US20090216680A1 - Systems and Methods for Performing File Distribution and Purchase - Google Patents
Systems and Methods for Performing File Distribution and Purchase Download PDFInfo
- Publication number
- US20090216680A1 US20090216680A1 US12/196,669 US19666908A US2009216680A1 US 20090216680 A1 US20090216680 A1 US 20090216680A1 US 19666908 A US19666908 A US 19666908A US 2009216680 A1 US2009216680 A1 US 2009216680A1
- Authority
- US
- United States
- Prior art keywords
- buyer
- computing module
- secure
- financial
- financial transaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
- G06Q20/123—Shopping for digital content
- G06Q20/1235—Shopping for digital content with control of digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/223—Payment schemes or models based on the use of peer-to-peer networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3223—Realising banking transactions through M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Definitions
- Embodiments of the present invention relate generally to wireless communications systems and more specifically to systems and methods of performing financial transactions and file distribution using communication systems.
- cellular telephones were designed primarily to provide wireless voice communications. With new advances in technology, however, additional functionality has been added to cellular telephones, which are sometimes referred to as personal wireless devices.
- personal wireless devices including the functionality of a cellular phone, personal digital assistant, email client, media player, and a digital camera are now common. Due to the increased capabilities of these devices, many subscribers are using the devices to store or access sensitive information (e.g., financial account information) or to access private networks (e.g., corporate networks).
- sensitive information e.g., financial account information
- private networks e.g., corporate networks
- Embodiments of the present invention include systems and methods to support distribution of controlled content, wherein a secure financial transaction can be performed as part of the distribution.
- Embodiments of the present invention also support person-to-person file sharing or distribution of controlled content wherein a secure financial transaction can be performed as part of the sharing or distribution.
- a secure computing module is configured for operable coupling to a host device.
- the secure computing module includes a processor for performing secure processing operations, a host interface for operably coupling the processor to the host device, and a memory operably coupled to the processor wherein the processor logically isolates at least some of the memory from access by the host device.
- the secure computing module is configured to generate a secure digital signature for a message including financial transaction details.
- the secure computing module is also configured to direct the host device to communicate the financial transaction details and the secure digital signature to a financial organization associated with a user of the secure computing module and enable controlled content received through the host device.
- a method of performing file distribution includes selecting controlled content to be received from a content provider acting as a seller. Financial transaction details for the controlled content are sent to a buyer. The method also includes signing the financial transaction details with a buyer's secure digital signature using a buyer's secure computing module and signing the financial transaction details with a seller's secure digital signature using a seller's secure computing module. The financial transaction details, the buyer's secure digital signature, and the seller's secure digital signature comprise a financial transaction package. The method also includes communicating the financial transaction package between the buyer and the seller, communicating the financial transaction package to a seller's financial organization, and communicating the financial transaction package to a buyer's financial organization.
- the seller's financial organization verifies the seller's secure digital signature and the financial transaction details and sends a seller approval to the buyer's financial organization.
- the buyer's financial organization verifies the buyer's secure digital signature and the financial transaction details, sends a buyer approval to the seller's financial organization, and performs a fund transfer from the buyer's financial organization to the seller's financial organization.
- the method also includes communicating the controlled content from the content provider to the buyer's secure computing module.
- a method of performing file distribution includes selecting controlled content to be received from a reseller, determining financial transaction details including a transaction amount and a content owner for the controlled content, and sending the financial transaction details for the controlled content to a buyer.
- the method also includes signing the financial transaction details with a buyer's secure digital signature using a buyer's secure computing module and signing the financial transaction details with a reseller's secure digital signature using a reseller's secure computing module.
- the financial transaction details, the buyer's secure digital signature, and the reseller's secure digital signature comprise a financial transaction package.
- the method also includes communicating the financial transaction package between the buyer and the reseller, communicating the financial transaction package to a buyer's financial organization, and communicating the financial transaction package to a content owner's financial organization.
- the content owner's financial organization verifies the financial transaction details and sends a seller approval to the buyer's financial organization.
- the buyer's financial organization verifies the buyer's secure digital signature and the financial transaction details, sends a buyer approval to the content owner's financial organization, and performs a fund transfer from the buyer's financial organization to the content owner's financial organization.
- the method also includes communicating the controlled content from the reseller's secure computing module to the buyer's secure computing module.
- FIG. 1 illustrates a communication system including a host device and a secure computing module
- FIG. 2 illustrates a front view of the secure computing module embodied in a card suitable for insertion into a cellular communication device
- FIG. 2A illustrates an isometric view of the secure computing module of FIG. 2 with a semi-transparent view to illustrate internal components according to an embodiment of the invention
- FIG. 3 illustrates the secure computing module disconnected from the cellular communication device
- FIG. 3A illustrates the secure computing module physically and electrically connected to the cellular communication device
- FIG. 4 illustrates a simplified block diagram of the secure computing module in communication with the cellular communication device
- FIG. 5 illustrates a simplified system diagram of a communication system for performing financial transactions and controlled content distribution between individuals
- FIG. 6 is a simplified flow diagram illustrating acts that may be performed during distribution and purchase of controlled content from a content provider.
- FIGS. 7A and 7B are simplified flow diagrams illustrating acts that may be performed during distribution and purchase of controlled content between individuals.
- Embodiments of the present invention include systems and methods to support distribution of controlled content, wherein a secure financial transaction can be performed as part of the distribution.
- Embodiments of the present invention also support person-to-person file sharing or distribution of controlled content wherein a secure financial transaction can be performed as part of the sharing or distribution.
- embodiments of the present invention provide systems and methods that collect and preserve market accepted financial revenues (e.g., royalties, payments, etc.) for legal holders of controlled content.
- embodiments of the present invention provide systems and methods to refine and validate person-to-person marketing, sales, and distribution mechanisms in order to incentivize users to legally share and disseminate controlled content using person-to-person discovery and distribution methods.
- the systems and methods include controlled content distribution and secure financial transactions by augmenting Personal Electronic Devices (PEDs) with software and a Secure Computing Module (SCM) for executing the software.
- PEDs Personal Electronic Devices
- SCM Secure Computing Module
- the SCM may be processing hardware that is either embeddable or embedded in the PED.
- a PED may be any mobile computing device used by a user and capable of communication using a cellular wireless communication channel.
- a PED may also be referred to herein as a host device, a cellular communication device, or a wireless communication device.
- Examples of PEDs include cell phones, smartphones, Blackberry® smart phones, pagers, Personal Digital Assistants, music players (e.g., MP3 players and IPods), handheld computing platforms, wrist-worn computing system, or other mobile computing systems (e.g., laptops).
- the host device may be a desktop computer, server, or other device such as, for example, satellite TV receivers, Digital Versatile Disc (DVD) players, and Video Cassette Recorders (VCRs) equipped with a secure computing module. While most of the description herein concentrates on PEDs as wireless communication devices, those of ordinary skill in the art will recognize that any suitable host device may be configured to operate with a secure computing module to practice embodiments of the present invention.
- controlled content refers to any copyrighted material or any material that can be considered for copyright. Such examples include, but are not limited to, the following: music, videos, eBooks, software, documents, maps, databases, store discount coupons, merchant loyalty material, pictures, or other digital content.
- controlled content includes access authorization tokens.
- access authorization tokens may include electronic tickets (i.e., e-tickets) for admittance to movies, concerts, sporting events, and the like.
- a “content owner” is an entity or individual that may, according to national law, international law, or combination thereof, own at least some of the rights to controlled content that they have rights to control access to, created themselves, or legally purchased.
- a “content provider” is the content owner or agent of the content owner authorized to provide controlled content owned by the content owner.
- distributed rules are rules defining the rights and methods of distribution. Such rules may limit distribution to specific groups, time periods, numbers, etc.
- an “original buyer” is a buyer who purchases controlled content directly from the content owner or an agent of the content owner.
- a “reseller” is a buyer who is authorized to resell controlled content according the distribution rules specified by the content owner.
- FIG. 1 illustrates a communication system 100 including a host device 110 , a server 180 , a network 150 , a wireless communications base station 140 , and a secure computing module 200 .
- the host device 110 may be a cellular communication device 110 .
- the cellular communication device 110 may communicate with the base station 140 using a wireless channel 112 , which may be a cellular wireless channel.
- the cellular communication device 110 may be a wireless communication device, such as a smart phone, Blackberry® smart phone, laptop computer, or other suitable device configured to communicate with a terrestrial cellular base station 140 .
- the base station 140 may communicate with the network 150 .
- the network 150 may be a communications network such as the Internet, the public switched telephone network, or any other suitable arrangement for implementing communications.
- the cellular communication device 110 may include a display for communicating information to a user and a keypad for the user to communicate information to the cellular communication device 110 .
- the secure computing module 200 may be physically connected to the cellular communication device 110 .
- the secure computing module 200 may be configured as a card suitable for insertion into the host device 110 .
- the secure computing module 200 may execute software independently and/or isolated from the host device 110 .
- FIG. 2 illustrates a front view of the secure computing module 200 embodied in a card suitable for insertion into the cellular communication device 110 .
- FIG. 2A illustrates an isometric view of the secure computing module 200 of FIG. 2 with a semi-transparent view to illustrate internal components according to an embodiment of the invention.
- the secure computing module 200 may have physical characteristics similar to a Secure Digital (SD) memory card.
- the secure computing module 200 may include a housing 204 having dimensions substantially similar to an SD memory card.
- the secure computing module 200 may include a host interface 202 configured to be physically and electrically connected to the cellular communication device 110 .
- SD Secure Digital
- the host interface 202 may be configured as an SD Input/Output (SDIO) interface, a Secure Digital High Capacity (SDHC) interface, or other interface suitable for plugging into an expansion suitable for plugging into an SD slot of the cellular communication device 110 .
- SDIO SD Input/Output
- SDHC Secure Digital High Capacity
- the secure computing module 200 may include the housing 204 , circuitry 206 , and the host interface 202 .
- the housing 204 encompasses the circuitry 206 and may allow a user to handle the secure computing module 200 without damaging the circuitry 206 by surrounding the circuitry 206 , so that circuitry 206 is not physically exposed to the user.
- some embodiments may be configured such that the housing 204 including the secure computing module 200 is different from and removable from the host device 110 .
- the secure computing module 200 may not include a housing and may be embedded in with the cellular communication device 110 .
- the secure computing module 200 is configured to maintain at least a logical isolation from the cellular communication device 110 , as is explained more fully below.
- the circuitry 206 may comprise one or more integrated circuits and may comprise one or more circuit boards.
- the circuitry 206 may be configured to perform the functionality of the secure computing module 200 .
- the secure computing module 200 may be configured with a form factor other than an SD form factor.
- the secure computing module 200 may have the physical characteristics (e.g., dimensions) of a TransFlash, miniSD, microSD, memory stick, compact flash, Multi Media Card (MMC), reduced size MMC, MMC micro, smart media, smart card, mini smart card, xD memory card, or other suitable form factor compatible with the cellular communication device 110 .
- MMC Multi Media Card
- the host interface 202 may be a serial bus, such as, for example, a Universal Serial Bus (USB) interface or “firewire” interface suitable for compatible connections to the cellular communication device 110 .
- USB Universal Serial Bus
- Other physical configurations and host interface formats that enable the secure computing module 200 to be operably coupled to the host device 110 are also possible.
- the secure computing module 200 may perform functionality beyond that performed by a memory card as is discussed more fully below.
- FIG. 3 illustrates the secure computing module 200 disconnected from the cellular communication device 110 .
- a user of the secure computing module 200 may connect the secure computing module 200 to the cellular communication device 110 and may later disconnect the secure computing module 200 from the cellular communication device 110 .
- the user may disconnect the secure computing module 200 from the cellular communication device 110 by hand without tools and without damaging the secure computing module 200 .
- a user may connect the secure computing module 200 to the cellular communication device 110 by inserting the secure computing module 200 into a receptacle of the cellular communication device 110 thereby physically and electrically connecting the secure computing module 200 to the cellular communication device 110 .
- the secure computing module 200 may be inserted into a slot formed within the housing of the cellular communication device 110 .
- the secure computing module 200 may be used in more than one the cellular communication device 110 at different moments in time. For example, a user of the secure computing module 200 may use the secure computing module 200 in the cellular communication device 110 and may then later use the secure computing module 200 in a different cellular communication device 110 .
- FIG. 3A illustrates the secure computing module 200 physically and electrically connected to the cellular communication device 110 .
- the secure computing module 200 may operate by using power supplied by the cellular communication device 110 and may receive power from the cellular communication device 110 via the host interface 202 ( FIG. 2A ).
- the secure computing module 200 might not be configured to operate when disconnected from the cellular communication device 110 other than to store data in non-volatile memory.
- the secure computing module 200 may include its own internal power source.
- the secure computing module 200 may communicate directly with the base station 140 , network 150 , or server 180 . In other embodiments, the secure computing module 200 may communicate with the base station 140 , network 150 , and server 180 through the host interface 202 and the cellular communication device 110 . Accordingly, the cellular communication device 110 may receive information from the secure computing module 200 and forward the information to the network 150 . Conversely, the cellular communication device 110 may receive information from the network 150 and forward that information on to the secure computing module 200 .
- FIG. 4 illustrates a simplified block diagram of the secure computing module 200 in communication with the cellular communication device 110 .
- the cellular communication device 110 may include an interface block 508 for communicating with the host interface 202 , one or more processors 502 , a power supply 504 , memory 506 , a cellular communicator 510 , and a user interface 512 .
- the secure computing module 200 may include one or more processors 220 , memory 230 , a proximate-field wireless communicator 240 , and an interface block 250 for communicating on the host interface 202 .
- the processor 220 may be implemented as one or more of a general purpose microprocessor, a special purpose microprocessor, a microcontroller, other suitable hardware, such as, for example, an Application Specific Integrated Circuit (ASIC) or Field Programmable Gate Array (FPGA), or combinations thereof. These examples for the processor 220 are for illustration and other configurations are possible.
- the interface block 250 is configured to communicate on the host interface 202 , as described earlier.
- the secure computing module 200 is configured for executing software programs containing computing instructions.
- the one or more processors 220 may be configured for executing a wide variety of operating systems and applications including the computing instructions for carrying out embodiments of the present invention.
- the memory 230 may be used to hold computing instructions, data, and other information for performing a wide variety of tasks including performing embodiments of the present invention.
- the memory 230 may be embodied in a number of different forms using electronic, magnetic, optical, electromagnetic, or other techniques for storing information.
- the memory 230 may include Synchronous Random Access Memory (SRAM), Dynamic RAM (DRAM), Read-Only Memory (ROM), Flash memory, and the like.
- the proximate-field wireless communicator 240 is configured for wireless communication across the proximate-field wireless communication channel 245 to another suitably equipped proximate-field wireless communicator.
- the other suitably equipped proximate-field wireless communicator may be configured as part of another secure computing module 200 , another secure computing module 200 configured in another cellular communication device 110 , or a point-of-sale terminal configured for wireless communication.
- the secure computing module 200 may use functionality provided by the cellular communication device 110 .
- the cellular communication device 110 may include a user interface 512 comprising a display 114 ( FIG. 1 ) and a keypad 116 ( FIG. 1 ). Since the secure computing module 200 might not have a user interface, the secure computing module 200 may provide user interaction data and instruct the cellular communication device 110 to display the information on the display 114 . Similarly, the secure computing module 200 may request that the cellular communication device 110 provide the secure computing module 200 with user interaction data entered by a user on the keypad 116 .
- the power supply 504 may provide power to the secure computing module 200 .
- the secure computing module 200 may include its own power supply (not shown).
- the proximate-field wireless communication channel 245 may be any wireless frequency and protocol configured for somewhat localized communication.
- suitable protocols and frequencies are: suitable Radio Frequencies, 802.1 a/b/gin type wireless connections, infrared frequencies, Bluetooth® Radio Frequency Identification (RFID), WiFi, WiMax, or other suitable communication definitions.
- RFID Radio Frequency Identification
- WiFi Wireless Fidelity
- WiMax Wireless Fidelity
- distances of less than an inch to a few inches for RFID communication up to about 100 feet for Bluetooth® communication are considered suitable proximate-field ranges.
- FIG. 5 illustrates a simplified system diagram of a communication system for performing financial transactions and controlled content distribution between individuals.
- the communication system may include two or more cellular communication devices equipped with a secure computing module.
- the communication system may include a first host device 110 A including a first secure computing module 200 A and additional host devices, such as, for example, a second host device 110 B including a second secure computing module 200 B, a third host device 110 C including a third secure computing module 110 C, and a fourth host device 110 D including a fourth secure computing module 200 D.
- the first host device 110 A and the first secure computing module 200 A may be referred to differently depending on the operations performed and the context of the operations.
- the first host device 110 A and the first secure computing module 200 A may be referred to as a buyer's host device 110 A and a buyer's secure computing module 200 A, respectively.
- the first host device 110 A and the first secure computing module 200 A may be referred to as a reseller's host device 110 A and a reseller's secure computing module 200 A, respectively.
- a secure computing module may communicate with another secure computing module 200 using the proximate-field wireless communication channels (for example 245 B, 245 C, and 245 D).
- Any of the host devices may communicate with the network, which may be via wired or wireless communication. In the case of cellular communication devices, the communication may occur over cellular communication channels 112 A, 112 B, 112 C, and 112 D.
- a first financial organization 300 A may be operably coupled to the network over communication channel 302 A.
- a second financial organization 300 B may be operably coupled to the network over communication channel 302 B and a content provider 350 may be operably coupled to the network over communication channel 352 .
- the communication channels 302 A, 302 B, and 352 may be through the Internet, cellular communication, phone networks, or other suitable connection.
- the first financial organization 300 A may be referred to as a buyer's financial organization or a reseller's financial organization, as will be apparent in the description below.
- the second financial organization 300 B may be referred to as a content provider's financial organization, a seller's financial organization, or a buyer's financial organization, as will be apparent in the description below.
- the seller's financial organization and the buyer's financial organization may be the same entity. Furthermore, in performing financial transactions, the sellers financial organization and the buyer's financial organization may be considered substantially similar to the server 180 of FIG. 1 . In addition, financial organizations may be referred to generically herein with the designator 300 .
- FIG. 5 does not illustrate, but it would be understood by a person of ordinary skill in the art that when the host device ( 110 A- 110 D) is a cellular device, the cellular communication channels ( 112 A- 112 D) generally communicate with the network 150 via a base station 140 as illustrated in FIG. 1 .
- a computer-readable medium includes, but is not limited to, magnetic and optical storage devices such as disk drives, magnetic tape, CDs (compact disks), DVDs (digital versatile discs or digital video discs), and semiconductor devices such as RAM, DRAM, ROM, EPROM, and Flash memory.
- firmware or software may be communicated via a network.
- programming may be provided via appropriate media including, for example, embodied within articles of manufacture, embodied within a data signal (e.g., modulated carrier wave, data packets, digital representations, etc.) communicated via an appropriate transmission medium, such as a communication network (e.g., the Internet and/or a private network), wired electrical connection, optical connection and/or electromagnetic energy, for example, via a communications interface, or provided using other appropriate communication structure or medium.
- exemplary programming including processor-usable software may be communicated as a data signal embodied in a carrier wave in but one example.
- examples may be described as a process that is depicted as a flowchart, a flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged.
- a process is terminated when its operations are completed.
- a process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc.
- a process corresponds to a function
- its termination corresponds to a return of the function to the calling function or the main function.
- the host device 110 is used to interface with a user to solicit input and display pertinent information under direction from the secure computing module 200 .
- Software executing on the secure computing module 200 manages the financial transaction process and the controlled content transfers.
- This software may be in the form of a standalone application, device embedded software, or may operate within a web browser native to the device all of which can connect to the secure computing module 200 .
- the software may include an Application Program Interface (API), a Software Development Kit (SDK) or other suitable software interfaces and tools for generating and managing the software of the secure computing module 200 .
- API Application Program Interface
- SDK Software Development Kit
- the secure computing module 200 provides secure information storage for variables required for the financial transaction processes, such as public and private keys for signing and encryption, secret hashing keys, counter variable(s), etc.
- the secure computing module 200 also provides secure memory 230 and a secure processing environment for stored procedures such as hashing algorithms, encryption algorithms, counter incrementing, and other suitable secure processes.
- the secure computing module 200 and secure memory 230 provide a logically isolated environment for computing hashes and encrypting information that is from external sources such as the host device 110 and other secure computing modules 200 .
- Executing the software in isolation on the secure computing module 200 rather than on the host device 110 may protect data generated by the software against unauthorized access, for example, by malicious software installed on the host device 110 , by a user of the host device 110 , or by a device having connectivity to the host device 110 through the network 150 and the base station 140 .
- the secure computing module 200 may be used to validate all input from external sources.
- the secure computing module 200 may verify a signed transaction using the public signing key of the other party to the financial transaction.
- the particular encryption scheme or encryption key may be known by the secure computing module 200 but not by the host device 110 .
- the secure computing module 200 may disregard information received from the host device 110 that is not encrypted according to the particular encryption scheme or with the particular encryption key. Disregarding information not encrypted appropriately may prevent the host device 110 from interacting with the secure computing module 200 other than to relay user interface information between a user interface of the host device 110 , the network 150 , or the server 180 .
- the processor 220 may logically isolate some or all of the memory 230 from access by the processor 502 in the host device 110 .
- the host interface 202 might not be able to communicate with the memory 230 except via permission and control of the processor 220 , thereby preventing direct communication between the host interface 202 (or a device connected to the host interface 202 such as the host device 110 ) and the memory 230 .
- the memory 230 may be physically isolated from prying access.
- the secure computing module 200 may be pre-installed with protected information, such as, for example, financial transaction software and protected data (e.g., keys) from the vendor, manufacturer, or a combination thereof.
- protected information such as, for example, financial transaction software and protected data (e.g., keys) from the vendor, manufacturer, or a combination thereof.
- protected information may be updated on an already deployed system.
- the protected information may be communicated to the secure computing module 200 using an encrypted information transfer process, wherein the information may include data, software, or a combination thereof.
- the data and algorithms i.e., software procedures
- the secure computing module 200 may be updated within the secure computing module 200 .
- the secure computing module 200 may request that the host device 110 retrieve the software from the server 180 (e.g., a web server, Supervisory Control and Data Acquisition (SCADA) server, corporate network server, financial organization 300 A or 300 B, or other server).
- the buyer's host device 110 A may retrieve the software from the buyer's financial organization 300 A via cellular communication channel 112 A then provide the software to the buyer's secure computing module 200 A.
- the secure computing module 200 A may decrypt the software if necessary, then install and execute the software. When encrypted, the host device 110 is unable to decrypt the encrypted software. Accordingly, upon retrieving encrypted software, the host device 110 simply forwards the encrypted software to the secure computing module 200 without decrypting the software.
- the secure computing module 200 may additionally or alternatively request that the host device 110 send software or other information to the server 180 ( FIG. 1 ).
- the secure computing module 200 may encrypt financial information (e.g., an account number, a personal identification number, etc.), provide the encrypted information to the host device 110 , and instruct the host device 110 to send the encrypted information to the server 180 . Since the information, in this example, is encrypted, the host device 110 may be unable to decrypt the financial information.
- Driver software may be installed on the host device 110 to assist the host device 110 in communicating with the secure computing module 200 and performing portions of financial transactions.
- the driver software may enable communication on the host interface 202 according to an established smart card interaction standard (e.g., PC/SC).
- the driver software may perform information presentation on the display 114 ( FIG. 1 ) and information retrieval from the keypad 116 ( FIG. 1 ) and communicate the user interaction information to or from the secure computing module 200 .
- the secure computing module 200 includes cryptographic algorithms for creating and decoding secure digital signatures.
- the secure computing module 200 may include cryptographic algorithms for encrypting and decrypting information.
- the secure portions of the memory 230 may include information such as the cryptographic algorithms, encryption keys, decryption keys, signing keys, counters, and other suitable cryptographic information.
- Embodiments of the present invention include a process for creating a secure digital signature for a financial purchase package.
- the secure digital signature may be prepared by creating a cryptographically secure hash of financial transaction details in combination with a secret key. Any cryptographically secure hashing function in combination with a secret key may be used to fulfill the secure signing function.
- hashing algorithms and secret keys may be periodically updated by a financial organization associated with the user of the secure computing module 200 .
- the secret key is known only to the user's secure computing module 200 and the user's financial organization 300 .
- the secure computing module 200 may be configured to handle multiple financial accounts.
- the secure computing module 200 may have a secret key for each account and the secret key for each account would be known by the financial organization servicing that account.
- the financial transaction details may include a variety of information, such as, for example:
- the location of the transaction (e.g., via GPS coordinates—if available);
- the credentials of the buyer or the seller may include information such as, for example, account information such as account number and financial organization identification, a public key, and other suitable information.
- the credentials are used to uniquely identify an individual to the financial organization. Anonymity may be maintained through this process allowing a buyer or seller to withhold their identity from the other party. However, each party must be uniquely identified to the financial organizations in order for funds to transfer. If anonymity is not desired, the credentials may also include the user's name.
- Embodiments of the present invention include a Financial Purchase Package (FPP) which, when completed, includes the financial transaction details, a buyer's secure digital signature, and a seller's secure digital signature.
- FPP Financial Purchase Package
- the secure digital signature for both the buyer and the seller may be created with a secure hashing function using a secret key.
- Secure hashing functions come in many forms and are occasionally standardized by government bodies such as the National Institute of Standards and Technology (NIST). As new cryptographically secure hashing functions using secret keys are standardized, they may be incorporated into the secure computing module 200 .
- HMAC K ( m ) h (( K ⁇ opad ) ⁇ h (( K ⁇ ipad ) ⁇ m ))
- h is a cryptographic hash function
- K is a secret key padded with extra zeros to the block size of the hash function
- m is the message to be authenticated
- the symbol shown as a ‘+’ with a circle around it denotes an exclusive or (XOR) operation while the ⁇ denotes concatenation
- the secret key is the digital signature secret key known only to the secure computing module 200 and the user's financial organization 300 .
- the message to be authenticated is the financial transaction details along with a Transaction Number Identifier (TNI).
- TTI Transaction Number Identifier
- a second secret encryption key may be optionally included and added to the list of items above for the financial transaction details, and, as a result, be included in the computation of the hashing function.
- This additional secret value will also be stored with the other keying material on the financial organization's secure computing module 200 . While keyed hashes are considered secure, cryptanalysts and hackers continue to make progress in breaking hashes and other encryption processes. To keep embodiments of the present invention more secure, this second secret key may be included in the hash function to increase the entropy of the computed secure hash in a manner that is easy for the secure computing modules 200 to process.
- the TNI is a unique number associated with the current transaction and the secure computing module 200 .
- the unique number may be created in a number of ways.
- the TNI may simply be a running incremented count of the transactions performed by the secure computing module 200 .
- the TNI may be generated by a complex algorithm, such as a pseudo-randomly generated number, as long as the secure computing module 200 and the user's financial organization 300 can generate the same number for the current transaction.
- the TNI refers to a counted or computed transaction number for a given party (e.g., buyer or seller) to a specific transaction and is created when the transaction is signed.
- the buyer and seller may have different transaction numbers as they will have performed a differing number of transactions or use a different TNI generation algorithm.
- the TNI may be the same for both the buyer and the seller.
- the TMI will be computed by the party that initiates the transaction (either buyer or seller) and will be used in the digital signature process of the other party.
- the TNI is included in the financial purchase package signing computation as part of the financial transaction details. It is also sent along with the signed FPP to the financial organization to help index the purchase transactions. Thus, there will most likely be a different TNI used by the buyer when the buyer signs the FPP than the TNI used by the seller when the seller signs the FPP.
- the proximate-field communication wireless channel 245 may have a default frequency and protocol.
- the proximate-field communication channel 245 may be RFID.
- another channel may be used if the default channel is not available, or the user selects a different channel for use.
- other possible communication channels are Short Message Service (SMS), Multimedia Message Service (MMS), Wireless Application Protocol (WAP), Bluetooth, WiFi, and other suitable protocols.
- the proximate-field wireless communication channel 245 may not be particularly secure from snooping by others.
- embodiments of the present invention ensure that the current transaction is not compromised by using the secure digital signature of both the buyer and the seller.
- the financial transaction details may be discoverable if not encrypted, which may lead to identity theft if enough information is present in the financial transaction details. Consequently, some embodiments may include encryption and decryption of the financial purchase package.
- the controlled content may be encrypted.
- the encryption and decryption may use any suitable cryptographic algorithms.
- the cryptographic algorithm may be a symmetric algorithm such as Advanced Encryption Standard (AES), which is well known in the art.
- AES Advanced Encryption Standard
- Symmetric cryptography requires a secret key known only to the encryptor and the decryptor.
- the encryption may take place such that the secret key is known to a user and the user's financial organization.
- the secret key may be the same key used for creating the secure digital signature using the hashing algorithm, or it may be a different secret key used for the encryption/decryption.
- the secret key may be a secret key between the buyer and the seller determined during a discovery process, as is explained below.
- the cryptographic algorithm may be an asymmetric algorithm such as RSA, which is well known in the art.
- the RSA denotes initials of the individuals that first disclosed the encryption algorithm.
- two keys are used, a public key and a private key.
- a user may let his public key be known to anyone and keeps his private key just to himself.
- anyone wishing to send an encrypted message to the user encrypts the message using the user's public key. Once encrypted, the message can only be decrypted by the private key, which only the user knows.
- keys stored and managed by the secure computing module 200 such as, for example, secret digital signature keys, secret encryption keys, private keys, and public keys.
- keys stored and managed by the secure computing module 200 .
- users do not directly update their encryption and signing keys. In other words, users have access to use their keys but do not have access to manipulate their keys. Key updates, additions, or changes may be done by an organization controlling the servers that create the secure computing module 200 .
- a Personal Identification Code (PIC) routine may be included in the secure computing module 200 to allow the user to authenticate himself to the secure computing module 200 .
- the PIC may include a series of alphanumeric values known only to the user and the secure computing module 200 .
- the PIC may be the digital representation of some biometric feature such as a fingerprint or retinal scan.
- the user may initiate a PIC input request wherein the secure computing module 200 outputs a series of alphanumeric characters that the user must in turn re-enter or re-type and submit back to the secure computing module 200 .
- the PIC routine may include combinations of entering biometric information and alphanumeric values.
- the PIC routine may include a random Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) algorithm for user entry.
- CAPTCHAs are the slanted and distorted fuzzy characters displayed that a human can discern, but which a computer may not be able to discern
- the secure computing module 200 may receive the PIC inputs directly from an attached or attachable input device (not shown).
- an attached or attachable input device (not shown).
- an external fingerprint or retinal scan reader device that is connected via a wire(s) directly into the secure computing module 200 .
- This extra hardware provides more secure input that does not require the inputs to pass through the memory 506 or processor 502 of the host device 110 or other computing device containing the secure computing module 200 .
- the secret keys for encryption/decryption as well as for secure hashing to create digital signatures may be refreshed periodically by the financial organization when the secure computing module 200 connects to the financial organization for transaction processing. If thus configured, the financial organization 300 may optionally initiate a connection to the host device 110 including the secure computing module 200 for the purpose of rekeying.
- two public and private key pairs may be created for each secure computing module 200 .
- the public key is stored in the user's secure computing module 200 and the private key is stored with the financial organization's secure computing module 200 .
- This first key pair allows the user's secure computing module 200 to encrypt information to be sent to the financial organization.
- the private key is stored in the user's secure computing module 200 and the public key is stored with the financial organization's secure computing module 200 .
- This second key pair allows the financial organization's secure computing module 200 to encrypt information to be sent to the user's secure computing module 200 .
- This two key pair system may be used so that each user's secure computing module 200 may have its own unique encrypted communication channel by which to communicate with the financial organization. Having separate keys for this purpose protects against a situation where if one encryption channel is hacked, then all encryption channels would be hacked. In addition, since public key encryption is much slower than symmetric key encryption, these two key pairs may be used to exchange a temporary symmetric key, which may be used for a specific transaction
- Distribution of controlled content may occur with certain distribution rules and usage rules.
- the distribution rules specify how the content may be distributed. For example, distribution may be specified as unlimited. In another example, distribution may be specified as a certain quantity beyond which no further distribution is allowed. In another example, distribution may be limited to a specified time period, specific times, or select days.
- distribution may be limited to certain distribution groups.
- distribution may be limited to individuals with memberships in specified groups. This allows a university professor, as a non-limiting example, to distributed text books or test notes to the current class and only the current class and not to the general public. This also allows companies to distribute “proprietary” material only to their employees and not to the community at large.
- Distribution group designations may be maintained on the secure computing module 200 and may also be verified during transactions with a distribution group's central repositories.
- distribution may include distribution from the content owner, such as, for example, the venue owner, a ticket distributor, or other suitable event ticket seller.
- distribution when authorized, may be between individuals. In this individual mode, distribution of access authorization tokens may be likened to a controlled ticket resale market.
- content owners may be financially compensated when the owner's controlled content is distributed.
- a royalty fee may be preset at a certain amount or determined on a periodic basis.
- a periodic royalty may allow content owners to raise or lower purchase prices and royalty fees as dictated by market or other forces.
- controlled content that is not selling may sell better when its price is lowered by the content owner or content provider 350 .
- a content owner may wish to raise the price of controlled content that is selling well.
- Dynamic pricing also allows for “sale days” or other periods where discounts are desired.
- embodiments of the present invention enable content to be resold by a previous buyer.
- the content owner may collect a royalty for the additional distribution from the reseller to the buyer.
- resellers may collect a fee for themselves while also ensuring the specified royalty fee is paid to the content owner. If permitted by the distribution rules, the reseller fee may be negotiated between the reseller and the buyer.
- transfer restrictions and distribution rules may be set for a predetermined period of time. Further, the buyer's access to the controlled content may be limited to a predetermined period of time. After this predetermined period of time, the secure computing module may prevent access to the controlled content either by deleting, not decrypting, not allowing access, or combinations thereof.
- the secure computing module 200 may decrypt the controlled content and transfer it to the host device 110 for use. In other embodiments, the secure computing module 200 may retain the controlled content in the memory 230 of the secure computing module 200 and provide it to the host device 110 as requested.
- the secure computing modules 200 To perform a financial transaction or controlled content distribution between two individuals with wireless communication devices, the secure computing modules 200 perform a discovery process such that the two secure computing modules 200 are aware of each other. When using portable electronic devices, the discovery process take place over one of the proximate-field wireless communication channels ( 245 B- 245 D).
- This process is generally not simply “automatic” as in the case of most RFID payment cards and devices as the RFID process may be inherently insecure and prone to theft, eavesdropping, and abuse.
- backward compatibility with conventional RFID systems may be enabled to authorize automatic responses.
- the use may switch to enable automatic responses for items such as low-dollar transactions such as subway fare transaction.
- a conventional RFID system may be used to communicate an access authorization token from a secure computing module 200 to an admittance controller (not shown).
- the admittance controller may be operated by a venue to enable admittance to the venue access authorization token that are received by the admittance controller from one or more secure computing modules.
- the discovery process may use any of several methods well known in the industry whereby an inquiry process looks for compatible devices. When such a device is found, both parties may input or negotiate the same secret session key value, etc. Session encryption may then based on that shared secret key value.
- Non-limiting examples of this discovery and key negotiation process are Bluetooth® pairing and enhancements to the Bluetooth® pairing process, which are well known in the art.
- the discovery process may be conducted over the proximate-field wireless communicators 240 contained within the secure computing modules 200 . Having a secure processor control what, when, and how information is sent and received may enhance the security of the system.
- the discovery process may be conducted using conventional online client-server methods, or store and forward formats such as a secure Short Message Service (SMS) protocol.
- SMS Short Message Service
- FIG. 6 is a simplified flow diagram illustrating a process 600 that may be performed during distribution and purchase of controlled content from a content provider 350 .
- the process 600 may be followed with reference to FIG. 6 , and occasional reference to FIGS. 4 and 5 . It should be noted that any of the communications that occur between entities during process 600 may or may not be encrypted as is explained above.
- the process 600 begins with the buyer selecting controlled content from a content provider 350 through the network at operation block 612 .
- the content provider 350 may be a variety of online distributors, such as, for example, iTunes, Amazon.com, Wal-Mart online, etc.
- the content provider 350 may be a physical store such as a Wal-Mart local store, a Best Buy local store, etc.
- the content provider 350 may also be a distribution kiosk in a local store or other facility.
- the content provider 350 may also be referred to as the seller 350 .
- transaction details, the seller's credentials and the seller's digital signature are communicated from the seller 350 to the buyer's secure computing module 200 A.
- the transaction details may include information about the content owner, the content owner's financial organization and distribution rules for the controlled content.
- the buyer is presented with a dialog box on the host device 110 A indicating the transaction details, distribution rules, and other pertinent information. The buyer is prompted to accept or deny the transaction. If the transaction is denied, process 600 stops (not shown). If the transaction is accepted, the buyer creates a financial purchase package including the transaction details, distribution rules and other information about the content, and the buyer's secure digital signature. The buyer then sends the financial purchase package back to the seller 350 .
- the process halts (not shown). If the transaction is to proceed, either the buyer or seller may send the financial purchase package on to a financial organization.
- Decision block 620 determines if the seller is to communicate the FPP. If the seller communicates the financial purchase package, operation block 622 indicates that the seller sends the FPP to the seller's financial organization 300 B. In operation block 624 , the seller's financial organization 300 B authenticates the seller by examining the seller's secure digital signature.
- This authentication process performs a reverse hashing process on the seller's digital signature using the seller's secret key and determines that the transaction details are accurate, the transaction number identifier is correct, and that the seller's credentials match the seller's account with this financial organization.
- the seller's financial organization 300 B may then either approve or deny the transaction. If denied, the seller's financial organization 300 B sends a message back to the seller and the transaction terminates (not shown). If approved, the seller's financial organization 300 B sends the FPP and approval to the buyer's financial organization 300 A through the network 150 . In some cases, the buyer's financial organization 300 A and the seller's financial organization 300 B may be the same entity and there may be no need to “send” the FPP through the network 150 .
- the buyer's financial organization 300 A authenticates the buyer by examining the buyer's secure digital signature using the buyer's secret key in a manner similar to that described above for the authentication process of the seller. The buyer's financial organization 300 A may then either approve or deny the transaction. If denied, the buyer's financial organization 300 A sends a message to the buyer's host device 110 A and the transaction terminates (not shown). If approved, the buyer's financial organization 300 A transfers the funds to the seller's financial organization 300 B.
- operation block 632 indicates that the buyer sends the FPP to the buyer's financial organization 300 A over the network 150 .
- the buyer's financial organization 300 A authenticates the buyer by examining the buyer's secure digital signature using the buyer's secret key as explained above.
- the buyer's financial organization 300 A may then either approve or deny the transaction. If denied, the buyer's financial organization 300 A sends a message back to the buyer's host device 110 A and the transaction terminates (not shown). If approved, the buyer's financial organization 300 A sends the FPP and approval to the seller's financial organization 300 B through the network 150 . In some cases, the buyer's financial organization 300 A and the seller's financial organization 300 B may be the same entity and there may be no need to “send” the FPP through the network 150 .
- the seller's financial organization 300 B authenticates the seller by examining the seller's secure digital signature using the seller's secret key as explained above. The seller's financial organization 300 B may then either approve or deny the transaction. If denied, the seller's financial organization 300 B sends a message to the seller 350 and the transaction terminates (not shown). If approved, the seller's financial organization 300 B sends the approval back to the buyer's financial organization 300 A. In operation block 638 , the buyer's financial organization 300 A transfers the funds to the seller's financial organization 300 B. At this point in the process, the financial transaction has been completed.
- Decision block 640 determines whether the seller should be notified of the transaction results. If so, in operation block 642 the seller's financial organization 300 B sends the transaction results to the seller 350 .
- Decision block 644 determines whether the buyer should be notified of the transaction results. If so, in operation block 646 the buyer's financial organization 300 A sends the transaction results to the buyer's secure computing modules 200 A.
- Process block 648 indicates that the controlled content is communicated from the seller 350 to the buyer's secure computing module 200 A.
- the secure computing module may decrypt the controlled content if needed and store the controlled content in memory 230 on the secure computing module 200 A or transfer it to the host device 110 A.
- any of the buyer's secure computing module 200 A, the seller 350 , the buyer's financial organization 300 A, and the seller's financial organization 300 B may keep a log of the financial transaction and its success or failure due to disapproval by any party or due to insufficient funds.
- some of the communications may occur via an intermediary communication network such as the Internet, some communications may occur via cellular communication channels and some communications may occur via proximate-field wireless communication channels.
- an intermediary communication network such as the Internet
- some communications may occur via cellular communication channels and some communications may occur via proximate-field wireless communication channels.
- the financial organizations 300 include a secure computing module 200 and may employ an enterprise version of the secure computing module 200 software, hardware, or combination thereof.
- This enterprise version creates a secure mechanism that is more robust for numerous continuous and simultaneous transactions.
- the enterprise software for the secure computing module 200 may zero out dynamic transaction memory between individual transactions.
- FIGS. 7A and 7B are simplified flow diagrams illustrating a process 700 that may be performed during distribution and purchase of controlled content between individuals. The process 700 may be followed with reference to FIGS. 7A and 7B , and occasional reference to FIGS. 4 and 5 . It should be noted that any of the communications that occur between entities during process 700 may or may not be encrypted as is explained above.
- the process 700 begins with the reseller creating transaction details in operation block 702 .
- the transaction details may include information about the content owner, the content owner's financial organization and distribution rules for the controlled content.
- the transaction details, the seller's credentials, and the seller's digital signature are communicated from the reseller's secure computing module 200 B to the buyer's secure computing module 200 A.
- the buyer is presented with a dialog box on the host device 110 B indicating the transaction details, distribution rules, and other pertinent information. The buyer is prompted to accept or deny the transaction. If the transaction is denied, process 700 stops (not shown). If the transaction is accepted, the buyer's secure computing module 200 B creates a financial purchase package including the transaction details, distribution rules and other information about the content, and the buyer's secure digital signature. The buyer then sends the financial purchase package back to the reseller's secure computing module 200 A.
- the process halts (not shown).
- the reseller's secure computing module 200 A sends the financial purchase package to the content owners financial organization 300 B and the buyer's financial organization 300 A.
- the content owner's financial organization 300 B verifies the transaction details, the reseller's authorization to distribute and the distribution rules. In some cases, the content owner's financial organization 300 B may not know details of the reseller's authorization to distribute or the distribution rules. In those cases, the content owner's financial organization 300 B may communicate over the network 150 with the content owner or content provider 350 to verify the reseller's authorization to distribute and the distribution rules. If the transaction details and any content rules and authorization are verified, the content owner's financial organization 300 B may approve the transaction. Otherwise, the content owner's financial organization 300 B may deny the transaction. The content owner's financial organization then sends the approval or denial to the buyer's financial organization 300 A.
- the buyer's financial organization 300 A verifies the transaction details and authenticates the buyer by examining the buyer's secure digital signature using the buyer's secret key as explained above.
- the buyer's financial organization 300 A may then either approve or deny the transaction. If denied, the buyer's financial organization 300 A sends a message to the buyer's host device 110 A and the transaction terminates (not shown). If approved, the buyer's financial organization 300 A transfers the funds to the content owner's financial organization 300 B.
- decision block 714 the process determines whether the reseller is eligible to receive a fee for reselling the controlled content. If not, control passes down to decision block 724 .
- the reseller sends the FPP to the reseller's financial organization (not shown, would be considered a third financial organization 300 in FIG. 5 ).
- the reseller's financial organization 300 authenticates the reseller by examining the reseller's secure digital signature using the reseller's secret key as explained above. The reseller's financial organization 300 may then either approve or deny the transaction. If denied, the reseller's financial organization 300 sends a message back to the reseller's host device 110 A and the transaction terminates (not shown). If approved, the reseller's financial organization 300 sends the FPP and approval to the buyer's financial organization 300 A through the network 150 . In some cases, the buyer's financial organization 300 A and the reseller's financial organization 300 may be the same entity and there may be no need to “send” the FPP through the network 150 .
- the buyer's financial organization 300 A transfers the funds for the reseller's fee to the reseller's financial organization 300 .
- the financial transaction has been completed.
- Decision block 724 determines whether the reseller should be notified of the transaction results. If so, in operation block 726 the reseller's financial organization 300 sends the transaction results to the reseller's secure computing module 200 A.
- Decision block 728 determines whether the content owner, the content provider 350 , or combination thereof should be notified of the transaction results. If so, in operation block 730 the content owner's financial organization 300 B sends the transaction results to the content provider 350 .
- Decision block 732 determines whether the buyer should be notified of the transaction results. If so, in operation block 734 the buyer's financial organization 300 A sends the transaction results to the buyer's secure computing module 200 A.
- Process block 648 indicates that the controlled content is communicated from the reseller's secure computing module 200 A to the buyer's secure computing module 200 B.
- the secure computing module may decrypt the controlled content if needed and store the controlled content in memory 230 on the secure computing module 200 B or transfer it to the host device 110 B.
- any of the buyer's secure computing module 200 B, the reseller's computing module 200 A, the buyer's financial organization 300 B, the reseller's financial organization 300 , and the content provider's financial organization 300 A may keep a log of the financial transaction and its success or failure due to disapproval by any party or due to insufficient funds.
- some of the communications may occur via an intermediary communication network such as the Internet, some communications may occur via cellular communication channels, and some communications may occur via proximate-field wireless communication channels.
- an intermediary communication network such as the Internet
- some communications may occur via cellular communication channels
- some communications may occur via proximate-field wireless communication channels.
- the financial organizations 300 include a secure computing module 200 and may employ an enterprise version of the secure computing module 200 software, which creates a secure mechanism that is more robust for numerous continuous and simultaneous transactions. To ensure additional security between transactions, the enterprise software for the secure computing module 200 may zero out dynamic transaction memory between individual transactions.
Abstract
Description
- The present Patent Application claims the benefit of U.S. Provisional Patent Application Ser. No. 61/031,885, filed Feb. 27, 2008 and entitled “Phone-to-Phone File Distribution System with Payment,” and the benefit of U.S. Provisional Patent Application Ser. No. 61/031,605, filed Feb. 26, 2008 and entitled “Phone-to-Phone Financial Transaction System,” each of which application is assigned to the assignee hereof, and the disclosure of each of which application is incorporated herein in its entirety by reference.
- This application is also related to U.S. Patent Application (Attorney Docket BA-306) filed on even date herewith and entitled “Systems and Method for Performing Wireless Financial Transactions,” assigned to the assignee hereof and the disclosure of which application is incorporated herein in its entirety by reference.
- The United States Government has certain rights in this invention pursuant to Contract No. DE-AC07-05-ID14517, between the United States Department of Energy and Battelle Energy Alliance, LLC.
- Embodiments of the present invention relate generally to wireless communications systems and more specifically to systems and methods of performing financial transactions and file distribution using communication systems.
- For many years, cellular telephones were designed primarily to provide wireless voice communications. With new advances in technology, however, additional functionality has been added to cellular telephones, which are sometimes referred to as personal wireless devices. For example, personal wireless devices including the functionality of a cellular phone, personal digital assistant, email client, media player, and a digital camera are now common. Due to the increased capabilities of these devices, many subscribers are using the devices to store or access sensitive information (e.g., financial account information) or to access private networks (e.g., corporate networks).
- With respect to financial transactions, security and fraud prevention innovations are vital to market expansion and user acceptance of new forms of wireless transactions. For example, credit card transactions, whether conducted in person or over the Internet, are susceptible to fraud and theft by increasingly sophisticated thieves. Such attacks range from stealing credit card receipts or copying card numbers to attacking web accessible databases in order to acquire massive amounts of credit card account numbers. Fraud from these types of attacks results in billions of dollars in losses each year, both from these initial thefts of funds, as well as the resulting identity theft.
- In addition to working toward fraud prevention, credit card companies are continuously seeking novel methods of expanding their customer sets. Many growth activities center on recruiting young people with a perceived need to establish credit, such as those entering the market for the first time, college students with grant money to spend, and people trying to repair bad credit.
- With respect to media, peer-to-peer file sharing systems have become the bane of revenue-seeking copyright holders in that traditional file sharing systems provide consumers with copyrighted content without compensating the legal copyright holders for their works.
- There is a need for systems and methods to support distribution of controlled content, such as copyrighted works, wherein a secure financial transaction can be performed as part of the distribution. There is also a need to support person-to-person file sharing or distribution of controlled content wherein a secure financial transaction can be performed as part of the sharing or distribution.
- Embodiments of the present invention include systems and methods to support distribution of controlled content, wherein a secure financial transaction can be performed as part of the distribution. Embodiments of the present invention also support person-to-person file sharing or distribution of controlled content wherein a secure financial transaction can be performed as part of the sharing or distribution.
- In one embodiment of the present invention, a secure computing module is configured for operable coupling to a host device. The secure computing module includes a processor for performing secure processing operations, a host interface for operably coupling the processor to the host device, and a memory operably coupled to the processor wherein the processor logically isolates at least some of the memory from access by the host device. The secure computing module is configured to generate a secure digital signature for a message including financial transaction details. The secure computing module is also configured to direct the host device to communicate the financial transaction details and the secure digital signature to a financial organization associated with a user of the secure computing module and enable controlled content received through the host device.
- In accordance with another embodiment of the present invention, a method of performing file distribution includes selecting controlled content to be received from a content provider acting as a seller. Financial transaction details for the controlled content are sent to a buyer. The method also includes signing the financial transaction details with a buyer's secure digital signature using a buyer's secure computing module and signing the financial transaction details with a seller's secure digital signature using a seller's secure computing module. The financial transaction details, the buyer's secure digital signature, and the seller's secure digital signature comprise a financial transaction package. The method also includes communicating the financial transaction package between the buyer and the seller, communicating the financial transaction package to a seller's financial organization, and communicating the financial transaction package to a buyer's financial organization. The seller's financial organization verifies the seller's secure digital signature and the financial transaction details and sends a seller approval to the buyer's financial organization. The buyer's financial organization verifies the buyer's secure digital signature and the financial transaction details, sends a buyer approval to the seller's financial organization, and performs a fund transfer from the buyer's financial organization to the seller's financial organization. The method also includes communicating the controlled content from the content provider to the buyer's secure computing module.
- In accordance with still another embodiment of the present invention, a method of performing file distribution includes selecting controlled content to be received from a reseller, determining financial transaction details including a transaction amount and a content owner for the controlled content, and sending the financial transaction details for the controlled content to a buyer. The method also includes signing the financial transaction details with a buyer's secure digital signature using a buyer's secure computing module and signing the financial transaction details with a reseller's secure digital signature using a reseller's secure computing module. The financial transaction details, the buyer's secure digital signature, and the reseller's secure digital signature comprise a financial transaction package. The method also includes communicating the financial transaction package between the buyer and the reseller, communicating the financial transaction package to a buyer's financial organization, and communicating the financial transaction package to a content owner's financial organization. The content owner's financial organization verifies the financial transaction details and sends a seller approval to the buyer's financial organization. The buyer's financial organization verifies the buyer's secure digital signature and the financial transaction details, sends a buyer approval to the content owner's financial organization, and performs a fund transfer from the buyer's financial organization to the content owner's financial organization. The method also includes communicating the controlled content from the reseller's secure computing module to the buyer's secure computing module.
-
FIG. 1 illustrates a communication system including a host device and a secure computing module; -
FIG. 2 illustrates a front view of the secure computing module embodied in a card suitable for insertion into a cellular communication device; -
FIG. 2A illustrates an isometric view of the secure computing module ofFIG. 2 with a semi-transparent view to illustrate internal components according to an embodiment of the invention; -
FIG. 3 illustrates the secure computing module disconnected from the cellular communication device; -
FIG. 3A illustrates the secure computing module physically and electrically connected to the cellular communication device; -
FIG. 4 illustrates a simplified block diagram of the secure computing module in communication with the cellular communication device; -
FIG. 5 illustrates a simplified system diagram of a communication system for performing financial transactions and controlled content distribution between individuals; -
FIG. 6 is a simplified flow diagram illustrating acts that may be performed during distribution and purchase of controlled content from a content provider; and -
FIGS. 7A and 7B are simplified flow diagrams illustrating acts that may be performed during distribution and purchase of controlled content between individuals. - In the following detailed description, reference is made to the accompanying drawings which form a part hereof, and in which is shown by way of illustration specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those of ordinary skill in the art to practice the invention. It should be understood, however, that the detailed description and the specific examples, while indicating examples of embodiments of the invention, are given by way of illustration only and not by way of limitation. From this disclosure, various substitutions, modifications, additions, rearrangements, or combinations thereof within the scope of the present invention may be made and will become apparent to those skilled in the art.
- Embodiments of the present invention include systems and methods to support distribution of controlled content, wherein a secure financial transaction can be performed as part of the distribution. Embodiments of the present invention also support person-to-person file sharing or distribution of controlled content wherein a secure financial transaction can be performed as part of the sharing or distribution. In addition, embodiments of the present invention provide systems and methods that collect and preserve market accepted financial revenues (e.g., royalties, payments, etc.) for legal holders of controlled content. Furthermore, embodiments of the present invention provide systems and methods to refine and validate person-to-person marketing, sales, and distribution mechanisms in order to incentivize users to legally share and disseminate controlled content using person-to-person discovery and distribution methods.
- The systems and methods include controlled content distribution and secure financial transactions by augmenting Personal Electronic Devices (PEDs) with software and a Secure Computing Module (SCM) for executing the software. The SCM may be processing hardware that is either embeddable or embedded in the PED.
- As used herein, a PED may be any mobile computing device used by a user and capable of communication using a cellular wireless communication channel. A PED may also be referred to herein as a host device, a cellular communication device, or a wireless communication device. Examples of PEDs include cell phones, smartphones, Blackberry® smart phones, pagers, Personal Digital Assistants, music players (e.g., MP3 players and IPods), handheld computing platforms, wrist-worn computing system, or other mobile computing systems (e.g., laptops). In addition, the host device may be a desktop computer, server, or other device such as, for example, satellite TV receivers, Digital Versatile Disc (DVD) players, and Video Cassette Recorders (VCRs) equipped with a secure computing module. While most of the description herein concentrates on PEDs as wireless communication devices, those of ordinary skill in the art will recognize that any suitable host device may be configured to operate with a secure computing module to practice embodiments of the present invention.
- As used herein, “controlled content” refers to any copyrighted material or any material that can be considered for copyright. Such examples include, but are not limited to, the following: music, videos, eBooks, software, documents, maps, databases, store discount coupons, merchant loyalty material, pictures, or other digital content. Furthermore, controlled content includes access authorization tokens. As non-limiting examples, access authorization tokens may include electronic tickets (i.e., e-tickets) for admittance to movies, concerts, sporting events, and the like.
- As used herein, a “content owner” is an entity or individual that may, according to national law, international law, or combination thereof, own at least some of the rights to controlled content that they have rights to control access to, created themselves, or legally purchased.
- As used herein, a “content provider” is the content owner or agent of the content owner authorized to provide controlled content owned by the content owner.
- As used herein, “distribution rules” are rules defining the rights and methods of distribution. Such rules may limit distribution to specific groups, time periods, numbers, etc.
- As used herein an “original buyer” is a buyer who purchases controlled content directly from the content owner or an agent of the content owner.
- As used herein, a “reseller” is a buyer who is authorized to resell controlled content according the distribution rules specified by the content owner.
-
FIG. 1 illustrates acommunication system 100 including ahost device 110, aserver 180, anetwork 150, a wirelesscommunications base station 140, and asecure computing module 200. - In some embodiments, the
host device 110 may be acellular communication device 110. Thecellular communication device 110 may communicate with thebase station 140 using awireless channel 112, which may be a cellular wireless channel. Thecellular communication device 110 may be a wireless communication device, such as a smart phone, Blackberry® smart phone, laptop computer, or other suitable device configured to communicate with a terrestrialcellular base station 140. Thebase station 140 may communicate with thenetwork 150. Thenetwork 150 may be a communications network such as the Internet, the public switched telephone network, or any other suitable arrangement for implementing communications. - The
cellular communication device 110 may include a display for communicating information to a user and a keypad for the user to communicate information to thecellular communication device 110. - The
secure computing module 200 may be physically connected to thecellular communication device 110. As a non-limiting example, thesecure computing module 200 may be configured as a card suitable for insertion into thehost device 110. Although physically connected to thehost device 110, thesecure computing module 200 may execute software independently and/or isolated from thehost device 110. -
FIG. 2 illustrates a front view of thesecure computing module 200 embodied in a card suitable for insertion into thecellular communication device 110.FIG. 2A illustrates an isometric view of thesecure computing module 200 ofFIG. 2 with a semi-transparent view to illustrate internal components according to an embodiment of the invention. Thesecure computing module 200 may have physical characteristics similar to a Secure Digital (SD) memory card. For example, thesecure computing module 200 may include ahousing 204 having dimensions substantially similar to an SD memory card. Furthermore, thesecure computing module 200 may include ahost interface 202 configured to be physically and electrically connected to thecellular communication device 110. As non-limiting examples, thehost interface 202 may be configured as an SD Input/Output (SDIO) interface, a Secure Digital High Capacity (SDHC) interface, or other interface suitable for plugging into an expansion suitable for plugging into an SD slot of thecellular communication device 110. As illustrated inFIG. 2A , thesecure computing module 200 may include thehousing 204,circuitry 206, and thehost interface 202. - The
housing 204 encompasses thecircuitry 206 and may allow a user to handle thesecure computing module 200 without damaging thecircuitry 206 by surrounding thecircuitry 206, so thatcircuitry 206 is not physically exposed to the user. - As shown in
FIGS. 2 and 2A , some embodiments may be configured such that thehousing 204 including thesecure computing module 200 is different from and removable from thehost device 110. In other embodiments, thesecure computing module 200 may not include a housing and may be embedded in with thecellular communication device 110. In any embodiment, thesecure computing module 200 is configured to maintain at least a logical isolation from thecellular communication device 110, as is explained more fully below. - The
circuitry 206 may comprise one or more integrated circuits and may comprise one or more circuit boards. Thecircuitry 206 may be configured to perform the functionality of thesecure computing module 200. - Of course, the
secure computing module 200 may be configured with a form factor other than an SD form factor. For example, thesecure computing module 200 may have the physical characteristics (e.g., dimensions) of a TransFlash, miniSD, microSD, memory stick, compact flash, Multi Media Card (MMC), reduced size MMC, MMC micro, smart media, smart card, mini smart card, xD memory card, or other suitable form factor compatible with thecellular communication device 110. - As another non-limiting example, the
host interface 202 may be a serial bus, such as, for example, a Universal Serial Bus (USB) interface or “firewire” interface suitable for compatible connections to thecellular communication device 110. Other physical configurations and host interface formats that enable thesecure computing module 200 to be operably coupled to thehost device 110 are also possible. - Although the physical characteristics (e.g., dimensions) of the
secure computing module 200 and thehost interface 202 may be similar to one of the above-mentioned memory card formats, thesecure computing module 200 may perform functionality beyond that performed by a memory card as is discussed more fully below. -
FIG. 3 illustrates thesecure computing module 200 disconnected from thecellular communication device 110. In other words, a user of thesecure computing module 200 may connect thesecure computing module 200 to thecellular communication device 110 and may later disconnect thesecure computing module 200 from thecellular communication device 110. In general, with removable card formats, the user may disconnect thesecure computing module 200 from thecellular communication device 110 by hand without tools and without damaging thesecure computing module 200. - A user may connect the
secure computing module 200 to thecellular communication device 110 by inserting thesecure computing module 200 into a receptacle of thecellular communication device 110 thereby physically and electrically connecting thesecure computing module 200 to thecellular communication device 110. In some embodiments, thesecure computing module 200 may be inserted into a slot formed within the housing of thecellular communication device 110. - With removable card formats, the
secure computing module 200 may be used in more than one thecellular communication device 110 at different moments in time. For example, a user of thesecure computing module 200 may use thesecure computing module 200 in thecellular communication device 110 and may then later use thesecure computing module 200 in a differentcellular communication device 110. -
FIG. 3A illustrates thesecure computing module 200 physically and electrically connected to thecellular communication device 110. In some embodiments, thesecure computing module 200 may operate by using power supplied by thecellular communication device 110 and may receive power from thecellular communication device 110 via the host interface 202 (FIG. 2A ). Thus, thesecure computing module 200 might not be configured to operate when disconnected from thecellular communication device 110 other than to store data in non-volatile memory. In other embodiments, thesecure computing module 200 may include its own internal power source. - In some embodiments, the
secure computing module 200 may communicate directly with thebase station 140,network 150, orserver 180. In other embodiments, thesecure computing module 200 may communicate with thebase station 140,network 150, andserver 180 through thehost interface 202 and thecellular communication device 110. Accordingly, thecellular communication device 110 may receive information from thesecure computing module 200 and forward the information to thenetwork 150. Conversely, thecellular communication device 110 may receive information from thenetwork 150 and forward that information on to thesecure computing module 200. -
FIG. 4 illustrates a simplified block diagram of thesecure computing module 200 in communication with thecellular communication device 110. Thecellular communication device 110 may include aninterface block 508 for communicating with thehost interface 202, one ormore processors 502, apower supply 504,memory 506, acellular communicator 510, and a user interface 512. - The
secure computing module 200 may include one ormore processors 220,memory 230, a proximate-field wireless communicator 240, and aninterface block 250 for communicating on thehost interface 202. - The
processor 220 may be implemented as one or more of a general purpose microprocessor, a special purpose microprocessor, a microcontroller, other suitable hardware, such as, for example, an Application Specific Integrated Circuit (ASIC) or Field Programmable Gate Array (FPGA), or combinations thereof. These examples for theprocessor 220 are for illustration and other configurations are possible. Theinterface block 250 is configured to communicate on thehost interface 202, as described earlier. - The
secure computing module 200 is configured for executing software programs containing computing instructions. The one ormore processors 220 may be configured for executing a wide variety of operating systems and applications including the computing instructions for carrying out embodiments of the present invention. - The
memory 230 may be used to hold computing instructions, data, and other information for performing a wide variety of tasks including performing embodiments of the present invention. Thememory 230 may be embodied in a number of different forms using electronic, magnetic, optical, electromagnetic, or other techniques for storing information. By way of example, and not limitation, thememory 230 may include Synchronous Random Access Memory (SRAM), Dynamic RAM (DRAM), Read-Only Memory (ROM), Flash memory, and the like. - The proximate-
field wireless communicator 240 is configured for wireless communication across the proximate-fieldwireless communication channel 245 to another suitably equipped proximate-field wireless communicator. In some embodiments, the other suitably equipped proximate-field wireless communicator may be configured as part of anothersecure computing module 200, anothersecure computing module 200 configured in anothercellular communication device 110, or a point-of-sale terminal configured for wireless communication. - The
secure computing module 200 may use functionality provided by thecellular communication device 110. For example, thecellular communication device 110 may include a user interface 512 comprising a display 114 (FIG. 1 ) and a keypad 116 (FIG. 1 ). Since thesecure computing module 200 might not have a user interface, thesecure computing module 200 may provide user interaction data and instruct thecellular communication device 110 to display the information on thedisplay 114. Similarly, thesecure computing module 200 may request that thecellular communication device 110 provide thesecure computing module 200 with user interaction data entered by a user on thekeypad 116. - In some embodiments, the
power supply 504 may provide power to thesecure computing module 200. In other embodiments, thesecure computing module 200 may include its own power supply (not shown). - The proximate-field
wireless communication channel 245 may be any wireless frequency and protocol configured for somewhat localized communication. Some non-limiting examples of suitable protocols and frequencies are: suitable Radio Frequencies, 802.1 a/b/gin type wireless connections, infrared frequencies, Bluetooth® Radio Frequency Identification (RFID), WiFi, WiMax, or other suitable communication definitions. As non-limiting examples, distances of less than an inch to a few inches for RFID communication up to about 100 feet for Bluetooth® communication are considered suitable proximate-field ranges. -
FIG. 5 illustrates a simplified system diagram of a communication system for performing financial transactions and controlled content distribution between individuals. The communication system may include two or more cellular communication devices equipped with a secure computing module. The communication system may include afirst host device 110A including a firstsecure computing module 200A and additional host devices, such as, for example, asecond host device 110B including a secondsecure computing module 200B, athird host device 110C including a thirdsecure computing module 110C, and afourth host device 110D including a fourthsecure computing module 200D. - For ease of description, the
first host device 110A and the firstsecure computing module 200A may be referred to differently depending on the operations performed and the context of the operations. For example, in the context of an original buyer purchasing controlled content from a content provider, thefirst host device 110A and the firstsecure computing module 200A may be referred to as a buyer'shost device 110A and a buyer'ssecure computing module 200A, respectively. As another example, in the context of a reseller providing controlled content to another buyer, thefirst host device 110A and the firstsecure computing module 200A may be referred to as a reseller'shost device 110A and a reseller'ssecure computing module 200A, respectively. - A secure computing module (designated generically as 200) may communicate with another
secure computing module 200 using the proximate-field wireless communication channels (for example 245B, 245C, and 245D). Any of the host devices (designated generically as 110) may communicate with the network, which may be via wired or wireless communication. In the case of cellular communication devices, the communication may occur overcellular communication channels - A first
financial organization 300A may be operably coupled to the network overcommunication channel 302A. Similarly, a secondfinancial organization 300B may be operably coupled to the network overcommunication channel 302B and acontent provider 350 may be operably coupled to the network overcommunication channel 352. As non-limiting examples, thecommunication channels - Depending on the context, the first
financial organization 300A may be referred to as a buyer's financial organization or a reseller's financial organization, as will be apparent in the description below. Similarly, depending on the context, the secondfinancial organization 300B may be referred to as a content provider's financial organization, a seller's financial organization, or a buyer's financial organization, as will be apparent in the description below. - In some embodiments, the seller's financial organization and the buyer's financial organization may be the same entity. Furthermore, in performing financial transactions, the sellers financial organization and the buyer's financial organization may be considered substantially similar to the
server 180 ofFIG. 1 . In addition, financial organizations may be referred to generically herein with the designator 300. -
FIG. 5 does not illustrate, but it would be understood by a person of ordinary skill in the art that when the host device (110A-110D) is a cellular device, the cellular communication channels (112A-112D) generally communicate with thenetwork 150 via abase station 140 as illustrated inFIG. 1 . - Software processes illustrated herein are intended to illustrate representative processes that may be performed by one or more computing systems in carrying out embodiments of the present invention. Unless specified otherwise, the order in which the processes are described is not to be construed as a limitation. Furthermore, the processes may be implemented in any suitable hardware, software, firmware, or combinations thereof. By way of example, software processes may be stored in the
memory 230 for execution, and executed by the one ormore processors 220. - When executed as firmware or software, the instructions for performing the processes may be stored or transferred on a computer-readable medium. A computer-readable medium includes, but is not limited to, magnetic and optical storage devices such as disk drives, magnetic tape, CDs (compact disks), DVDs (digital versatile discs or digital video discs), and semiconductor devices such as RAM, DRAM, ROM, EPROM, and Flash memory.
- In addition, the firmware or software may be communicated via a network. As non-limiting examples, programming may be provided via appropriate media including, for example, embodied within articles of manufacture, embodied within a data signal (e.g., modulated carrier wave, data packets, digital representations, etc.) communicated via an appropriate transmission medium, such as a communication network (e.g., the Internet and/or a private network), wired electrical connection, optical connection and/or electromagnetic energy, for example, via a communications interface, or provided using other appropriate communication structure or medium. Exemplary programming including processor-usable software may be communicated as a data signal embodied in a carrier wave in but one example.
- In addition, it is noted that the examples may be described as a process that is depicted as a flowchart, a flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination corresponds to a return of the function to the calling function or the main function.
- In operation for performing controlled content distribution and financial transactions and referring to
FIGS. 4 and 5 , thehost device 110 is used to interface with a user to solicit input and display pertinent information under direction from thesecure computing module 200. Software executing on thesecure computing module 200 manages the financial transaction process and the controlled content transfers. This software may be in the form of a standalone application, device embedded software, or may operate within a web browser native to the device all of which can connect to thesecure computing module 200. Additionally, the software may include an Application Program Interface (API), a Software Development Kit (SDK) or other suitable software interfaces and tools for generating and managing the software of thesecure computing module 200. - The
secure computing module 200 provides secure information storage for variables required for the financial transaction processes, such as public and private keys for signing and encryption, secret hashing keys, counter variable(s), etc. Thesecure computing module 200 also providessecure memory 230 and a secure processing environment for stored procedures such as hashing algorithms, encryption algorithms, counter incrementing, and other suitable secure processes. - Thus, the
secure computing module 200 andsecure memory 230 provide a logically isolated environment for computing hashes and encrypting information that is from external sources such as thehost device 110 and othersecure computing modules 200. - Executing the software in isolation on the
secure computing module 200 rather than on thehost device 110 may protect data generated by the software against unauthorized access, for example, by malicious software installed on thehost device 110, by a user of thehost device 110, or by a device having connectivity to thehost device 110 through thenetwork 150 and thebase station 140. - In addition, the
secure computing module 200 may be used to validate all input from external sources. As a non-limiting example, thesecure computing module 200 may verify a signed transaction using the public signing key of the other party to the financial transaction. - When using encryption or hashing algorithms, the particular encryption scheme or encryption key may be known by the
secure computing module 200 but not by thehost device 110. As a result, thesecure computing module 200 may disregard information received from thehost device 110 that is not encrypted according to the particular encryption scheme or with the particular encryption key. Disregarding information not encrypted appropriately may prevent thehost device 110 from interacting with thesecure computing module 200 other than to relay user interface information between a user interface of thehost device 110, thenetwork 150, or theserver 180. - The
processor 220 may logically isolate some or all of thememory 230 from access by theprocessor 502 in thehost device 110. In other words, thehost interface 202 might not be able to communicate with thememory 230 except via permission and control of theprocessor 220, thereby preventing direct communication between the host interface 202 (or a device connected to thehost interface 202 such as the host device 110) and thememory 230. In addition, thememory 230 may be physically isolated from prying access. - The
secure computing module 200 may be pre-installed with protected information, such as, for example, financial transaction software and protected data (e.g., keys) from the vendor, manufacturer, or a combination thereof. In addition, the protected information may be updated on an already deployed system. - In deploying protected information, the protected information may be communicated to the
secure computing module 200 using an encrypted information transfer process, wherein the information may include data, software, or a combination thereof. Upon valid decryption and verification of authenticity (i.e., that the software and data originated at the financial organization), the data and algorithms (i.e., software procedures) may be updated within thesecure computing module 200. - The
secure computing module 200 may request that thehost device 110 retrieve the software from the server 180 (e.g., a web server, Supervisory Control and Data Acquisition (SCADA) server, corporate network server,financial organization host device 110A may retrieve the software from the buyer'sfinancial organization 300A viacellular communication channel 112A then provide the software to the buyer'ssecure computing module 200A. Thesecure computing module 200A may decrypt the software if necessary, then install and execute the software. When encrypted, thehost device 110 is unable to decrypt the encrypted software. Accordingly, upon retrieving encrypted software, thehost device 110 simply forwards the encrypted software to thesecure computing module 200 without decrypting the software. - The
secure computing module 200 may additionally or alternatively request that thehost device 110 send software or other information to the server 180 (FIG. 1 ). For example, thesecure computing module 200 may encrypt financial information (e.g., an account number, a personal identification number, etc.), provide the encrypted information to thehost device 110, and instruct thehost device 110 to send the encrypted information to theserver 180. Since the information, in this example, is encrypted, thehost device 110 may be unable to decrypt the financial information. - Driver software may be installed on the
host device 110 to assist thehost device 110 in communicating with thesecure computing module 200 and performing portions of financial transactions. As a non-limiting example, the driver software may enable communication on thehost interface 202 according to an established smart card interaction standard (e.g., PC/SC). As another non-limiting example, the driver software may perform information presentation on the display 114 (FIG. 1 ) and information retrieval from the keypad 116 (FIG. 1 ) and communicate the user interaction information to or from thesecure computing module 200. - The
secure computing module 200 includes cryptographic algorithms for creating and decoding secure digital signatures. In addition, thesecure computing module 200 may include cryptographic algorithms for encrypting and decrypting information. Thus, the secure portions of thememory 230 may include information such as the cryptographic algorithms, encryption keys, decryption keys, signing keys, counters, and other suitable cryptographic information. - Embodiments of the present invention include a process for creating a secure digital signature for a financial purchase package. The secure digital signature may be prepared by creating a cryptographically secure hash of financial transaction details in combination with a secret key. Any cryptographically secure hashing function in combination with a secret key may be used to fulfill the secure signing function. Furthermore, hashing algorithms and secret keys may be periodically updated by a financial organization associated with the user of the
secure computing module 200. - The secret key is known only to the user's
secure computing module 200 and the user's financial organization 300. However, thesecure computing module 200 may be configured to handle multiple financial accounts. Thus, thesecure computing module 200 may have a secret key for each account and the secret key for each account would be known by the financial organization servicing that account. - The financial transaction details may include a variety of information, such as, for example:
- description of the item(s) being sold;
- price of the item(s) (i.e., transaction amount);
- the time of transaction;
- the date of transaction;
- the location of the transaction (e.g., via GPS coordinates—if available);
- the buyer's credential and financial organization routing numbers; and
- the seller's credential and financial organization routing numbers.
- The credentials of the buyer or the seller may include information such as, for example, account information such as account number and financial organization identification, a public key, and other suitable information. The credentials are used to uniquely identify an individual to the financial organization. Anonymity may be maintained through this process allowing a buyer or seller to withhold their identity from the other party. However, each party must be uniquely identified to the financial organizations in order for funds to transfer. If anonymity is not desired, the credentials may also include the user's name.
- Embodiments of the present invention include a Financial Purchase Package (FPP) which, when completed, includes the financial transaction details, a buyer's secure digital signature, and a seller's secure digital signature.
- The secure digital signature for both the buyer and the seller may be created with a secure hashing function using a secret key. Secure hashing functions come in many forms and are occasionally standardized by government bodies such as the National Institute of Standards and Technology (NIST). As new cryptographically secure hashing functions using secret keys are standardized, they may be incorporated into the
secure computing module 200. - A non-limiting example of a secure hash using a secret key is described in Federal Information Processing Standard (FIPS) Publication 198, which is incorporated by reference herein. In general terms, the hashing function may be represented by the following equation:
-
HMAC K(m)=h((K⊕opad)∥h((K⊕ipad)∥m)) - In this equation, h is a cryptographic hash function, K is a secret key padded with extra zeros to the block size of the hash function, m is the message to be authenticated, the symbol shown as a ‘+’ with a circle around it denotes an exclusive or (XOR) operation while the ∥ denotes concatenation, and the outer padding opad=0x5c5c5c . . . 5c5c and inner padding ipad=0x363636 . . . 3636 are two one-block-long hexadecimal constants.
- Thus, the secret key is the digital signature secret key known only to the
secure computing module 200 and the user's financial organization 300. The message to be authenticated is the financial transaction details along with a Transaction Number Identifier (TNI). - As an addition to the secure hash, a second secret encryption key may be optionally included and added to the list of items above for the financial transaction details, and, as a result, be included in the computation of the hashing function. This additional secret value will also be stored with the other keying material on the financial organization's
secure computing module 200. While keyed hashes are considered secure, cryptanalysts and hackers continue to make progress in breaking hashes and other encryption processes. To keep embodiments of the present invention more secure, this second secret key may be included in the hash function to increase the entropy of the computed secure hash in a manner that is easy for thesecure computing modules 200 to process. - The TNI is a unique number associated with the current transaction and the
secure computing module 200. The unique number may be created in a number of ways. As a non-limiting example, the TNI may simply be a running incremented count of the transactions performed by thesecure computing module 200. As another non-limiting example, the TNI may be generated by a complex algorithm, such as a pseudo-randomly generated number, as long as thesecure computing module 200 and the user's financial organization 300 can generate the same number for the current transaction. - Thus, the TNI refers to a counted or computed transaction number for a given party (e.g., buyer or seller) to a specific transaction and is created when the transaction is signed. The buyer and seller may have different transaction numbers as they will have performed a differing number of transactions or use a different TNI generation algorithm. In other embodiments, the TNI may be the same for both the buyer and the seller. In this case, the TMI will be computed by the party that initiates the transaction (either buyer or seller) and will be used in the digital signature process of the other party.
- The TNI is included in the financial purchase package signing computation as part of the financial transaction details. It is also sent along with the signed FPP to the financial organization to help index the purchase transactions. Thus, there will most likely be a different TNI used by the buyer when the buyer signs the FPP than the TNI used by the seller when the seller signs the FPP.
- It should be noted that the financial transaction details, along with the buyer's secure digital signature and the seller's secure digital signature may be transferred between the buyer's
secure computing module 200A and the seller'ssecure computing module 200B over the proximate-fieldwireless communication channel 245. The proximate-fieldcommunication wireless channel 245 may have a default frequency and protocol. As a non-limiting example, the proximate-field communication channel 245 may be RFID. However, another channel may be used if the default channel is not available, or the user selects a different channel for use. As non-limiting examples, other possible communication channels are Short Message Service (SMS), Multimedia Message Service (MMS), Wireless Application Protocol (WAP), Bluetooth, WiFi, and other suitable protocols. - In some cases, the proximate-field
wireless communication channel 245 may not be particularly secure from snooping by others. However, embodiments of the present invention ensure that the current transaction is not compromised by using the secure digital signature of both the buyer and the seller. On the other hand, the financial transaction details may be discoverable if not encrypted, which may lead to identity theft if enough information is present in the financial transaction details. Consequently, some embodiments may include encryption and decryption of the financial purchase package. In addition, in some embodiments, the controlled content may be encrypted. - The encryption and decryption may use any suitable cryptographic algorithms. As a non-limiting example, the cryptographic algorithm may be a symmetric algorithm such as Advanced Encryption Standard (AES), which is well known in the art. Symmetric cryptography requires a secret key known only to the encryptor and the decryptor. Thus, the encryption may take place such that the secret key is known to a user and the user's financial organization. In this case, the secret key may be the same key used for creating the secure digital signature using the hashing algorithm, or it may be a different secret key used for the encryption/decryption. Alternatively, the secret key may be a secret key between the buyer and the seller determined during a discovery process, as is explained below.
- As another non-limiting example, the cryptographic algorithm may be an asymmetric algorithm such as RSA, which is well known in the art. The RSA denotes initials of the individuals that first disclosed the encryption algorithm. In asymmetric cryptography, two keys are used, a public key and a private key. A user may let his public key be known to anyone and keeps his private key just to himself. Anyone wishing to send an encrypted message to the user encrypts the message using the user's public key. Once encrypted, the message can only be decrypted by the private key, which only the user knows.
- Thus, there may be a number of keys stored and managed by the
secure computing module 200, such as, for example, secret digital signature keys, secret encryption keys, private keys, and public keys. Generally, users do not directly update their encryption and signing keys. In other words, users have access to use their keys but do not have access to manipulate their keys. Key updates, additions, or changes may be done by an organization controlling the servers that create thesecure computing module 200. - To manage and update keys securely, a Personal Identification Code (PIC) routine may be included in the
secure computing module 200 to allow the user to authenticate himself to thesecure computing module 200. The PIC may include a series of alphanumeric values known only to the user and thesecure computing module 200. In another embodiment, the PIC may be the digital representation of some biometric feature such as a fingerprint or retinal scan. In another embodiment, the user may initiate a PIC input request wherein thesecure computing module 200 outputs a series of alphanumeric characters that the user must in turn re-enter or re-type and submit back to thesecure computing module 200. Of course, the PIC routine may include combinations of entering biometric information and alphanumeric values. Furthermore, the PIC routine may include a random Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) algorithm for user entry. CAPTCHAs are the slanted and distorted fuzzy characters displayed that a human can discern, but which a computer may not be able to discern - In other embodiments, the
secure computing module 200 may receive the PIC inputs directly from an attached or attachable input device (not shown). One example of this is an external fingerprint or retinal scan reader device that is connected via a wire(s) directly into thesecure computing module 200. This extra hardware provides more secure input that does not require the inputs to pass through thememory 506 orprocessor 502 of thehost device 110 or other computing device containing thesecure computing module 200. - The secret keys for encryption/decryption as well as for secure hashing to create digital signatures may be refreshed periodically by the financial organization when the
secure computing module 200 connects to the financial organization for transaction processing. If thus configured, the financial organization 300 may optionally initiate a connection to thehost device 110 including thesecure computing module 200 for the purpose of rekeying. - As a non-limiting example of used keys, two public and private key pairs may be created for each
secure computing module 200. For the first key pair, the public key is stored in the user'ssecure computing module 200 and the private key is stored with the financial organization'ssecure computing module 200. This first key pair allows the user'ssecure computing module 200 to encrypt information to be sent to the financial organization. For the second key pair, the private key is stored in the user'ssecure computing module 200 and the public key is stored with the financial organization'ssecure computing module 200. This second key pair allows the financial organization'ssecure computing module 200 to encrypt information to be sent to the user'ssecure computing module 200. This two key pair system may be used so that each user'ssecure computing module 200 may have its own unique encrypted communication channel by which to communicate with the financial organization. Having separate keys for this purpose protects against a situation where if one encryption channel is hacked, then all encryption channels would be hacked. In addition, since public key encryption is much slower than symmetric key encryption, these two key pairs may be used to exchange a temporary symmetric key, which may be used for a specific transaction - Distribution of controlled content may occur with certain distribution rules and usage rules. The distribution rules specify how the content may be distributed. For example, distribution may be specified as unlimited. In another example, distribution may be specified as a certain quantity beyond which no further distribution is allowed. In another example, distribution may be limited to a specified time period, specific times, or select days.
- In another example, distribution may be limited to certain distribution groups. In other words, distribution may be limited to individuals with memberships in specified groups. This allows a university professor, as a non-limiting example, to distributed text books or test notes to the current class and only the current class and not to the general public. This also allows companies to distribute “proprietary” material only to their employees and not to the community at large. Distribution group designations may be maintained on the
secure computing module 200 and may also be verified during transactions with a distribution group's central repositories. - In the case of access authorization tokens, distribution may include distribution from the content owner, such as, for example, the venue owner, a ticket distributor, or other suitable event ticket seller. In addition, distribution, when authorized, may be between individuals. In this individual mode, distribution of access authorization tokens may be likened to a controlled ticket resale market.
- In embodiments of the present invention, content owners may be financially compensated when the owner's controlled content is distributed. As a non-limiting example, a royalty fee may be preset at a certain amount or determined on a periodic basis. A periodic royalty may allow content owners to raise or lower purchase prices and royalty fees as dictated by market or other forces. For example, controlled content that is not selling, may sell better when its price is lowered by the content owner or
content provider 350. Conversely, a content owner may wish to raise the price of controlled content that is selling well. Dynamic pricing also allows for “sale days” or other periods where discounts are desired. - In addition, embodiments of the present invention enable content to be resold by a previous buyer. In a resale process, the content owner may collect a royalty for the additional distribution from the reseller to the buyer. In addition, if allowed by the distribution rules, resellers may collect a fee for themselves while also ensuring the specified royalty fee is paid to the content owner. If permitted by the distribution rules, the reseller fee may be negotiated between the reseller and the buyer.
- In some embodiments, transfer restrictions and distribution rules may be set for a predetermined period of time. Further, the buyer's access to the controlled content may be limited to a predetermined period of time. After this predetermined period of time, the secure computing module may prevent access to the controlled content either by deleting, not decrypting, not allowing access, or combinations thereof.
- In some embodiments, the
secure computing module 200 may decrypt the controlled content and transfer it to thehost device 110 for use. In other embodiments, thesecure computing module 200 may retain the controlled content in thememory 230 of thesecure computing module 200 and provide it to thehost device 110 as requested. - To perform a financial transaction or controlled content distribution between two individuals with wireless communication devices, the
secure computing modules 200 perform a discovery process such that the twosecure computing modules 200 are aware of each other. When using portable electronic devices, the discovery process take place over one of the proximate-field wireless communication channels (245B-245D). - In a wireless discovery process, an overt user selection from a
host device 110 with asecure computing module 200 to initiate a transaction and connect to anotherhost device 110. This process is generally not simply “automatic” as in the case of most RFID payment cards and devices as the RFID process may be inherently insecure and prone to theft, eavesdropping, and abuse. However, in some embodiments, backward compatibility with conventional RFID systems, may be enabled to authorize automatic responses. As a non-limiting example, the use may switch to enable automatic responses for items such as low-dollar transactions such as subway fare transaction. As another non-limiting example, a conventional RFID system may be used to communicate an access authorization token from asecure computing module 200 to an admittance controller (not shown). The admittance controller may be operated by a venue to enable admittance to the venue access authorization token that are received by the admittance controller from one or more secure computing modules. - The discovery process may use any of several methods well known in the industry whereby an inquiry process looks for compatible devices. When such a device is found, both parties may input or negotiate the same secret session key value, etc. Session encryption may then based on that shared secret key value. Non-limiting examples of this discovery and key negotiation process are Bluetooth® pairing and enhancements to the Bluetooth® pairing process, which are well known in the art.
- The discovery process may be conducted over the proximate-
field wireless communicators 240 contained within thesecure computing modules 200. Having a secure processor control what, when, and how information is sent and received may enhance the security of the system. - Optionally, the discovery process may be conducted using conventional online client-server methods, or store and forward formats such as a secure Short Message Service (SMS) protocol.
-
FIG. 6 is a simplified flow diagram illustrating aprocess 600 that may be performed during distribution and purchase of controlled content from acontent provider 350. Theprocess 600 may be followed with reference toFIG. 6 , and occasional reference toFIGS. 4 and 5 . It should be noted that any of the communications that occur between entities duringprocess 600 may or may not be encrypted as is explained above. - The
process 600 begins with the buyer selecting controlled content from acontent provider 350 through the network atoperation block 612. Thecontent provider 350 may be a variety of online distributors, such as, for example, iTunes, Amazon.com, Wal-Mart online, etc. In addition, thecontent provider 350 may be a physical store such as a Wal-Mart local store, a Best Buy local store, etc. Thecontent provider 350 may also be a distribution kiosk in a local store or other facility. Inprocess 600, thecontent provider 350 may also be referred to as theseller 350. - In
operation block 614, transaction details, the seller's credentials and the seller's digital signature are communicated from theseller 350 to the buyer'ssecure computing module 200A. Along with the financial information of the transaction, the transaction details may include information about the content owner, the content owner's financial organization and distribution rules for the controlled content. - In
operation block 616 the buyer is presented with a dialog box on thehost device 110A indicating the transaction details, distribution rules, and other pertinent information. The buyer is prompted to accept or deny the transaction. If the transaction is denied,process 600 stops (not shown). If the transaction is accepted, the buyer creates a financial purchase package including the transaction details, distribution rules and other information about the content, and the buyer's secure digital signature. The buyer then sends the financial purchase package back to theseller 350. - If the seller or buyer does not approve and digitally sign the FPP, the process halts (not shown). If the transaction is to proceed, either the buyer or seller may send the financial purchase package on to a financial organization.
-
Decision block 620 determines if the seller is to communicate the FPP. If the seller communicates the financial purchase package,operation block 622 indicates that the seller sends the FPP to the seller'sfinancial organization 300B. Inoperation block 624, the seller'sfinancial organization 300B authenticates the seller by examining the seller's secure digital signature. - This authentication process performs a reverse hashing process on the seller's digital signature using the seller's secret key and determines that the transaction details are accurate, the transaction number identifier is correct, and that the seller's credentials match the seller's account with this financial organization.
- The seller's
financial organization 300B may then either approve or deny the transaction. If denied, the seller'sfinancial organization 300B sends a message back to the seller and the transaction terminates (not shown). If approved, the seller'sfinancial organization 300B sends the FPP and approval to the buyer'sfinancial organization 300A through thenetwork 150. In some cases, the buyer'sfinancial organization 300A and the seller'sfinancial organization 300B may be the same entity and there may be no need to “send” the FPP through thenetwork 150. - In
operation block 626, the buyer'sfinancial organization 300A authenticates the buyer by examining the buyer's secure digital signature using the buyer's secret key in a manner similar to that described above for the authentication process of the seller. The buyer'sfinancial organization 300A may then either approve or deny the transaction. If denied, the buyer'sfinancial organization 300A sends a message to the buyer'shost device 110A and the transaction terminates (not shown). If approved, the buyer'sfinancial organization 300A transfers the funds to the seller'sfinancial organization 300B. - Returning to decision block 620, if the buyer communicates the financial purchase package,
operation block 632 indicates that the buyer sends the FPP to the buyer'sfinancial organization 300A over thenetwork 150. Inoperation block 634, the buyer'sfinancial organization 300A authenticates the buyer by examining the buyer's secure digital signature using the buyer's secret key as explained above. - The buyer's
financial organization 300A may then either approve or deny the transaction. If denied, the buyer'sfinancial organization 300A sends a message back to the buyer'shost device 110A and the transaction terminates (not shown). If approved, the buyer'sfinancial organization 300A sends the FPP and approval to the seller'sfinancial organization 300B through thenetwork 150. In some cases, the buyer'sfinancial organization 300A and the seller'sfinancial organization 300B may be the same entity and there may be no need to “send” the FPP through thenetwork 150. - In
operation block 636, the seller'sfinancial organization 300B authenticates the seller by examining the seller's secure digital signature using the seller's secret key as explained above. The seller'sfinancial organization 300B may then either approve or deny the transaction. If denied, the seller'sfinancial organization 300B sends a message to theseller 350 and the transaction terminates (not shown). If approved, the seller'sfinancial organization 300B sends the approval back to the buyer'sfinancial organization 300A. Inoperation block 638, the buyer'sfinancial organization 300A transfers the funds to the seller'sfinancial organization 300B. At this point in the process, the financial transaction has been completed. -
Decision block 640 determines whether the seller should be notified of the transaction results. If so, inoperation block 642 the seller'sfinancial organization 300B sends the transaction results to theseller 350. -
Decision block 644 determines whether the buyer should be notified of the transaction results. If so, inoperation block 646 the buyer'sfinancial organization 300A sends the transaction results to the buyer'ssecure computing modules 200A. -
Process block 648 indicates that the controlled content is communicated from theseller 350 to the buyer'ssecure computing module 200A. As indicated earlier, the secure computing module may decrypt the controlled content if needed and store the controlled content inmemory 230 on thesecure computing module 200A or transfer it to thehost device 110A. - In
process 600, any of the buyer'ssecure computing module 200A, theseller 350, the buyer'sfinancial organization 300A, and the seller'sfinancial organization 300B may keep a log of the financial transaction and its success or failure due to disapproval by any party or due to insufficient funds. - In
process 600, some of the communications may occur via an intermediary communication network such as the Internet, some communications may occur via cellular communication channels and some communications may occur via proximate-field wireless communication channels. - The financial organizations 300 include a
secure computing module 200 and may employ an enterprise version of thesecure computing module 200 software, hardware, or combination thereof. This enterprise version creates a secure mechanism that is more robust for numerous continuous and simultaneous transactions. To ensure additional security between transactions, the enterprise software for thesecure computing module 200 may zero out dynamic transaction memory between individual transactions. -
FIGS. 7A and 7B are simplified flow diagrams illustrating aprocess 700 that may be performed during distribution and purchase of controlled content between individuals. Theprocess 700 may be followed with reference toFIGS. 7A and 7B , and occasional reference toFIGS. 4 and 5 . It should be noted that any of the communications that occur between entities duringprocess 700 may or may not be encrypted as is explained above. - The
process 700 begins with the reseller creating transaction details inoperation block 702. Along with the financial information of the transaction, the transaction details may include information about the content owner, the content owner's financial organization and distribution rules for the controlled content. The transaction details, the seller's credentials, and the seller's digital signature are communicated from the reseller'ssecure computing module 200B to the buyer'ssecure computing module 200A. - In
operation block 704, the buyer is presented with a dialog box on thehost device 110B indicating the transaction details, distribution rules, and other pertinent information. The buyer is prompted to accept or deny the transaction. If the transaction is denied,process 700 stops (not shown). If the transaction is accepted, the buyer'ssecure computing module 200B creates a financial purchase package including the transaction details, distribution rules and other information about the content, and the buyer's secure digital signature. The buyer then sends the financial purchase package back to the reseller'ssecure computing module 200A. - If the reseller or buyer does not approve and digitally sign the FPP, the process halts (not shown). In
operation block 708, the reseller'ssecure computing module 200A sends the financial purchase package to the content ownersfinancial organization 300B and the buyer'sfinancial organization 300A. - In
operation block 710, the content owner'sfinancial organization 300B verifies the transaction details, the reseller's authorization to distribute and the distribution rules. In some cases, the content owner'sfinancial organization 300B may not know details of the reseller's authorization to distribute or the distribution rules. In those cases, the content owner'sfinancial organization 300B may communicate over thenetwork 150 with the content owner orcontent provider 350 to verify the reseller's authorization to distribute and the distribution rules. If the transaction details and any content rules and authorization are verified, the content owner'sfinancial organization 300B may approve the transaction. Otherwise, the content owner'sfinancial organization 300B may deny the transaction. The content owner's financial organization then sends the approval or denial to the buyer'sfinancial organization 300A. - In
operation block 712, the buyer'sfinancial organization 300A verifies the transaction details and authenticates the buyer by examining the buyer's secure digital signature using the buyer's secret key as explained above. - The buyer's
financial organization 300A may then either approve or deny the transaction. If denied, the buyer'sfinancial organization 300A sends a message to the buyer'shost device 110A and the transaction terminates (not shown). If approved, the buyer'sfinancial organization 300A transfers the funds to the content owner'sfinancial organization 300B. - Referring to
FIG. 7B , indecision block 714, the process determines whether the reseller is eligible to receive a fee for reselling the controlled content. If not, control passes down todecision block 724. - If the reseller is to receive a fee, in
operation block 718 the reseller sends the FPP to the reseller's financial organization (not shown, would be considered a third financial organization 300 inFIG. 5 ). - In
operation block 720, the reseller's financial organization 300 authenticates the reseller by examining the reseller's secure digital signature using the reseller's secret key as explained above. The reseller's financial organization 300 may then either approve or deny the transaction. If denied, the reseller's financial organization 300 sends a message back to the reseller'shost device 110A and the transaction terminates (not shown). If approved, the reseller's financial organization 300 sends the FPP and approval to the buyer'sfinancial organization 300A through thenetwork 150. In some cases, the buyer'sfinancial organization 300A and the reseller's financial organization 300 may be the same entity and there may be no need to “send” the FPP through thenetwork 150. - In
operation block 722, the buyer'sfinancial organization 300A transfers the funds for the reseller's fee to the reseller's financial organization 300. At this point in the process, the financial transaction has been completed. -
Decision block 724 determines whether the reseller should be notified of the transaction results. If so, inoperation block 726 the reseller's financial organization 300 sends the transaction results to the reseller'ssecure computing module 200A. -
Decision block 728 determines whether the content owner, thecontent provider 350, or combination thereof should be notified of the transaction results. If so, inoperation block 730 the content owner'sfinancial organization 300B sends the transaction results to thecontent provider 350. -
Decision block 732 determines whether the buyer should be notified of the transaction results. If so, inoperation block 734 the buyer'sfinancial organization 300A sends the transaction results to the buyer'ssecure computing module 200A. -
Process block 648 indicates that the controlled content is communicated from the reseller'ssecure computing module 200A to the buyer'ssecure computing module 200B. As indicated earlier, the secure computing module may decrypt the controlled content if needed and store the controlled content inmemory 230 on thesecure computing module 200B or transfer it to thehost device 110B. - In
process 700, any of the buyer'ssecure computing module 200B, the reseller'scomputing module 200A, the buyer'sfinancial organization 300B, the reseller's financial organization 300, and the content provider'sfinancial organization 300A may keep a log of the financial transaction and its success or failure due to disapproval by any party or due to insufficient funds. - In
process 700, some of the communications may occur via an intermediary communication network such as the Internet, some communications may occur via cellular communication channels, and some communications may occur via proximate-field wireless communication channels. - The financial organizations 300 include a
secure computing module 200 and may employ an enterprise version of thesecure computing module 200 software, which creates a secure mechanism that is more robust for numerous continuous and simultaneous transactions. To ensure additional security between transactions, the enterprise software for thesecure computing module 200 may zero out dynamic transaction memory between individual transactions. - Although the present invention has been described with reference to particular embodiments, the present invention is not limited to these described embodiments. Rather, the present invention is limited only by the appended claims, which include within their scope all equivalent devices or methods that operate according to the principles of the present invention as described.
Claims (33)
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/196,669 US20090216680A1 (en) | 2008-02-26 | 2008-08-22 | Systems and Methods for Performing File Distribution and Purchase |
EP09715756A EP2255487A4 (en) | 2008-02-26 | 2009-01-28 | Systems and methods for performing file distribution and purchase |
PCT/US2009/032279 WO2009108445A1 (en) | 2008-02-26 | 2009-01-28 | Systems and methods for performing file distribution and purchase |
CN200980110155.8A CN101978646B (en) | 2008-02-26 | 2009-01-28 | For performing the system and method for file distributing and purchase |
JP2010548772A JP2011517354A (en) | 2008-02-26 | 2009-01-28 | System and method for delivering and purchasing files |
US15/646,927 US20170308894A1 (en) | 2008-02-26 | 2017-07-11 | Systems and methods for performing file distribution and purchase |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US3160508P | 2008-02-26 | 2008-02-26 | |
US3188508P | 2008-02-27 | 2008-02-27 | |
US12/196,669 US20090216680A1 (en) | 2008-02-26 | 2008-08-22 | Systems and Methods for Performing File Distribution and Purchase |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/646,927 Division US20170308894A1 (en) | 2008-02-26 | 2017-07-11 | Systems and methods for performing file distribution and purchase |
Publications (1)
Publication Number | Publication Date |
---|---|
US20090216680A1 true US20090216680A1 (en) | 2009-08-27 |
Family
ID=40999257
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/196,669 Abandoned US20090216680A1 (en) | 2008-02-26 | 2008-08-22 | Systems and Methods for Performing File Distribution and Purchase |
US12/196,806 Active 2029-09-30 US8214298B2 (en) | 2008-02-26 | 2008-08-22 | Systems and methods for performing wireless financial transactions |
US15/646,927 Abandoned US20170308894A1 (en) | 2008-02-26 | 2017-07-11 | Systems and methods for performing file distribution and purchase |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/196,806 Active 2029-09-30 US8214298B2 (en) | 2008-02-26 | 2008-08-22 | Systems and methods for performing wireless financial transactions |
US15/646,927 Abandoned US20170308894A1 (en) | 2008-02-26 | 2017-07-11 | Systems and methods for performing file distribution and purchase |
Country Status (5)
Country | Link |
---|---|
US (3) | US20090216680A1 (en) |
EP (2) | EP2255487A4 (en) |
JP (2) | JP2011513839A (en) |
CN (2) | CN101978646B (en) |
WO (2) | WO2009108444A1 (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080280592A1 (en) * | 2007-05-07 | 2008-11-13 | Mccown Steven H | Wireless device monitoring methods, wireless device monitoring systems, and articles of manufacture |
US20080291013A1 (en) * | 2007-05-07 | 2008-11-27 | Battelle Energy Alliance, Llc | Wireless device monitoring systems and monitoring devices, and associated methods |
US20090141896A1 (en) * | 2007-11-30 | 2009-06-04 | Mccown Steven Harvey | Processing module operating methods, processing modules, and communications systems |
US20090216681A1 (en) * | 2008-02-26 | 2009-08-27 | Battelle Energy Alliance, Llc | Systems and methods for performing wireless financial transactions |
US20100223156A1 (en) * | 2007-07-23 | 2010-09-02 | Taihei Shii | Artwork-trading system and artwork-trading program for trading artworks created by artist over network |
US20110032559A1 (en) * | 2009-08-07 | 2011-02-10 | Canon Kabushiki Kaisha | Data processing apparatus, method for controlling data processing apparatus, and information processing apparatus |
WO2011088508A1 (en) | 2010-01-19 | 2011-07-28 | Glencurr Pty Ltd | Method, device and system for securing payment data for transmission over open communication networks |
US20110288910A1 (en) * | 2010-05-19 | 2011-11-24 | Anuj Garg | Methods and apparatus for the acquisition and exchange of media content in communications network |
CN102624428A (en) * | 2011-01-28 | 2012-08-01 | 国民技术股份有限公司 | System and method for selecting a communication object |
US20120232958A1 (en) * | 2011-03-11 | 2012-09-13 | Bar & Club Statistics, Inc. | Systems and methods for dynamic venue demographics and marketing |
US20120239572A1 (en) * | 2011-03-15 | 2012-09-20 | Ing Bank, Fsb (Dba Ing Direct) | Systems and methods for performing financial transactions using active authentication |
US8356754B2 (en) | 2005-04-21 | 2013-01-22 | Securedpay Solutions, Inc. | Portable handheld device for wireless order entry and real time payment authorization and related methods |
US20140122615A1 (en) * | 2008-02-22 | 2014-05-01 | Accenture Global Services Limited | System for analyzing user activity in a collaborative environment |
US8930274B1 (en) * | 2013-10-30 | 2015-01-06 | Google Inc. | Securing payment transactions with rotating application transaction counters |
CN104301110A (en) * | 2014-10-10 | 2015-01-21 | 刘文清 | Authentication method, authentication device and system applied to intelligent terminal |
US10430789B1 (en) * | 2014-06-10 | 2019-10-01 | Lockheed Martin Corporation | System, method and computer program product for secure retail transactions (SRT) |
US10664775B2 (en) | 2017-02-13 | 2020-05-26 | Scout Exchange Llc | System and interfaces for managing temporary workers |
US11410131B2 (en) | 2018-09-28 | 2022-08-09 | Scout Exchange Llc | Talent platform exchange and rating system |
US20230135598A1 (en) * | 2011-02-23 | 2023-05-04 | Catch Media, Inc. | E-used digital assets and post-acquisition revenue |
US11720834B2 (en) | 2018-12-11 | 2023-08-08 | Scout Exchange Llc | Talent platform exchange and recruiter matching system |
US11748710B2 (en) | 2011-10-05 | 2023-09-05 | Scout Exchange Llc | System and method for managing a talent platform |
US11924325B2 (en) | 2016-07-29 | 2024-03-05 | Nchain Licensing Ag | Blockchain-implemented method and system |
Families Citing this family (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7146338B2 (en) | 2001-06-28 | 2006-12-05 | Checkfree Services Corporation | Inter-network financial service |
US6834647B2 (en) | 2001-08-07 | 2004-12-28 | Datex-Ohmeda, Inc. | Remote control and tactile feedback system for medical apparatus |
US8874477B2 (en) | 2005-10-04 | 2014-10-28 | Steven Mark Hoffberg | Multifactorial optimization system and method |
US20080288376A1 (en) | 2007-04-27 | 2008-11-20 | Cashedge, Inc. | Centralized payment hub method and system |
US9311766B2 (en) | 2007-09-12 | 2016-04-12 | Devicefidelity, Inc. | Wireless communicating radio frequency signals |
US8915447B2 (en) | 2007-09-12 | 2014-12-23 | Devicefidelity, Inc. | Amplifying radio frequency signals |
US8341083B1 (en) | 2007-09-12 | 2012-12-25 | Devicefidelity, Inc. | Wirelessly executing financial transactions |
US9304555B2 (en) | 2007-09-12 | 2016-04-05 | Devicefidelity, Inc. | Magnetically coupling radio frequency antennas |
US8070057B2 (en) | 2007-09-12 | 2011-12-06 | Devicefidelity, Inc. | Switching between internal and external antennas |
US20100153011A1 (en) * | 2008-12-17 | 2010-06-17 | Pitney Bowes Inc. | Method and apparatus for evidencing a transaction using location information |
CN101562525B (en) * | 2009-04-30 | 2012-06-27 | 飞天诚信科技股份有限公司 | Method, device and system for signature |
GB0913187D0 (en) * | 2009-07-28 | 2009-09-02 | Hanmer Lorna J | Kissing kard |
GB201105765D0 (en) | 2011-04-05 | 2011-05-18 | Visa Europe Ltd | Payment system |
US8649820B2 (en) | 2011-11-07 | 2014-02-11 | Blackberry Limited | Universal integrated circuit card apparatus and related methods |
USD703208S1 (en) | 2012-04-13 | 2014-04-22 | Blackberry Limited | UICC apparatus |
US8936199B2 (en) | 2012-04-13 | 2015-01-20 | Blackberry Limited | UICC apparatus and related methods |
USD701864S1 (en) * | 2012-04-23 | 2014-04-01 | Blackberry Limited | UICC apparatus |
US8938796B2 (en) | 2012-09-20 | 2015-01-20 | Paul Case, SR. | Case secure computer architecture |
GB2507498B (en) * | 2012-10-30 | 2014-09-17 | Barclays Bank Plc | Secure computing environment |
KR101294373B1 (en) | 2012-11-28 | 2013-08-08 | 재단법인 한국데이터베이스진흥원 | System and method for preventing untrusty clearing of digital content service provider using transaction certification token |
US9569779B2 (en) * | 2013-01-17 | 2017-02-14 | International Business Machines Corporation | Fraud detection employing personalized fraud detection rules |
US20140279566A1 (en) * | 2013-03-15 | 2014-09-18 | Samsung Electronics Co., Ltd. | Secure mobile payment using media binding |
US11748746B2 (en) * | 2013-09-30 | 2023-09-05 | Apple Inc. | Multi-path communication of electronic device secure element data for online payments |
US10878414B2 (en) | 2013-09-30 | 2020-12-29 | Apple Inc. | Multi-path communication of electronic device secure element data for online payments |
US11392937B2 (en) | 2013-11-15 | 2022-07-19 | Apple Inc. | Generating transaction identifiers |
US11042846B2 (en) * | 2013-11-15 | 2021-06-22 | Apple Inc. | Generating transaction identifiers |
BR112016014106A2 (en) | 2013-12-19 | 2017-08-08 | Visa Int Service Ass | METHOD FOR ENHANCED SECURITY OF A COMMUNICATION DEVICE, AND, COMMUNICATION DEVICE |
US9922322B2 (en) | 2013-12-19 | 2018-03-20 | Visa International Service Association | Cloud-based transactions with magnetic secure transmission |
CN106465112A (en) * | 2014-05-21 | 2017-02-22 | 维萨国际服务协会 | Offline authentication |
CN105205666B (en) * | 2014-06-17 | 2019-10-25 | 中国银联股份有限公司 | Face-to-face method of payment and system based on bluetooth |
US9775029B2 (en) | 2014-08-22 | 2017-09-26 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US10089607B2 (en) | 2014-09-02 | 2018-10-02 | Apple Inc. | Mobile merchant proximity solution for financial transactions |
US10387866B1 (en) | 2015-03-20 | 2019-08-20 | Slyce Canada Inc. | System and method for instant purchase transactions via image recognition |
US20180365682A1 (en) * | 2015-11-30 | 2018-12-20 | Simsec Hong Kong Limited | Multi-scheme payment mobile device and system |
CN109643354B (en) | 2016-07-11 | 2023-06-06 | 维萨国际服务协会 | Encryption key exchange procedure using access means |
US10546444B2 (en) * | 2018-06-21 | 2020-01-28 | Capital One Services, Llc | Systems and methods for secure read-only authentication |
US10885519B1 (en) * | 2020-02-17 | 2021-01-05 | Mautinoa Technologies, LLC | Mobile transaction platform |
CN111598649A (en) * | 2020-04-17 | 2020-08-28 | 广东工业大学 | Outsourcing processing method and platform based on block chain |
US20230096124A1 (en) * | 2021-09-24 | 2023-03-30 | Sayves Llc | Systems and methods for secure digital transactions |
Citations (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030088513A1 (en) * | 2001-11-08 | 2003-05-08 | Gritzmacher Thomas J. | Billing system and method for network |
US20040031856A1 (en) * | 1998-09-16 | 2004-02-19 | Alon Atsmon | Physical presence digital authentication system |
US20040107219A1 (en) * | 2002-09-23 | 2004-06-03 | Wimetrics Corporation | System and method for wireless local area network monitoring and intrusion detection |
US6760841B1 (en) * | 2000-05-01 | 2004-07-06 | Xtec, Incorporated | Methods and apparatus for securely conducting and authenticating transactions over unsecured communication channels |
US6779115B1 (en) * | 2000-02-18 | 2004-08-17 | Digital5, Inc. | Portable device using a smart card to receive and decrypt digital data |
US20040180657A1 (en) * | 2002-06-24 | 2004-09-16 | Toshiba America Research Inc. (Tari) | Authenticating multiple devices simultaneously using a single wireless subscriber identity module |
US20040235450A1 (en) * | 2003-05-19 | 2004-11-25 | Einar Rosenberg | Apparatus and method for increased security of wireless transactions |
US6831982B1 (en) * | 1999-11-19 | 2004-12-14 | Storage Technology Corporation | Encryption key management system using multiple smart cards |
US20050038707A1 (en) * | 2002-08-30 | 2005-02-17 | Navio Systems, Inc. | Methods and apparatus for enabling transactions in networks |
US20050068169A1 (en) * | 2002-05-14 | 2005-03-31 | Copley Shuan Michael | Personal tracking device |
US20050120225A1 (en) * | 2001-12-04 | 2005-06-02 | Giesecke & Devrient Gmbh | Storing and accessing data in a mobile device and a user module |
US20050182710A1 (en) * | 2002-03-13 | 2005-08-18 | Beamtrust A/S | Method of processing an electronic payment cheque |
US20050188194A1 (en) * | 2003-10-07 | 2005-08-25 | Koolspan, Inc. | Automatic hardware-enabled virtual private network system |
US6947908B1 (en) * | 1998-08-27 | 2005-09-20 | Citibank, N.A. | System and use for correspondent banking |
US20050234860A1 (en) * | 2002-08-30 | 2005-10-20 | Navio Systems, Inc. | User agent for facilitating transactions in networks |
US20050250440A1 (en) * | 2000-06-30 | 2005-11-10 | Zhou Peter Y | Systems and methods for monitoring and tracking |
US7024395B1 (en) * | 2000-06-16 | 2006-04-04 | Storage Technology Corporation | Method and system for secure credit card transactions |
US20060135121A1 (en) * | 2004-12-21 | 2006-06-22 | Abedi Scott S | System and method of securing data on a wireless device |
US20060144946A1 (en) * | 2004-12-31 | 2006-07-06 | Masayuki Kuriyama | System and method for utilizing a highly secure two-dimensional matrix code on a mobile communications display |
US20060165078A1 (en) * | 2004-04-06 | 2006-07-27 | Airtight Networks, Inc. | Method and system for allowing and preventing wireless devices to transmit wireless signals |
US20070011729A1 (en) * | 2005-07-06 | 2007-01-11 | White Charles A | Device and Method for Authenticating and Securing Transactions Using RF Communication |
US20070057038A1 (en) * | 2005-09-15 | 2007-03-15 | Capital One Financial Corporation | Wireless devices for storing a financial account card and methods for storing card data in a wireless device |
US20070087756A1 (en) * | 2005-10-04 | 2007-04-19 | Hoffberg Steven M | Multifactorial optimization system and method |
US20070198432A1 (en) * | 2001-01-19 | 2007-08-23 | Pitroda Satyan G | Transactional services |
US20070226807A1 (en) * | 1996-08-30 | 2007-09-27 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20070241182A1 (en) * | 2005-12-31 | 2007-10-18 | Broadcom Corporation | System and method for binding a smartcard and a smartcard reader |
US20070250393A1 (en) * | 2006-03-21 | 2007-10-25 | Alberth William P Jr | Methods and devices for establishing and processing payment rules for mobile commerce |
US20080010215A1 (en) * | 2006-07-06 | 2008-01-10 | Firethorn Holdings, Llc | Methods and Systems For Managing Payment Sources in a Mobile Environment |
US20080025238A1 (en) * | 2006-07-28 | 2008-01-31 | Mccown Steven H | Radio frequency detection assembly and method for detecting radio frequencies |
US20080280592A1 (en) * | 2007-05-07 | 2008-11-13 | Mccown Steven H | Wireless device monitoring methods, wireless device monitoring systems, and articles of manufacture |
US20080290987A1 (en) * | 2007-04-22 | 2008-11-27 | Lehmann Li | Methods and apparatus related to content sharing between devices |
US20080291013A1 (en) * | 2007-05-07 | 2008-11-27 | Battelle Energy Alliance, Llc | Wireless device monitoring systems and monitoring devices, and associated methods |
US20090141896A1 (en) * | 2007-11-30 | 2009-06-04 | Mccown Steven Harvey | Processing module operating methods, processing modules, and communications systems |
US20090216681A1 (en) * | 2008-02-26 | 2009-08-27 | Battelle Energy Alliance, Llc | Systems and methods for performing wireless financial transactions |
Family Cites Families (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IL134741A (en) * | 2000-02-27 | 2003-11-23 | Adamtech Ltd | Mobile transaction system and method |
WO2001069346A2 (en) * | 2000-03-16 | 2001-09-20 | Harex Infotech Inc. | Optical payment transceiver and system using the same |
CN1329313A (en) * | 2000-06-21 | 2002-01-02 | 中国建设银行新疆维吾尔自治区分行 | Direct communication system of customer and bank |
US7774231B2 (en) * | 2000-09-29 | 2010-08-10 | Nokia Corporation | Electronic payment methods for a mobile device |
US7133659B2 (en) * | 2000-09-29 | 2006-11-07 | Nokia Mobile Phones Limited | Methods of operating a reservation system using electronic device cover with embedded transponder |
US7587196B2 (en) * | 2001-03-29 | 2009-09-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Wireless point of sale transaction |
GB2377042A (en) * | 2001-06-26 | 2002-12-31 | Nokia Corp | Identification of a data entity |
US20030093695A1 (en) * | 2001-11-13 | 2003-05-15 | Santanu Dutta | Secure handling of stored-value data objects |
CN100471214C (en) * | 2001-12-04 | 2009-03-18 | 北京凯华网联技术有限公司 | Mobile payment method and system thereof |
US7127236B2 (en) * | 2001-12-26 | 2006-10-24 | Vivotech, Inc. | Micropayment financial transaction process utilizing wireless network processing |
US20030154139A1 (en) * | 2001-12-31 | 2003-08-14 | Woo Kevin K. M. | Secure m-commerce transactions through legacy POS systems |
US7996888B2 (en) * | 2002-01-11 | 2011-08-09 | Nokia Corporation | Virtual identity apparatus and method for using same |
EP1367542A3 (en) * | 2002-05-28 | 2005-05-25 | Siemens Aktiengesellschaft | Electronic ticket, system for issuing electronic tickets, and devices for using and performing operations on electronic tickets |
GB2392590B (en) * | 2002-08-30 | 2005-02-23 | Toshiba Res Europ Ltd | Methods and apparatus for secure data communication links |
CN1516508A (en) * | 2003-01-08 | 2004-07-28 | ��� | Digital certificate storage and its new application method |
US20080228651A1 (en) * | 2003-09-29 | 2008-09-18 | Zan Tapsell | Public Key Crytography Method and System |
US20050071179A1 (en) * | 2003-09-30 | 2005-03-31 | International Business Machines Corporation | Dynamic processing of payment requests for mobile commerce transactions |
US7899748B2 (en) * | 2003-09-30 | 2011-03-01 | International Business Machines Corporation | Server wallet provider portal |
US7357309B2 (en) * | 2004-01-16 | 2008-04-15 | Telefonaktiebolaget Lm Ericsson (Publ) | EMV transactions in mobile terminals |
US7124937B2 (en) * | 2005-01-21 | 2006-10-24 | Visa U.S.A. Inc. | Wireless payment methods and systems |
US8700729B2 (en) * | 2005-01-21 | 2014-04-15 | Robin Dua | Method and apparatus for managing credentials through a wireless network |
US7734933B1 (en) * | 2005-06-17 | 2010-06-08 | Rockwell Collins, Inc. | System for providing secure and trusted computing environments through a secure computing module |
US20070100710A1 (en) * | 2005-11-01 | 2007-05-03 | Moneet Singh | System and methods for m-commerce transactions |
GB0525635D0 (en) * | 2005-12-16 | 2006-01-25 | Innovision Res & Tech Plc | Chip card and method of data communication |
US20070156517A1 (en) * | 2005-12-29 | 2007-07-05 | Mark Kaplan | System and method for redemption of a coupon using a mobile cellular telephone |
KR100754825B1 (en) * | 2006-06-30 | 2007-09-04 | 삼성전자주식회사 | Apparatus and method for mobile commerce providing in a portable terminal |
FR2903545B1 (en) * | 2006-07-04 | 2008-09-26 | Mobilysim Sarl | DISTRIBUTION OF ELECTRONIC TITLES BY RADIO FREQUENCY |
BRPI0806197A2 (en) * | 2007-01-26 | 2011-08-30 | Interdigital Tech Corp | location information security assurance and access control method and apparatus using location information |
US20080208741A1 (en) * | 2007-02-22 | 2008-08-28 | First Data Corporation | Account information lookup systems and methods in mobile commerce |
US7979316B2 (en) * | 2007-04-27 | 2011-07-12 | American Express Travel Related Services Company, Inc. | System and method for facilitating mobile commerce |
-
2008
- 2008-08-22 US US12/196,669 patent/US20090216680A1/en not_active Abandoned
- 2008-08-22 US US12/196,806 patent/US8214298B2/en active Active
-
2009
- 2009-01-28 CN CN200980110155.8A patent/CN101978646B/en not_active Expired - Fee Related
- 2009-01-28 EP EP09715756A patent/EP2255487A4/en not_active Withdrawn
- 2009-01-28 EP EP09714477.8A patent/EP2248290A4/en not_active Withdrawn
- 2009-01-28 WO PCT/US2009/032273 patent/WO2009108444A1/en active Application Filing
- 2009-01-28 CN CN200980107942.7A patent/CN101960762B/en not_active Expired - Fee Related
- 2009-01-28 JP JP2010548771A patent/JP2011513839A/en active Pending
- 2009-01-28 WO PCT/US2009/032279 patent/WO2009108445A1/en active Application Filing
- 2009-01-28 JP JP2010548772A patent/JP2011517354A/en active Pending
-
2017
- 2017-07-11 US US15/646,927 patent/US20170308894A1/en not_active Abandoned
Patent Citations (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070226807A1 (en) * | 1996-08-30 | 2007-09-27 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6947908B1 (en) * | 1998-08-27 | 2005-09-20 | Citibank, N.A. | System and use for correspondent banking |
US20040031856A1 (en) * | 1998-09-16 | 2004-02-19 | Alon Atsmon | Physical presence digital authentication system |
US6831982B1 (en) * | 1999-11-19 | 2004-12-14 | Storage Technology Corporation | Encryption key management system using multiple smart cards |
US6779115B1 (en) * | 2000-02-18 | 2004-08-17 | Digital5, Inc. | Portable device using a smart card to receive and decrypt digital data |
US6760841B1 (en) * | 2000-05-01 | 2004-07-06 | Xtec, Incorporated | Methods and apparatus for securely conducting and authenticating transactions over unsecured communication channels |
US7024395B1 (en) * | 2000-06-16 | 2006-04-04 | Storage Technology Corporation | Method and system for secure credit card transactions |
US20050250440A1 (en) * | 2000-06-30 | 2005-11-10 | Zhou Peter Y | Systems and methods for monitoring and tracking |
US20070198432A1 (en) * | 2001-01-19 | 2007-08-23 | Pitroda Satyan G | Transactional services |
US20030088513A1 (en) * | 2001-11-08 | 2003-05-08 | Gritzmacher Thomas J. | Billing system and method for network |
US20050120225A1 (en) * | 2001-12-04 | 2005-06-02 | Giesecke & Devrient Gmbh | Storing and accessing data in a mobile device and a user module |
US20050182710A1 (en) * | 2002-03-13 | 2005-08-18 | Beamtrust A/S | Method of processing an electronic payment cheque |
US20050068169A1 (en) * | 2002-05-14 | 2005-03-31 | Copley Shuan Michael | Personal tracking device |
US20040180657A1 (en) * | 2002-06-24 | 2004-09-16 | Toshiba America Research Inc. (Tari) | Authenticating multiple devices simultaneously using a single wireless subscriber identity module |
US20050038707A1 (en) * | 2002-08-30 | 2005-02-17 | Navio Systems, Inc. | Methods and apparatus for enabling transactions in networks |
US20050234860A1 (en) * | 2002-08-30 | 2005-10-20 | Navio Systems, Inc. | User agent for facilitating transactions in networks |
US20040107219A1 (en) * | 2002-09-23 | 2004-06-03 | Wimetrics Corporation | System and method for wireless local area network monitoring and intrusion detection |
US20040235450A1 (en) * | 2003-05-19 | 2004-11-25 | Einar Rosenberg | Apparatus and method for increased security of wireless transactions |
US20050188194A1 (en) * | 2003-10-07 | 2005-08-25 | Koolspan, Inc. | Automatic hardware-enabled virtual private network system |
US20060165078A1 (en) * | 2004-04-06 | 2006-07-27 | Airtight Networks, Inc. | Method and system for allowing and preventing wireless devices to transmit wireless signals |
US20060135121A1 (en) * | 2004-12-21 | 2006-06-22 | Abedi Scott S | System and method of securing data on a wireless device |
US20060144946A1 (en) * | 2004-12-31 | 2006-07-06 | Masayuki Kuriyama | System and method for utilizing a highly secure two-dimensional matrix code on a mobile communications display |
US20070011729A1 (en) * | 2005-07-06 | 2007-01-11 | White Charles A | Device and Method for Authenticating and Securing Transactions Using RF Communication |
US20070057038A1 (en) * | 2005-09-15 | 2007-03-15 | Capital One Financial Corporation | Wireless devices for storing a financial account card and methods for storing card data in a wireless device |
US20070087756A1 (en) * | 2005-10-04 | 2007-04-19 | Hoffberg Steven M | Multifactorial optimization system and method |
US20070241182A1 (en) * | 2005-12-31 | 2007-10-18 | Broadcom Corporation | System and method for binding a smartcard and a smartcard reader |
US20070250393A1 (en) * | 2006-03-21 | 2007-10-25 | Alberth William P Jr | Methods and devices for establishing and processing payment rules for mobile commerce |
US20080010215A1 (en) * | 2006-07-06 | 2008-01-10 | Firethorn Holdings, Llc | Methods and Systems For Managing Payment Sources in a Mobile Environment |
US20080025238A1 (en) * | 2006-07-28 | 2008-01-31 | Mccown Steven H | Radio frequency detection assembly and method for detecting radio frequencies |
US20080290987A1 (en) * | 2007-04-22 | 2008-11-27 | Lehmann Li | Methods and apparatus related to content sharing between devices |
US20080280592A1 (en) * | 2007-05-07 | 2008-11-13 | Mccown Steven H | Wireless device monitoring methods, wireless device monitoring systems, and articles of manufacture |
US20080291013A1 (en) * | 2007-05-07 | 2008-11-27 | Battelle Energy Alliance, Llc | Wireless device monitoring systems and monitoring devices, and associated methods |
US20090141896A1 (en) * | 2007-11-30 | 2009-06-04 | Mccown Steven Harvey | Processing module operating methods, processing modules, and communications systems |
US20090216681A1 (en) * | 2008-02-26 | 2009-08-27 | Battelle Energy Alliance, Llc | Systems and methods for performing wireless financial transactions |
Cited By (44)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8490878B2 (en) | 2005-04-21 | 2013-07-23 | Securedpay Solutions, Inc. | Portable handheld device for wireless order entry and real time payment authorization and related methods |
US8356754B2 (en) | 2005-04-21 | 2013-01-22 | Securedpay Solutions, Inc. | Portable handheld device for wireless order entry and real time payment authorization and related methods |
US10592881B2 (en) | 2005-04-21 | 2020-03-17 | Securedpay Solutions, Inc. | Portable handheld device for wireless order entry and real time payment authorization and related methods |
US10579978B2 (en) | 2005-04-21 | 2020-03-03 | Securedpay Solutions, Inc. | Portable handheld device for wireless order entry and real time payment authorization and related methods |
US8175578B2 (en) | 2007-05-07 | 2012-05-08 | Battelle Energy Alliance, Llc | Wireless device monitoring methods, wireless device monitoring systems, and articles of manufacture |
US20080291013A1 (en) * | 2007-05-07 | 2008-11-27 | Battelle Energy Alliance, Llc | Wireless device monitoring systems and monitoring devices, and associated methods |
US8737965B2 (en) | 2007-05-07 | 2014-05-27 | Battelle Energy Alliance, Llc | Wireless device monitoring systems and monitoring devices, and associated methods |
US20080280592A1 (en) * | 2007-05-07 | 2008-11-13 | Mccown Steven H | Wireless device monitoring methods, wireless device monitoring systems, and articles of manufacture |
US8160932B2 (en) * | 2007-07-23 | 2012-04-17 | Taihei SHII | Artwork-trading system and artwork-trading program for trading artworks created by artist over network |
US20100223156A1 (en) * | 2007-07-23 | 2010-09-02 | Taihei Shii | Artwork-trading system and artwork-trading program for trading artworks created by artist over network |
US8831220B2 (en) | 2007-11-30 | 2014-09-09 | Battelle Energy Alliance, Llc | Processing module operating methods, processing modules, and communications systems |
US20090141896A1 (en) * | 2007-11-30 | 2009-06-04 | Mccown Steven Harvey | Processing module operating methods, processing modules, and communications systems |
US8930520B2 (en) * | 2008-02-22 | 2015-01-06 | Accenture Global Services Limited | System for analyzing user activity in a collaborative environment |
US9258375B2 (en) | 2008-02-22 | 2016-02-09 | Accenture Global Services Limited | System for analyzing user activity in a collaborative environment |
US20140122615A1 (en) * | 2008-02-22 | 2014-05-01 | Accenture Global Services Limited | System for analyzing user activity in a collaborative environment |
US8214298B2 (en) | 2008-02-26 | 2012-07-03 | Rfinity Corporation | Systems and methods for performing wireless financial transactions |
US20090216681A1 (en) * | 2008-02-26 | 2009-08-27 | Battelle Energy Alliance, Llc | Systems and methods for performing wireless financial transactions |
US8699051B2 (en) * | 2009-08-07 | 2014-04-15 | Canon Kabushiki Kaisha | Prevent printing if image data on preprinted sheet does not match data on at least one sheet |
US20110032559A1 (en) * | 2009-08-07 | 2011-02-10 | Canon Kabushiki Kaisha | Data processing apparatus, method for controlling data processing apparatus, and information processing apparatus |
US11263625B2 (en) * | 2010-01-19 | 2022-03-01 | Bluechain Pty Ltd. | Method, device and system for securing payment data for transmission over open communication networks |
EP2526514A4 (en) * | 2010-01-19 | 2014-03-19 | Glencurr Pty Ltd | Method, device and system for securing payment data for transmission over open communication networks |
US20130191290A1 (en) * | 2010-01-19 | 2013-07-25 | Glencurr Pty Ltd | Method, device and system for securing payment data for transmission over open communication networks |
EP2526514A1 (en) * | 2010-01-19 | 2012-11-28 | Glencurr Pty Ltd | Method, device and system for securing payment data for transmission over open communication networks |
WO2011088508A1 (en) | 2010-01-19 | 2011-07-28 | Glencurr Pty Ltd | Method, device and system for securing payment data for transmission over open communication networks |
US20110288910A1 (en) * | 2010-05-19 | 2011-11-24 | Anuj Garg | Methods and apparatus for the acquisition and exchange of media content in communications network |
CN102624428A (en) * | 2011-01-28 | 2012-08-01 | 国民技术股份有限公司 | System and method for selecting a communication object |
US20230135598A1 (en) * | 2011-02-23 | 2023-05-04 | Catch Media, Inc. | E-used digital assets and post-acquisition revenue |
US20120232958A1 (en) * | 2011-03-11 | 2012-09-13 | Bar & Club Statistics, Inc. | Systems and methods for dynamic venue demographics and marketing |
US11514451B2 (en) * | 2011-03-15 | 2022-11-29 | Capital One Services, Llc | Systems and methods for performing financial transactions using active authentication |
US11836724B2 (en) | 2011-03-15 | 2023-12-05 | Capital One Services, Llc | Systems and methods for performing ATM fund transfer using active authentication |
US20120239572A1 (en) * | 2011-03-15 | 2012-09-20 | Ing Bank, Fsb (Dba Ing Direct) | Systems and methods for performing financial transactions using active authentication |
US11790323B2 (en) | 2011-10-05 | 2023-10-17 | Scout Exchange Llc | System and method for managing a talent platform |
US11775933B2 (en) | 2011-10-05 | 2023-10-03 | Scout Exchange Llc | System and method for managing a talent platform |
US11748710B2 (en) | 2011-10-05 | 2023-09-05 | Scout Exchange Llc | System and method for managing a talent platform |
US11374943B2 (en) | 2013-10-30 | 2022-06-28 | Google Llc | Secure interface using non-secure element processors |
US8930274B1 (en) * | 2013-10-30 | 2015-01-06 | Google Inc. | Securing payment transactions with rotating application transaction counters |
US10491605B2 (en) | 2013-10-30 | 2019-11-26 | Google Llc | Secure interface using non-secure element processors |
US10430789B1 (en) * | 2014-06-10 | 2019-10-01 | Lockheed Martin Corporation | System, method and computer program product for secure retail transactions (SRT) |
CN104301110A (en) * | 2014-10-10 | 2015-01-21 | 刘文清 | Authentication method, authentication device and system applied to intelligent terminal |
US11924325B2 (en) | 2016-07-29 | 2024-03-05 | Nchain Licensing Ag | Blockchain-implemented method and system |
US11321645B2 (en) | 2017-02-13 | 2022-05-03 | Scout Exchange Llc | System and interfaces for managing temporary workers |
US10664775B2 (en) | 2017-02-13 | 2020-05-26 | Scout Exchange Llc | System and interfaces for managing temporary workers |
US11410131B2 (en) | 2018-09-28 | 2022-08-09 | Scout Exchange Llc | Talent platform exchange and rating system |
US11720834B2 (en) | 2018-12-11 | 2023-08-08 | Scout Exchange Llc | Talent platform exchange and recruiter matching system |
Also Published As
Publication number | Publication date |
---|---|
CN101978646A (en) | 2011-02-16 |
WO2009108444A1 (en) | 2009-09-03 |
CN101960762A (en) | 2011-01-26 |
EP2248290A4 (en) | 2013-08-28 |
JP2011513839A (en) | 2011-04-28 |
WO2009108445A1 (en) | 2009-09-03 |
JP2011517354A (en) | 2011-06-02 |
US20170308894A1 (en) | 2017-10-26 |
EP2248290A1 (en) | 2010-11-10 |
US20090216681A1 (en) | 2009-08-27 |
CN101960762B (en) | 2017-06-23 |
CN101978646B (en) | 2016-08-03 |
EP2255487A4 (en) | 2012-04-04 |
EP2255487A1 (en) | 2010-12-01 |
US8214298B2 (en) | 2012-07-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20170308894A1 (en) | Systems and methods for performing file distribution and purchase | |
RU2663476C2 (en) | Remote payment transactions protected processing, including authentication of consumers | |
US8601268B2 (en) | Methods for securing transactions by applying crytographic methods to assure mutual identity | |
CN105046479B (en) | Trusted service manager architecture and method | |
US7870998B2 (en) | Private information exchange in smart card commerce | |
JP2022504072A (en) | Systems and methods for cryptographic authentication of contactless cards | |
CN113545000B (en) | Distributed processing of interactions at delivery time | |
Raina | Overview of mobile payment: technologies and security | |
JP2009526321A (en) | System for executing a transaction in a point-of-sale information management terminal using a changing identifier | |
CN101496059A (en) | Network commercial transactions | |
CN104838399A (en) | Authenticating remote transactions using mobile device | |
KR101385429B1 (en) | Method for authenticating individual of electronic contract using nfc, authentication server and terminal for performing the method | |
JP2022501872A (en) | Systems and methods for cryptographic authentication of non-contact cards | |
JP2022501875A (en) | Systems and methods for cryptographic authentication of non-contact cards | |
US20120143769A1 (en) | Commerce card | |
US11750368B2 (en) | Provisioning method and system with message conversion | |
CN112889241A (en) | Verification service for account verification | |
EP2195769A1 (en) | System based on a sim card performing services with high security features and relative method | |
JP7267278B2 (en) | Payment card authentication | |
JP2022511281A (en) | Systems and methods for cryptographic authentication of non-contact cards | |
KR101710950B1 (en) | Method for distributing encrypt key, card reader and system for distributing encrypt key thereof | |
KR20130100811A (en) | Method to approve payments | |
KR101228856B1 (en) | Method for Storing and Using Personal Information in a Portable Terminal | |
JP2022501861A (en) | Systems and methods for cryptographic authentication of non-contact cards | |
Jayasinghe et al. | Enhancing emv tokenisation with dynamic transaction tokens |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: BATTELLE ENERGY ALLIANCE, LLC, IDAHO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MCCOWN, STEVEN H.;TURNER, AARON R.;REEL/FRAME:021430/0728 Effective date: 20080821 |
|
AS | Assignment |
Owner name: UNITED STATES DEPARTMENT OF ENERGY, DISTRICT OF CO Free format text: CONFIRMATORY LICENSE;ASSIGNOR:BATTELLE ENERGY ALLIANCE, LLC;REEL/FRAME:021874/0325 Effective date: 20081031 |
|
AS | Assignment |
Owner name: RFINITY CORPORATION, IDAHO Free format text: PATENT LICENSE AGREEMENT;ASSIGNOR:BATTELLE ENERGY ALIANCE, LLC (BEA);REEL/FRAME:022983/0225 Effective date: 20080930 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |