-directed interfacing between handheld devices and RFID media
US8395486B2 (en) 2010-08-27 2013-03-12 Q Street, LLC System and method for interactive user-directed interfacing between handheld devices and RFID media
US9858455B2 (en) 2010-08-27 2018-01-02 Q Street, LLC System and method for interactive user-directed interfacing between handheld devices and RFID media
US9489505B2 (en) 2011-04-21 2016-11-08 Trustonic Limited Method for displaying information on a display device of a terminal
US9875366B2 (en) 2011-10-07 2018-01-23 Trustonic Limited Microprocessor system with secured runtime environment
WO2013056783A1 (en) * 2011-10-20 2013-04-25 Giesecke & Devrient Gmbh Mobile terminal, transaction terminal, and method for carrying out a transaction at a transaction terminal by means of a mobile terminal
EP2685411A4 (en) * 2011-11-14 2015-05-27 Ntt Docomo Inc Mobile terminal, electronic money usage restriction system, and recording medium
CN102523092A (en) * 2011-12-05 2012-06-27 上海柯斯软件有限公司 Audio-based non-contact integrated circuit (IC) card and mobile authentication data transmission device
EP2626823A1 (en) * 2012-02-10 2013-08-14 Vodafone Holding GmbH Location based selection in mobile wallets
US10542430B2 (en) 2012-04-10 2020-01-21 Imprivata, Inc. Quorum-based secure authentication
US11096052B2 (en) 2012-04-10 2021-08-17 Imprivata, Inc Quorum-based secure authentication
US9572029B2 (en) 2012-04-10 2017-02-14 Imprivata, Inc. Quorum-based secure authentication
US10484338B2 (en) 2012-04-13 2019-11-19 Ologn Technologies Ag Secure zone for digital communications
US10904222B2 (en) 2012-04-13 2021-01-26 Ologn Technologies Ag Secure zone for digital communications
WO2013153437A1 (en) * 2012-04-13 2013-10-17 Ologn Technologies Ag Apparatuses, methods and systems for computer-based secure transactions
US9742735B2 (en) 2012-04-13 2017-08-22 Ologn Technologies Ag Secure zone for digital communications
US10027630B2 (en) 2012-04-13 2018-07-17 Ologn Technologies Ag Secure zone for digital communications
US10108953B2 (en) 2012-04-13 2018-10-23 Ologn Technologies Ag Apparatuses, methods and systems for computer-based secure transactions
US10270776B2 (en) 2012-04-20 2019-04-23 Ologn Technologies Ag Secure zone for secure transactions
US9432348B2 (en) 2012-04-20 2016-08-30 Ologn Technologies Ag Secure zone for secure purchases
US11201869B2 (en) 2012-04-20 2021-12-14 Ologn Technologies Ag Secure zone for secure purchases
US10496981B2 (en) 2012-06-05 2019-12-03 Nxp B.V. Multi-protocol communication circuit
EP2672442A1 (en) * 2012-06-05 2013-12-11 Nxp B.V. Multi-protocol communication circuit
EP2939493A4 (en) * 2012-12-11 2016-07-20 Intel Corp Device-to-device (d2d) discovery without authenticating through cloud
US11176546B2 (en) 2013-03-15 2021-11-16 Ologn Technologies Ag Systems, methods and apparatuses for securely storing and providing payment information
US11763301B2 (en) 2013-03-15 2023-09-19 Ologn Technologies Ag Systems, methods and apparatuses for securely storing and providing payment information
US9948640B2 (en) 2013-08-02 2018-04-17 Ologn Technologies Ag Secure server on a system with virtual machines
US11937081B2 (en) 2021-07-13 2024-03-19 Imprivata, Inc. Quorum-based secure authentication

Also Published As

Publication number Publication date
EP2218238A1 (en) 2010-08-18
CN101868953A (en) 2010-10-20

Similar Documents

Publication Publication Date Title
US8005426B2 (en) Method and mobile terminal device including smartcard module and near field communications means
WO2009071734A1 (en) Transaction authentication
Curran et al. Near field communication
US10395238B2 (en) Two step near field communication transactions
US8532572B2 (en) Mobile integrated distribution and transaction system and method for NFC services, and a mobile electronic device thereof
KR101554604B1 (en) System and Method for financial transactions
US20130092741A1 (en) Wireless smart card and integrated personal area network, near field communication and contactless payment system
US20130311313A1 (en) Nfc transaction processing systems and methods
US20120089507A1 (en) Device, system and transaction method for integrating payment function and receipt function
Hendry Near Field Communications Technology and Applications
EP2582062A1 (en) System, method and readable media for mobile distribution and transaction applied in near field communication (nfc) service
EP2889823A1 (en) Method for securing a completion step of an online transaction
CN111222864A (en) Internet of vehicles safety payment method, system, storage medium and vehicle machine
KR20140118251A (en) System and method for card payment
KR20120057322A (en) A mobile phone with automatic switching of NFC mode
Imhontu et al. A survey on near field communication in mobile phones & PDAs
Iglesias et al. NFC applications with an all-in-one device
CN111225357A (en) Internet of vehicles one-card-multiple-number implementation method, system, storage medium and vehicle machine
Karnouskos NFC-capable mobile devices for mobile payment services
Paitoonrajipipit Intelligent mobile payment (IMP) system

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200780101647.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07858312

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2007858312

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE